Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security, First edition

Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security, First edition

by Aaron Woland, Vivek Santuka, Mason Harris, Jamie Sanbower
Released July 2018
Publisher(s): Cisco Press
ISBN: 9780134807577

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The essential reference for security pros and CCIE Security candidates: policies, standards, infrastructure/perimeter and content security, and threat protection

Integrated Security Technologies and Solutions – Volume I offers one-stop expert-level instruction in security design, deployment, integration, and support methodologies to help security professionals manage complex solutions and prepare for their CCIE exams. It will help security pros succeed in their day-to-day jobs and also get ready for their CCIE Security written and lab exams.

Part of the Cisco CCIE Professional Development Series from Cisco Press, it is authored by a team of CCIEs who are world-class experts in their Cisco security disciplines, including co-creators of the CCIE Security v5 blueprint. Each chapter starts with relevant theory, presents configuration examples and applications, and concludes with practical troubleshooting.

Volume 1 focuses on security policies and standards; infrastructure security; perimeter security (Next-Generation Firewall, Next-Generation Intrusion Prevention Systems, and Adaptive Security Appliance [ASA]), and the advanced threat protection and content security sections of the CCIE Security v5 blueprint. With a strong focus on interproduct integration, it also shows how to combine formerly disparate systems into a seamless, coherent next-generation security solution.

  • Review security standards, create security policies, and organize security with Cisco SAFE architecture
  • Understand and mitigate threats to network infrastructure, and protect the three planes of a network device
  • Safeguard wireless networks, and mitigate risk on Cisco WLC and access points
  • Secure the network perimeter with Cisco Adaptive Security Appliance (ASA)
  • Configure Cisco Next-Generation Firewall Firepower Threat Defense (FTD) and operate security via Firepower Management Center (FMC)
  • Detect and prevent intrusions with Cisco Next-Gen IPS, FTD, and FMC
  • Configure and verify Cisco IOS firewall features such as ZBFW and address translation
  • Deploy and configure the Cisco web and email security appliances to protect content and defend against advanced threats
  • Implement Cisco Umbrella Secure Internet Gateway in the cloud as your first line of defense against internet threats
  • Protect against new malware with Cisco Advanced Malware Protection and Cisco ThreatGrid

