Chapter Outline: 9.0 Introduction 9.1 Introduction to the ASA 9.2 ASA Firewall Configuration 9.3 Summary Section 9.1: Introduction to the ASA Upon completion of this section, you should be able to: Compare ASA solutions to other routing firewall technologies. Explain ASA 5505 operation with the default configuration. Topic 9.1.1: ASA Solutions ASA Firewall Models Small Office and Branch Office ASA Models Internet Edge Models Enterprise Data Center Models Advanced ASA Firewall Feature ASA Virtualization High Availability Identity Firewall ASA Threat Control Review of Firewalls in Network Design Permitted Traffic DeniedTraffic ASA Firewall Modes of Operation ASA Licensing Requirements Base License…
Author: CCNA Exam Answers
Chapter Outline: 8.0 Introduction 8.1 VPNs 8.2 IPsec VPN Components and Operations 8.3 Implementing Site-to-Site IPsec VPNs with CLI 8.4 Summary Section 8.1: VPNs Upon completion of this section, you should be able to: Describe VPNs and their benefits. Compare site-to-site and remote-access VPNs. Topic 8.1.1: VPN Overview Introducing VPNs VPN Benefits: Cost Savings Security Scalability Compatibility Layer 3 IPsec VPNs Topic 8.1.2: VPN Technologies Two Types of VPNs Remote-Access VPN Site-to-Site VPN Access Components of Remote-Access VPNs Components of Site-to-Site VPNs Section 8.2: IPsec VPN Components and Operation Topic 8.2.1: Introducing IPsec IPsec Technologies Confidentiality Confidentiality with Encryption: Encryption…
Chapter Outline: 7.0 Introduction 7.1 Cryptographic Services 7.2 Basic Integrity and Authenticity 7.3 Confidentiality 7.4 Public Key Cryptography 7.5 Summary Section 7.1: Cryptographic Services Upon completion of this section, you should be able to: Explain the requirements of secure communications including integrity, authentication, and confidentiality. Explain cryptography. Describe cryptoanalysis. Describe cryptology. Topic 7.1.1: Securing Communications Authentication, Integrity, and Confidentiality Authentication Data Integrity Data Confidentiality Topic 7.1.2: Cryptography Creating Ciphertext Ciphertext can be creating using several methods: Transposition Substitution One-time pad Transposition Ciphers Substitution Ciphers One-Time Pad Ciphers Topic 7.1.3: Cryptanalysis Cracking Code Methods for Cracking Code Methods used for cryptanalysis:…
Chapter Outline: 6.0 Introduction 6.1 Endpoint Security 6.2 Layer 2 Security Threats 6.3 Summary Section 6.1: Endpoint Security Upon completion of this section, you should be able to: Describe endpoint security and the enabling technologies. Explain how Cisco AMP is used to ensure endpoint security. Explain how Cisco NAC authenticates and enforces the network security policy. Topic 6.1.1: Introducing Endpoint Security Securing LAN Elements Traditional Endpoint Security The Borderless Network Securing Endpoints in the Borderless Network Post malware attack questions: Where did it come from? What was the threat method and point of entry? What systems were affected? What did…
Chapter Outline: 5.0 Introduction 5.1 IPS Technologies 5.2 IPS Signatures 5.3 Implement IPS 5.4 Summary Section 5.1: IPS Technologies Upon completion of this section, you should be able to: Explain zero-day attacks. Understand how to monitor, detect and stop attacks. Describe the advantages and disadvantages of IDS and IPS. Topic 5.1.1: IDS and IPS Characteristics Zero-Day Attacks Monitor for Attacks Advantages of an IDS: Works passively Requires traffic to be mirrored in order to reach it Network traffic does not pass through the IDS unless it is mirrored Detect and Stop Attacks IPS: Implemented in an inline mode Monitors Layer…
Chapter Outline: 4.0 Introduction 4.1 Access Control Lists 4.2 Firewall Technologies 4.3 Zone-Based Policy Firewalls 4.4 Summary Section 4.1: Access Control List Upon completion of this section, you should be able to: Configure standard and extended IPv4 ACLs using CLI. Use ACLs to mitigate common network attacks. Configure IPv6 ACLs using CLI. Topic 4.1.1: Configuring Standard and Extended IPv4 ACLs with CLI Introduction to Access Control Lists Configuring Numbered and Named ACLs Applying an ACL Syntax – Apply an ACL to an interface Syntax – Apply an ACL to the VTY lines Example – Named Standard ACL Example – Named…
