CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide

CCSP—Cisco Certified Security Professional Certification All-in-One Exam Guide

Robert E. Larson
Lance Cockcroft


To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book.

(Exams 642-501 SECUR, 642-521 CSPFA,
642-511 CSVPN, 642-531 CSIDS, and 642-541 CSI)

Copyright ? 2003 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1234567890 DOC DOC 019876543

Book p/n 0-07-222692-7 and CD p/n 0-07-222693-5
parts of
ISBN 0-07-222691-9

Brandon A. Nordin

Vice President & Associate Publisher
Scott Rogers

Acquisitions Editor
Nancy Maragioglio

Project Editor
Lisa Wolters-Broder

Acquisitions Coordinator
Jessica Wilson

Technical Editors
Joe Phago
Ole Drews Jensen

Copy Editor
Marcia Baker

Brian Galloway
Linda Medoff

Rebecca Plunkett

Apollo Publishing Services
George Toma Charbak

Lyssa Wald
Melinda Moore Lytle
Michael Mueller

Series Design
Peter F. Hancik

This book was composed with Corel VENTURA Publisher.

Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

This book is dedicated to my parents, Lou and Elmer Larson, who provided resources and direction when I was young, plus freedom, inspiration, and support as I got older.


About the Authors

Robert E. Larson lives in the Seattle, Washington area with his wife Jerri and four adult children. Bob has worked full-time as a computer trainer and course developer since 1985, including network training since 1995. Bob got involved with the Cisco Networking Academy program in 1998. He is currently the Cisco Regional Academy contact at Bates Technical College in Tacoma, plus teaches evening and weekend CCNP, Security, and CCIE prep classes at Green River Community College. Bob is currently a member of the Cisco Networking Academy Advisory Council. This is Bob’s third Cisco certification book, having also written a CCNA and CCNP book. Bob taught the first Academy CCNA series in Africa in 1999 in Cape Town, South Africa. He has also taught CCNP-level courses in Birmingham, England; Dillingen, Germany; and Vienna, Austria.

Lance Cockcroft, Net+, CCA, MCSE, MCT, CCNP, CCDP, has been a Senior Engineer for many ISP and telecommunications companies, including Bellsouth, Atlanta Broadband, and Southeastern Networks. Lance is currently the Cisco Product Manager for Self Test Software, Cisco’s only authorized test prep vendor. Lance writes and oversees the production of all Cisco practice tests for Self Test Software. Lance attended and continues to teach for Kennesaw State University and Southern Polytechnic University located in his hometown of Marietta, Georgia.

About the Technical Reviewers

Ole Drews Jensen began working with computers 21 years ago, and five years later made it his profession. He started out as a programmer in a wide variety of languages, but soon got involved with administering servers and networks. Today Ole is the Systems Network Manager for an enterprise company with several subsidiaries in the recruiting industry, where one of the largest is Carlton Staffing. Ole holds the following certifications: CCNP, MCSE, and MCP+I, and is currently pursuing the new CCSP.

Setotolwane Johannes “Joe” Phago, CCIE # 7105, CCNP, Cisco Firewall Specialist, Cisco VPN Specialist, B.Sc. Computer Science (University of the North, S.A.). He was the first Black South African CCIE and is a graduate of the first Cisco Networking Academy in Africa. Joe is currently Senior Network Analyst at Standard Bank of South Africa, a leading banking and financial services company in S.A. and Africa with a presence on virtually all continents.

Part III: Virtual Private Networks (VPNs)