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. About This E-Book
  5. About the Authors
  6. About the Technical Reviewer
  7. Dedication
  8. Acknowledgments
  9. Contents at a Glance
  10. Table of Contents
  11. Icons Used in This Book
  12. Command Syntax Conventions
  13. Reader Services
  14. Who Should Read This Book?
  15. How This Book Is Organized
  16. Introduction
  17. Part I Hi There! This Is Network Security
    1. Chapter 1 Let’s Talk About Network Security
      1. Know Thy Enemy
      2. Know Thy Self
        1. Security Policy
      3. Security Standards and Frameworks
        1. ISO/IEC 27001 and 27002
        2. NIST Cybersecurity Framework
      4. Regulatory Compliance
        1. Health Insurance Portability and Accountability Act (HIPAA)
      5. Payment Card Industry Data Security Standard (PCI DSS)
      6. Security Models
        1. Cisco SAFE
          1. SAFE PINs
          2. Secure Domains
          3. Attack Continuum
      7. Integrating Security Solutions
      8. Summary
      9. References
    2. Chapter 2 Infrastructure Security and Segmentation
      1. The Three Planes
      2. Securing the Management Plane
        1. Securing the Command Line
          1. Privilege Levels
          2. Management Plane Protection
        2. CPU and Memory Thresholding
        3. Securing SNMP
          1. SNMP Authentication and Encryption
          2. SNMP with Access Lists
          3. SNMP Views
      3. Securing the Control Plane
        1. Control Plane Policing (CoPP)
        2. Securing Layer 2 Control Plane Protocols
          1. Securing Spanning Tree Protocol (STP)
          2. Securing VLAN Trunking Protocol (VTP)
        3. Securing Layer 3 Control Plane Protocols
          1. Securing Border Gateway Protocol (BGP)
          2. Securing RIPv2 and EIGRP
          3. Securing OSPF
      4. Securing the Data Plane
        1. Security at the Layer 2 Data Plane
          1. The CAM Table and Port Security
          2. DHCP Snooping
          3. The ARP Table and Dynamic ARP Inspection (DAI)
          4. Segmentation
          5. Attacks Against Segmentation
          6. Traffic Filtering at Layer 2
        2. Security at the Layer 3 Data Plane
          1. Traffic Filtering at Layer 3
          2. Standard ACLs
          3. Extended ACLs
          4. Named ACLs
          5. Time Based ACLs
          6. Reflexive ACLs
          7. Unicast Reverse Path Forwarding
          8. Network Based Application Recognition (NBAR)
          9. TCP Intercept
      5. Visibility with NetFlow
      6. Summary
      7. References
    3. Chapter 3 Wireless Security
      1. What Is Wireless?
        1. Wireless Standards
        2. 802.11 Standards
        3. 802.11 MAC Frame Formats
        4. Association and Authentication
        5. Autonomous Versus Controller-Based WLANs
        6. WLC Fundamentals
        7. CAPWAP Overview
        8. Access Point Discovery Process
        9. AP Modes
        10. FlexConnect Access Points
        11. Guest Anchor Controllers
      2. Wireless Security Overview
        1. WEP
        2. Wi-Fi Protected Access (WPA)
        3. Wi-Fi Protected Access 2 (WPA2)
        4. WPA Personal Versus WPA Enterprise
        5. Roaming
      3. Securing the WLAN
      4. Configuring Wireless Protection Policies
        1. Rogue AP Detection
          1. Detecting Rogue APs
          2. Classifying Rogue APs
          3. Mitigating Rogue APs
        2. Wireless Threat Detection and Mitigation
          1. Wireless Intrusion Detection Systems
          2. Wireless Intrusion Prevention Systems
        3. Non-802.11 Attacks and Interference
        4. Client Exclusion
        5. Management Frame Protection
          1. Infrastructure MFP
          2. Client MFP
          3. Protected Management Frames
      5. Management and Control Plane Protection
        1. Management Authentication
        2. Management Protocols and Access
        3. CPU ACLs
        4. Access Point Protection
      6. Integrating a WLC with Other Security Solutions
        1. WLC and ISE
        2. WLC and Stealthwatch
        3. WLC and Umbrella
      7. Summary
      8. References
  18. Part II Deny IP any any
    1. Chapter 4 Firewalling with the ASA
      1. ASA Fundamentals
        1. Setting Up a Lab Virtual ASA (ASAv)
        2. ASA Initial Configuration
          1. Getting Connected
          2. ASA Device Manager
          3. ASA Security Levels
          4. ASA Security Zones
        3. ASA Routed and Transparent Mode
          1. ASA Routed Mode
          2. Transparent Mode
        4. ASA Multiple-Context Mode
          1. Multiple Context Configuration Basics
          2. Understanding the ASA Classifier
        5. ASA High Availability Options
          1. ASA Active/Standby Failover
          2. ASA Active/Active Failover
          3. Handling Asymmetric Traffic
          4. ASA Clustering
          5. ASA Clustering Troubleshooting
        6. Enabling Routing Protocol Support on the ASA
