《思科CCNP安全认证642-617官方指南(CCNP Security FIREWALL 642-617 Official Cert Guide)_David Hucaby》pdf电子书免费下载
下载方式一:
百度网盘下载地址:https://pan.baidu.com/s/1Z8ruq5nGEoTkW6-NfPY9pg
百度网盘密码:1111
下载方式二:
http://ziliaoshare.cn/Download/af_124527_pd_SKCCNPAQRZ642-617GFZN(CCNPSecurityFIREWALL642-617OfficialCertGuide)_DavidHucaby.zip
|
|
作者:empty 页数:769 出版社:empty |
《思科CCNP安全认证642-617官方指南(CCNP Security FIREWALL 642-617 Official Cert Guide)_David Hucaby》介绍
This bonk is designed to provide information far the Cisco CCNP Security 642-b 17 FIREWALL Y 10xm Evey of feet has been made to mase this books compl te and as accura less pui bl.but nowarranty or fitness is implied.The i format on is pro wide don an as is~bz s.The authors, Cisco Press, and Cisco Systems, In e shall havenetherl ability nor responsibility to any person oren city with respect to any loss or damages arising fromthe information contained in this book or from the use of the discs or progams that may accompany it.The opinions expressed in this book belong to the authors and are noc necessarily those of Csco Systems, Inc.CISCOAll terms mentioned in this ba ok that are known to be trademarks or servicemarks have been appropriately capitalized.Cisco Press or Cisco Systems, Inc, can not attest to the accuracy of this information.Use ofa term in this book should not be regarded as affecting they ali dity of any trademark ar servicemark.Corporate and Government SalesThe publi her offers excellent discounts on this book when ur dered in quantity for bulk purchases orspecial sales, which may include electronic yer sions and/or custom covers and content particular to yourbusiness, training goals, marketing focus.and branding interests.For more information.please contact:For sales outside the United States,pleisecontactInternationalSalesinternationalepearsoned.comFeedback Informationmembers f tom the professional technical communityReaders feedback is a natural conti u at on of this process If you have any comments te gard ng how wecould improve the quality of this book.or.otherwise alter it to better suit your needs, you can contact usthroughemilatfeedbackeeiscopress.com.Please make sure to in elude the bookie and ISBN in yourmessageWe greatly appreciate your assistance.Publ sher:Paul BogerManager, Global Certification:Erik Ull andersonAssociate Publisher:Dave Dust him etBusiness Operation Manager.Cisco Press:An and SundaramExecutive Editor Be ett BartowSenior Development Editor Christopher ClevelandManaging EditorS and raSch tue derTechnical Editors:Doug McK i lip, Martin WalshawSenior Project Editor:Tonya SimpsonCopyEdit on Bll Me Man usEditorial Assistant:Vanessa EvansBook Designer:Gary AdairComposition:Mark Shira rIndex en Tim WrightProofreader Sarah KearnsCCNP Security FIREWALL 642-617OfticialCert GuideAbout the AuthorsDavid Huc a by, CCIE No, 4594, is a network architect for the University of Kentucky,where he works with healthcare networks based on the Cisco Catalyst, AS A, FWSM, andUnified Wireless produc r lines.David has a bachelor of sei ence degree and master of sci-ence degree in electrical engineering from the University of Kentucky.He is the author ofseveral Cisco Press titles, including Cisco AS A.PIX, and FWSM Fire u all Handbook,Second Edition; Cisco Firewall Video Mentor, Cisco LANS wirc bing Video Men for;and CCNP SWT TCH Exam Certification Guide.David lives in Kentucky with his wife, Mare i, and two daughters.Dave Garneau is a senior member of the Network Security team at Rackspace Hosting,In e, a role he started during the creation of this book.Before that, he was the prn cipalconsultant and senior technical instructor at The Radix Group, Ltd.In that role, Davetrained more than 3000 students in nine countries on Cisco technologies, mostly focus-ing on the Cisco securty pro duets line, and worked closely with Cisco in establishing thenew Cisco Certified Network Professional Security(CCNP Security) curriculum.Davehas a bachelor of science degree in mathemati es from Metropolitan State College ofDenver I now being renamed Denver State University) .Dave lives in San Ant unio, Texaswith his wife, Vicki.Anthony Sequeira, CCIE No.15626, is a Cisco Certified Systems Instructor and authorregarding all levels and tracks of Cisco Certification.Anthony formally began his careerin the information technology industry in 1994 with IBM in Tampa, Florida.He quicklyformed his own computer consultancy.Computer Solutions, and then discovered his truepassion—teaching and writing about Microsoft and Cisco technologies.Anthony joinedMastering Computers in 1996 and lectured to massive audiences around the world aboutthe latest in computer technologies.Mastering Computers became the revolutionaryonline training company KnowledgeNet, and Anthony trained there for many years.Anthony is currently pursuing his second CC lE in the area of Security and is a full-timeinstructor for the next generation of KnowledgeNet, StormWind Live.About the Technical ReviewersDoug MeK ilp, PE, CCIE No.1851, is an independent consultant specializing in CiscoCertified