Index
Numerics
802.1x
access layer (IP telephony)
authentication negotiation schemes
authenticators
components of
configuring Secure ACS Servers
configuring with EAP-FAST in Unified Wireless Solutions
EAP methods
IEEE 802.1x
supplicants
A
AAA
identity and trust (SAVE framework)
infrastructure devices, configuring
medium-sized business case studies
AAA (Authentication, Authorization, Accounting)
identity management solutions/systems
IBNS
IEEE 802.1x
RADIUS
TACACS+
aaa authorization command
aaa new-model command
access control
small business case study
access layer (IP telephony)
802.1x
ARP
BPDU
DAI
DHCP snooping
NAC
port security
root guards
VLAN assignment
access-class command
interactive access control (infrastructure security)
accounting
ACL
blocking unauthorized hosts/users from routers
exception ACL, configuring
ACL (Access Control Lists)
controlling FWSM access via
iACL (infrastructure Access Control Lists)
infrastructure security policy enforcement
IPv6 filtering
rACL (receive Access Control Lists)
infrastructure security
VACL
action plans, building
active-standby failovers
ASA, configuring on
medium-sized business case studies
AES (Advanced Encryption Standard) encryption protocol
WEP
AIP-SSM
ASA, configuring on
medium-sized business case studies
Aironet AP (Access Points)
managing
analyzing data
postmortems
anomaly detection
IPS devices
visibility (SAVE framework)
anomaly detection systems
anomaly detection zones
isolation and virtualization (SAVE framework)
anomaly/telemetry detection
CS-MARS
Guard XT
IPS
NAM
NetFlow
Cisco platform support
collecting CLI statistics
Egress NetFlow
enabling
flows, elements of
flows, exporting data from
flows, obtaining additional information from
Ingress NetFlow
IPFIX WG
NDE packet templates
open source monitoring tools
SNMP
enabling IOS router/switch logging
enabling logging on ASA security appliances
enabling logging on PIX security appliances
SYSLOG
enabling IOS router/switch logging
enabling logging on ASA security appliances
enabling logging on CATOS running catalyst swtiches
enabling logging on PIX security appliances
TAD XT
anomaly-based analysis
antispoofing
small business case study
antispoofing techniques
AP (Access Points)
Aironet
managing
autonomous mode
LWAPP
unified mode
Unified Wireless Architectures
ARP (Address Resolution Protocol)
access layer (IP telephony)
proxy ARP
infrastructure security, disabling for
ASA
active-standby failovers, configuring
medium-sized business case studies
AIP-SSM, configuring
medium-sized business case studies
ASA security appliances
enabling SYSLOG logging on
Atlanta Office Cisco IOS configuration (small business case studies)
configuring
locking down IOS routers
NAT configuration
site-to-site VPN
attacks
large business case studies
authentication
HTTP
infrastructure security
RADIUS
routing protocols
identity and trust (SAVE framework)
infrastructure security
tunneled authentication
wireless networks
802.1x
configuring CSSC
configuring WLC
EAP-FAST
EAP-GTC
EAP-MD5
EAP-TLS
EAP-TTLS
LEAP
PEAP
WEP
WPA
authentication banners
configuring
infrastructure security
Authentication Servers (802.1x)
authenticators (802.1x)
authorization
auto secure command
infrastructure security
autonomous mode (AP)
Autopsy (Linux forensics tool)
AutoSecure (Cisco IOS)
infrastructure security
B
backscatter
banners
authentication banners
configuring for infrastructure security
base metrics (CVSS)
BGP (Border Gateway Protocol)
routers
hop-by-hop tracebacks
black-box penetration testing
bogon addresses
BOOTP servers
infrastructure security, disabling for
botnets
hop-by-hop tracebacks
BGP routers
Shadowserver.com website
tracebacks
bots
BPDU (Bridge Protocol Data Units)
IP telephony
access layer
broadcast amplification attacks. See smurf attacks
C
CAM (Clean Access Manager), NAS Appliance
CAS (Clean Access Servers), NAC Appliance
Centralized Deployment mode
Edge Deployment mode
Real IP mode
Virtual Gateway mode
case studies
large businesses
CSIRT
incident response
IPsec remote access VPN
load-balancing
security policy creation
medium-sized businesses
configuring AAA on infrastructure devices
configuring active-standby failovers on ASA
configuring AIP-SSM on ASA
Internet edge routers
small businesses
access control
antispoofing configuration
Identity NAT
IM
IP addressing/routing
locking down IOS routers
NAT configuration
PAT
site-to-site VPN
Static NAT
catalyst switches
CATOS running switches
enabling SYSLOG logging on
CATOS (Catalyst Operating System)
catalyst switches
enabling SYSLOG logging on
CDP
visibility (SAVE framework)
CDP (Cisco Discovery Protocol)
infrastructure security, disabling for
CEF tables
visibility (SAVE framework)
Centralized Deployment mode (CAS)
change management policies