          1. ASA Routing Protocol Troubleshooting
          2. ASA Clustering Best Practices
      2. Traffic with the ASA
        1. Network Address Translation (NAT)
          1. ASA 8.3+ NAT Configuration Changes
          2. NAT Terminology
          3. Types of NAT
          4. Applying NAT
          5. NAT and IPv6
          6. Dynamic NAT
          7. Dynamic PAT
          8. Static NAT
          9. Identity NAT
          10. NAT and IPv6
          11. NAT66
          12. ASA NAT Troubleshooting
        2. Service Policies and Application Inspection
        3. Application Inspection
          1. Commonly Used Application Inspection Engines
      3. ASA Advanced Features
        1. Identity Firewall
          1. Identity Firewall Configuration
        2. Security Group Tags (SGTs)
          1. TrustSec Configuration
      4. Advanced Firewall Tuning
        1. TCP State Bypass
        2. Policy Based Routing (PBR)
        3. Threat Detection
      5. Troubleshooting the ASA
        1. Packet Capture
      6. Summary
      7. References
    2. Chapter 5 Next-Gen Firewalls
      1. Firepower Deployment Options
        1. What Is the Firepower Management Console?
      2. Configuring Firepower Threat Defense
        1. FTD Initial Configuration
          1. Routed Mode
          2. Transparent Mode
          3. Adding a Device to the FMC
        2. Interface Configuration
          1. Security Zones
          2. Interface Addressing
        3. High Availability
          1. NGFW Interface High Availability
          2. NGFW System High Availability
          3. High-Availability Configuration
        4. Routing in FTD
        5. Network Address Translation (NAT)
      3. Access Control Policies
        1. Prefilter Policy
        2. Objects
        3. Network Discovery Policy
        4. Identity Firewall
          1. Active Authentication
          2. Passive Authentication
        5. Application Visibility and Control (AVC)
        6. Custom Application Detectors
        7. URL Filtering
        8. Network Reputation
        9. SSL Inspection
      4. Analysis and Reporting
        1. Dashboards
        2. Context Explorer
        3. Connection Events
        4. User Activity
      5. Summary
      6. References
    3. Chapter 6 Next-Gen Intrusion Detection and Prevention
      1. NGIPS Overview
        1. Legacy IDSs/IPSs Versus NGIPSs
        2. Contextual Awareness
        3. Impact Assessment
        4. Security Intelligence
        5. Indications of Compromise (IOCs)
        6. Automated Tuning
      2. Cisco NGIPS Appliances
        1. Firepower Clustering
        2. Firepower Stacking
        3. Firepower Management Center (FMC)
        4. NGIPS Deployment Options
      3. Snort
        1. Snort Rules
        2. Options, Keywords, and Arguments in Rules
        3. Custom Intrusion Rules
        4. Preprocessors and Network Analysis
      4. Configuring a NGIPS
        1. Intrusion Policies
          1. System-Provided Intrusion Policies
          2. Policy Layers
          3. Advanced Settings
        2. Committing Changes
        3. Variables
        4. Access Control Policies
        5. Performance Settings
        6. Security Intelligence
          1. Monitoring Security Intelligence
      5. Operationalizing a NGIPS
        1. Dashboards and Custom Dashboards
        2. Context Explorer
        3. Reporting
        4. Intrusion Event Workflows
        5. Correlation Engine
        6. IPS Tuning
        7. Updating Rules and the Vulnerability Database (VDB)
      6. Summary
      7. References
    4. Chapter 7 IOS Firewall and Security Features
      1. Network Address Translation (NAT)
        1. NAT Terminology
        2. NAT Configuration
        3. NAT Overload
        4. Dynamic NAT
        5. Static NAT
        6. Troubleshooting NAT
        7. NAT Virtual Interface (NVI)
        8. ACLs and NAT
          1. Helpful Troubleshooting Commands
      2. Zone-Based Firewall (ZBF)
        1. ZBF Configuration Steps
          1. Defining Zones
          2. Configuring Zone Pairs
          3. Defining the Class Map(s)
          4. Defining the Policy Map(s)
        2. Configuring ZBF
          1. Nested Class Maps
        3. The Self-Zone
          1. Self-Zone Configuration
          2. Proper Use of the Self-Zone
        4. Port-to-Application Mapping (PAM)
        5. Verifying ZBF
        6. Troubleshooting ZBF
        7. Unsupported Features with ZBF
      3. IOS Advanced Security Features
        1. TCP Intercept
          1. TCP Intercept Configuration
        2. Unicast Reverse Path Forwarding
          1. uRPF Configuration
        3. Policy-Based Routing (PBR)
          1. PBR Operation
          2. PBR Configuration
          3. PBR Troubleshooting
        4. Web Cache Communication Protocol (WCCP)
          1. WCCP Protocol Capabilities
          2. Forwarding Method
          3. Return Method
          4. WCCP Configuration
