0 penilaian0% menganggap dokumen ini bermanfaat (0 suara)
23 tayangan4 halaman
This document provides an overview of the topics covered in a Cisco security course, including:
1. Configuration of basic ASA features such as security levels, interfaces, and EtherChannels.
2. Management and access control lists for ASA devices.
3. Features of transparent firewall mode such as ARP inspection.
4. Virtual firewall behavior and traffic classification in multiple-context mode.
5. Failover functionality and configurations.
This document provides an overview of the topics covered in a Cisco security course, including:
1. Configuration of basic ASA features such as security levels, interfaces, and EtherChannels.
2. Management and access control lists for ASA devices.
3. Features of transparent firewall mode such as ARP inspection.
4. Virtual firewall behavior and traffic classification in multiple-context mode.
5. Failover functionality and configurations.
This document provides an overview of the topics covered in a Cisco security course, including:
1. Configuration of basic ASA features such as security levels, interfaces, and EtherChannels.
2. Management and access control lists for ASA devices.
3. Features of transparent firewall mode such as ARP inspection.
4. Virtual firewall behavior and traffic classification in multiple-context mode.
5. Failover functionality and configurations.
o IPv4, IPv6 o Security Levels o Default filtering behavior o Subinterfaces o Redundant ports o EtherChannels 2. Management & ACLs o In-Band & OOB management o ASDM o Different ACL types (IPv4, IP6, Global, etc.) o Objects & Object Groups 3. Transparent Firewall o Transparent ASA behavior o ARP Inspection o CAM Protection o Transparent ASA NAT 4. Multiple-Contexts o Virtual Firewall behavior o Traffic Classification o Resource Limits 5. Failover o Failover Link o Active Standby o Active/Active 6. Routing--------------------------------------------------------------------------14/01/15 o ASA Routing Overview o Static routes o Route Monitoring o OSPF o EIGRP 7. NAT o NAT Overview o NAT Tables o NAT Considerations o Pre 8.3 NAT o Post 8.3 NAT (Auto & Manual/Twice) 8. Modular Policy Framework o MPF Overview o Order of operations o Inspection Overview o Other MPF features 9. CBAC o Stateful firewall behavior o Generic vs Application inspection o Deployment scenarios o Tuning o PAM o IPv6 CBAC o VFR 10. ZFW o Overview o Traffic control (zone policies) o Classification methods o Application-Layer inspection o Parameter Maps o IPv6 ZFW 11. Public Key Infrastructure o Digital Certificates o PKI Models o IOS CA Server o PKI Clients (IOS, ASA) o CRL 12. Virtual Private Networks Fundamentals o IPsec Fundamentals o IKE, ISAKMP o AM/MM modes o AH, ESP o Tunnel/transport modes o NAT-T 13. IPSec Site-to-Site 14. Remote Access VPNs 15. DMVPN o Overview o Phase I, II and III o Dual-Hubs o IPv6 DMVPN 16. GETVPN o Overview o GMs, KS o GDOI o VRF-Aware GETVPN o IPv6 GETVPN 17. IKEv2 o Overview o Protocol operations 18. AnyConnect 19. IPS Basics & Initialization o Users o Interface types o CLI o IPS Setup 20. SPAN & RSPAN 21. IPS Deployment Modes o Promiscuous o Inline o VLAN Groups 22. IPS Signatures & Event Actions o Signature Engines o Overrides o Filtering 23. Global Correlation 24. WSA o CLI o GUI o URL Filtering o Web Usage Controls o AVC o Malware Scanning o Web Proxy (Explicit and Transparent) o L4 Traffic Monitor o Interfaces o WCCP o Policies o Identities o Policy Actions o Web Reputation o Authentication o AD integration o HTTPS Decryption o Proxy Bypass 25. TrustSec, ISE & Profiling o Overview o Features o Profiling process & Probes o Device Sensor 26. 802.1x Fundamentals o Port Modes & Types o MAB o Flexible Authentication 27. Wired 802.1x 28. Layer 2 Security-------------------------------------------------------15/01/15 o MAC Spoofing o CAM Flooding o VLAN Hopping o STP Attacks o DHCP Attacks o ARP Spoofing o IP Spoofing 29. Control Plane Security o Routing Protocol Authentication o Control Plane Policing o Control Plane Protection o CPPr sub interfaces o Port Filtering o Queue Thresholding 30. Management Plane Security o User EXEC protection o Privileged EXEC protection o Role-Based CLI Views o VTY Access Control o Login Enhancement o Management Plane Protection