large business case studies
changeto context command
FWSM configuration for data center segmentation
checklists
incident-handling policies
CIRCA (Cisco Incident Response Communications Arena)
Cisco Catalyst switches
data center segmentation, configuring for
Cisco Guard
active verification
identity and trust (SAVE framework)
data center security
Cisco IOS
AutoSecure
infrastructure security
Cisco Personal Assistant
securing
hardening operating environment
server security policies
Cisco Security Center
Cisco Unified CallManager (IP telephony), securing
Cisco Unified CME (Communications Manager Express)
securing
Cisco Unity
securing
TCP/UDP ports
Cisco Unity Express
securing
classifying security threats
CS-MARS
Guard XT
IDS
signature updates
tuning
IPS
anomaly detection
IDM
signature updates
tuning
NAM
NetFlow
Cisco platform support
collecting CLI statistics
Egress NetFlow
enabling
flows, elements of
flows, exporting data from
flows, obtaining additional information from
Ingress NetFlow
IPFIX WG
NDE packet templates
network visibility
open source monitoring tools
SNMP
enabling IOS router/switch logging
enabling logging on ASA security appliances
enabling logging on PIX security appliances
SYSLOG
enabling IOS router/switch logging
enabling logging on ASA security appliances
enabling logging on CATOS running catalyst switches
enabling logging on PIX security appliances
TAD XT
Clean Access Agents (NAC appliance)
CLI
NetFlow statistics
collecting
CLI Views
enable view command
infrastructure security
isolation and virtualization (SAVE framework)
Lawful intercept views
parser view command
Root views
Superviews
username command
collaboration (incident-handling policies/procedures)
collecting data
postmortems
Computer Fraud and Abuse Act
confidentiality
penetration tests
configuration logger (IOS)
instrumentation and management (SAVE framework)
configuration rollback feature (IOS)
instrumentation and management (SAVE framework)
Configure EAP Method screen (CSSC)
configuring
authentication banners
infrastructure security
exception ACL
NAT
small business case study
COPM (Cisco Operational Process Model), threat modeling
COPM (Cisco Operational Process Model). See SAVE
CoPP (Control Plane Policing)
CPU traffic
infrastructure security
core layer (IP telephony)
correlation (SAVE framework)
CSA-MC
CS-MARS
Peakflow SP
Peakflow X
CPU
CoPP
infrastructure security
filtering traffic sent to
infrastructure security
interrupt time
processors versus (infrastructure security)
packet registration
infrastructure security
processors
interrupt time versus (infrastructure security)
rACL
infrastructure security
rate limiting traffic
infrastructure security
scheduler allocate command
infrastructure security
scheduler interval command
infrastructure security
CPU threshold notifications
crystal-box (grey-box) penetration testing
CSA (Cisco Security Agent)
endpoint security
CSA (Cisco Security Agents)
data centers, deploying for
configuring agent kits
CSA architectures
phased deployments
CSA-MC (Cisco Security Agent Mangement Console)
correlation (SAVE framework)
CSIRT
postmortems
large business case studies
CSIRT (Computer Security Incident Response Teams)
incident response collaborative teams
large business case studies
responsiblities of
selecting personnel for
tasks of
CSM
data center security
SYN cookies
CSM (Cisco Security Manager)
instrumentation and management (SAVE framework)
CS-MARS
correlation (SAVE framework)
tracebacks
CS-MARS (Cisco Security Monitoring, Analysis and Response System)
CSSC
Configure EAP Method screen
configuring
wireless networks
Network Authentication screen
Network Profile screen
CVSS (Common Vulnerability Scoring System)
base metrics
environmental metrics
temporal metrics
D
DAI (Dynamic Address Inspection)
access layer (IP telephony)
dark IP addresses
data analysis
postmortems
telemetry
infrastructure security
data centers
CSA, deploying
configuring agent kits
CSA architectures
phased deployments
DoS attacks
Cisco Guard
Flexible NetFlow
IDS
IPS
NetFlow
SYN cookies
infrastructure protection
network intrusion detection/prevention systems, deploying
monitoring
sending selective traffic to IDS/IPS devices
tuning
segmentation
FWSM
tiered access control
worms
Cisco Guard
Flexible NetFlow
IDS
infrastructure protection
IPS
NetFlow
data collection
postmortems
data transmission
telemetry
infrastructure security
deep packet inspection
deep-packet inspection
device authorize command
device security policies
large business case studies
DHCP
snooping
identity and trust (SAVE framework)
DHCP snooping
access layer (IP telephony)
diagrams (networks)
high-level enterprise diagrams
layered diagrams
digital certificates
identity and trust (SAVE framework)
