CCNP Security IPS 642-627 Official Cert Guide: (Official Cert Guide)

This is the eBook version of the printed book.Note that the eBook does not provide access to the practice test software that accompanies the print book.   CCNP Security IPS 642-627 Official Cert Guide is a best-of-breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security IPS exam. Senior security engineers David Burns, Odunayo Adesina, and Keith Barker share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.   Learn, prepare, and practice for exam success Master CCNP Security IPS 642-627 exam topics Assess your knowledge with chapter-opening quizzes Review key concepts with exam preparation tasks CCNP Security IPS 642-627 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.   Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.   CCNP Security IPS 642-627 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.   The official study guide helps you master all the topics on the CCNP Security IPS exam, including Cisco IPS software, hardware, and supporting applications Network IPS and IDS deployment architecture Installing and maintaining Cisco IPS physical and virtual sensors Traffic analysis IPS signatures and responses Anomaly-based operations Improving alarm response and quality Managing and analyzing events High availability and performance IPS modules for ASAs, routers, and switches  

Table of Contents:
Introduction xxviii Part I Introduction to Intrusion Prevention and Detection, Cisco IPS Software, and Supporting Devices 3 Chapter 1 Intrusion Prevention and Intrusion Detection Systems 5 “Do I Know This Already?” Quiz 5 Foundation Topics 8 Intrusion Prevention Overview 8 Intrusion Detection Versus Intrusion Prevention 8 Intrusion Prevention Terminology 9 Intrusion Prevention Systems 12     Features of Network Intrusion Prevention Systems 13     Limitations of Network Intrusion Prevention Systems 14 Network Intrusion Prevention Approaches 14 Endpoint Security Controls 16     Host-Based Firewalls 17     API and System Call Interception 17     Cisco Security Agent 17     Antimalware Agents 18     Data Loss Prevention Agents 19     Cryptographic Data Protection 19 A Systems Approach to Security 20 Exam Preparation Tasks 21 Review All the Key Topics 21 Complete the Tables and Lists from Memory 21 Define Key Terms 21 Chapter 2 Cisco IPS Software, Hardware, and Supporting Applications 23 Overview 23 “Do I Know This Already?” Quiz 23 Foundation Topics 26 Cisco IPS Network Sensors 26 Cisco IPS 4200 Series Sensors 27     Cisco IPS 4240 Sensor 28     Cisco IPS 4255 Sensor 29     Cisco IPS 4260 Sensor 30     Cisco IPS 4270 Sensor 32     Sensing Interface Details 33         10GE Interface Card 33         4GE Bypass Interface Card 33         2SX Interface Card 34     Cisco ASA AIP SSM and AIP SSC-5 Modules 34     Cisco Catalyst 6500 Series IDSM-2 Module 35     Cisco AIM-IPS and NME-IPS Supported on Cisco ISR Routers 36 Cisco IPS Software Architecture 38 Cisco IPS Management Products 41     Cisco IPS Device Manager 42     Cisco IPS Manager Express 42     Cisco Security Manager 43     Cisco Security MARS 43 Cisco Security Intelligence Operations and Cisco Security IntelliShield Alert Manager Service 45     Cisco Security IntelliShield Alert Manager Service 47 Summary 48 References 48 Exam Preparation Tasks 49 Review All the Key Topics 49 Definitions of Key Terms 49 Chapter 3 Network IPS Traffic Analysis Methods, Evasion Possibilities, and Anti-evasive Countermeasures 51 Overview 51 “Do I Know This Already?” Quiz 51 Foundation Topics 54 Network IPS Traffic Analysis Methods 54     Stateful Content Matching 54     Protocol Decoding 55     Traffic Correlation 55     Rate Analysis 55     Packet Header Matching 56     Packet Content Matching 56     Statistical Modeling 57     Event Correlation 57 Network IPS Evasion Techniques 