Guest Author
Photo Credit: Study time at Starbucks, April 2012 via David cc
Students preparing for the Cisco CCNA Security certification need all the help possible. This list contains multiple online reading and study materials that apply to CCNA Security.
Free Online Study Resources for Cisco CCNA Security
1. Mastering Access Control Lists (ACLs)
Although published in 2011, the article provides a solid explanation on the importance of Mastering Access Control Lists (ACLs). As the article explicitly points out in the introduction, ACLs are critical for CCNA candidates and server multiple purposes for Cisco IOS, such as traffic classification, their usage as traffic filters, and other ACL functions that prove valuable for Cisco network engineers.
The article addresses these ACL topics:
- The Implicity Deny All
- The Importance of Order
- Assigning ACLs as Filters
2. The RFC 2196 – Site Security Handbook
Why do you want to read through this documentation. The Site Security Handbook provides a solid comprehensive guide and reference for network and system administrators responsible for “setting computer security policies and procedures for sites that have systesm on the Internet”. Among the numerous areas addresses, the handbook focuses on:
- Authentication
- Integrity
- Confidentiality
- Security Incident Handling
- Auditing, Access, and Authorization
- Firewalls
- Network and Sevice Configuration
- Network Architecture
- Networking Tools
- Backups
- Risk Assessment
3. Cisco Security Configuration Guide: Securing User Services
This dense Cisco security configuration guide is full of lots of great info. The guide includes sections on:
- AutoSecure
- Authentication, Authorization, and Accounting (AAA)
- Security Server Protocols
- RADIUS and TACACS+ Attributes
- Secure Shell
- Cisco IOS Login Enhancements
- Cisco IOS Resilient Configuration
- Image Verification
- IP Source Tracker
- Role-Based CLI Access
Great books provide additional resources and reading. This guide hits the mark by supplying links to further reading and documentation on topics, such as the:
- Configuring Security with Passwords, Privilege Levels, and Login Sessions on Networking Devices
- Cisco IOS Master Command List, All Releases (last updated in 2014)
4. The Cisco Guide to Harden Cisco IOS Devices
The Cisco Guide to Harden Cisco IOS Devices documentation holds obvious value for CCNA security. Since the certification deals with a large amount of material focusing on security for Cisco IOS devices, this guide provides an excellent reference.
The exam focuses on Cisco routers and switches, Cisco IOS IPS, Cisoc IOS firewalls, and additional devices that make this resource extremely useful.
Also the guide was last updated on January 6, 2016 to account for changes to align with the new exam and it’s downloadable in PDF version to print (in case you like to annotate with pen or pencil).
5. Understanding, Preventing, and Defending Against Layer 2 Attacks
This Cisco slideshow (PDF version), taken from the 2009 Cisco Expo, outlines the types of Layer 2 attacks (VLAN hopping, MAC, DHCP, ARP, Spoofing, and other attacks) and mitigation techniques relevant for Cisco networking professionals. Due to date on the document and as the presentation states, “these are IPv4 only attacks today.”
Students should try to understand IPv6 addressing, how it impacts an IPv4 network security, and the types of attacks to monitor for with IPv6 traffic for Cisco networks. IPv6 security training is as important for IPv4 only addressing networks. Also, refer to this whitepaper, “Understanding IP Addressing: Everything You Ever Wanted to Know“, for a solid read on the IPv4 and IPv6 addressing.
Paid Study Resources for CCNA Security
Cisco offers self-study resources for CCNA Security, including training videos, study materials, and practice exam questions. The resources come at a cost.
For those individuals who benefit from intense training with hands-on labs, you may want to consider CCNA Security training. When you consider the benefits of a focused learning environment and an experienced trainer who understands the certification exam, this option may seem more attractive and efficient than the self-study route.