Directed Broadcasts (IP)
infrastructure security, disabling for
distance vector protocols (IGP)
distribution layer (IP telephony)
GLBP
HSRP
distribution layer switches
NetFlow
configuring at
DMZ (demilitarized zones)
DMZ servers
Static NAT
small business case study
documentation
incident-handling policies
DoS (Denial of Service) attacks
data center security
Cisco Guard
Flexible NetFlow
IDS
infrastructure protection
IPS
NetFlow
SYN cookies
dot-dot attacks
tracebacks
dotlx port-control auto command
DREAD model (threat modeling)
E
EAP methods
802.1x
EAP-FAST
configuring 802.1x in Unified Wireless Solutions
configuring Secure ACS Servers
EAP-GTC
EAP-MD5
EAP-TLS
EAP-TTLS (EAP Tunneled TLS Authentication Protocol)
eavesdropping attacks
IP telephony
Edge Deployment mode (CAS)
EGP (Exterior Gateway Protocols)
Egress NetFlow
enable view command
EnCase (Guidance Software)
endpoint security
CSA
patch management
engineering (social)
Enterprise
tracebacks
CS-MARS
dot-dot attacks
environmental metrics (CVSS)
escalation procedures (incident-handling policies/procedures)
escalation procedures (NAC)
ethical hacking. See penetration testing
exception ACL, configuring
exec-timeout command
modifying idle timeouts
extension headers
IPv6
external databases (802.1x)
F
failovers
active-standby failovers
medium-sized business case studies
feedback
looped feedback
postmortems
filtering
CPU traffic
infrastructure security
IPv6
ACL
routes
infrastructure security
Finger Protocol
infrastructure security, disabling for
firewalls
data center security
SYN cookies
network firewalls
deep packet inspection
DMZ
NAT
packet filters
router configurations
stateful firewalls
personal firewalls
CSA
segmentation
isolation and virtualization (SAVE framework)
FIRST (Forum for Incident Response and Security Teams)
tracebacks
Flexible NetFlow
data center security
forensics
Linux forensics tools
netstat command
pstree command
log files
Windows forensics tools
EnCase
Systernals
fragment command
FWSM, data center segmentation
fragmentation
IPv6
FWSM
data center segmentation
configuring Cisco Catalyst switches
configuring NAT
configuring security context interfaces
controlling access via ACL
creating security contexts
Routed mode
Transparent mode
Virtual Fragment Reassembly
FWSM (Firewall Services Module)
data center security
SYN cookies
G
GLBP (Gateway Load Balancing Protocol)
distribution layer (IP telephony)
grey-box (crystal-box) penetration testing
set port dotlx
Guard (Cisco)
active verification
identity and trust (SAVE framework)
Guard XT (Traffic Anomaly Detectors XT)
identifying/classifying security threats
H
hacking
ethical hacking. See penetration testing
headers
extension headers
IPv6
manipulation attacks
IPv6
heuristic-based analysis
High Availability (NAC Appliance)
high-level enterprise diagrams
HIPAA (Health Industry Portability and Accountability Act)
hop-by-hop tracebacks
botnets
BGP routers
zombies
HSRP (Hot Standby Router Protocol)
distribution layer (IP telephony)
HTTP
authentication
infrastructure security
I
iACL (infrastructure Access Control Lists)
infrastructure security policy enforcement
IB (in-band) mode (NAC appliance)
iBGP (interal Border Gateway Protocol)
IBNS (Identity-Based Networking Services)
IC3 (Internet Crime Complaint Center)
ICMP
redirect messages
infrastructure security, disabling for
ICMP filtering
IPv6
ICV (Integrity Check Values)
IDENT (Indentity Protocol)
infrastructure security, disabling for
identifiers (local)
IPV6
identifying security threats
CS-MARS
Guard XT
IDS
signature updates
tuning
IPS
anomaly detection
IDM
signature updates
tuning
NAM
NetFlow
Cisco platform support
collecting CLI statistics
Egress NetFlow
enabling
flows, elements of
flows, exporting data from
flows, obtaining additional information from
Ingress NetFlow
IPFIX WG
NDE packet templates
network visibility
open source monitoring tools
SNMP
ASA security appliances, enabling logging on
IOS router/switch logging, enabling
PIX security appliances, enabling logging on
SYSLOG
ASA security appliances, enabling logging on
CATOS running catalyst switches, enabling logging on
IOS router/switch logging, enabling
PIX security appliances, enabling logging on
TAD XT
identity and trust (SAVE framework)
AAA
Cisco Guard active verification
DHCP snooping
digital certificates
IKE
IP Source Guard
NAC
routing protocol authentication
strict Unicast RPF
identity management solutions/systems
IBNS
IEEE 802.1x
Identity NAT
small business case study
idle timeouts
modifying
IDM (IPS Device Manager)
signature updates
IDS
data center network intrusion detection/prevention systems
sending selective traffic to
IP telephony eavesdropping attacks
visibility (SAVE framework)
IDS (Intrusion Detection Systems)
anomaly-based analysis