57     Encryption and Tunneling 58     Timing Attacks 58     Resource Exhaustion 58     Traffic Fragmentation 59     Protocol-Level Misinterpretation 59     Traffic Substitution and Insertion 60 Summary 63 References 63 Exam Preparation Tasks 64 Review All the Key Topics 64 Complete the Tables and Lists from Memory 64 Definitions of Key Terms 64 Chapter 4 Network IPS and IDS Deployment Architecture 67 Overview 67 “Do I Know This Already?” Quiz 67 Foundation Topics 70 Sensor Deployment Considerations 70     Security Considerations 70     Prevention Mode Versus Detection Mode 70     Performance Considerations 71     Virtualization Requirements 72 Network IPS Implementation Guidelines 72     Enterprise or Provider Internet Edge 73     Wide-Area Network 75     Implementing an IPS in Data Centers 78     Centralized Campus 79 Design and Implementation Resources 81 Summary 81 Exam Preparation Tasks 82 Review All the Key Topics 82 Definitions of Key Terms 82 Part II Installing and Maintaining Cisco IPS Sensors 85 Chapter 5 Integrating the Cisco IPS Sensor into a Network 87 Overview 87 “Do I Know This Already?” Quiz 87 Foundation Topics 90 Sensor Deployment Modes 90     Deploying Sensors in Promiscuous Mode 90     Deploying Sensors in Inline Interface Pair Mode 100     Deploying Sensors in Inline VLAN Pair Mode 102     Deploying Sensors in Inline VLAN Group Mode 103     Deploying Sensors in Selective Inline Analysis Mode 105 Design and Implementation Resources 107 Summary 107 Exam Preparation Tasks 108 Review All the Key Topics 108 Definitions of Key Terms 108 Chapter 6 Performing the Cisco IPS Sensor Initial Setup 111 Overview 111 “Do I Know This Already?” Quiz 111 Foundation Topics 114 Accessing and Using the Cisco IPS Sensor CLI 114     IPS Modules 114     Command-Line Interface Features 116     Command-Line Interface Uses 119     Command-Line Interface Modes 119 Initializing the Cisco IPS Sensor 123 Introducing and Configuring Cisco IPS Device Manager 126 Deploying and Configuring Cisco IPS Sensor Interfaces 130     Creating Promiscuous Interfaces 132     Creating Inline Interface Pairs 133     Creating Inline VLAN Pairs 133     Creating Inline VLAN Groups 133     Configuring a CDP Policy 134     Configuring Traffic Flow Notifications 134     Configuring Sensor Bypass 135 Troubleshooting the Initial Cisco IPS Sensor Configuration 136 Troubleshooting the Cisco IPS Sensor Hardware 138 Restoring the Cisco IPS Sensor Default Settings 138 Summary 138 References 139 Exam Preparation Tasks 140 Review All the Key Topics 140 Definitions of Key Terms 140 Chapter 7 Managing Cisco IPS Devices 143 Overview 143 “Do I Know This Already?” Quiz 143 Foundation Topics 146 Managing Basic IPS Sensor Device Features 146     Reconfiguring Basic Network Settings 146     Configuring Time and Time Zone 147     Scheduling Sensor Reboots 150     Viewing the Local Sensor Events Log 150 Managing Users and Remote Management Channels 151     Sensor Local User Accounts 151     Managing the Sensor’s Authentication Credentials 153     Managing Remote Management Access Rules 154 Managing Cisco IPS Licensing 155 Upgrading and Recovering Cisco IPS Sensor Software 157 Updating Cisco IPS Signatures 160 Recovering System Passwords 162 Monitoring Cisco IPS Sensor Health and Performance 163     Displaying and Troubleshooting the Sensor 163     Monitoring Sensor Health and Performance 165 Summary 167 References 168 Exam Preparation Tasks 169 Review All the Key Topics 169 Definitions of Key Terms 169 Part III Applying Cisco IPS Security Policies 171 Chapter 8 Configuring Basic Traffic Analysis 173 Overview 173 “Do I Know This Already?” Quiz 173 Foundation Topics 176 Configuring the Default Virtual Sensor 176     Assigning and Verifying Traffic Sources to the Default Virtual Sensor 176 Understanding Cisco IPS Sensor Inline Traffic Normalization 