Cisco Press CCSP CSI Exam Cert Guide.pdf

(7503 KB) Pobierz
0899x.book
CCSP CSI
Exam Certification Guide
Ido Dubrawsky
Paul Grey, CCIE No. 10470
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
CCSP Self-Study
353303166.142.png 353303166.153.png 353303166.164.png 353303166.175.png 353303166.001.png 353303166.012.png 353303166.023.png 353303166.034.png 353303166.045.png 353303166.056.png 353303166.067.png 353303166.078.png 353303166.089.png 353303166.100.png 353303166.102.png 353303166.103.png 353303166.104.png 353303166.105.png 353303166.106.png 353303166.107.png 353303166.108.png 353303166.109.png 353303166.110.png 353303166.111.png 353303166.112.png 353303166.113.png 353303166.114.png 353303166.115.png 353303166.116.png 353303166.117.png 353303166.118.png 353303166.119.png 353303166.120.png 353303166.121.png 353303166.122.png 353303166.123.png 353303166.124.png
ii
CCSP Self-Study
CCSP CSI Exam Certification Guide
Ido Dubrawsky
Paul Grey
Copyright© 2004 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical,
including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher,
except for the inclusion of brief quotations in a review.
Printed in the United States of America 1 2 3 4 5 6 7 8 9 0
First Printing December 2003
Library of Congress Cataloging-in-Publication Number: 2003101711
ISBN: 1-58720-089-9
Warning and Disclaimer
This book is designed to provide information about the Cisco CSI exam. Every effort has been made to make this book as complete and
as accurate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc., shall have neither liability nor
responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from
the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the authors and are not necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or
Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the
validity of any trademark or service mark.
Corporate and Government Sales
Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information,
please contact:
U.S. Corporate and Government Sales
1-800-382-3419 corpsales@pearsontechgroup.com.
For sales outside of the U.S. please contact:
International Sales
1-317-581-3793 international@pearsontechgroup.com.
353303166.125.png 353303166.126.png 353303166.127.png 353303166.128.png 353303166.129.png 353303166.130.png 353303166.131.png 353303166.132.png 353303166.133.png 353303166.134.png 353303166.135.png 353303166.136.png 353303166.137.png 353303166.138.png 353303166.139.png 353303166.140.png 353303166.141.png 353303166.143.png 353303166.144.png 353303166.145.png 353303166.146.png 353303166.147.png 353303166.148.png 353303166.149.png 353303166.150.png 353303166.151.png 353303166.152.png 353303166.154.png 353303166.155.png 353303166.156.png 353303166.157.png 353303166.158.png 353303166.159.png 353303166.160.png 353303166.161.png 353303166.162.png 353303166.163.png
iii
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and preci-
sion, undergoing rigorous development that involves the unique expertise of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of
this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com. Please make
sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Publisher:
John Wait
Cisco Press Program Manager:
Sonia Torres Chavez
Editor-in-Chief:
John Kane
Cisco Representative:
Anthony Wolfenden
Executive Editor:
Brett Bartow
Manager, Marketing Communications, Cisco Systems:
Scott Miller
Production Manager:
Patrick Kanouse
Cisco Marketing Program Manager:
Edie Quiroz
Acquisitions Editor:
Michelle Grandin
Technical Editors:
Greg Abelar, Steve Hanna, Michael Overstreet
Development Editors:
Dayna Isley, Betsey Henkels
CD-ROM Reviewer:
Jamey Brooks
Copy Editor:
Bill McManus
Team Coordinator:
Tammi Barnett
Book and Cover Designer:
Louisa Adair
Composition:
Interactive Composition Corporation
Brad Herriman
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
European Headquarters
Cisco Systems Europe
11 Rue Camille Desmoulins
92782 Issy-les-Moulineaux
Cedex 9
France
http://www-europe.cisco.com
Tel: 33 1 58 04 60 00
Fax: 33 1 58 04 61 00
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883
Asia Pacific Headquarters
Cisco Systems Australia, Pty.,
Ltd
Level 17, 99 Walker Street
North Sydney
NSW 2059 Australia
http://www.cisco.com
Tel: +61 2 8448 7100
Fax: +61 2 9957 4350
Cisco Systems has more than 200 offices in the following countries. Addresses, phone numbers, and fax numbers are listed on the
Cisco Web site at www.cisco.com/go/offices
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China • Colombia • Costa Rica •
Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong Hungary •
India • Indonesia • Ireland • Israel • Italy Japan • Korea • Luxembourg • Malaysia • Mexico The Netherlands • New
Zealand • Norway • Peru • Philippines • Poland Portugal • Puerto Rico • Romania Russia • Saudi Arabia • Scotland
• Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden Switzerland • Taiwan • Thailand • Turkey • Ukraine
• United Kingdom • United States • Venezuela • Vietnam Zimbabwe
Copyright © 2000, Cisco Systems, Inc. All rights reserved. Access Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA,
CCNP, CCSI, CD-PAC, CiscoLink , the Cisco Net Works logo, the Cisco Powered Network logo, Cisco Systems Networking Academy, Fast Step, FireRunner, Follow Me Browsing,
FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, iQuick Study, iQ Readiness Scorecard, The
iQ Logo, Kernel Proxy, MGX, Natural Network Viewer, Network Registrar, the Networkers logo, Packet , PIX, Point and Click Internetworking, Policy Builder, RateMUX,
ReyMaster, ReyView, ScriptShare, Secure Script, Shop with Me, SlideCast, SMARTnet, SVX, TrafficDirector, TransPath, VlanDirector, Voice LAN, Wavelength Router,
Workgroup Director, and Workgroup Stack are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, are
service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco
Systems, Cisco Systems Capital, the Cisco Systems logo, Collision Free, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, IOS, IP/TV, IPX,
LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, are registered trademarks of Cisco Systems,
Inc. or its affiliates in the U.S. and certain other countries.