data center security
heuristic-based analysis
identifying/classifying security threats
signature updates
tuning
pattern matching
protocol analysis
signatures
IEEE 802.1x
IGP (Interior Gateway Protocols)
distance vector protocols
link state protocols
IKE
identity and trust (SAVE framework)
IM (Instant Messaging)
small business case study
IMS (Internet Motion Sensor), security intelligence
incident response
large business case studies
incident response collaborative teams (CSIRT)
Incident Response Reports
Lessons Learned section
ratings systems
incident-handling
ACL
VACL
forensics
Linux forensics tools
log files
Windows forensics tools
law enforcement
Computer Fraud and Abuse Act
HIPAA
IC3
Infragard
U.S. Department of Justice website
policies/procedures
checklists
collaboration
documentation
escalation procedures
patch management
private VLAN
RTBH
Infragard
infrastructure devices
AAA, configuring on
medium-sized business case studies
infrastructure security
automated security tools
Cisco IOS AutoSecure
SDM
disabling unnecessary services
BOOTP servers
CDP
Finger protocol
ICMP redirect messages
IDENT
IP Directed Broadcasts
IP source routing
IPv6
MOP
PAD
proxy ARP
TCP/UDP small servers
locking unused network access device ports
policy enforcement
iACL
Unicast RPF
resource exhaustion control
CoPP
CPU packet generation
filtering CPU traffic
processors versus interrupt time
rACL
rate limiting CPU traffic
resource threshold notifications
scheduler allocation command
scheduler interval command
router planes
routing protocols
authentication
route filtering
static routing peers
TTL security checks
strong device access control
authentication banner configuration
CLI Views
interactive access control
local password management
SNMP access control
SSH versus Telnet
telemetry
Ingress NetFlow
instrumentation and management (SAVE framework)
Cisco IOS configuration logger logs
Cisco IOS configuration rollback feature
Cisco IOS CR XML interface
CSM
embedded device managers
RMON
SNMP
Syslog
intelligence (security)
Cisco Security Center
CVSS
base metrics
environmental metrics
temporal metrics
IMS (Internet Motion Sensor)
research initiatives/organizations
interactive access control (infrastructure security)
Internet edge routers
medium-sized business case studies
Internet usage policies
large business case studies
IOS
configuration logger
instrumentation and management (SAVE framework)
configuration rollback feature
instrumentation and management (SAVE framework)
CR XML interface
instrumentation and management (SAVE framework)
role-based CLI Access
isolation and virtualization (SAVE framework)
IOS routers
small business case study
SNMP logging, enabling
SYSLOG logging, enabling
IOS switches
SNMP logging, enabling
SYSLOG logging, enabling
IP
source routing
infrastructure security, disabling for
IP addresses
dark IP addresses
IP addressing
small business case study
IP Directed Broadcasts
infrastructure security, disabling for
ip http access-class command
interactive access control (infrastructure security)
ip http authentication command
enabling HTTP authentication
ip http max-connections command
interactive access control (infrastructure security)
IP routing
small business case study
IP Source Guard
identity and trust (SAVE framework)
IP telephony
access layer
ARP
BPDU
DAI
DHCP snooping
NAC
port security
root guards
VLAN assignment
Cisco Personal Assistant
hardening operating environment
server security policies
Cisco Unified CallManager
Cisco Unified CME
Cisco Unity
Cisco Unity Express
core layer
distribution layer
GLBP
HSRP
eavesdropping attacks
ip verify source vlan dhcp-snooping interface subcommand
enabling IP Source Guard
IPFIX WG (IETF Internet Protocol Flow Information Export Work Group)
IPS
data center network intrusion detection/prevention systems
sending selective traffic to
IP telephony eavesdropping attacks
visibility (SAVE framework)
IPS (Intrusion Prevention Systems)
data center security
identifying/classifying security threats
anomaly detection
signature updates
tuning
IDM
wireless IPS
configuring sensors in WLC
configuring signatures
IPsec
IPv6
remote access VPN
large business case studies
IPsec (IP Security)
technical overview of
main mode negotiation
phase 1 negotiation
phase 2 negotiation
Transport mode
Tunnel mode
WEP
IPv4 (Internet Protocol version 4)
IPv6 versus
IPv6 (Internet Protocol version 6)
filtering
ACL
extension headers
ICMP filtering
fragmentation
header manipulation attacks
IPsec
IPv4 versus
local identifiers
reconnaissance
security through obscurity
routing security
smurf attacks
spoofing
subnet prefixes
IPv6 (IP Version 6)
infrastructure security, disabling for
ipv6 access-list command
ISAC (Information Sharing and Analysis Centers)