177     Clearing Flow States 177 Configuring Cisco IPS Sensor Promiscuous Mode Traffic     Reassembly Options 179     IP Fragment Reassembly 179     TCP Stream Reassembly 180 Configuring TCP Session Tracking 181 Understanding IPv6 Support in Cisco IPS Sensors 182 Selecting and Configuring Cisco IPS Sensor Bypass 183 Summary 184 References 185 Exam Preparation Tasks 186 Review All the Key Topics 186 Definitions of Key Terms 186 Chapter 9 Implementing Cisco IPS Signatures and Responses 189 Overview 189 “Do I Know This Already?” Quiz 189 Foundation Topics 192 Cisco IPS Signatures 192     Signature Engines 193     Alerts 193 Configuring Basic Signature Properties 197     Enabling and Disabling Signatures 200     Retiring and Activating Signatures 200 Configuring Signature Actions 201     Signature Detective Actions 201     SNMP Traps 202     Signature Preventive Actions 202     Managing Denied Attackers 205     Detective Signature Action Implementation Guidelines 205     Preventive Signature Action Implementation Guidelines 206 Configuring Remote Blocking 207     Using ACLs on a Router 207     Configuration Tasks 208 Configuring Packet Capture and IP Logging 214     Downloading, Saving, and Stopping IP Logs 218 Understanding Threat and Risk Management 219 Risk Rating Calculation 221 Threat Rating 221 Understanding and Configuring Event Action Overrides 223 Using Event Action Filters 226 Choosing an Action Configuration Strategy 228 Examining Alerts in IPS Event Logs 229     Viewing Events in the Cisco IDM 232 Summary 233 References 234 Exam Preparation Tasks 235 Review All the Key Topics 235 Complete the Tables and Lists from Memory 235 Definitions of Key Terms 235 Chapter 10 Configuring Cisco IPS Signature Engines and the Signature Database 237 Overview 237 “Do I Know This Already?” Quiz 237 Foundation Topics 239 Using Cisco IPS Signature Engines and Configuring Common     Signature Engine Parameters 239     Signature and Signature Engines 239     Trigger Counting 243     Summary Key 244     Alarm Summarization 244     Dynamic Alarm Summarization 244 Deploying ATOMIC Signature Engines 245     ATOMIC IP Signature Example 245     Implementation Guidelines for ATOMIC Signature Engines 246 Deploying STRING Signature Engines 246     STRING TCP Signature Example 246     Implementation Guidelines for STRING Signature Engines 247 Deploying SERVICE Signature Engines 247     SERVICE HTTP Signature Example 248     Implementation Guidelines for SERVICE Signature Engines 248 Deploying FLOOD Signature Engines 249     FLOOD Signature Example 249     Implementation Guidelines for FLOOD Signature Engines 249 Deploying SWEEP Signature Engines 250     SWEEP Signature Example 250     Implementation Guidelines for SWEEP Signature Engines 250 Deploying the META Signature Engine 251     META Correlation Example 251     Implementation Guidelines for META Signature Engines 251 Deploying the NORMALIZER Engine 252     NORMALIZER Engine Example 252     Implementation Guidelines for the NORMALIZER Engine 252 Deploying Other Engines 253     AIC Signature Engine Example 253     Implementation Guidelines for AIC Engines 253 Summary 254 References 254 Exam Preparation Tasks 255 Review All the Key Topics 255 Complete the Tables and Lists from Memory 255 Definitions of Key Terms 255 Chapter 11 Deploying Anomaly-Based Operation 257 Overview 257 “Do I Know This Already?” Quiz 257 Foundation Topics 259 Anomaly Detection Overview 259     Scanning Worm Details 259 Anomaly Detection Components 260     Histograms 261     Zones 261     Learning 261     Signatures Related to Anomaly Detection 262 Configuring Anomaly Detection 262     Default Anomaly Detection Policy ad0 262 Verifying Anomaly Detection 271     Verifying Anomaly Detection at the Command Line 273     Troubleshooting Anomaly Detection 274 Summary 275 References 275 Exam Preparation