• Chapter 10: Cisco Firewalling Solutions: Cisco IOS Zone-Based Firewall and Cisco ASAChapter 10: Cisco Firewalling Solutions: Cisco IOS Zone-Based Firewall and Cisco ASA

    Packet Tracer Tool To open the Packet Tracer, perform the following steps: Step 1. In the main Cisco ASDM application window, navigate to Tools > Packet Tracer. Step 2. The Cisco ASDM Packet Tracer dialog box opens. Step 3. Choose the source interface for the packet trace from the Interface drop-down list. Step 4. Specify the protocol type fo...

    pptx85 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 1064 | Lượt tải: 0

  • Chapter 9: Firewall Fundamentals and Network Address TranslationChapter 9: Firewall Fundamentals and Network Address Translation

    Firewall Designs Best practices documents are a composite effort of security practitioners. This partial list of best practices is generic and serves only as a starting point for your own firewall security policy: • Position firewalls at key security boundaries, separating security domains with different levels of trust. • Firewalls are the prim...

    pptx29 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 907 | Lượt tải: 0

  • Chapter 8: Access Control Lists for Threat MitigationChapter 8: Access Control Lists for Threat Mitigation

    Advance IPv6 ACL Reflexive ACLs and time-based ACLs are also available in IPv6. An IPv6 ACL can match the following IPv6 headers: • routing: Matches any route header • mobility: Matches any mobility header • dest-option-type: Matches any destination option header • auth: Matches IPsec’s AH • undetermined-transport: Matches any packet whose La...

    pptx48 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 989 | Lượt tải: 0

  • Chapter 7: Planning a Threat Control StrategyChapter 7: Planning a Threat Control Strategy

    The following are the main points conveyed in this chapter: • Threat control and containment should distribute security intelligence, improve incident analysis and correlation, and respond automatically. • Cisco threat control and containment solutions provide multiple deployment options: appliance, hardware module, software based, and virtualize...

    pptx18 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 1027 | Lượt tải: 0

  • Chapter 6: Securing the Data Plane in IPv6 EnvironmentsChapter 6: Securing the Data Plane in IPv6 Environments

    By combining multiple techniques, attackers can accomplish stealth attacks that result in trust exploitation and information theft. Figure 6-14 illustrates an attack that combines dual-stacked hosts, which are subject to rogue router advertisements. This type of attack could exploit the routing header (RH) to pivot using multiple hops; and by using...

    pptx28 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 904 | Lượt tải: 0

  • Chapter 5: Securing the Data Plane on Cisco Catalyst SwitchesChapter 5: Securing the Data Plane on Cisco Catalyst Switches

    MAC Address Notification The MAC Address Notification feature sends SNMP traps to the network management station (NMS) whenever a new MAC address is added to or an old address is deleted from the forwarding tables.

    pptx36 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 907 | Lượt tải: 0

  • Chapter 4: Securing the Management Plane on Cisco IOS Devices and AAAChapter 4: Securing the Management Plane on Cisco IOS Devices and AAA

    Dynamic Access Policies on Cisco ASA For those readers familiar with Cisco ASA, you will relate Figure 4-24 to the dynamic access policies (DAP) used in VPN settings, where the ASA assigns a policy to an incoming connection based on many criteria, including not only the user’s identity, but also how the computer is used to connect, whether the com...

    pptx126 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 917 | Lượt tải: 0

  • Chapter 3: Network Foundation Protection and Cisco Configuration ProfessionalChapter 3: Network Foundation Protection and Cisco Configuration Professional

    Layer 2 Data Plane Protection Data plane protection mechanisms depend on feature availability for specific devices. In a switching infrastructure, these Cisco Catalyst integrated security capabilities provide data plane security on the Cisco Catalyst switches using integrated tools: • Port security prevents MAC flooding attacks. • DHCP snooping ...

    pptx20 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 907 | Lượt tải: 0

  • Chapter 2: Security Strategy and Cisco Borderless NetworkChapter 2: Security Strategy and Cisco Borderless Network

    Summary In this chapter, you learned about the Cisco Borderless Network Architecture. This chapter examined the Cisco Security portfolio of products and, more specifically, reviewed the following: • Cisco SecureX Architecture (at a high level), highlighting its features and benefits and providing examples of Cisco products that fall within this c...

    pptx24 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 979 | Lượt tải: 0

  • Chapter 1: Network Security Concepts and PoliciesChapter 1: Network Security Concepts and Policies

    Security Policies The three reasons for having a security policy are as follows: • To inform users, staff, and managers • To specify mechanisms for security • To provide a baseline A properly defined security policy does the following: • Protects people and information • Sets the rules for expected behavior • Authorizes staff to monitor, pr...

    pptx26 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 893 | Lượt tải: 0