isolation and virtualization (SAVE framework)
anomaly detection zones
Cisco IOS role-based CLI Access
CLI Views
firewall segmentation
network device virtualization
VLAN segmentation
VRF segmentation
VRF-Lite segmentation
ITU-T X.805
SAVE versus
L
large business case studies
CSIRT
incident response
IPsec remote access VPN, deploying
load-balancing
security policy creation
change management policies
device security policies
Internet usage policies
patch management policies
perimeter security policies
physical security policies
remote access VPN policies
law enforcement
Computer Fraud and Abuse Act
HIPAA
IC3
Infragard
U.S. Department of Justice website
Lawful intercept view (CLI Views)
layer 2 routing
visibility (SAVE framework)
layer 3 routing
visibility (SAVE framework)
layered diagrams
LEAP
Lessons Learned section (Incident Response Reports)
link state protocols (IGP)
Linux
forensics tools
Autopsy
netstat command
pstree command
Sleuth Kit
load balancers
data center security
SYN cookies
load-balancing
large business case studies
local identifiers
IPv6
log files (forensics)
logging on host command
enabling SYSLOG logging on ASA/PIX security appliances
logging on command
enabling SYSLOG logging on ASA/PIX security appliances
logging trap command
enabling SYSLOG logging on ASA/PIX security appliances
SYSLOG logging
logic attacks
defining
examples of
login block-for command
interactive access control (infrastructure security)
login delay command
interactive access control (infrastructure security)
login quiet-mode access-class global command
configuring exception ACL
looped feedback
postmortems
m/p
LWAPP (Lightweight Access Point Protocol)
LWAPP (Lightweight Acess Point Protocol)
M
main mode negotiation (IPsec)
medium-sized business case studies
AAA, configuring on infrastructure devices
active-standby failovers, configuring on ASA
AIP-SSM, configuring on ASA
Internet edge routers
memory
threshold notifications
memory free low-watermark io threshold command
memory threshold notifications, configuring for infrastructure security
memory free low-watermark processor threshold global command
memory threshold notifications, configuring for infrastructure security
memory reserve critical kilobytes command
memory threshold notifications, configuring for infrastructure security
MFP (Management Frame Protection)
mls flow ip interface-full command
collecting CLI NetFlow statistics
mode multiple command
FWSM configuration for data center segmentation
monitoring tools (open source)
identifying/classifying security threats
MOP (Maintenance Operations Protocol)
infrastructure security, disabling for
N
NAC (Network Admission Control)
access layer (IP telephony)
administrative tasks
appliance configuration
escalation procedures
identity and trust (SAVE framework)
NAC Appliance
CAM
CAS
Clean Access Agents
High Availability
IB mode
OOB mode
NAC Framework
NAD
NAH
phased deployments
staff and support
WLC configuration
NAC Appliance
CAM
CAS
Centralized Deployment mode
Edge Deployment mode
Real IP mode
Virtual Gateway mode
Clean Access Agents
High Availability
IB mode
OOB mode
NAC Framework
NAD
NAH
NAD (NAC Framework)
NAH (NAC Agentless Hosts)
NAM (Network Analysis Module)
visibility (SAVE framework)
NANOG (North American Network Operators Group)
tracebacks
NAS (network access servers). See also RADIUS
NAT
configuring
small business case study
NAT (Network Address Translation)
FWSM configuration for data center segmentation
network firewalls
NDE packet templates (NetFlow)
NetFlow
as anomaly detection systems
Cisco platform support
CLI statistics, collecting
data center security
distribution layer switches
configuring at
Egress NetFlow
enabling
Flexible NetFlow
flows
elements of
exporting data from
IPFIX WG
obtaining additional information from
Ingress NetFlow
NDE packet templates
netstat command
Linux forensics
network access devices
locking down unused ports (infrastructure security)
Network Authentication screen (CSSC)
network devices
isolation and virtualization (SAVE framework)
network firewalls
deep packet inspection
DMZ
NAT
packet filters
router configurations
stateful firewalls
network intrusion detection/prevention systems
data centers, deploying for
monitoring
sending selectiv traffic to IDS/IPS devices
tuning
Network Profile screen (CSSC)
networks
diagrams
high-level enterprise diagrams
layered diagrams
visibility
threat modeling (risk analysis)
no ip bootp server global command
BOOTP servers, disabling for infrastructure security
no ip identd global command
IDENT, disabling for infrastructure security
no ip redirects interface subcommand
ICMP redirect messages, disabling for infrastructure security
no ipv6 address interface subcommand
