Learning Path

Implementing Cisco Network Security, Part 3

Time to complete: 1h 35m

Published byO'Reilly Media, Inc.

CreatedJuly 2019

This is the third and final part in this learning path series, designed for intermediate-level engineers with some proficiency in Cisco networking and Internet Operating System (IOS) concepts, to help you prepare for the Cisco 210-260 IINS exam. In this part, you review firewalls and firewall technologies. You’ll then examine Network Address Translation (NAT) and see how to deploy it on a Cisco ASA using the ASDM GUI. Next, you’ll look at the features of Cisco IOS Zone-Based Policy Firewalls (ZPF) and how to configure and verify them through the CLI, followed by a discussion on ASA access management.

Next, you’ll explore intrusion detection and protection, including a comparison of network and host-based IPS. You’ll also review modes of deployment (inline, promiscuous, SPAN and tap) as well as IPS trigger terminology, such as true positive, true negative, false positive, and false negative. You’ll then move on to Cisco's email-based content security solution, Cisco Email Security Appliance (ESA), and explore how the ESA is deployed, some of its features, and how it processes emails.

This series concludes by studying two web security solutions: the Cisco Web Security Appliance (WSA) and the Cisco Cloud Web Security Service (CWS). Finally, you’ll look at the tools and methods used to protect the security of endpoints on the network. Tools discussed include firewalls, antivirus, antispyware, antimalware, and encryption solutions.

What you’ll learn—and how you can apply it

  • Firewall technologies
  • Implementing NAT on ASA
  • Configuring Zone-Based Policy Firewalls (ZPF)
  • How to create policies using Cisco Modular Policy Framework (MPF)
  • How to configure and deploy ASA Access Management
  • IPS technologies and deployment
  • How to deploy and use Cisco Email Security Appliance (ESA)
  • How to implement web-based threat mitigation
  • And more

This learning path is for you because…

  • You're preparing to take the Cisco IINS 210-260 exam
  • You're preparing for Cisco CCNA Security Certification
  • You're preparing to recertify
  • You're a network designer, administrator, or engineer
  • You're a network security specialist
  • You're a security technician
  • You're a security administrator
  • You're a network security support engineer
  • You're a network and security manager


Materials or downloads needed in advance: None