All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (0010R)
Indexer:
353303166.165.png 353303166.166.png 353303166.167.png 353303166.168.png 353303166.169.png 353303166.170.png 353303166.171.png 353303166.172.png 353303166.173.png 353303166.174.png 353303166.176.png 353303166.177.png 353303166.178.png 353303166.179.png 353303166.180.png 353303166.181.png 353303166.182.png 353303166.183.png 353303166.184.png 353303166.185.png 353303166.002.png 353303166.003.png 353303166.004.png 353303166.005.png 353303166.006.png 353303166.007.png 353303166.008.png 353303166.009.png 353303166.010.png 353303166.011.png 353303166.013.png 353303166.014.png 353303166.015.png 353303166.016.png 353303166.017.png 353303166.018.png 353303166.019.png
iv
About the Authors
is a network security architect with the Cisco Systems, Inc., SAFE Architecture
Team. He is the primary author of the SAFE Layer 2 Application Note, the SAFE in Action white
paper “SAFE SQL Slammer Worm Attack Mitigation,” and the white paper “SAFE: IDS Deployment,
Tuning, and Logging in Depth.” Prior to his work in SAFE, Ido was a member of the Cisco Secure
Consulting Service, providing network security assessment and consulting services to customers
worldwide. Ido has contributed to numerous books and written extensively on network security and
system administration topics. Ido has been working as a system and network administrator for
ten years and has focused on network security for the past five years. He holds bachelor’s and
master’s degrees in aerospace engineering from the University of Texas at Austin. He currently
resides in Silver Spring, Maryland, with his wife and children.
, CCIE No. 10470, is a senior network architect for Boxing Orange Limited, a leading
UK security specialist company, where he provides consultative, design, and implementation
services using Cisco products. Paul also holds the CCNP, CCDP, and CCSP certifications and has
more than 15 years of experience in the field of designing and implementing networking solutions.
He has primarily focused on security solutions over the past 18 months and is currently pursuing his
CCIE Security certification. Paul holds a bachelor’s in chemistry and physiology from the Uni-
versity of Sheffield.
Ido Dubrawsky
Paul Grey
353303166.020.png 353303166.021.png 353303166.022.png 353303166.024.png 353303166.025.png 353303166.026.png 353303166.027.png 353303166.028.png 353303166.029.png 353303166.030.png 353303166.031.png 353303166.032.png 353303166.033.png 353303166.035.png 353303166.036.png 353303166.037.png 353303166.038.png 353303166.039.png 353303166.040.png 353303166.041.png 353303166.042.png 353303166.043.png 353303166.044.png 353303166.046.png 353303166.047.png 353303166.048.png 353303166.049.png 353303166.050.png 353303166.051.png 353303166.052.png 353303166.053.png 353303166.054.png 353303166.055.png 353303166.057.png 353303166.058.png 353303166.059.png 353303166.060.png
v
About the Technical Reviewers
is a seven year veteran of Cisco Systems, Inc. Greg helped train and assemble the
world-class Cisco Technical Assistance Center Security Organization. He is a sought-after speaker
on the subject of security architecture. In addition he founded, project managed, and contributed
content to the CCIE Security Written Exam.
is an education specialist at Cisco Systems, Inc., where he designs and develops
training on Cisco network security products. Steven has more than eight years of experience in the
education field, having been an earth science teacher, a technical instructor, an instructor mentor,
and a course developer. Having more than 11 years of experience in the IT field in general, Steven
has worked as a network engineer or in an educational role for Productivity Point International,
Apple Computer, MCI, Schlumberger Oilfield Services, 3M, and Tivoli Systems, among others. He
graduated from the University of Texas at Austin with degrees in geology, political science, and
education. He currently holds certifications from the state of Texas, the federal government, Novell,
Microsoft, Legato, Tivoli, and Cisco.
is the technical team lead for the Security Posture Assessment (SPA) Team at
Cisco Systems, Inc. He has more than 10 years experience in networking and network adminis-
tration, with seven of those years spent in network security. He has worked at Cisco Systems for five
years in various roles within the SPA Team. Michael holds a bachelor’s degree in computer science
from Christopher Newport University.
Greg Abelar
Steven Hanna
Michael Overstreet
353303166.061.png 353303166.062.png 353303166.063.png 353303166.064.png 353303166.065.png 353303166.066.png 353303166.068.png 353303166.069.png 353303166.070.png 353303166.071.png 353303166.072.png 353303166.073.png 353303166.074.png 353303166.075.png 353303166.076.png 353303166.077.png 353303166.079.png 353303166.080.png 353303166.081.png 353303166.082.png 353303166.083.png 353303166.084.png 353303166.085.png 353303166.086.png 353303166.087.png 353303166.088.png 353303166.090.png 353303166.091.png 353303166.092.png 353303166.093.png 353303166.094.png 353303166.095.png 353303166.096.png 353303166.097.png 353303166.098.png 353303166.099.png 353303166.101.png
Zgłoś jeśli naruszono regulamin