book

Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security, First edition

by Aaron Woland, Vivek Santuka, Mason Harris, Jamie Sanbower

July 2018

Intermediate to advanced

592 pages

19h 19m

English

Cisco Press

Read now

Unlock full access

Know Thy EnemyKnow Thy SelfSecurity PolicySecurity Standards and FrameworksISO/IEC 27001 and 27002NIST Cybersecurity FrameworkRegulatory ComplianceHealth Insurance Portability and Accountability Act (HIPAA)Payment Card Industry Data Security Standard (PCI DSS)Security ModelsCisco SAFESAFE PINsSecure DomainsAttack ContinuumIntegrating Security SolutionsSummaryReferences
The Three PlanesSecuring the Management PlaneSecuring the Command LinePrivilege LevelsManagement Plane ProtectionCPU and Memory ThresholdingSecuring SNMPSNMP Authentication and EncryptionSNMP with Access ListsSNMP ViewsSecuring the Control PlaneControl Plane Policing (CoPP)Securing Layer 2 Control Plane ProtocolsSecuring Spanning Tree Protocol (STP)Securing VLAN Trunking Protocol (VTP)Securing Layer 3 Control Plane ProtocolsSecuring Border Gateway Protocol (BGP)Securing RIPv2 and EIGRPSecuring OSPFSecuring the Data PlaneSecurity at the Layer 2 Data PlaneThe CAM Table and Port SecurityDHCP SnoopingThe ARP Table and Dynamic ARP Inspection (DAI)SegmentationAttacks Against SegmentationTraffic Filtering at Layer 2Security at the Layer 3 Data PlaneTraffic Filtering at Layer 3Standard ACLsExtended ACLsNamed ACLsTime Based ACLsReflexive ACLsUnicast Reverse Path ForwardingNetwork Based Application Recognition (NBAR)TCP InterceptVisibility with NetFlowSummaryReferences
What Is Wireless?Wireless Standards802.11 Standards802.11 MAC Frame FormatsAssociation and AuthenticationAutonomous Versus Controller-Based WLANsWLC FundamentalsCAPWAP OverviewAccess Point Discovery ProcessAP ModesFlexConnect Access PointsGuest Anchor ControllersWireless Security OverviewWEPWi-Fi Protected Access (WPA)Wi-Fi Protected Access 2 (WPA2)WPA Personal Versus WPA EnterpriseRoamingSecuring the WLANConfiguring Wireless Protection PoliciesRogue AP DetectionDetecting Rogue APsClassifying Rogue APsMitigating Rogue APsWireless Threat Detection and MitigationWireless Intrusion Detection SystemsWireless Intrusion Prevention SystemsNon-802.11 Attacks and InterferenceClient ExclusionManagement Frame ProtectionInfrastructure MFPClient MFPProtected Management FramesManagement and Control Plane ProtectionManagement AuthenticationManagement Protocols and AccessCPU ACLsAccess Point ProtectionIntegrating a WLC with Other Security SolutionsWLC and ISEWLC and StealthwatchWLC and UmbrellaSummaryReferences
ASA FundamentalsSetting Up a Lab Virtual ASA (ASAv)ASA Initial ConfigurationGetting ConnectedASA Device ManagerASA Security LevelsASA Security ZonesASA Routed and Transparent ModeASA Routed ModeTransparent ModeASA Multiple-Context ModeMultiple Context Configuration BasicsUnderstanding the ASA ClassifierASA High Availability OptionsASA Active/Standby FailoverASA Active/Active FailoverHandling Asymmetric TrafficASA ClusteringASA Clustering TroubleshootingEnabling Routing Protocol Support on the ASAASA Routing Protocol TroubleshootingASA Clustering Best PracticesTraffic with the ASANetwork Address Translation (NAT)ASA 8.3+ NAT Configuration ChangesNAT TerminologyTypes of NATApplying NATNAT and IPv6Dynamic NATDynamic PATStatic NATIdentity NATNAT and IPv6NAT66ASA NAT TroubleshootingService Policies and Application InspectionApplication InspectionCommonly Used Application Inspection EnginesASA Advanced FeaturesIdentity FirewallIdentity Firewall ConfigurationSecurity Group Tags (SGTs)TrustSec ConfigurationAdvanced Firewall TuningTCP State BypassPolicy Based Routing (PBR)Threat DetectionTroubleshooting the ASAPacket CaptureSummaryReferences
Firepower Deployment OptionsWhat Is the Firepower Management Console?Configuring Firepower Threat DefenseFTD Initial ConfigurationRouted ModeTransparent ModeAdding a Device to the FMCInterface ConfigurationSecurity ZonesInterface AddressingHigh AvailabilityNGFW Interface High AvailabilityNGFW System High AvailabilityHigh-Availability ConfigurationRouting in FTDNetwork Address Translation (NAT)Access Control PoliciesPrefilter PolicyObjectsNetwork Discovery PolicyIdentity FirewallActive AuthenticationPassive AuthenticationApplication Visibility and Control (AVC)Custom Application DetectorsURL FilteringNetwork ReputationSSL InspectionAnalysis and ReportingDashboardsContext ExplorerConnection EventsUser ActivitySummaryReferences
NGIPS OverviewLegacy IDSs/IPSs Versus NGIPSsContextual AwarenessImpact AssessmentSecurity IntelligenceIndications of Compromise (IOCs)Automated TuningCisco NGIPS AppliancesFirepower ClusteringFirepower StackingFirepower Management Center (FMC)NGIPS Deployment OptionsSnortSnort RulesOptions, Keywords, and Arguments in RulesCustom Intrusion RulesPreprocessors and Network AnalysisConfiguring a NGIPSIntrusion PoliciesSystem-Provided Intrusion PoliciesPolicy LayersAdvanced SettingsCommitting ChangesVariablesAccess Control PoliciesPerformance SettingsSecurity IntelligenceMonitoring Security IntelligenceOperationalizing a NGIPSDashboards and Custom DashboardsContext ExplorerReportingIntrusion Event WorkflowsCorrelation EngineIPS TuningUpdating Rules and the Vulnerability Database (VDB)SummaryReferences
