Formazione \ Catalogo corsi Cisco \ CCSP \ SNPA

642-523 Securing Networks with PIX and ASA (SNPA)

Securing Networks with PIX and ASA (SNPA)


Il corso tratta come configurare, manutenere e applicare Cisco PIX 500 Series Security Appliances e Cisco ASA 5500 Series Adaptive Security Appliances. SNPA fa parte del programma di certificazione Cisco Certified Security Professional (CCSP).

I laboratori che offriamo portano lo studente attraverso la configurazione degli apparecchi di sicurezza PIX e l'esecuzione di comandi di manutenzione generale, configurando ACL su Security Appliance, e configurando l'ASA Security Appliance per SSLVPN

 

Cosa si impara

  • Descrivere le caratteristiche, i modelli, i componenti ed i benefici di Security Appliance
  • Discutere Adaptive Security Algorithm (ASA) e livelli di sicurezza ASA
  • Configurare un Security Appliance per connessioni base di rete
  • Configurare il Security Appliance per inviare messaggi syslog a un server syslog
  • Descrivere la funzione dei protocolli TCP e UDP all'interno di Security Appliance
  • Descrivere funzioni di traslazione statica e dinamica
  • Spiegare le caratteristiche di Security Appliance PAT
  • Configurare e spiegare la funzione ACL e NAT 0 ACLs
  • Configurare active code filtering (ActiveX and Java applets)
  • Configurare Security Appliance per URL filtering
  • Descrivere le caratteristiche di grouping del Security Appliance e i suoi vantaggi
  • Nominare i protocolli AAA supportati da Security Appliance
  • Definire e configurare cut-through proxy authentication e tunnel access authentication
  • Definire e configurare AAA accounting
  • Installare e configurare funzioni base di Cisco Secure ACS
  • Descrivere come Security Appliance implementa l'ispezione di protocollo FTP e HTTP
  • Descrivere come Security Appliance implementa remote shell (rsh), SQL, SMTP, ICMP, e SNMP protocol inspection
  • Identificare compiti e comandi per configurare I supporti di Security Appliance IPSec
  • Descrivere e configurare il Easy VPN Server e Remote usando il client Cisco VPN
  • Configurare I parametri generali WebVPN, servers, URLs, e port forwarding
  • Monitorare e manutenere firewall mode trasparenti
  • Configurare e gestire un security context
  • Definirei requisiti di failover dell'hardware di Security Appliance
  • Installare ASDM e usarlo al fine di configurare i Security Appliance
  • Configurare i parametri di set up AIP-SSM
  • Configurare una policy di sicurezza su una ASA Security Appliance usando ASDM
  • Configurare Telnet e l'accesso SSH per la console di Security Appliance
  • Recuperare le password di Security Appliance usando la procedura generale di recupero delle password
  • Utilizzo di TFTP per installare e aggiornare la software image su Security Appliance