disabling IPv6 for infrastructure security
no ipv6 enable interface subcommand
disabling IPv6 for infrastructure security
no service pad global command
PAD, disabling for infrastructure security
O
OOB (out-of-band) mode (NAC appliance)
open source
monitoring tools
identifying/classifying security threats
P
packet filters
packet registration
CPU traffic
infrastructure security
PAD (Packet Assembler/Disassembler)
infrastructure security, disabling for
parser view command
passwords
local password management
infrastructure security
PAT
small business case study
patch management
endpoint security
security policies, building
patch management policies
large business case studies
patches
managing (incident-handling policies)
pattern matching
stateful pattern-matching recognition
pattern matching (IDS)
Peakflow SP
correlation (SAVE framework)
Peakflow X
correlation (SAVE framework)
PEAP
penetration testing
black-box testing
confidentiality requirements
crystal-box (grey box) testing
infrastructure device configuration audits
open-source tools
scheduling
white-box testing
perimeter security policies
large business case studies
personal firewalls
CSA
phase 1 negotiation (IPsec)
phase 2 negotiation (IPsec)
phishing attacks
phone tapping attacks
IP telephony
physical security policies
large business case studies
ping-of-death attacks
PIX security appliances
enabling SNMP logging on
enabling SYSLOG logging on
PKI
digital certificates
identity and trust (SAVE framework)
policies (security), building
flexibility
patch management
security changes
SME (subject matter experts)
updates
policy enforcement (SAVE framework)
port-control auto command
ports
security
access layer (IP telephony)
TCP ports
Cisco Unity
UDP ports
Cisco Unity
unused network access device ports
locking for infrastructure security
postmortems
action plans, building
data analysis
data collection
Incident Response Reports
Lessons Learned section
ratings systems
large business case studies
looped feedback
typical questions answered in
prosecuting attacks
Computer Fraud and Abuse Act
HIPAA
IC3
Infragard
U.S. Department of Justice website
protocol analysis
proxy ARP (Address Resolution Protocol)
infrastructure security, disabling for
pstree command
Linux forensics
Q
quarantining
R
rACL (receive Access Control Lists)
CPU traffic
infrastructure security
RADIUS (Remote Authentication Dial-In User Service)
RADIUS (Remote Authentication Dial-In User Service).
RADIUS servers
WLC
adding to
Raleigh Office Cisco ASA configuration (small business case studies)
configuring
access control
antispoofing configuration
Identity NAT
IM
IP addressing/routing
PAT
Static NAT
rate limits
CPU traffic
infrastructure security
ratings systems (Incident Response Reports)
Real IP mode (CAS)
reconnaissance
IPv6
security through obscurity
redirect messages (ICMP)
infrastructure security, disabling for
remote access VPN
large business case studies
remote access VPN policies
large business case studies
remote-access VPN (Virtual Private Networks)
resource attacks
defining
examples of
resource exhaustion, controlling (infrastructure security)
CoPP
CPU packet generation
filtering CPU traffic
processors versus interrupt time
rACL
rate limiting CPU traffic
resource threshold notifications
scheduler allocate command
scheduler interval command
RF (radio frequencies)
WLC
risk analysis
penetration testing
black-box testing
confidentiality requirements
crystal-box (grey-box) testing
infrastructure device configuration audits
open-source tools
scheduling
white-box testing
threat modeling
COPM
DREAD model
network visibility
vulnerabilities, defining
RMON
instrumentation and management (SAVE framework)
role-based CLI. See CLI Views
root guards
IP telephony
access layer
Root views (CLI Views)
route filtering
infrastructure security
Routed mode (FWSM)
router planes
infrastructure security
routers
ACL
blocking unauthorized hosts/users
BGP routers
hopy-by-hop tracebacks
IOS routers
enabling SNMP logging
enabling SYSLOG logging
network firewalls
configuring
sinkhole routers
routing protocols
authentication
identity and trust (SAVE framework)
EGP
IGP
distance vector protocols
link state protocols
infrastructure security
authentication
route filtering
static routing peers
TTL security checks
routing security
IPv6
routing tables
visibility (SAVE framework)
RTBH (Remotely Triggered Black Hole)
RTBH (Remotely Triggered Black Holes)
iBGP
sinkholes
S
SAVE (Security Assessment, Validation, and Execution) framework
correlation
CSA-MC
CS-MARS
Peakflow SP
Peakflow X
identity and trust
AAA
Cisco Guard active verification
DHCP snooping
digital certificates
IKE
IP Source Guard
NAC
routing protocol authentication
strict Unicast RPF
instrumentation and management
