Book description
Identify, mitigate, and respond to network attacks
Understand the evolution of security technologies that make up the unified ASA device and how to install the ASA hardware
Examine firewall solutions including network access control, IP routing, AAA, application inspection, virtual firewalls, transparent (Layer 2) firewalls, failover and redundancy, and QoS
Evaluate Intrusion Prevention System (IPS) solutions including IPS integration and Adaptive Inspection and Prevention Security Services Module (AIP-SSM) configuration
Deploy VPN solutions including site-to-site IPsec VPNs, remote- access VPNs, and Public Key Infrastructure (PKI)
Learn to manage firewall, IPS, and VPN solutions with Adaptive Security Device Manager (ASDM)
Achieving maximum network security is a challenge for most organizations. Cisco® ASA, a new unified security device that combines firewall, network antivirus, intrusion prevention, and virtual private network (VPN) capabilities, provides proactive threat defense that stops attacks before they spread through the network.
This new family of adaptive security appliances also controls network activity and application traffic and delivers flexible VPN connectivity. The result is a powerful multifunction network security device that provides the security breadth and depth for protecting your entire network, while reducing the high deployment and operations costs and complexities associated with managing multiple point products.
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance is a practitioner’s guide to planning, deploying, and troubleshooting a comprehensive security plan with Cisco ASA. The book provides valuable insight and deployment examples and demonstrates how adaptive identification and mitigation services on Cisco ASA provide a sophisticated security solution for both large and small network environments.
The book contains many useful sample configurations, proven design scenarios, and discussions of debugs that help you understand how to get the most out of Cisco ASA in your own network.
“I have found this book really highlights the practical aspects needed for building real-world security. It offers the insider’s guidance needed to plan, implement, configure, and troubleshoot the Cisco ASA in customer environments and demonstrates the potential and power of Self-Defending Networks.”
–Jayshree Ullal, Sr. Vice President, Security Technologies Group, Cisco Systems®
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Table of contents
- Copyright
- About the Authors
- Acknowledgments
- Foreword
- Introduction
- I. Product Overview
-
II. Firewall Solution
- 4. Initial Setup and System Maintenance
-
5. Network Access Control
- Packet Filtering
- Advanced ACL Features
- Content and URL Filtering
- Deployment Scenarios Using ACLs
- Monitoring Network Access Control
- Understanding Address Translation
- DNS Doctoring
- Monitoring Address Translations
- Summary
-
6. IP Routing
- Configuring Static Routes
- RIP
- OSPF
-
IP Multicast
- IGMP
- IP Multicast Routing
-
Configuring Multicast Routing
- Enabling Multicast Routing
- Statically Assigning an IGMP Group
- Limiting IGMP States
- IGMP Query Timeout
- Defining the IGMP Version
- Configuring Rendezvous Points
- Configuring Threshold for SPT Switchover
- Filtering RP Register Messages
- PIM Designated Router Priority
- PIM Hello Message Interval
- Configuring a Static Multicast Route
- Troubleshooting IP Multicast Routing
- Deployment Scenarios
- Summary
- 7. Authentication, Authorization, and Accounting (AAA)
-
8. Application Inspection
- Enabling Application Inspection Using the Modular Policy Framework
- Selective Inspection
- Computer Telephony Interface Quick Buffer Encoding Inspection
- Domain Name System
- Extended Simple Mail Transfer Protocol
- File Transfer Protocol
- General Packet Radio Service Tunneling Protocol
- H.323
- HTTP
- ICMP
- ILS
- MGCP
- NetBIOS
- PPTP
- Sun RPC
- RSH
- RTSP
- SIP
- Skinny
- SNMP
- SQL*Net