Tasks 276 Review All the Key Topics 276 Definitions of Key Terms 276 Part IV Adapting Traffic Analysis and Response to the Environment 279 Chapter 12 Customizing Traffic Analysis 281 Overview 281 “Do I Know This Already?” Quiz 281 Foundation Topics 283 Understanding Custom Signatures 283     Creating Custom Signature Guidelines 283     Selecting Criteria to Match 284     Regular Expressions 284 Using the Custom Signature Wizard 285     Signature Wizard, Specifying the Engine 286     Verifying the Custom Signature 293     Signature Wizard, Without Specifying the Engine 297 Creating Custom Signatures, Without the Wizard 306 Summary 308 References 308 Exam Preparation Tasks 309 Review All the Key Topics 309 Definitions of Key Terms 309 Chapter 13 Managing False Positives and False Negatives 311 Overview 311 “Do I Know This Already?” Quiz 311 Foundation Topics 313 Identifying False Positives and False Negatives 313     False Positives 313     False Negatives 313     Tuning Consequences 314     Tuning Process Prioritization 314 Tuning to Reduce False Positives 314     Do No Harm, Initially 315     Learning About the Signatures and Why They Triggered a False Positive 316     Selecting and Verifying Signatures and Rules in Place 316     Removing All Aggressive Actions 317     Adding Verbose Alerts and Logging 319     Using the Alert Data and Logging to Tune Out False Positives 322     Tuning the Signatures Based on Your Network 327     Removing the Preliminary Overrides and Filters 328 Tuning the Sensor to Reduce False Negatives 329     Tuning a Specific Signature 330     Promiscuous Mode IP Reassembly 331     TCP Reassembly Mode 333     Normalizer Tuning 334     Application-Layer Decoding and Deobfuscation 335     Encrypted Traffic 335 Summary 336 References 336 Exam Preparation Tasks 337 Review All the Key Topics 337 Definitions of Key Terms 337 Chapter 14 Improving Alarm and Response Quality 339 Overview 339 “Do I Know This Already?” Quiz 339 Foundation Topics 341 Identifying and Adjusting Risk-Rating Components 341     Formula for Risk Rating 341     Using Attack Severity and Signature Fidelity Ratings 342     Target Value Ratings 343     Attack Relevancy Rating 345     Watch List Rating 346 Operating System Fingerprinting 346 Global Correlation and Reputation-Based Filtering 351     Reputation Filters 351     Global Correlation 351 Summary 355 References 355 Exam Preparation Tasks 356 Review All the Key Topics 356 Definitions of Key Terms 356 Part V Managing and Analyzing Events 359 Chapter 15 Installing and Integrating Cisco IPS Manager Express with Cisco IPS Sensors 361 Overview 361 “Do I Know This Already?” Quiz 361 Foundation Topics 364 Cisco IPS Manager Express Overview 364     Cisco IME Versus Cisco IDM 365 Installing Cisco IPS Manager Express 366 Installing Cisco IME 367 Integrating Cisco IPS Manager Express with Cisco IPS Sensors 370 Tuning the Cisco IPS Sensor 374 Using and Customizing the Cisco IPS Manager Express User Interface 376 Customizing Cisco IME: Dashboards 378 Adding Gadgets 380 Customizing Cisco IME: Cisco Security Center 382 Summary 385 References 386 Exam Preparation Tasks 387 Review All the Key Topics 387 Complete the Tables and Lists from Memory 387 Definitions of Key Terms 387 Chapter 16 Managing and Investigating Events Using Cisco IPS Manager Express 389 Overview 389 “Do I Know This Already?” Quiz 389 Foundation Topics 391 Managing IPS Events Using Cisco IPS Manager Express 391     Event Monitoring Views 391     Creating and Customizing Event Views 393     View Settings 393     Customizing Event Views 395     Tuning and Creating IME Filters from the Event Display 398     Saving and Deleting Events 400 Investigating IPS Events Using Cisco IPS Manager Express 401 Acting on IPS Events Using Cisco IPS Manager Express 405 Exporting, Importing, and Archiving Events 408 