          5. WCCP Troubleshooting
      4. Summary
      5. References
  19. Part III <HTML> EHLO. You have threat in content </HTML>
    1. Chapter 8 Content Security and Advanced Threat Protection
      1. Content Security Overview
        1. Cisco Async Operating System (AsyncOS)
      2. Web Security Appliance
        1. Proxy Basics
        2. Explicit Forward Mode
        3. Transparent Mode
        4. Transparent Proxy Traffic Redirection with WCCP
        5. Transparent Proxy Traffic Redirection with PBR
        6. Web Proxy IP Spoofing
        7. WSA System Setup
        8. WSA Policy Configuration
          1. Identification Policies
          2. Access Policies
          3. Decryption Policies
          4. Outbound Malware Policies
          5. Data Security Policies and DLP Policies
        9. WSA Reporting
      3. Email Security Appliance
        1. Email Basics
        2. ESA System Setup
        3. ESA Policy Configuration
          1. Incoming and Outgoing Mail Policies
          2. Host Access Table
          3. Mail Flow Policies
          4. Recipient Access Table
          5. Data Loss Prevention
          6. SMTP Authentication and Encryption
        4. ESA Reporting
      4. Security Management Appliance
      5. Summary
      6. References
    2. Chapter 9 Umbrella and the Secure Internet Gateway
      1. Umbrella Fundamentals
        1. nslookup dnsbasics.securitydemo.net
        2. Umbrella Architecture
        3. Secure Internet Gateway
      2. Umbrella Overview Dashboard
      3. Deploying Umbrella
        1. Identities
        2. Forwarding DNS Traffic to Umbrella
        3. Umbrella Virtual Appliances
        4. Active Directory
        5. Roaming Devices
        6. Cisco Security Connector
        7. Policies
        8. Reporting
      4. Cisco Investigate
      5. Summary
      6. References
    3. Chapter 10 Protecting Against Advanced Malware
      1. Introduction to Advanced Malware Protection (AMP)
      2. Role of the AMP Cloud
      3. Doing Security Differently
        1. The Prevention Framework
          1. One-to-One Signatures
          2. Ethos Engine
          3. Spero Engine
          4. Indicators of Compromise
          5. Device Flow Correlation
          6. Advanced Analytics
          7. Dynamic Analysis with Threat Grid
        2. The Retrospective Framework
      4. The Cloud
        1. Private Cloud
      5. Cloud Proxy Mode
      6. Air Gap Mode
      7. Threat Grid
        1. Threat Grid Cloud
        2. Threat Grid Appliance
      8. The Clean Interface
      9. The Administrative Interface
      10. The Dirty Interface
      11. Comparing Public and Private Deployments
      12. AMP for Networks
        1. What Is That Manager Called?
        2. Form Factors for AMP for Networks
        3. What AMP for Networks Does
        4. Where Are the AMP Policies?
          1. File Rules
          2. Advanced
      13. AMP for Endpoints
        1. What Is AMP for Endpoints?
        2. Connections to the AMP Cloud
          1. U.S. and North American Cloud
          2. European Union Cloud
          3. Asia Pacific, Japan, and Greater China Cloud
        3. Outbreak Control
      14. Custom Detections
        1. Simple Custom Detections
        2. Advanced Custom Detections
        3. Android Custom Detections
        4. Network IP Blacklists and Whitelists
        5. Application Control
        6. Exclusions
        7. The Many Faces of AMP for Endpoints
      15. AMP for Windows
        1. Windows Policies
        2. The General Tab
        3. The File Tab
        4. The Network Tab
        5. AMP for macOS
      16. Mac Policies
        1. The General Tab
        2. The File Tab
        3. The Network Tab
        4. AMP for Linux
      17. Linux Policies
        1. The General Tab
        2. The File Tab
        3. The Network Tab
      18. AMP for Android
        1. Installing AMP for Endpoints
      19. Groups, Groups, and More Groups
      20. The Download Connector Screen
      21. Distributing via Cisco AnyConnect
      22. Installing AMP for Windows
      23. Installing AMP for Mac
      24. Installing AMP for Linux
        1. Installing AMP for Android
          1. Android Activation Codes
          2. Deploying the AMP for Android Connector
      25. Proxy Complications
        1. Proxy Server Autodetection
        2. Incompatible Proxy Security Configurations
      26. AMP for Content Security
        1. Content Security Connectors
        2. Configuring AMP for Content Security Appliances
      27. Configuring the Web Security Appliance (WSA) Devices
      28. Configuring the Email Security Appliance (ESA) Devices
      29. AMP Reports
      30. Summary
  20. Index
  21. Code Snippets

Product information

  • Title: Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security, First edition
  • Author(s): Aaron Woland, Vivek Santuka, Mason Harris, Jamie Sanbower
  • Release date: July 2018
  • Publisher(s): Cisco Press
  • ISBN: 9780134807577