Cisco IOS configuration logger logs
Cisco IOS configuration rollback feature
Cisco IOS XR XML interface
CSM
embedded device managers
RMON
SNMP
Syslog
isolation and virtualization
anomaly detection zones
Cisco IOS role-based CLI Access
CLI Views
firewalls segmentation
network device virtualization
VLAN segmentation
VRF segmentation
VRF-Lite segmentation
ITU-T X.805 versus
policy enforcement
visibility
anomaly detection
CDP
CEF tables
IDS
IPS
layer 2 routing information
layer 3 routing information
NAM
routing tables
visualization techniques
scheduler allocate command
infrastructure security
scheduler interval command
infrastructure security
scheduling
penetration tests
SDM (Secure Device Manager)
infrastructure security
Secure ACS Servers
configuring 802.1x with EAP-FAST
security intelligence
Cisco Security Center
CVSS
base metrics
environmental metrics
temporal metrics
IMS (Internet Motion Sensor)
research initiatives/organizations
security policies
change management policies
large business case studies
device security policies
large business case studies
Internet usage policies
large business case studies
large business case studies
change management policies
device security policies
Internet usage policies
patch management policies
perimeter security policies
physical security policies
remote access VPN policies
patch management policies
large business case studies
perimeter security policies
large business case studies
physical security policies
large business case studies
remote access VPN policies
large business case studies
security policies, building
flexibility
patch management
security changes
SME (subject matter experts)
updates
security through obscurity
seeds
segmentation
data center security
FWSM
firewalls
isolation and virtualization (SAVE framework)
VLAN
isolation and virtualization (SAVE framework)
VRF
isolation and virtualization (SAVE framework)
VRF-Lite
isolation and virtualization (SAVE framework)
service password-encryption global command
local password management (infrastructure security)
service tcp-keepalives-in command
enabling TCP keepalives on incoming sessions
service timestamps log datetime command
enabling SYSLOG logging on IOS routers
set port disable command
network access device ports, locking for infrastructure security
Shadowserver.com website
botnet activity
show ip cache flow command
collecting CLI NetFlow statistics
Enterprise tracebacks
show ip dhcp snooping command
verifying DHCP snooping VLAN configurations
show ip flow export command
collecting CLI NetFlow statistics
show snmp group command
viewing SNMP group information
signature updates
IPS/IDS devices
signatures
IDS
sinkholes
site-to-site VPN
small business case study
site-to-site VPN (Virtual Private Networks)
Sleuth Kit (Linux forensics tool)
small business case studies
Atlanta Office Cisco ISO configuration
locking down IOS routers
NAT configuration
site-to-site VPN
Raleigh Office Cisco ASA configuration
access control
antispoofing configuration
Identity NAT
IM
IP addressing/routing
PAT
Static NAT
SME (subject matter experts)
security policies, building
smurf attacks
IPv6
SNMP
access control
infrastructure security
ASA security appliances, enabling logging on
instrumentation and management (SAVE framework)
IOS router/switch logging, enabling
PIX security appliances, enabling logging on
snmp deny version command
snmp-server enable traps cpu threshold command
CPU threshold violation notification, configuring for infrastructure security
snooping (DHCP)
identity and trust (SAVE framework)
social engineering
source routing (IP)
infrastructure security, disabling for
spoofing
IPv6
SRTP (Source Real-Time Transport Protocol)
IP telephony eavesdropping attacks
SSH
Telnet versus
ssh timeout command
modifying idle timeouts
SSL (Secure Sockets Layer)
VPN
stateful firewalls
stateful pattern-matching recognition
Static NAT
small business case study
strong device access control (infrastructure security)
authentication banner configuration
CLI Views
interactive access control
local password management
SNMP access control
SSH versus Telnet
subnet prefixes
IPv6
Superviews (CLI Views)
supplicants (802.1x)
switches
catalyst switches
enabling SYSLOG logging on CATOS running switches
distribution layer switches
configuring NetFlow at
IOS switches
enabling SNMP logging
enabling SYSLOG logging
switchport port-security violation restrict command
IP telephony security
SYN cookies
data center security
SYN-flooding
Syslog
instrumentation and management (SAVE framework)
SYSLOG (System Logs)
ASA security appliances, enabling logging on
CATOS running catalyst switches, enabling logging on
IOS router/switch logging, enabling
PIX security appliances, enabling logging on
Systenals (Windows forensics tools)