Summary 409 Exam Preparation Tasks 410 Review All the Key Topics 410 Complete the Tables and Lists from Memory 410 Definitions of Key Terms 410 Chapter 17 Using Cisco IPS Manager Express Correlation, Reporting, Notification, and Archiving 413 Overview 413 “Do I Know This Already?” Quiz 413 Foundation Topics 415 Configuring Event Reporting in Cisco IME 415     IME Reporting 415     Configuring and Generating Reports 416     Event Dashboards 417 Using Notifications in Cisco IME 418 Summary 420 References 420 Exam Preparation Tasks 421 Review All the Key Topics 421 Complete the Tables and Lists from Memory 421 Definitions of Key Terms 421 Chapter 18 Integrating Cisco IPS with CSM and Cisco Security MARS 423 Overview 423 “Do I Know This Already?” Quiz 423 Foundation Topics 425 Configuring Integration with Cisco Security Manager 425     Cisco Security Manager 4.0 Features and Benefits 425     Managing Cisco IPS Sensors Using Cisco Security Manager 428     Adding Sensors to Cisco Security Manager 429 Configuring Integration with Cisco Security MARS 431     Add a Cisco IPS Sensor to MARS 432     Event Feed Verification 434     Cisco Security Manager (CSM) and MARS Cross-Launch Capability 435 Summary 436 References 437 Exam Preparation Tasks 438 Review All the Key Topics 438 Complete the Tables and Lists from Memory 438 Definitions of Key Terms 438 Chapter 19 Using the Cisco IntelliShield Database and Services 441 Overview 441 “Do I Know This Already?” Quiz 441 Foundation Topics 443 Using Cisco Security Intelligence Operations 443     Security Alerts 444     Threat Analysis and Reporting 445     Resources 446     Products and Services Updates 448     IPS Threat Defense Bulletin 448 Using Cisco IntelliShield Alert Manager Service 449     Home Page 451     Alerts 452     IPS Signatures 454     Inbox 455     Product Sets 456     New Product Sets 458     Notifications 459     Reports 460     Preferences 461     Users 461     Groups 461     IntelliShield Alert Manager Service Subscription 461 Summary 461 References 462 Exam Preparation Tasks 463 Review All the Key Topics 463 Complete the Tables and Lists from Memory 463 Definitions of Key Terms 463 Part VI Deploying Virtualization, High Availability, and High-Performance Solutions 465 Chapter 20 Using Cisco IPS Virtual Sensors 467 Overview 467 “Do I Know This Already?” Quiz 467 Foundation Topics 469 Sensor Virtualization Overview 469     Virtual IPS 469 Adding, Editing, and Configuring Virtual Sensors 470 Verifying Virtual Sensor Operation 475 Summary 478 References 478 Exam Preparation Tasks 479 Review All the Key Topics 479 Complete the Tables and Lists from Memory 479 Definitions of Key Terms 479 Chapter 21 Deploying Cisco IPS for High Availability and High Performance 481 Overview 481 “Do I Know This Already?” Quiz 481 Foundation Topics 483 High-Availability Solutions for Cisco IPS Deployments 483 Switching-Based Sensor High Availability 484     EtherChannel-Based High Availability 485         Inline Mode Redundant IPS Sensor Deployment Using a Single Switch 486         Promiscuous Mode Redundant IPS Sensor Deployment Using a Single Switch 486     EtherChannel-Based High-Availability Implementation Guidelines 486     STP-Based High Availability 487     STP-Based High-Availability Implementation Guidelines 487 Routing-Based Sensor High Availability 488     Routing-Based Sensor High-Availability Implementation Guidelines 488 Cisco ASA-Based Sensor High Availability 489     Cisco ASA—Based Sensor High-Availability Implementation Guidelines 490 Cisco IPS Sensor Performance Overview 491     Performance Issues 491     Detecting Performance Issues 492     Configuring Traffic Flow Notifications 492     Inspecting Performance-Related Gadgets 493     Checking Switch SPAN Interfaces for Dropped Packets 495     Scaling SPAN Sessions 496 Increasing Performance Using