O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CCSP SNPA Quick Reference

CCSP SNPA Quick Reference

by Brandon James Carroll
Publisher: Cisco Press
Release Date: February 2008
ISBN: 9781587057571
View table of contents
Start reading

Book Description

CCSP SNPA Quick Reference (Digital Short Cut)

Brandon James Carroll

ISBN-10: 1-58705-542-2

ISBN-13: 978-1-58705-542-3

As a final exam preparation tool, the CCSP SNPA Quick Reference provides a concise review of all objectives on the new CCSP SNPA exam (642-523). This digital Short Cut provides you with detailed, graphical-based information, highlighting only the key topics in cram-style format.

With this document as your guide, you will review topics on securing networks using routers and switches. These fact-filled Quick Reference Sheets allow you to get all-important information at a glance, helping you focus your study on areas of weakness and enhance memory retention of essential exam concepts.

TOC

1. Cisco Security Appliance Technology and Features and Families

2. Getting Started with Cisco Security Appliances Configurations

3. Inbound Traffic, ACLs, Object Grouping

4. AAA Configurations

5. Switching and Routing on ASA

6. Protocol Inspections

7. PIX and ASA VPNs

8. Understanding Transparent Firewall Mode

9. Virtual Firewalls

10. Failover

About the Author:

Brandon James Carroll is one of the country’s leading instructors for Cisco security technologies, teaching classes that include the CCNA, CCNP, and CCSP courses; a number of the CCVP courses’ and custom developed courseware. In his six ¿years with Ascolta, Brandon has developed and taught many private Cisco courses for companies such as Boeing, Intel, and Cisco itself. He is a CCNA, CCNP, and CCSP and a certified Cisco instructor. Brandon is the author of Cisco Access Control Security.

Before becoming a technical instructor for Ascolta, Mr. Carroll was a technician and an ADSL specialist for GTE Network Services and Verizon Communications. His duties involved ISP router support and network design. As a lead engineer, he tested and maintained Frame Relay connections between Lucent B-STDX and Cisco routers. His team was in charge of troubleshooting ISP Frame Relay to ATM cutovers for ADSL customers. Brandon trained new employees at Verizon to the EPG in ADSL testing and troubleshooting procedures and managed a “Tekwizard” database for technical information and troubleshooting techniques. Mr. Carroll majored in information technology at St. Leo University.

About the Technical Editor:

Murtaza Bhaiji, CCIE No. 14445 (Security), is a solution-oriented IT security specialist with notable success directing a broad range of corporate IT initiatives over his seven-year career. Murtaza holds a number of certifications in different fields, notably CCIE in Security. He has also been an avid speaker in forums such as Network Society of Pakistan and Ethink-Tank Tanzania. Murtaza’s specialty is in design aspects of solutions using best-fit technologies and products in line with business needs. Currently he is positioned as manager of networking and security for Mideast Data Systems.