Training in association with Global Knowledge, a Training Partner of CiscoSystems.He has more than 20 years of experience in computernetworking and securityDoug provided both instructional and technical assistance during the initial deploymentof MCNS Version 1.0.the first Cisco Security training class, which debuted in carly1998、and has been a lead instructor for the security curriculum ever since.He holdsbachelor'and masters degrees in chemical engineering from MIT and a master's degreein computer and information sciences from the University of Delaware.Here sides inWilmington, Delaware,Martin Walshaw, CCIE No.5629.CISSP is a senior systems engineer working for F 5Networks in SouthAfrica.His areas of expertise span multiple different areas, but overthe past few years he has focused specifically on security and appli e ation delivery.During the past 20yearsurso, Martin has dabbled in many different areas of IT, rangingfrom RPG III to PC sales When Martinis not working or doing sports, hel kes to spendall of his available time with his extremely patient wife, Val, and his two awesome sons,Joshua and Callum.Without their support.patience, and understanding.projects such asthis would not be possible.vi CCNP Security FIREWALL .642-617 Official Cert GuideDedications
From David Huc a by:As always.this bonk is dedicated to the most important people in my life:my wife.Marci, and my two daughters, Lauren and Kara.Their love, encouragement, and supportcarry me along.T'mso grateful to God, who gives endurance and encouragement(Romans 15=5) , and who has allowed me to work on projects like this.From Dave Garneau:I am also dedicat ng this book to the most important person in my lfe:my wife.Vicki,Without her love and support, I doubt I would succeed in any major endeavor, much lessone of this magnitude.Additionally, I want to dedicate this hook to my mother, Marian,who almost 40 years ago believed avery young version of myself when he declared hewould one day grow up and write a book.I am glad I was finally able to live up to thatpromise.From Anthony Sequeira:Thi book is dedicated to the many, many students I have had the privilege of teachingover the past several decades.I hope that my passion for technology and learning hasconveyed itself and helped to motivate, and perhaps even inspire.AcknowledgmentsIr has been my grc at pleasure to work on another Cisco Press project.T enjoy the networking field very much, and technical writing even more.And more than that, Tmthankful for the joy and inner peace that Jesus Christ gies, making everything moreabundant and worthwhile,Tv e now been writing Cis en Press titles continuously for over 10yearslalwaysfndit tobe quite fun, but other demands seem to be making writing more difficult and time consuming.That's why I am so grateful that Dave Garneau and Anthony Sequeira came alongto help tote the load.Irs also been a great pleasure to work with Brett Bartow and ChrisCleveland.Tm glad they pur up with me yet agan, especially considering how much l letthe schedule slip.I am very grateful for the insight, suggestions, and helpful comments that the technicaleditors contributed.Fach one offered adf ferent perspective, which helped make this amore well-rounded book and me a more educated author.-David Huc a byThe creation of this book has certainly been a maelstrom of activity.I was originally slatedto be one of the technical reviewers, but became acoauthotarDavidHucaby's request.Right after accepting that challenge, I started a new job, moved to a new city, and built anew house.Throughout all the resulting chaos, Brett Bartow and Chr stop her Clevelanddemonstrated the patience of Job, while somehow keeping this project on track:Hopefully, their patience was not exhausted, and llu ok forward to working with themagain on future projectsI am also thankful to our technical review ets for their meticulous attention to detaiLDoug Mc Kill p, whom I count as a close friend.was able to step into the role I left tobecome a coauthor.The extremely thorough reviews provided by Doug and Martindefinitely improved the quality of the material for the end readers.一Dave GarneauBrer t Bartow is ag rear friend, and lam so incredibly thankful to him for the awesomeopportunities he has helped me to achieve with the most respected line of IT texts in theworld, Cisco Press.lam also really thankful thar he continues to permit me to participatein his fantasy baseball league.It was such an honor to help on this text with the incredible David Huc a by and DaveGarn eail While they sought out a third author named David, it was so kind of them tomake a concession for an Anthony.I can not thank David Huc a by enough for the assistance he provided me in accessing thelatest and greatest Cisco AS As for the lab work and experimentation that was requiredfor my chapters of this text.Finally, thanks to my family, Joe tte and Annabella and the dog Sweetie, for understandingall of the hours I needed to spend hunched over a keyboard.And that reminds me.thanksalso to my chiropractor, Dr Paton.