Load Sharing 497     ECLB with Cisco Catalyst 6500 Series Switch and IDSM-2 497     Guidelines for Increasing Performance Using Load-Sharing Implementation 497 Increasing Performance Using Traffic Reduction 498     Cisco ASA IPS Modules–Inline Operation 498     Cisco ASA IPS Modules–Promiscuous Operation 498     Cisco Catalyst Switches–VACL Capture 498 Summary 499 References 499 Exam Preparation Tasks 500 Review All the Key Topics 500 Complete the Tables and Lists from Memory 500 Definitions of Key Terms 500 Part VII Configuring and Maintaining Specific Cisco IPS Hardware 503 Chapter 22 Configuring and Maintaining the Cisco ASA AIP SSM Modules 505 Overview 505 “Do I Know This Already?” Quiz 505 Foundation Topics 508 Overview of the Cisco ASA AIP SSM and AIP SSC Modules 508     Inline Operation 510     Promiscuous Operation 510     Single-Mode Cisco ASA with Multiple Virtual Sensors 511     Cisco ASA with Security Contexts and Virtual Sensors 512     Deployment Guidelines–ASA AIP SSM and SSC 512 Initializing the Cisco ASA AIP SSM and AIP SSC Modules 512     Initial Configuration of the AIP SSM and AIP SSC 514     Software Update of the AIP SSM and AIP SSC 516     Basic Configuration of the AIP SSM and AIP SSC 520     Access the AIP SSM and AIP SSC Through the Cisco IDM or ASDM 523 Redirecting Traffic to the Cisco ASA AIP SSM and AIP SSC Modules 525     Traffic Redirection Policy Configuration Using the Cisco ASDM 526     Traffic Redirection Policy Configuration Using the CLI 529 Troubleshooting the Cisco ASA AIP SSM and AIP SSC Modules 530 Summary 531 References 531 Exam Preparation Tasks 532 Review All the Key Topics 532 Complete the Tables and Lists from Memory 532 Definitions of Key Terms 532 Chapter 23 Configuring and Maintaining the Cisco ISR AIM-IPS and NME-IPS Modules 535 Overview 535 “Do I Know This Already?” Quiz 535 Foundation Topics 538 Overview of the Cisco ISR AIM-IPS and NME-IPS Modules 538     Inline Operation 540     Promiscuous Operation 540     AIM-IPS and Router Communication 541     NME-IPS and Router Communication 542 Initializing the Cisco ISR AIM-IPS and NME-IPS 543     Initial Configuration of the AIM-IPS and NME-IPS 545 Redirecting Traffic to the Cisco AIM-IPS and NME-IPS 546 Troubleshooting the Cisco AIM-IPS and NME-IPS 547     Heartbeat Operation 547     Rebooting, Resetting, and Shutdown Procedures 548     Password Recovery Procedure 549     IPS Module Interoperability 550 Summary 550 References 551 Exam Preparation Tasks 552 Review All the Key Topics 552 Complete the Tables and Lists from Memory 552 Definitions of Key Terms 552 Chapter 24 Configuring and Maintaining the Cisco IDSM-2 555 Overview 555 “Do I Know This Already?” Quiz 555 Foundation Topics 557 Overview of the Cisco IDSM-2 557     Inline Operation 560     Promiscuous Operation 561 Initializing the Cisco IDSM-2 562     Installing the Cisco IDSM-2 562     Initial Configuration of the Cisco IDSM-2 564     Command and Control Access for the Cisco IDSM-2 568     Redirecting Traffic to the Cisco IDSM-2 568 Maintaining the Cisco IDSM-2 572     Upgrade Procedure 572     Recovery Procedure 572     Upgrading the Application Partition 572     Re-imaging the Maintenance Partition 577 Troubleshooting the Cisco IDSM-2 577     Password Recovery 577 Summary 578 References 579 Exam Preparation Tasks 580 Review All the Key Topics 580 Complete the Tables and Lists from Memory 580 Definitions of Key Terms 580 Part VIII Final Exam Preparation 583 Chapter 25 Final Preparation 585 Tools for Final Preparation 585     Pearson Cert Practice Test Engine and Questions on the CD 585     Install the Software from the CD 586     Activate and Download the Practice Exam 586     Activating Other Exams 587     Premium Edition 587     Cisco Learning Network 587     Memory Tables 588     Chapter-Ending Review Tools 588 Suggested Plan for Final