Table of Contents

  1. Copyright
  2. About the Author
  3. About the Technical Editor
  4. 1. Cisco Security Appliance Technology and Features and Families
    1. Overview of the Cisco Security Appliance
      1. Proprietary operating system
      2. Stateful packet inspection
        1. How it works
      3. User-based authentication
      4. Protocol and application inspection
      5. Modular Policy Framework
      6. Virtual private networking
      7. Security contexts (virtual firewalls)
      8. Stateful failover capability
      9. Transparent firewalls
      10. Web-based management solutions
    2. Cisco ASA Product Line
      1. 5505
      2. 5510
      3. 5520
      4. 5540
      5. 5550
      6. ASA service modules
        1. AIP SSM
        2. CSC SSM
        3. Four-Port Gigabit Ethernet SSM
    3. Cisco PIX Product Line
      1. 501
      2. 506E
      3. 515E
      4. 525
      5. 535
    4. Cisco PIX and ASA Licensing
      1. ASA 5505 and 5510 licensing
      2. ASA 5520, 5540, and 5550 Licensing
        1. ASA context licensing
      3. PIX licensing
        1. PIX context licensing
    5. Summary
  5. 2. Getting Started with Cisco Security Appliance Configurations
    1. Security Appliance CLI Modes
      1. Global configurations
        1. Hostname
        2. Enable password
      2. Setting up the interfaces
        1. IP address
        2. nameif
        3. Security level
        4. no shutdown
      3. Basic routing
        1. Default route
      4. Basic outbound connectivity with NAT
        1. NAT
        2. global
        3. Turning off NAT control
      5. Syslog setup
        1. Logging host
        2. Logging console
        3. Logging buffer
        4. logging trap
      6. Time setup
        1. The clock command
        2. Configuring NTP
    2. Summary
  6. 3. Inbound Traffic, ACLs, Object Grouping
    1. Requirements for Inbound Traffic
      1. Static NAT
      2. How ACLs work on the security appliance
      3. Configuring ACLS
      4. Applying ACLs to the interfaces
        1. Verifying the ACL
      5. Enhancing ACLs with object groups
        1. Network object groups
        2. Service object groups
        3. Protocol object groups
        4. ICMP-type object groups
        5. Verifying object groups
    2. Summary
  7. 4. AAA Configurations
    1. AAA Overview
      1. Authentication
      2. Authorization
      3. Accounting
    2. Local AAA
      1. Configuring local users
      2. Telnet authentication
      3. SSH auth
      4. HTTP auth
      5. Enable auth
      6. Verifying the LOCAL database
    3. Remote Authentication Using Cisco Secure Access Control Server
      1. Cisco Secure ACS
      2. RADIUS
      3. TACACS+
      4. Configuring a user account
    4. Configuring the Security Appliance for Remote AAA
      1. Specifying the AAA server group
      2. Define the AAA server
    5. Configuring Authorization
      1. Authorization configuration on the AAA server
        1. Downloadable ACLs
    6. Configuring Accounting
      1. Viewing accounting on the AAA server
    7. Summary
      1. End Notes
  8. 5. Switching and Routing on ASA
    1. Security Appliance VLAN Capabilities
      1. Configuring subinterfaces
    2. Security Appliance Routing Capabilities
      1. Static routing
      2. RIP routing
      3. OSPF routing
    3. Multicast Routing
      1. Stub multicast configuration
      2. PIM-SM multicast configuration
    4. Summary
  9. 6. Protocol Inspections
    1. Understanding Modular Policy Framework
      1. How class maps work
      2. How policy maps work
      3. How service policies work
    2. The Default Inspections
    3. Configuring Protocol Inspection
      1. Configuring the class maps
      2. Configuring the policy map
      3. Apply the service policy
        1. Class map types
        2. Policy map types
        3. Putting it together
    4. Summary
  10. 7. PIX and ASA VPNs
    1. Types of VPNs Supported
      1. Planning for VPN deployment
      2. Configuring site-to-site VPNs
      3. Test and verify
    2. Configuring Remote-Access VPN
      1. The Cisco VPN client
      2. Test and verify
    3. WebVPN
    4. Summary
  11. 8. Understanding Transparent Firewall Mode
    1. Overview of Transparent Firewalls
      1. Benefits and limitations
      2. Configuring transparent firewalls
        1. Testing and verifying
    2. Summary
  12. 9. Virtual Firewalls
    1. Overview of Virtual Firewalls
      1. Uses of virtual firewalls
      2. Contexts
      3. The admin context
      4. The system configuration
      5. Classifying traffic
      6. Configuring virtual firewalls
        1. Enabling multiple mode
        2. Creating a context
        3. Allocating interfaces
        4. Configuring the config URL
        5. Changing into a context
        6. Changing to the system
        7. Other configurations to be aware of
    2. Summary
  13. 10. Failover
    1. Modes of Operation
      1. Failover requirements
      2. Failover links
      3. Putting it together
      4. Serial-based active/standby failover configuration
      5. Active/standby failover configuration
      6. Active/active failover configuration
    2. Summary