642 523 Securing Networks with PIX and ASA

Similar documents
Cisco ASA, PIX, and FWSM Firewall Handbook

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

TABLE OF CONTENTS NETWORK SECURITY 1...1

Troubleshooting the Firewall Services Module

Troubleshooting the Firewall Services Module

Cisco Certified Security Professional (CCSP)

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Cisco Adaptive Security Device Manager Version 5.2F for Cisco Firewall Services Module Software Version 3.2

Configuring the Transparent or Routed Firewall

Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080

- The PIX OS Command-Line Interface -

Foreword Introduction Product Overview Introduction to Network Security Firewall Technologies Network Firewalls Packet-Filtering Techniques

INTRODUCTION TO FIREWALL SECURITY

Securing Cisco Network Devices (SND)

Implementing Core Cisco ASA Security (SASAC)

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

A Model Design of Network Security for Private and Public Data Transmission

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Cisco Certified Network Expert (CCNE)

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

Implementing Cisco IOS Network Security

PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example

FWSM introduction Intro 5/1

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Cisco PIX vs. Checkpoint Firewall

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Configuring the Cisco Secure PIX Firewall with a Single Intern

CISCO IOS NETWORK SECURITY (IINS)

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide

IINS Implementing Cisco Network Security 3.0 (IINS)

Implementing Cisco IOS Network Security v2.0 (IINS)

Cisco ASA 5500-X Series ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

Interconnecting Cisco Network Devices 1 Course, Class Outline

FIREWALLS & CBAC. philip.heimer@hh.se

Connecting to the Firewall Services Module and Managing the Configuration

Managing Enterprise Security with Cisco Security Manager

Firewall Firewall August, 2003

- Introduction to PIX/ASA Firewalls -

TABLE OF CONTENTS NETWORK SECURITY 2...1

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Configuring the PIX Firewall with PDM

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Cisco Configuring Commonly Used IP ACLs

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

Cisco ASA. Administrators

Controlling Access Through the Firewall

P and FTP Proxy caching Using a Cisco Cache Engine 550 an

Scenario: IPsec Remote-Access VPN Configuration

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

NEFSIS DEDICATED SERVER

Managing Enterprise Security with Cisco Security Manager

Firewalls. Chapter 3

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Configuring Health Monitoring

Lab Configure Cisco IOS Firewall CBAC

How To Monitor Cisco Secure Pix Firewall Using Ipsec And Snmp Through A Pix Tunnel

INTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1)

Configuring Basic Settings

Multi-Homing Security Gateway

Cisco PIX 515E Security Appliance Getting Started Guide

Evaluation guide. Vyatta Quick Evaluation Guide

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

PIX/ASA 7.x and above : Mail (SMTP) Server Access on Inside Network Configuration Example

"Charting the Course...

Cisco Firewall Technology

Firewall Defaults and Some Basic Rules

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Configuring Tunnel Default Gateway on Cisco IOS EasyVPN/DMVPN Server to Route Tunneled Traffic

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Cisco ASA 5505 Getting Started Guide

Chapter 4 Security and Firewall Protection

Scenario: Remote-Access VPN Configuration

ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example

Volume SYSLOG JUNCTION. User s Guide. User s Guide

(d-5273) CCIE Security v3.0 Written Exam Topics

How To Learn Cisco Cisco Ios And Cisco Vlan

Skills Assessment Student Training Exam

2. Are explicit proxy connections also affected by the ARM config?

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall

7750 SR OS System Management Guide

The Bomgar Appliance in the Network

C H A P T E R Management Cisco SAFE Reference Guide OL

How To Set Up A Cisco Safesa Firewall And Security System

Security Technology: Firewalls and VPNs

Adding an Extended Access List

Cisco Networking Professional-6Months Project Based Training

Firewall Authentication Proxy for FTP and Telnet Sessions

Load Balance Router R258V

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Transcription:

