1、- 1 -CCIE Security Written Exam Topics v4.0Infrastructure, Connectivity, Communications, Network SecurityNetwork Addressing BasicsOSI LayersTCP/UDP/IP ProtocolsLAN Switching (e.g. VTP, VLANs, Spanning Tree, Trunking)Routing Protocols (RIP, EIGRP, OSPF, and BGP)(a) Basic Functions/Characteristics(b)
2、Security FeaturesTunneling Protocols(a) GRE(b) NHRP(c)v6 Tunnel TypesIP Multicast(a) PIM(b) Multi Src Disc Protocol(c)IGMP/CGMP(d) Multi Listener DiscoveryWireless(a) SSID(b) Authentication/Authorization(c)Rogue Aps(d) Session EstablishmentAuthentication/Authorization Technologies(a) Single Sign-on(
3、b) OTPs(c)LDAP/AD(d) Role Based Access ControlVPNs(a) L2 vs L3(b) MPLS/VRFs/Tag switching- 2 -MobileIP NetworksSecurity ProtocolsRivest, Shamir and Adleman (RSA)Rivest Cipher 4 (RC4)Message Digest 5 (MD5)Secure Hash Algorithm (SHA)Data Encryption Standard (DES)Triple DES (3DES)Advanced Encryption St
4、andard (AES)IP Security (IPsec)Internet Security Association and Key Management Protocol (ISAKMP)Internet Key Exchange IKE/IKEv2Group Domain of Interpretation (GDOI)Authentication Header (AH)Encapsulating Security Payload (ESP)Certificate Enrollment Protocol (CEP)Transport Layer Security TLS/DTLSSec
5、ure Socket Layer (SSL)Secure Shell (SSH)Remote Authentication Dial In User Service (RADIUS)Terminal Access Controller Access-Control System Plus (TACACS+)Lightweight Directory Access Protocol (LDAP)EAP Methods (e.g. EAP-MD5, EAP-TLS, EAP-TTLS, EAP-FAST, PEAP, LEAP)Public Key Infrastructure (PKI)/PKI
6、X/PKCS802.1XWEP/WPA/WPA2Web Cache Communication Protocol (WCCP)Secure Group Tagging Exchange Protocol (SXP)MacSecDNSSecApplication and Infrastructure Security- 3 -Hypertext Transfer Protocol (HTTP)Hypertext Transfer Protocol Secure (HTTPS)Simple Mail Transfer Protocol (SMTP)Dynamic Host Configuratio
7、n Protocol (DHCP)Domain Name System (DNS)File Transfer Protocol (FTP/SFTP)Trivial File Transfer Protocol (TFTP)Network Time Protocol (NTP)Simple Network Management Protocol (SNMP)SyslogNetlogon,Netbios,SMBRPCsRDP/VNCPCoIPOWASPBasic unnecessary servicesThreats, Vulnerability Analysis and MitigationRe
8、cognizing and mitigating common attacks(a) ICMP attacks, PING floods(b) MITM(c)Replay(d) Spoofing(e) Backdoor(f) Botnets(g) Wireless attacks(h) DoS/DDoS Attacks(i) Virus and Worms Outbreaks(j) Header Attacks(k) Tunneling attacksSoftware/OS ExploitsSecurity/Attack Tools- 4 -Generic Network Intrusion
9、Prevention ConceptsPacket FilteringContent Filtering/Packet InspectionEndpoint/Posture AssessmentQoS marking attacksCisco Security Products, Features and ManagementCisco Adaptive Security Appliance (ASA)(a) Firewall Functionality(b) Routing/Multicast Cababilities(c )Firewall modes(d) NAT - Pre 8.4/P
10、ost 8.4(e) Object Definition/ACLs(f) MPF functionality (IPS/QoS/Application Awareness)(g) Context Aware Firewall(h) Identity Based Services(g) Failover OptionsCisco IOS Firewalls and NAT(a) CBAC(b) Zone-Based Firewall(c ) Port-to-Application Mapping(d) Identity Based FirewallingCisco Intrusion Preve
11、ntion Systems (IPS)Cisco IOS IPSCisco AAA Protocols and Application(a) RADIUS(b) TACACS+(c)Device Admin(d)Network Access(e)802.1X(f)VSAsCisco Identity Services Engine- 5 -Cisco Secure ACS Solution EngineCisco Network Admission Control (NAC) Appliance ServerEndpoint/Client(a) Cisco AnyConnect VPN Cli
12、ent(b) Cisco VPN Client(c)Cisco Secure Desktop (CSD)(d) NAC AgentSecure Access Gateways (Cisco IOS Router/ASA)(a) IPsec(b) SSL VPN(c)PKIVirtual Security GatewayCisco Catalyst 6500 Series Security Services ModulesScansafe Functionality&ComponentsIronPort ProductsSecurity Management(a) Cisco Security
13、Manager (CSM)(b) Cisco Adaptive Security Device Manager (ASDM)(c)Cisco IPS Device Manager (IDM)(d) Cisco IPS Manager Express (IME)(e) Cisco Configuration Professional (CCP)(f) Cisco PrimeCisco Security Technologies and SolutionsRouter Hardening Features (e.g. CoPP, MPP. uRPF, PBR)Switch Security Fea
14、tures (e.g. anti-spoofing, port, STP, MacSec,NDAC,NEAT)NetFlowWireless SecurityNetwork Segregation(a) VRF-aware technologies(b) VXLANVPN Solutions- 6 -(a) FlexVPN(b) Dynamic Multipoint VPN (DMVPN)(c)Group Encrypted Transport VPN (GETVPN)(d) EasyVPNContent and Packet FilteringQoS application for secu
15、rityLoad Balancing & FailoverSecurity Policies and Procedures, Best Practices, StandardsSecurity Policy ElementsInformation Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002)Standards Bodies (e.g. ISO, IEC, ITU, ISOC, IETF, IAB, IANA, ICANN)Industry Best Practices (e.g. SOX, PCI DSS)Common RFC/BCP (e.g. RFC2827/BCP38, RFC3704/BCP84,RFC5735)Security Audit & ValidationRisk AssessmentChange Management ProcessIncident Response FrameworkComputer Security ForensicsDesktop Security Risk Assessment/Desktop Security Risk Management
