Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

 

book cover
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
By Jazib Frahim -  CCIE No. 5459, Omar Santos
...............................................
Publisher: Cisco Press
Pub Date: October 21, 2005
ISBN: 1-58705-209-1
Pages: 840
 

Table of Contents  | Index

overview

The definitive insider's guide to planning, installing, configuring, and maintaining the new Cisco Adaptive Security Appliance

  • Delivers expert guidance from Cisco TAC engineers for securing small and medium business networks with the newly released Cisco all-in-one network security solution

  • Covers the latest PIX Version 7 OS

  • Incorporates detailed configuration examples with screenshots and command-line references

  • Covers unified firewall, IPS, and VPN management

Achieving maximum network security has been a challenge for many organizations, especially those that cannot afford to purchase, master, and maintain a separate security device such as a PIX or IPS system for each and every security need. To better meet the needs of these customers, Cisco Systems recently launched an all-in-one security solution called ASA that aims to offer a more affordable and simplified security solution. Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance introduces this new suite of converged security appliances and provides a complete configuration and troubleshooting guide from the Technical Assistance Center (TAC) experts at Cisco Systems. This book brings together expert guidance for virtually every challenge the reader will face--from building basic network security policies to advanced VPN and IPS implementations. This book has five parts, which contain three technology-based sections: Firewall, IPS, and VPN. Each section is comprised of many sample configurations, accompanied by in-depth analysis of design scenarios. Learning is further enhanced by discussing a set of debugs included in each section. Ground-breaking features like WebVPN, virtual and Layer-2 firewalls are discussed extensively.

 

book cover
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
By Jazib Frahim -  CCIE No. 5459, Omar Santos
...............................................
Publisher: Cisco Press
Pub Date: October 21, 2005
ISBN: 1-58705-209-1
Pages: 840
 