642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Prerequisites Students who attend this advanced course must have experience in configuring Cisco IOS software. Candidates must also have: Certification as a CCNA or the equivalent knowledge. Basic knowledge of the Windows operating system. Familiarity with the networking and security terms and concepts Audience This course is intended for those who wish to attain the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Course Outline Chapter 1 The Cisco Security Appliance The Cisco Security Appliance What is a Firewall? Firewall Technologies Packet Filtering Proxy Server Stateful Packet Filtering Security Appliances: What Are They? Proprietary Operating System Stateful Packet Inspection Cut Through Proxy Operation Application Aware Inspection Modular Policy Virtual Private Network Security Context (Virtual Firewall) Failover Capabilities: Active/Standby, Active/Active, and Stateful Failover Transparent Firewall Web Based Management Solutions Chapter 1 Review Chapter 2 Cisco PIX Security Appliance and ASA Adaptive Security Appliance Families

Cisco PIX Security Appliance and ASA Adaptive Security Appliance Families PIX Firewall Security Appliance Family ASA Adaptive Security Appliance Family Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive Security Appliance Cisco ASA 5540 Adaptive Security Appliance ASA 5500 Series: Front and Back Panels ASA 5500 Series: Connectors Security Services Module PIX Firewall Security Appliance Licensing PIX License Types VPN Encryption License PIX Firewall Security Context Licenses PIX 515E, 525, and 535 Licensing ASA Adaptive Security Appliance Licensing ASA Security Context Licenses ASA 5510, 5520, and 5540 Licensing Cisco Firewall Services Module FWSM FWSM in Catalyst 6500 Switch and Cisco 7600 Internet Router Chapter 2 Review Chapter 3 Getting Started with Cisco Security Appliances Getting Started with Cisco Security Appliances User Interface Security Appliance Access Modes Access Privilege Mode Access Configuration Mode: Configure Terminal Command Help Command File Management Viewing and Saving Your Configuration Clearing Running Configuration Clearing Startup Configuration Reload the Configuration: reload Command File System Displaying Stored Files: System and Configuration Selecting Boot System File Verifying the Startup System Image Security Appliance Security Levels Functions of the Security Appliance: Security Algorithm Security Level Example Basic Security Appliance Configuration Hostname and CLI Prompt Configuration Basic CLI Commands Interface Configuration Naming the Interface Assign Interface IP Address

DHCP Assigned Address Assign a Security Level Speed and Duplex Commands ASA Management Interface NAT Enable NAT Control nat Command Global Command Demo Basic CLI Commands Configuring a Static Route Static Host Command Configuration Example Examining Security Appliance Status Show Commands Show memory Command Show cpu usage Command Show version Command Show ip address Command Show interface Command Show nameif Command Show run nat Command Show run global Command Show xlate Command Ping Command Show route Command Setting Time and Using NTP Support Clock Command Setting DST Ntp Command Syslog Configuration Using a Syslog Server Logging Options Logging Levels Configure Message Output to a Syslog Server Syslog Output Example Customize Syslog Output Show logging Command Demo More Commands Chapter 3 Review Chapter 4 Translations and Connections Translations and Connections Transport Protocols Sessions in an IP World TCP TCP from Inside to Outside UDP

Network Address Translation Addressing Scenarios Access Through the Security Appliance Inside Address Translation Dynamic Inside NAT Two Interfaces with NAT Three Interfaces with NAT Port Address Translation PAT Example PAT Using Egress Address Mapping Subnets to PAT Addresses Backing Up PAT Addresses by Using Multiple PATs Augmenting a Global Pool with PAT Identity NAT Identity NAT: nat 0 Command Demo Dynamic NAT Static Command Global NAT and Static NAT Static Command: Parameters Static Command: Web Server Static Command: FTP Server Net Static Static PAT: Port Redirection Static pat Command TCP Intercept and Connection Limits Connection Limits TCP Three Way Handshake TCP Intercept SYN Cookies Embryonic Connection Limit UDP Maximum Connection Limit Connections and Translations Connections Versus Translations Show conn Command Show conn detail Command Show local host Command Show xlate Command Show xlate detail Command Security Appliance NAT Philosophy Matching Outbound Packet Addresses Configuring Multiple Interfaces Additional Interface Support Configuring Three Interfaces Configuring Four Interfaces Demo Static NAT Chapter 4 Review

