C H A P T E R 7

Security Technologies

This chapter covers some of today’s most widely used technologies that enable Network administrators to ensure that sensitive data is secured from unauthorized sources.

Cisco’s support for security is also covered, as are all the fundamental foundation topics you will need to master the security CCIE written exam.

This chapter covers the following topics:

•Advanced security concepts—This section covers some the of the advanced security policies in demilitarized zones (DMZs).

•Packet filtering, proxies, NAT, and PAT—This section covers some packet filtering, proxies, and how to hide addresses using Network Address Translation (NAT) and Port Address Translation (PAT).

•Cisco Firewall routers and IOS feature set—This section covers the Cisco PIX Firewall and the IOS Firewall feature set available on Cisco routers.

•Public Key infrastructure (PKI)—This section covers the Public Key infrastructure (PKI), followed by a description of VPN networks and a typical design example.

“Do I Know This Already?” Quiz

The purpose of this assessment quiz is to help you determine how to spend your limited study time. If you can answer most or all these questions, you might want to skim the “Foundation Topics” section and return to it later, as necessary. Review the “Foundation Summary” section and answer the questions at the end of the chapter to ensure that you have a strong grasp of the material covered. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. If you find these assessment questions difficult, read through the entire “Foundation Topics” section and review it until you feel comfortable with your ability to answer all these and the Q & A questions at the end of the chapter.

“Do I Know This Already?” Quiz 317

6For how many translations does PAT allow you to use one IP address?

a.32,000

b.64,000

c.96,000

d.128,000

e.256,000

7PAT translates all private addresses based on what?

a.Source port

b.Destination port

c.Both source and destination

d.None

8NAT is which of the following?

a.Network Architectural Language

b.National anthem of Latvia

c.Network translation

d.Network Address Translation

9NAT is defined in which RFC?

a.1700

b.1701

c.2002

d.1631

e.1613

10The following defines which NAT terminology: “A legitimate registered IP address as assigned by the InterNIC?”

a.Inside local address

b.Outside global address

c.Inside global address

d.Outside local address

“Do I Know This Already?” Quiz 319

16What is IKE used to accomplish?

a.NAT translations

b.Ensures that data is not sourced by the right sources

c.Ensures that data is not sourced by the wrong sources

d.No use

e.Both a and c

17To create a simple VPN tunnel (unencrypted) between two sites, what must you do on a Cisco router?

a.Create a GRE tunnel

b.Create a routing map

c.Nothing, use a PIX

d.Create an IPSec tunnel