Chi dovrebbe partecipare

Clienti Cisco che implementano e manutengono PIX security appliance e ASA Security Appliances; channel partner di Cisco che vendono, implementano e manutengono PIX security appliance e ASA Security Appliances; systems engineers Cisco che supportano la vendita di PIX security appliance e ASA Security Appliances.
Contenuto dettagliato
  1. Cisco Security Appliance Technology and Features
    Introduction to the general functionality provided by firewalls and Security Appliances.
    • Firewalls
    • Security Appliance Overview
  2. Cisco PIX Security Appliance and ASA Adaptive Security Appliance Families
    Introduction to the Cisco PIX 500 Series Security Appliance family, Cisco ASA 5500 Series Adaptive Security Appliance family, and Firewall Services Module (FWSM).
    • Models and Features of Cisco Security Appliances
    • PIX Security Appliance Licensing
    • ASA Adaptive Security Appliance Licensing
    • Cisco Firewall Services Module
  3. Getting Started with Cisco Security Appliances
    Learn to configure a Security Appliance.
    • User Interface
    • File Management
    • Security Appliance Security Levels
    • Basic Security Appliance Configuration
    • Examining Security Appliance Status
    • Time Setting and NTP Support
    • Syslog Configuration
  4. Translations and Connections
    Discussion of Security Appliance translations and connections, how the Security Appliance processes TCP and User Datagram Protocol (UDP) traffic, and how to configure dynamic and static address translations in a Security Appliance.
    • Transport Protocols
    • Network Address Translation
    • Port Address Translation
    • Static Command
    • TCP Intercept and Connection Limits
    • Connections and Translations
    • Configuring Multiple Interfaces
  5. Access Control Lists and Content Filtering
    Discuss how to control access through the Security Appliance using access control lists (ACLs). Learn how to configure the Security Appliance to filter malicious active codes and how to configure URL filtering.
    • ACLs
    • Malicious Active Code Filtering
    • URL Filtering
  6. Object Grouping
    Learn object grouping concepts and how to use the object-group command to configure object grouping. The various types of object groups are explained, and the use and configuration of nested object groups are covered in the final sections.
    • Configuring Object Groups
    • Nested Object Groups
  7. Authentication, Authorization, and Accounting
    Learn Security Appliance authentication, authorization, and accounting (AAA) and how to configure AAA.
    • Introduction to AAA
    • Installation of Cisco Secure ACS for Windows 2000
    • Security Appliance Access Authentication Configuration
    • Security Appliance Cut-Through Authentication Configuration
    • Tunnel Access Authentication Configuration
    • Authorization Configuration
    • Downloadable ACLs
    • Accounting Configuration
  8. Switching and Routing
    Explanation of the virtual local-area network (VLAN) capabilities of the Security Appliance and the routing capabilities of the Security Appliance. Discussion of Routing Information Protocol (RIP) and the Open Shortest Path First (OSPF) algorithm in detail and configuration of the Security Appliance to allow multicast traffic.
    • VLANs
    • Static and Dynamic Routing
    • OSPF
    • Multicasting
  9. Modular Policy Framework
    Introduction of modular policy framework and explanation of how to configure a modular policy.
    • Modular Policy Overview
    • Configuring a Class Map, Policy Map and Service Policy
  10. Advanced Protocol Handling
    Introduction to Security Appliance advanced protocol handling. Describe how to configure protocol inspection to include configuring an inspection modular policy, defining an FTP map, defining an HTTP map, and describing a number of the inspection protocols supported by the Security Appliance.
    • Advanced Protocol Handling
    • FTP, HTTP and Protocol Application Inspection
    • Multimedia Support
  11. VPN Configuration
    Learn the basics of IPSec and Security Appliance virtual private networks (VPNs), with a focus on communications between Security Appliance gateways. Discuss how VPNs function and the tasks necessary to configure VPN connection parameters on the Security Appliance.
    • Secure VPNs
    • How IPSec Works
    • Configure VPN Connection Parameters
    • IPSec Configuration Tasks
    • Scale Security Appliance VPNs
  12. Configuring Security Appliance Remote Access Using Cisco Easy VPN
    Discuss the Cisco Easy VPN and its two components and modes of operation.
    • Introduction to Cisco Easy VPN
    • Configuring Users and Groups
    • Configuring the Easy VPN Server for Extended Authentication
    • Configure Security Appliance Hub-and-Spoke VPNs
    • Cisco VPN Client Manual Configuration Tasks
    • Working with the Cisco VPN Client
  13. Configuring ASA for WebVPN
    Define the characteristics of WebVPN and how it compares with traditional VPNs. Discuss the end-user interface and the steps and commands necessary to configure the ASA for WebVPN.
    • WebVPN End-User Interface
    • Configure WebVPN General Parameters, Servers, URLs, and Port Forwarding
    • Define Email Proxy Servers
    • Configure WebVPN Content Filters and ACLs
  14. Configuring Transparent Firewall
    Overview and explanation of transparent firewall mode. Enabling of transparent firewall and monitoring and maintenance commands specific to the transparent firewall mode are also detailed.
    • Enabling Transparent Firewall Mode
    • Monitoring and Maintaining Transparent Firewall Mode
  15. Configuring Security Contexts
    Learn the purpose of security contexts and how to enable, configure, and manage multiple contexts.
    • Security Context Overview
    • Enabling Multiple Context Mode
    • Configuring a Security Context
    • Managing Security Contexts
  16. Failover
    Introduction to the Security Appliance failover options and how to configure them. Describe the types of failover supported by the Security Appliance and discusses how to configure active/standby, active/active, and stateful failover.
    • Understanding Failover
    • Serial Cable-Based Failover Configuration
    • Active/Standby LAN-Based Failover Configuration
    • Active/Active Failover Configuration
  17. Cisco Security Appliance Device Manager
    Introduction to the Cisco Adaptive Security Device Manager (ASDM). Learn an overview of ASDM and its operating requirements. Continue with an introduction to the GUI structure and how to maneuver through the device manager. Learn how to install ASDM and how to configure and monitor a Security Appliance with ASDM.
    • ASDM Overview and Operating Requirements
    • Navigating ASDM Configuration and Multimode Windows
  18. AIP-SSM-Getting Started
    Introduction to the Cisco Advanced Inspection and Prevention Security Services Module (AIP-SSM). Learn how to load intrusion prevention system (IPS) software on the AIP-SSM, initialize the AIP-SSM with the setup command, and define an IPS modular policy on a Security Appliance via ASDM.
    • AIP-SSM SW Loading
    • Initial IPS ASDM Configuration
    • Configure a Security Policy on the ASA Security Appliance
  19. Managing Security Appliances
    Explain how to secure system access to the Security Appliance and how to configure and use local user authentication and command authorization. Password recovery and file management are also covered.
    • Managing System Access
    • Managing User Access Levels, Software, Licenses, and Configurations
    • Image Upgrade and Activation Keys

 

Laboratori

  • Lab 1: PIX Security Appliance and Execute General Maintenance Commands
  • Lab 2: Configuring Access Through the Security Appliance
  • Lab 3: ACLs on the Security Appliance
  • Lab 4: Object Groups
  • Lab 5: AAA on the Security Appliance Using Cisco Secure ACS for Windows 2000
  • Lab 6: Configure and Test Advanced Protocol Inspection on the Security Appliance
  • Lab 7: Security Appliance Site-to-Site VPN
  • Lab 8: Secure VPN Using IPSec Between a Security Appliance and a Cisco VPN Client
  • Lab 9: ASA Security Appliance for WebVPN
  • Lab 10: Security Appliance Transparent Firewall
  • Lab 11: LAN-Based Failover
  • Lab 12: Configuring the Security Appliance with ASDM
  • Lab 13: Initializing the AIP-SSM
  • Lab 14: Managing the Security Appliance

Prerequisiti

  • Certificazione CCNA o competenze equivalenti
  • Conoscenza di base sul sistema operativo Windows
  • Familiarità con concetti di networking e securezza

Corsi successivi

Esami / Certificazioni

Il corso è raccomandato per la preparazione dell’esame SNPA.
Il corso fa parte del percorso di certificazione Cisco Certified Security Professional (CCSP) e della specializzazione Cisco Firewall.
Bookmark and Share