Chapter 5 ACLs and Content Filtering ACLs and Content Filtering ACLs Security Levels Revisited ACL Configuration ACL Usage Guidelines Inbound Traffic to DMZ Web Server Create a Static Translation for Web Server Access list Command Access group Command Show access list Command Clear access list counters Command Time Range Configuration Time Range Submode Time based ACL Time based ACL Example ACL Logging Access list deny flow max & alert interval Commands ACL Line Number and Comments Inbound HTTP Access Solution Inbound HTTPS Access Solution icmp Command nat 0 Plus acl Command Policy NAT: nat Plus acl Command Other Commands Plus acl Malicious Active Code Filtering Java Applet Filtering ActiveX Blocking ActiveX filter Command URL Filtering HTTP URL Filtering Designate the URL filtering Server Enable HTTP URL Filtering HTTPS and FTP Filtering URL filtering Configuration Example Demo ACL Configuration About the CSC SSM Deploying the Security Appliance with CSC SSM CSC SSM Traffic Flow CSC SSM Deployment Scenario Chapter 5 Review Chapter 6 Object Grouping Object Grouping Overview of Object Grouping Using Object Groups in ACLs Grouping Objects

Grouping Objects of Similar Types Getting Started with Object Groups Configuring and Using Object Groups Configuring Network Object Groups Configuring Service Object Groups Adding Object Groups to an ACL Configuring ICMP Type Object Groups Nested Object Groups Configuring Nested Object Groups Nested Object Group Example Group object Command Example Object Group Services Example Apply Nested Object Group to ACL Multiple Object Groups in ACLs Displaying Configured Object Groups Removing Configured Object Groups Demo Object Groups Chapter 6 Review Chapter 7 Authentication, Authorization, and Accounting Authentication, Authorization, and Accounting Introduction Types of Authentication Types of Authorization Types of Accounting Installation of Cisco Secure ACS for Windows 2000 Installation Wizard ACS Network Configuration Security Appliance Access Authentication Configuration Methods of Device Access Configuring Authentication Specify an AAA Server Group AAA Server Group Subcommand Designate an Authentication Server Authentication of Console Access How to Add Users to Cisco Secure ACS How to Add Users to the LOCAL Database Maximum Failed Attempts Show Local Users How to Change the Authentication Prompts How to Change the Authentication Timeouts Cut Through Proxy Authentication Configuration Cut Through Proxy Operation Configuring Cut Through Authentication Enable authentication match aaa authentication match Enable authentication include exclude

Show Authentication Show aaa server Command: TACACS+ Server Authentication of Non Telnet, FTP, HTTP, or HTTPS Traffic Virtual Telnet Virtual HTTP Configuration of Virtual HTTP Authentication Tunnel Access Authentication Configuration Tunnel User Authentication VPN Tunnel Group Policy Authorization Configuration Security Appliance User Authorization TACACS+ Authorization Configuration Enable authorization match Enable authorization include exclude Authorization Rules Allowing Specific Services Allowing Specific Services to Specific Hosts Authorization of Non Telnet, FTP, HTTP, or HTTPS Traffic Downloadable ACLs Downloadable ACL Authorization Downloadable ACLs (Cont.) Configuring Downloadable ACLs Assigning the ACL to the User or Group Show Downloaded ACLs Show Authentication (Cont.) RADIUS Per User Override Example: Per User Override Accounting Configuration AAA Enable accounting match Enable accounting include exclude How to View Accounting Information Accounting of Non Telnet, FTP, or HTTP Traffic Admin Accounting Viewing RADIUS Admin Access Accounting Information Command Accounting Viewing TACACS+ Admin Command Accounting Demo ACS Server Chapter 7 Review Chapter 8 Switching and Routing Switching and Routing VLANs Creating Logical and Physical Interfaces Assigning VLAN Names and Security Levels Assigning VLAN IP Addresses VLAN Configuration

Maximum Number of Interfaces Static and Dynamic Routing Static Routes Dynamic RIP Routes OSPF Configuring OSPF Enabling OSPF Routing Defining OSPF Networks Two OSPF Processes Configuring Two OSPF Areas Multicasting

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information