Review/Study 588     Step 1: Review the Key Topics and the “Do I Know This Already?” Questions from the Beginning of the Chapter 589     Step 2: Complete the Memory Tables 589     Step 3: Do Hands-On Practice 589     Step 4: Build Configuration Checklists 590     Step 5: Use the Exam Engine 590 Summary 591 Part IX Appendixes Appendix A Answers to the “Do I Know This Already?” Quizzes 595 Appendix B CCNP Security IPS 642-627 Exam Updates, Version 1.0 609 Glossary 613 Index 619 Appendix C Memory Tables (CD Only) Appendix D Memory Tables Answer Key (CD Only)   9781587142550    TOC    9/23/2011  

About the Author :
David Burns has in-depth knowledge of routing and switching technologies, network security, and mobility. He is currently a systems engineering manager for Cisco, covering various U.S. Service Provider accounts. Dave joined Cisco in July 2008 as a lead systems engineer in a number of areas that include Femtocell, Datacenter, MTSO, and Security Architectures, working for a U.S.-based SP Mobility account. He came to Cisco from a large U.S.-based cable company, where he was a senior network and security design engineer. Dave has held various roles prior to joining Cisco during his ten-plus years in the industry, working in SP operations, SP engineering, SP architecture, enterprise IT, and also U.S. military intelligence communications engineering. He holds various sales and industry/Cisco technical certifications, including the CISSP, CCSP, and CCDP, as well as two associate-level certifications. Dave recently passed the CCIE Security Written and is currently preparing for the CCIE Security Lab. Dave is a big advocate of knowledge transfer and sharing and has a passion for network technologies, especially as they relate to network security. Dave has been a speaker at Cisco Live on topics including Femtocell (IP Mobility) and IPS (Security). Dave earned his bachelor of science degree in telecommunications engineering technology from Southern Polytechnic State University, Georgia, where he currently serves as a member of the Industry Advisory Board for the Computer & Electrical Engineering Technology School.   Odunayo Adesina, CCIE No. 26695 (Routing and Switching), is a systems engineer with Cisco in the U.S. commercial segment. In this role for over four years, Odunayo has worked with commercial customers in St. Louis, Missouri, to help develop their enterprise network architectures, which are typically a combination of borderless, collaboration, and virtualization solutions. He has more than 12 years of experience in the industry and holds various industry and Cisco certifications, including the CISSP No. 54152, CCSP, CEH, and VSP. He was one of the first few people who were CSS1 certified when the Cisco security certification was first developed. Prior to his role at Cisco, Odunayo worked with a large service provider as a network engineer, implementing and managing security, routing, and switching solutions, and later as a security specialist, driving ISO 27001 compliance, developing and enforcing security policies for the enterprise. He also worked with Cisco partners, where he implemented solutions across many industry verticals. Odunayo holds a bachelor of technology degree in electronics and electrical engineering from Ladoke Akintola University of Technology.   Keith Barker, CCIE No. 6783 R/S & Security, is a 27-year veteran of the networking industry. He currently works as a network engineer and trainer for Nova Datacom. His past experience includes EDS, Blue Cross, Paramount Pictures, and KnowledgeNET, and he has delivered CCIE-level training over the past several years. He is CISSP and CCSI certified, loves to teach, and keeps many of his video tutorials at http://www.youtube.com/keith6783. He can be reached at KBarker@NovaDatacom.com or by visiting http://www.NovaDatacom.com.