Chapter Outline: 3.0 Introduction 3.1 Purpose of the AAA 3.2 Local AAA Authentication 3.3 Server-Based AAA 3.4 Server-Based AAA Authentication 3.5 Server-Based Authorization and Accounting 3.6 Summary Section 3.1: Purpose of the AAA Upon completion of this section, you should be able to: Explain why AAA is critical to network security. Describe the characteristics of AAA. Topic 3.1.1: AAA Overview Authentication without AAA Telnet is Vulnerable to Brute-Force Attacks AAA Components Topic 3.1.2: AAA Characteristics Authentication Modes Local AAA Authentication Server-Based AAA Authentication Authorization AAA Authorization Accounting Types of accounting information: Network Connection EXEC System Command Resource AAA Accounting Activity…
Chapter Outline: 2.0 Introduction 2.1 Securing Device Access 2.2 Assigning Administrative Roles 2.3 Monitoring and Managing Devices 2.4 Using Automated Security Features 2.5 Securing the Control Plane 2.6 Summary Section 2.1: Securing Device Access Upon completion of this section, you should be able to: Explain how to secure a network perimeter. Configure secure administrative access to Cisco routers. Configure enhanced security for virtual logins. Configure an SSH daemon for secure remote management. Topic 2.1.1: Securing the Edge Router Securing the Network Infrastructure Edge Router Security Approaches Three Areas of Router Security Secure Administrative Access Tasks: Restrict device accessibility Log and…
Chapter Outline: 1.0 Introduction 1.1 Securing Networks 1.2 Network Threats 1.3 Mitigating Threats 1.4 Summary Section 1.1: Securing Networks Upon completion of this section, you should be able to: Describe the current network security landscape. Explain how all types of networks need to be protected. Topic 1.1.1: Current State of Affairs Networks Are Targets Drivers for Network Security Common network security terms: Threat Vulnerability Mitigation Risk Vectors of Network Attacks Data Loss Vectors of data loss: Email/Webmail Unencrypted Devices Cloud Storage Devices Removable Media Hard Copy Improper Access Control Topic 1.1.2: Network Topology Overview Campus Area Networks Small Office and…
9.3.1.2 Packet Tracer Simulation – TCP and UDP Communications (Instructor Version – Optional Packet Tracer) Topology Packet Tracer Simulation – TCP and UDP Communications Objectives Part 1: Generate Network Traffic in Simulation Mode Part 2: Examine the Functionality of the TCP and UDP Protocols Background This simulation activity is intended to provide a foundation for understanding the TCP and UDP in detail. Simulation mode provides the ability to view the functionality of the different protocols. As data moves through the network, it is broken down into smaller pieces and identified in some fashion so that the pieces can…
8.3.1.4 Packet Tracer – Implementing a Subnetted IPv6 Addressing Scheme (Instructor Version – Optional Packet Tracer) Topology Addressing Table Objectives Part 1: Determine the IPv6 Subnets and Addressing Scheme Part 2: Configure the IPv6 Addressing on Routers and PCs and Verify Connectivity Scenario Your network administrator wants you to assign five /64 IPv6 subnets to the network shown in the topology. Your job is to determine the IPv6 subnets, assign IPv6 addresses to the routers, and set the PCs to automatically receive IPv6 addressing. Your final step is to verify connectivity between IPv6 hosts. Part 1: Determine the…
Packet Tracer – Designing and Implementing a VLSM Addressing Scheme Addressing Table Objectives Part 1: Examine the Network Requirements Part 2: Design the VLSM Addressing Scheme Part 3: Assign IP Addresses to Devices and Verify Connectivity Background In this activity, you are given a /24 network address to use to design a VLSM addressing scheme. Based on a set of requirements, you will assign subnets and addressing, configure devices and verify connectivity. Part 1: Examine the Network Requirements Step 1: Determine the number of subnets needed. You will subnet the network address 10.11.48.0/24. The network has the following requirements: •…