《思科CCNP安全认证642-617官方指南(CCNP Security FIREWALL 642-617 Official Cert Guide)_David Hucaby》目录
Contents at a Glance
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Introduction xxiii
Cisco AS A Adaptive Security Appliance Overview 3
Working with a Cisco AS A 33
Contig uring AS A Interfaces 73
Configuring IP Connectivity103
Managing a Cisco AS A 155
Recording AS A Activity 233
Using Address Translation 269
Con tolling Access Through the AS A 333
Inspecting Traffic 409
Using Proxy Services to Control Access 515
Handling Traffic 537
Using Transparent Firewall Mode 561
Creating Virtual Firewalls on the AS A 583
Deploying High Availab ii y Features 601
Integrat i gAS A Service Modules 645
Final Preparation 659
Glossary 707
Index 717
Introduction xxiii
Appendix A Answers to the Dol Know This Already? Quizzes 665
AppendixBCCNPSecurity642-617FIREWALLExamUpdates:Version1.0671
Appendix C Traffic Analysis Tools 675
Contents
Chapter 1Cisco AS A Adaptive Security Appliance Overview 3
Chapter 2
“DoI Know This Already?Quiz 3
Foundation Topics 7
Firewall Overview 7
Firewall Techniques 11
Stateless Packet Filtering 11
Stateful Packet Filtering 12
Stateful Packer F ltering with Application Inspection and Control 12
Network Intrusion Prevention System 13
Network Behavior Analysis 14
Application Layer Gateway{Proxy) 14
Cisco AS A Fear ures 15
Selecting a Cisco AS A Model 18
AS A 550518
AS A 5510.5520, and 554019
AS A 555020
AS A 558021
Security Services Modules 22
Advanced Inspec rion and Prevention(AIP J SSM 22
Content Securi ry and Control(CSC) SSM 23
4-PorrGigabirErbernet(4GEJSSM 24
AS A 5585-X 24
AS A Performance Breakdown 25
Selecting AS A Licenses 28
Exam Preparation Tasks 31
Review All Key Topics 31
Define Key Terms 31
Working with a Cisco AS A33
“Dol Know This Already?Quiz 33
Foundation Topics 38
Using the CLl 38
Entering Commands 39
Command Help 41
x CCNP Security FIREWALL 642-617O1icialCert Guide
Comun and History 43
Searching and Filtering Command Output 43
Terminal Ser een Farmar 45
Using Cisco ASDM 45
Understanding the Factory Default Configuration 50
Working with Configuration Files : 52
Clearing a nASA Configuration55
Working with the AS A FileSystem 56
Navigating a nASA Flash FileSystem 57
Working with Files in a nASA FileSystem 58
Reloading a nASA 61
Upgrading the AS A Software at the Next Reload 63
Performing aRe load 64
Manually Upgrading the AS A Software During aRe load 65
Exam Preparation Tasks 69
Review All Key Topics 69
Define Key Terms 69
Command Reference to Check Your Memory 69
Configuring AS A Interfaces 73
“DoI Know This Already?Quiz 73
Foundation Topics 77
Configuring Physical Interfaces 77
Default Interface Configuration 78
Configuring Physical Interface Parameters 80
Mapping AS A 5505 Interfaces to VLANs 80
Configuring Interface Redundancy 81
Configuring VLAN Interfaces 83
VLAN Interfaces and Trunks on AS A 5510 and Higher Platforms 84
VLAN Interfaces and Trunks on a nASA 550586
Configuring Interface Security Parameters 88
Naming the Interface 88
Assigning an IPAddress 89
Setting the SecurityLevel 90
Interface Security Parameters Example 94
Configuring the Interface MTU 94
Verifying Interface Operation 96
Exam Preparation Tasks 99
Chapter 3
Chapter 4
Chapter 5
Review All Key To pies 99
Define Key Terms 99
Command Reference to Check Your Memory 99
Configuring IP Connectivity103
“Dol Know This Already?Qu z 103
Foundation Topics 107
Deploying DHCP Services 107
Configuring a DHCP Relay 107
Configuring a DHCP Server 108
Using Routing Infornation 111
Configuring Static Routing 115
Tracking a Static Rou ce 117
Routing with RIP v 2122
Routing with EIGRP 125
Routing with OSPF 134
An Example OSPF Scena tio 140
Verifying the AS A Routing Table 144
Exam Preparation Tasks 147
Review All Key To pies 147
Define Key Terms 147
Command Reference to Check Your Memory 148
Managing a Cisco AS A155
“Dol Know This Already?Quiz 155
Foundation Topics 159
Basic Device Setti