- TFTP
- XDMCP
- Deployment Scenarios
- Summary
- 9. Security Contexts
- 10. Transparent Firewalls
-
11. Failover and Redundancy
- Architectural Overview
-
Failover Configuration
- Active/Standby Failover Configuration
-
Active/Active Failover Configuration
- Step 1: Select the Failover Link
- Step 2: Assign Failover Interface IP Addresses
- Step 3: Set Failover Key
- Step 4: Designate the Primary Cisco ASA
- Step 5: Enable Stateful Failover
- Step 6: Set Up Failover Groups
- Step 7: Assign Failover Group Membership
- Step 8: Assign Interface IP Addresses
- Step 9: Set Up Asymmetric Routing (Optional)
- Step 10: Enable Failover Globally
- Step 11: Configure Failover on the Secondary Cisco ASA
- Optional Failover Commands
- Zero-Downtime Software Upgrade
- Deployment Scenarios
- Monitoring and Troubleshooting Failovers
- Summary
- 12. Quality of Service
-
III. Intrusion Prevention System (IPS) Solution
- 13. Intrusion Prevention System Integration
-
14. Configuring and Troubleshooting Cisco IPS Software via CLI
- Cisco IPS Software Architecture
- Introduction to the CIPS 5.x Command-Line Interface
- User Administration
- AIP-SSM Maintenance
- Advanced Features and Configuration
- Summary
-
IV. Virtual Private Network (VPN) Solution
-
15. Site-to-Site IPSec VPNs
- Preconfiguration Checklist
-
Configuration Steps
- Step 1: Enable ISAKMP
- Step 2: Create the ISAKMP Policy
- Step 3: Set the Tunnel Type
- Step 4: Configure ISAKMP Preshared Keys
- Step 5: Define the IPSec Policy
- Step 6: Specify Interesting Traffic
- Step 7: Configure a Crypto Map
- Step 8: Apply the Crypto Map to an Interface
- Step 9: Configuring Traffic Filtering
- Step 10: Bypassing NAT (Optional)
- Advanced Features
- Optional Commands
- Deployment Scenarios
- Monitoring and Troubleshooting Site-to-Site IPSec VPNs
- Summary
-
16. Remote Access VPN
-
Cisco IPSec Remote Access VPN Solution
-
Configuration Steps
- Step 1: Enable ISAKMP
- Step 2: Create the ISAKMP Policy
- Step 3: Configure Remote-Access Attributes
- Step 4: Define the Tunnel Type
- Step 5: Configure ISAKMP Preshared Keys
- Step 6: Configure User Authentication
- Step 7: Assign an IP Address
- Step 8: Define the IPSec Policy
- Step 9: Set Up a Dynamic Crypto Map
- Step 10: Configure the Crypto Map
- Step 11: Apply the Crypto Map to an Interface
- Step 12: Configure Traffic Filtering
- Step 13: Set Up a Tunnel Default Gateway (Optional)
- Step 14: Bypass NAT (Optional)
- Step 15: Set Up Split Tunneling (Optional)
- Cisco VPN Client Configuration
-
Configuration Steps
- Advanced Cisco IPSec VPN Features
- Deployment Scenarios of Cisco IPSec VPN
- Monitoring and Troubleshooting Cisco Remote Access VPN
- Cisco WebVPN Solution
- Advanced WebVPN Features
- Deployment Scenarios of WebVPN
- Monitoring and Troubleshooting WebVPN
- Summary
-
Cisco IPSec Remote Access VPN Solution
- 17. Public Key Infrastructure (PKI)
-
15. Site-to-Site IPSec VPNs
-
V. Adaptive Security Device Manager
- 18. Introduction to ASDM
- 19. Firewall Management Using ASDM
- 20. IPS Management Using ASDM
- 21. VPN Management Using ASDM
- 22. Case Studies
Product information
- Title: Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
- Author(s):
- Release date: October 2005
- Publisher(s): Cisco Press
- ISBN: 9781587052095
You might also like
book
Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, Second Edition
For organizations of all sizes, the Cisco ASA product family offers powerful new tools for maximizing …
book
Cisco ASA and PIX Firewall Handbook
The complete guide to the most popular Cisco PIX®, ASA, FWSM, and IOS® firewall security features …
book
CCNP Security FIREWALL 642-618 Official Cert Guide
Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, …
book
Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Segmentation, Context Sharing, Secure Connectivity and Virtualization
The essential reference for security pros and CCIE Security candidates: identity, context sharing, encryption, secure connectivity …