Cisco Networks: Engineers’ Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA

Cisco Networks: Engineers’ Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA

English | 2015 | ISBN: 978-1-4842-0860-1 | 839 Pages | EPUB | 10 MB

This book is a concise one-stop desk reference and synopsis of basic knowledge and skills for Cisco certification prep. For beginning and experienced network engineers tasked with building LAN, WAN, and data center connections, this book lays out clear directions for installing, configuring, and troubleshooting networks with Cisco devices. The full range of certification topics is covered, including all aspects of IOS, NX-OS, and ASA software. The emphasis throughout is on solving the real-world challenges engineers face in configuring network devices, rather than on exhaustive descriptions of hardware features.
This practical desk companion doubles as a comprehensive overview of the basic knowledge and skills needed by CCENT, CCNA, and CCNP exam takers. It distills a comprehensive library of cheat sheets, lab configurations, and advanced commands that the authors assembled as senior network engineers for the benefit of junior engineers they train, mentor on the job, and prepare for Cisco certification exams. Prior familiarity with Cisco routing and switching is desirable but not necessary, as Chris Carthern, Dr. Will Wilson, Noel Rivera, and Richard Bedwell start their book with a review of the basics of configuring routers and switches. All the more advanced chapters have labs and exercises to reinforce the concepts learned.
This book differentiates itself from other Cisco books on the market by approaching network security from a hacker’s perspective. Not only does it provide network security recommendations but it teaches you how to use black-hat tools such as oclHashcat, Loki, Burp Suite, Scapy, Metasploit, and Kali to actually test the security concepts learned.
Readers of Cisco Networks will learn

  • How to configure Cisco switches, routers, and data center devices in typical corporate network architectures
  • The skills and knowledge needed to pass Cisco CCENT, CCNA, and CCNP certification exams
  • How to set up and configure at-home labs using virtual machines and lab exercises in the book to practice advanced Cisco commands
  • How to implement networks of Cisco devices supporting WAN, LAN, and data center configurations
  • How to implement secure network configurations and configure the Cisco ASA firewall
  • How to use black-hat tools and network penetration techniques to test the security of your network

Advanced Switching

Port Security

Port security can be used on switches to enable a layer of security to the network. MAC addresses of a host are normally permanent, and this allows you to secure the switch based on MAC addresses. MAC addresses can be added statically or they can be learned dynamically on the port. By default, port security only allows one MAC address to be associated with an interface, but this can be changed to allow up to 1024. Port security should not be the only security feature used, as it can be fooled by MAC address spoofing. It should be used as a measure to prevent unauthorized devices from moving from one port to another or an unauthorized device connected to a switch.

Introduction to Network Penetration Testing

When an organization makes the decision to perform penetration testing, the parameters of the test need to be identified before anything else. These parameters include the level of knowledge of the organization and its systems and the types of exploits that may be performed.
The level of knowledge provided is categorized as black box, white box, and gray box. When black-box testing is conducted, penetration testers are often given nothing except the name of the target, and they need to work their way in to the network from there. This provides insight on what an external hacker may be able to accomplish. On the opposite side of the spectrum is white-box testing. When white-box penetration testing is conducted, the testers are given access and documentation to the system. Their tests may even include review of policy and procedure documents. Gray-box testing is a middle ground. With gray-box testing, some documentation and access is provided. This type of testing is good to emulate an internal threat. It is also common to use a combination of techniques, where the penetration tester starts with black-box testing, and then moves to gray-box testing, and then white-box testing.
Penetration testing can lead to data loss or system unavailability. Most companies want to know if they are vulnerable, but they can’t afford to lose data or reduce system availability. In these cases, it is important to set boundaries for the testers. It is not uncommon to disallow tests that may cause a denial of service.
Once the parameters of the test have been decided and the testers have been given their authority to operate, they can start the first phase of tests. This phase is the reconnaissance phase, where they attempt to learn as much about the system as possible. The information used in the reconnaissance phase is used in the scanning phase to determine more information about the system and its vulnerabilities. The next phase is to use the information about the vulnerabilities to exploit the system. Once the system is exploited, the penetration testers will set up methods to maintain their access and cover their tracks.