Network Address Translation (NAT)NAT TerminologyNAT ConfigurationNAT OverloadDynamic NATStatic NATTroubleshooting NATNAT Virtual Interface (NVI)ACLs and NATHelpful Troubleshooting CommandsZone-Based Firewall (ZBF)ZBF Configuration StepsDefining ZonesConfiguring Zone PairsDefining the Class Map(s)Defining the Policy Map(s)Configuring ZBFNested Class MapsThe Self-ZoneSelf-Zone ConfigurationProper Use of the Self-ZonePort-to-Application Mapping (PAM)Verifying ZBFTroubleshooting ZBFUnsupported Features with ZBFIOS Advanced Security FeaturesTCP InterceptTCP Intercept ConfigurationUnicast Reverse Path ForwardinguRPF ConfigurationPolicy-Based Routing (PBR)PBR OperationPBR ConfigurationPBR TroubleshootingWeb Cache Communication Protocol (WCCP)WCCP Protocol CapabilitiesForwarding MethodReturn MethodWCCP ConfigurationWCCP TroubleshootingSummaryReferences
Content Security OverviewCisco Async Operating System (AsyncOS)Web Security ApplianceProxy BasicsExplicit Forward ModeTransparent ModeTransparent Proxy Traffic Redirection with WCCPTransparent Proxy Traffic Redirection with PBRWeb Proxy IP SpoofingWSA System SetupWSA Policy ConfigurationIdentification PoliciesAccess PoliciesDecryption PoliciesOutbound Malware PoliciesData Security Policies and DLP PoliciesWSA ReportingEmail Security ApplianceEmail BasicsESA System SetupESA Policy ConfigurationIncoming and Outgoing Mail PoliciesHost Access TableMail Flow PoliciesRecipient Access TableData Loss PreventionSMTP Authentication and EncryptionESA ReportingSecurity Management ApplianceSummaryReferences
Umbrella Fundamentalsnslookup dnsbasics.securitydemo.netUmbrella ArchitectureSecure Internet GatewayUmbrella Overview DashboardDeploying UmbrellaIdentitiesForwarding DNS Traffic to UmbrellaUmbrella Virtual AppliancesActive DirectoryRoaming DevicesCisco Security ConnectorPoliciesReportingCisco InvestigateSummaryReferences
Introduction to Advanced Malware Protection (AMP)Role of the AMP CloudDoing Security DifferentlyThe Prevention FrameworkOne-to-One SignaturesEthos EngineSpero EngineIndicators of CompromiseDevice Flow CorrelationAdvanced AnalyticsDynamic Analysis with Threat GridThe Retrospective FrameworkThe CloudPrivate CloudCloud Proxy ModeAir Gap ModeThreat GridThreat Grid CloudThreat Grid ApplianceThe Clean InterfaceThe Administrative InterfaceThe Dirty InterfaceComparing Public and Private DeploymentsAMP for NetworksWhat Is That Manager Called?Form Factors for AMP for NetworksWhat AMP for Networks DoesWhere Are the AMP Policies?File RulesAdvancedAMP for EndpointsWhat Is AMP for Endpoints?Connections to the AMP CloudU.S. and North American CloudEuropean Union CloudAsia Pacific, Japan, and Greater China CloudOutbreak ControlCustom DetectionsSimple Custom DetectionsAdvanced Custom DetectionsAndroid Custom DetectionsNetwork IP Blacklists and WhitelistsApplication ControlExclusionsThe Many Faces of AMP for EndpointsAMP for WindowsWindows PoliciesThe General TabThe File TabThe Network TabAMP for macOSMac PoliciesThe General TabThe File TabThe Network TabAMP for LinuxLinux PoliciesThe General TabThe File TabThe Network TabAMP for AndroidInstalling AMP for EndpointsGroups, Groups, and More GroupsThe Download Connector ScreenDistributing via Cisco AnyConnectInstalling AMP for WindowsInstalling AMP for MacInstalling AMP for LinuxInstalling AMP for AndroidAndroid Activation CodesDeploying the AMP for Android ConnectorProxy ComplicationsProxy Server AutodetectionIncompatible Proxy Security ConfigurationsAMP for Content SecurityContent Security ConnectorsConfiguring AMP for Content Security AppliancesConfiguring the Web Security Appliance (WSA) DevicesConfiguring the Email Security Appliance (ESA) DevicesAMP ReportsSummary

Content preview from Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security, First edition

Reader Services

Register your copy at www.ciscopress.com/title/9781587147067 for convenient access to downloads, updates, and corrections as they become available. To start the registration process, go to www.ciscopress.com/register and log in or create an account^*. Enter the product ISBN 9781587147067 and click Submit. Once the process is complete, you will find any available bonus content under Registered Products.

*Be sure to check the box that you would like to hear from us to receive exclusive discounts on future editions of this product.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, Second Edition

Jazib Frahim - CCIE No. 5459, Omar Santos

Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP

Omar Santos, Panos Kampanakis, Aaron Woland

Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Segmentation, Context Sharing, Secure Connectivity and Virtualization

Chad Mitchell, Jamie Sanbower, Aaron Woland, Vivek Santuka

CCIE Professional Development Series Network Security Technologies and Solutions

Yusuf CCIE No. 9305 Bhaiji

Publisher Resources

ISBN: 9780134807577