Sean Wilkins - CCNP Security Secure 642-637 Official Cert Guide

Sean Wilkins
Franklin H. Smith, III

Cisco Press
800 East 96th Street
Indianapolis, IN 46240

CCNP Security SECURE 642-637 Official Cert Guide

Sean Wilkins, Franklin H. Smith III

Copyright 2011 Cisco Systems, Inc.

Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review.

Printed in the United States of America

First Printing June 2011

The Library of Congress Cataloging-in-Publication Data is on file.

ISBN-13: 978-1-58714-280-2
ISBN-10: 1-58714-280-5

Warning and Disclaimer

This book is designed to provide information for the Cisco CCNP Security 642-637 SECURE exam. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.

The information is provided on an as is basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

Trademark Acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Corporate and Government Sales

The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government Sales 1-800-382-3419

For sales outside the United States, please contact: International Sales

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community.

Readers feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at . Please make sure to include the book title and ISBN in your message.

We greatly appreciate your assistance.

Publisher: Paul Boger

Associate Publisher: Dave Dusthimer

Executive Editor: Brett Bartow

Managing Editor: Sandra Schroeder

Senior Development Editor: Christopher Cleveland

Project Editor: Mandie Frank

Designer: Gary Adair

Cisco Representative: Erik Ullanderson

Cisco Press Program Manager: Anand Sundaram

Technical Editors: Sean Connelly and Robert Woods

Copy Editor: John Edwards

Editorial Assistant: Vanessa Evans

Proofreader: Sheri Cain

Composition: Mark Shirar

Indexer: Tim Wright

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Asia Pacific Headquarters
Cisco Systems, Inc.
168 Robinson Road
#28-01 Capital Tower
Singapore 068912
www.cisco.com
Tel: +65 6317 7777
Fax: +65 6317 7799
Europe Headquarters
Cisco Systems International BV
Haarlerbergpark
Haarlerbergweg 13-19
1101 CH Amsterdam
The Netherlands
www-europe.cisco.com
Tel: +31 0800 020 0791
Fax: +310 20 357 1100

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices .

2007 Cisco Systems, Inc. All rights reserved, CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.: Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems. Inc.: and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP. Cisco, the Cisco Certified Internetwork Expert logo. Cisco IOS. Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet PIX. ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise. The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems. Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0609R)

Sean Wilkins is an accomplished networking consultant for SR-W Consulting (www.sr-wconsulting.com) and has been in the field of IT since the mid 1990s working with companies like Cisco, Lucent, Verizon, and AT&T, as well as several other private companies. Sean currently holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE), and CompTIA (A+ and Network+). He also has a Master of Science degree in information technology with a focus in network architecture and design, a Master of Science in organizational management, a Masters Certificate in network security, a Bachelor of Science degree in computer networking, and an Associate of Applied Science degree in computer information systems. In addition to working as a consultant, Sean spends a lot of his time as a technical writer and editor for various companies.

Franklin H. Smith III (Trey) is a senior network security architect with more than 15 years of experience in designing, deploying, and securing large enterprise and service provider networks. His background includes architect-level delivery for many enterprise, data center, and SMB networks. He holds a Bachelor of Business Administration degree in management information systems. Treys certifications include CCSP, CCNP, CCDP, Microsoft (MCSE), and ISC2 (CISSP). His current focus is on strategic and tactical efforts related to Payment Card Industry (PCI) Data Security Standard (DSS) compliance for a Fortune 50 company.

Sean Connelly, CCIE #17085 (R/S & Security), is a senior network design engineer for TASC, based in Washington, D.C. He has worked for two federal agencies over the last decade. Recent projects have included architecting a global 802.1X solution and the design and implementation of a large data center, along with active involvement in other federal cyber security initiatives. Before joining TASC, Sean was director of IT Services at ADCom, which included the design of many global WAN solutions. Aside from the two CCIEs, Sean holds a CISSP and a bachelors degree in business administration, with a total of 14 years of IT experience.