intTypePromotion=1
zunia.vn Tuyển sinh 2024 dành cho Gen-Z zunia.vn zunia.vn
ADSENSE
 » 
 » 

Lecture CCNA Security - Chapter 10: Implementing the Cisco Adaptive Security Appliance (ASA)

Chia sẻ: You Can | Ngày: | Loại File: PDF | Số trang:50

Thêm vào BST
Báo xấu
51
lượt xem 6
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

The ASA is a standalone firewall device that is a primary component of the Cisco SecureX architecture. The following will be discussed in this chapter: Which kind of branch is appropriate for the IOS firewall solution? What is disadvantage of the IOS firewall solution? Inviting you to refer.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Lecture CCNA Security - Chapter 10: Implementing the Cisco Adaptive Security Appliance (ASA)

  1. Implementing the Cisco Adaptive Security Appliance (ASA) CCNA Security 1
  2. Objectives 2
  3. Overview of the ASA Refer to 10.1.1.1 • Which kind of branch is appropriate for the IOS firewall solution ? • What is disadvantage of the IOS firewall solution ? 3
  4. Overview of the ASA 4
  5. Overview of the ASA • The ASA is a standalone firewall device that is a primary component of the Cisco SecureX architecture. • All six ASA models provide advanced stateful firewall features and VPN functionality. • The biggest difference between the models is the maximum traffic throughput handled by each model and the number and type of interfaces. • The choice of ASA model will depend on an organization's requirements, such as maximum throughput, maximum connections per second, and budget. 5
  6. Overview of the ASA • The ASA software combines firewall, VPN concentrator, and intrusion prevention functionality into one software image. • Previously, these functions were available in three separate devices, each with its own software and hardware. 1. PIX 2. VPN concentrator 3. IDS 6
  7. Overview of the ASA Other advanced ASA features include these: Refer to 10.1.1.1 1. ASA virtualization 2. High availability with failover 3. Identity firewall 4. Threat control and containment services 7
  8. Overview of the ASA • All ASA models can be configured and managed using either the command line interface or the Adaptive Security Device Manager (ASDM). 8
  9. Overview of the ASA • By default, the ASA treats a defined inside interface as the trusted network, and any defined outside interfaces as untrusted networks. • Each interface has an associated security level • An ASA provides the same as ZPF/CBAC features but the configuration differs markedly from the IOS router configuration of ZPF. Refer to 10.1.1.2 9
  10. Overview of the ASA 10
  11. Overview of the ASA 11
  12. Overview of the ASA • The ASA is a stateful firewall. It tracks the state of the TCP or UDP network connections traversing it. • All traffic forwarded through an ASA is inspected using the Adaptive Security Algorithm and is either allowed to pass through or is dropped. Refer to 10.1.1.3 12
  13. Overview of the ASA • Session management path ? • Control plane path ? • Layer 7 inspection ? • Fast path ? Refer to 10.1.1.3 13
  14. Overview of the ASA Refer to 10.1.1.4 14
  15. Overview of the ASA • Most ASA appliances come pre-installed with either a Base license or a Security Plus license. • To provide additional features to the ASA, additional time- based or optional licenses can be purchased. • Combining these additional licenses to the pre-installed licenses creates a permanent license. The permanent license is then activated by installing a permanent activation key using the activation-key command. 15
  16. Overview of the ASA • Only one permanent license key can be installed and once it is installed, it is referred to as the running license. • To verify the license information on an ASA device, use the show version or the show activation-key command. 16
  17. Overview of the ASA Refer to 10.1.1.5
  18. The ASA 5505 Features • The Cisco ASA 5505 is a full-featured security appliance for small businesses, branch offices, and enterprise teleworker environments. • It delivers a high-performance firewall, SSL VPN, IPsec VPN, and rich networking services in a modular, plug-and- play appliance. Refer to 10.1.2.1 18
  19. Security Level • Security levels define the level of trustworthiness of an interface. The higher the level, the more trusted the interface. The security level numbers range between 0 (untrustworthy) to 100 (very trustworthy) • Each operational interface must have a name and a security level from 0 (lowest) to 100 (highest) assigned. Refer to 10.1.2.2 Security levels help control: 1. Network access 2. Inspection engines 3. Filtering 19
  20. Security Level • On an ASA 5505, Layer 3 parameters are configured on a switch virtual interface (SVI). An SVI, a logical VLAN interface, requires a name, interface security level, and IP address. Refer to 10.1.2.2 20
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

THÔNG TIN
TRỢ GIÚP
HỖ TRỢ KHÁCH HÀNG
Theo dõi chúng tôi

Chịu trách nhiệm nội dung:

Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA

LIÊN HỆ

Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM

Hotline: 093 303 0098

Email: support@tailieu.vn

Giấy phép Mạng Xã Hội số: 670/GP-BTTTT cấp ngày 30/11/2015 Copyright © 2022-2032 TaiLieu.VN. All rights reserved.

 

Đồng bộ tài khoản
2=>2