T
TACACS+
TAD XT (Traffic Anomaly Detectors XT)
identifying/classifying security threats
TCP Client
IDENT
infrastructure security, disabling for
TCP ports
Cisco Unity
TCP small servers
infrastructure security, disabling for
TEAP (Tunneled EAP). See EAP-FAST
telemetry
infrastructure security
telemetry/anomaly detection
CS-MARS
Guard XT
IPS
NAM
NetFlow
Cisco platform support
collecting CLI statistics
Egress NetFlow
enabling
flows, elements of
flows, exporting data from
flows, obtaining additional information from
Ingress NetFlow
IPFIX WG
NDE packet templates
open source monitoring tools
SNMP
enabling IOS router/switch logging
enabling logging on ASA security appliances
enabling logging on PIX security appliances
SYSLOG
enabling IOS router/switch logging
enabling logging on ASA security appliances
enabling logging on CATOS running catalyst switches
enabling logging on PIX security appliances
TAD XT
telephony (IP)
access layer
802.1x
ARP
BPDU
DAI
DHCP snooping
NAC
port security
root guards
VLAN assignment
Cisco Personal Assistant
hardening operating environment
server security policies
Cisco Unified CallManager
Cisco Unified CME
Cisco Unity
Cisco Unity Express
core layer
distribution layer
GLBP
HSRP
eavesdropping attacks
Telnet
SSH versus
telnet timeout command
modifying idle timeouts
templates
NDE packet templates (NetFlow)
temporal metrics (CVSS)
threat modeling
COPM
DREAD model
network visibility
threats (security)
identifying/classifying
CS-MARS
Guard XT
IDS
IPS
NAM
NetFlow
network visibility
open source monitoring tools
SNMP
SYSLOG
TAD XT
threshold notifications
infrastructure security
tiered access control
data centers
timeouts
idle timeouts
modifying
TKIP (Temporal Key Integrity Protocol)
WEP
WPA
topology maps
SAVE framework
tracebacks
backscatter
botnets
Enterprise
CS-MARS
dot-dot attacks
hop-by-hop
botnets
zombies
requirements
service provider environments
zombies
traffic flows
SAVE framework
transmitting data
telemetry
infrastructure security
Transparent mode (FWSM)
transport input command
interactive access control (infrastructure security)
Transport mode (IPsec)
TTL (Time-to-Live) security checks
routing protocols
infrastructure security
tuning
data center network intrusion detection/prevention systems
IPS/IDS devices
Tunnel mode (IPsec)
tunneled authentication
U
UDP ports
Cisco Unity
UDP small servers
infrastructure security, disabling for
unauthorized hosts/users
blocking from routers via ACL
Unicast RPF
identity and trust (SAVE framework)
Unicast RPF (Reverse Path Forwarding)
infrastructure security policy enforcement
unified mode (AP)
Unified Wireless Networks
AP
architecture of
configuring 802.1x with EAP-FAST
LWAPP
MFP
NAC
appliance configuration
WLC configuration
wireless IPS
configuring sensors in WLC
configuring signatures
Wireless Location Appliance
updates
security policies
signatures
IPS/IDS devices
U.S. Department of Justice website
username command
associating local users CLI Views
V
VACL (VLAN ACL)
Virtual Fragment Reassembly
FWSM data center segmentation
Virtual Gateway mode (CAS)
visibility (networks)
visibility (SAVE framework)
anomaly detection
CDP
CEF tables
IDS
IPS
layer 2 routing information
layer 3 routing information
NAM
routing tables
VLAN
DHCP snooping
IP telephony
access layer
private VLAN
segmentation
isolation and virtualization (SAVE framework)
VPN (Virtual Private Networks)
IPsec
technical overview of
remote access VPN policies
large business case studies
remote-access VPN
site-to-site VPN
small business case study
SSL VPN
VPN (virtual private networks)
remote access VPN
large business case studies
VRF
segmentation
isolation and virtualization (SAVE framework)
VRF-Lite
segmentation
isolation and virtualization (SAVE framework)
vulnerabilities (risk analysis), defining
W
websites
security intelligence
Cisco Security Center
IMS (Internet Motion Sensor)
WEP (Wired Equivalent Privacy)
AES encryption protocol
ICV
IPsec
limitations of
seeds
TKIP
white-box penetration testing
Windows
forensics tools
EnCase
Systernals
wireless IPS (Intrusion Prevention Systems)
configuring
sensors in WLC
signatures
Wireless Location Appliance
wireless networks
authentication
802.1x
configuring CSSC
configuring WLC
EAP-FAST
EAP-GTC
EAP-MD5
EAP-TLS
EAP-TTLS
LEAP
PEAP
WEP
WPA
Secure ACS Servers
configuring for 802.1x and EAP-FAST
Unified Wireless Networks
AP
architecture of
configuring 802.1x with EAP-FAST
LWAPP
MFP
NAC
wireless IPS
Wireless Location Appliance
WLC
configuring via NAC
RF
WLC (wireless LAN context)
adding RADIUS servers to
configuring
worms
data center security
Cisco Guard
Flexible NetFlow
IDS
infrastructure protection
IPS
NetFlow
WPA (Wi-Fi Protected Access)
Z
zombies
hop-by-hop tracebacks
tracebacks