Table of Contents  | Index


   Copyright
   About the Authors
      About the Technical Reviewers
   Acknowledgments
   Foreword
   Icons Used in This Book
   Command Syntax Conventions
   Introduction
      Who Should Read This Book
      How This Book Is Organized
    Part I:  Product Overview
        Chapter 1.  Introduction to Network Security
      Firewall Technologies
      Intrusion Detection and Prevention Technologies
      Network-Based Attacks
      Virtual Private Networks
      Summary
        Chapter 2.  Product History
      Cisco Firewall Products
      Cisco IDS Products
      Cisco VPN Products
      Cisco ASA All-in-One Solution
      Summary
        Chapter 3.  Hardware Overview
      Cisco ASA 5510 Model
      Cisco ASA 5520 Model
      Cisco ASA 5540 Model
      AIP-SSM Modules
      Summary
    Part II:  Firewall Solution
        Chapter 4.  Initial Setup and System Maintenance
      Accessing the Cisco ASA Appliances
      Managing Licenses
      Initial Setup
      IP Version 6
      Setting Up the System Clock
      Configuration Management
      Remote System Management
      System Maintenance
      System Monitoring
      Summary
        Chapter 5.  Network Access Control
      Packet Filtering
      Advanced ACL Features
      Content and URL Filtering
      Deployment Scenarios Using ACLs
      Monitoring Network Access Control
      Understanding Address Translation
      DNS Doctoring
      Monitoring Address Translations
      Summary
        Chapter 6.  IP Routing
      Configuring Static Routes
      RIP
      OSPF
      IP Multicast
      Deployment Scenarios
      Summary
        Chapter 7.  Authentication, Authorization, and Accounting (AAA)
      AAA Protocols and Services Supported by Cisco ASA
      Defining an Authentication Server
      Configuring Authentication of Administrative Sessions
      Authenticating Firewall Sessions (Cut-Through Proxy Feature)
      Configuring Authorization
      Configuring Accounting
      Deployment Scenarios
      Troubleshooting AAA
      Summary
        Chapter 8.  Application Inspection
      Enabling Application Inspection Using the Modular Policy Framework
      Selective Inspection
      Computer Telephony Interface Quick Buffer Encoding Inspection
      Domain Name System
      Extended Simple Mail Transfer Protocol
      File Transfer Protocol
      General Packet Radio Service Tunneling Protocol
      H.323
      HTTP
      ICMP
      ILS
      MGCP
      NetBIOS
      PPTP
      Sun RPC
      RSH
      RTSP
      SIP
      Skinny
      SNMP
      SQL*Net
      TFTP
      XDMCP
      Deployment Scenarios
      Summary
        Chapter 9.  Security Contexts
      Architectural Overview
      Configuration of Security Contexts
      Deployment Scenarios
      Monitoring and Troubleshooting the Security Contexts
      Summary
        Chapter 10.  Transparent Firewalls
      Architectural Overview
      Transparent Firewalls and VPNs
      Configuration of Transparent Firewall
      Deployment Scenarios
      Monitoring and Troubleshooting the Transparent Firewall
      Summary
        Chapter 11.  Failover and Redundancy
      Architectural Overview
      Failover Configuration
      Deployment Scenarios
      Monitoring and Troubleshooting Failovers
      Summary
        Chapter 12.  Quality of Service
      Architectural Overview
      Configuring Quality of Service
      QoS Deployment Scenarios
      Monitoring QoS
      Summary
    Part III:  Intrusion Prevention System (IPS) Solution
        Chapter 13.  Intrusion Prevention System Integration
      Adaptive Inspection Prevention Security Services Module Overview (AIP-SSM)
      Directing Traffic to the AIP-SSM
      AIP-SSM Module Software Recovery
      Additional IPS Features
      Summary
        Chapter 14.  Configuring and Troubleshooting Cisco IPS Software via CLI
      Cisco IPS Software Architecture
      Introduction to the CIPS 5.x Command-Line Interface
      User Administration
      AIP-SSM Maintenance
      Advanced Features and Configuration
      Summary
    Part IV:  Virtual Private Network (VPN) Solution
        Chapter 15.  Site-to-Site IPSec VPNs
      Preconfiguration Checklist
      Configuration Steps
      Advanced Features
      Optional Commands
      Deployment Scenarios
      Monitoring and Troubleshooting Site-to-Site IPSec VPNs
      Summary
        Chapter 16.  Remote Access VPN
      Cisco IPSec Remote Access VPN Solution
      Advanced Cisco IPSec VPN Features
      Deployment Scenarios of Cisco IPSec VPN
      Monitoring and Troubleshooting Cisco Remote Access VPN
      Cisco WebVPN Solution
      Advanced WebVPN Features
      Deployment Scenarios of WebVPN
      Monitoring and Troubleshooting WebVPN
      Summary
        Chapter 17.  Public Key Infrastructure (PKI)
      Introduction to PKI
      Enrolling the Cisco ASA to a CA Using SCEP
      Manual (Cut-and-Paste) Enrollment
      Configuring CRL Options
      Configuring IPSec Site-to-Site Tunnels Using Certificates
      Configuring the Cisco ASA to Accept Remote-Access VPN Clients Using Certificates
      Troubleshooting PKI
      Summary
    Part V:  Adaptive Security Device Manager
        Chapter 18.  Introduction to ASDM
      Setting Up ASDM
      Initial Setup
      Functional Screens
      Interface Management
      System Clock
      Configuration Management
      Remote System Management
      System Maintenance
      System Monitoring
      Summary
        Chapter 19.  Firewall Management Using ASDM
      Access Control Lists
      Address Translation
      Routing Protocols
      AAA
      Application Inspection
      Security Contexts
      Transparent Firewalls
      Failover
      QoS
      Summary
        Chapter 20.  IPS Management Using ASDM
      Accessing the IPS Device Management Console from ASDM
      Configuring Basic AIP-SSM Settings
      Advanced IPS Configuration and Monitoring Using ASDM
      Summary
        Chapter 21.  VPN Management Using ASDM
      Site-to-Site VPN Setup Using Preshared Keys
      Site-to-Site VPN Setup Using PKI
      Cisco Remote-Access IPSec VPN Setup
      WebVPN
      VPN Monitoring
      Summary
        Chapter 22.  Case Studies
      Case Study 1: Deploying the Cisco ASA at Branch Offices and Small Businesses
      Case Study 2: Large Enterprise Firewall, VPN, and IPS Deployment
      Case Study 3: Data Center Security with Cisco ASA
      Summary
   Index