Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security
Integrated Security Technologies and Solutions – Volume I offers one-stop expert-level instruction in security design, deployment, integration, and support methodologies to help security professionals manage complex solutions and prepare for their CCIE exams. It will help security pros succeed in their day-to-day jobs and also get ready for their CCIE Security written and lab exams.
Part of the Cisco CCIE Professional Development Series from Cisco Press, it is authored by a team of CCIEs who are world-class experts in their Cisco security disciplines, including co-creators of the CCIE Security v5 blueprint. Each chapter starts with relevant theory, presents configuration examples and applications, and concludes with practical troubleshooting.
Volume 1 focuses on security policies and standards; infrastructure security; perimeter security (Next-Generation Firewall, Next-Generation Intrusion Prevention Systems, and Adaptive Security Appliance [ASA]), and the advanced threat protection and content security sections of the CCIE Security v5 blueprint. With a strong focus on interproduct integration, it also shows how to combine formerly disparate systems into a seamless, coherent next-generation security solution.
Review security standards, create security policies, and organize security with Cisco SAFE architecture
Understand and mitigate threats to network infrastructure, and protect the three planes of a network device
Safeguard wireless networks, and mitigate risk on Cisco WLC and access points
Secure the network perimeter with Cisco Adaptive Security Appliance (ASA)
Configure Cisco Next-Generation Firewall Firepower Threat Defense (FTD) and operate security via Firepower Management Center (FMC)
Detect and prevent intrusions with Cisco Next-Gen IPS, FTD, and FMC
Configure and verify Cisco IOS firewall features such as ZBFW and address translation
Deploy and configure the Cisco web and email security appliances to protect content and defend against advanced threats
Implement Cisco Umbrella Secure Internet Gateway in the cloud as your first line of defense against internet threats
Protect against new malware with Cisco Advanced Malware Protection and Cisco ThreatGrid
Introduction xxv Part I Hi There! This Is Network Security 1 Chapter 1 Let’s Talk About Network Security 3 Know Thy Enemy 4 Know Thy Self 6 Security Standards and Frameworks 9 Regulatory Compliance 15 Payment Card Industry Data Security Standard (PCI DSS) 16 Security Models 18 Integrating Security Solutions 23 Summary 25 References 25 Chapter 2 Infrastructure Security and Segmentation 27 The Three Planes 27 Securing the Management Plane 28 Securing the Control Plane 38 Securing the Data Plane 49 Visibility with NetFlow 76 Summary 77 References 78 Chapter 3 Wireless Security 79 What Is Wireless? 79 Wireless Security Overview 90 Securing the WLAN 94 Configuring Wireless Protection Policies 98 Management and Control Plane Protection 114 Integrating a WLC with Other Security Solutions 120 Summary 122 References 122 Part II Deny IP any any 123 Chapter 4 Firewalling with the ASA 125 ASA Fundamentals 125 Traffic with the ASA 151 ASA Advanced Features 167 Advanced Firewall Tuning 172 Troubleshooting the ASA 176 Summary 180 References 181 Chapter 5 Next-Gen Firewalls 183 Firepower Deployment Options 184 Configuring Firepower Threat Defense 186 Access Control Policies 206 Analysis and Reporting 229 Summary 237 References 238 Chapter 6 Next-Gen Intrusion Detection and Prevention 239 NGIPS Overview 239 Cisco NGIPS Appliances 248 Snort 256 Configuring a NGIPS 267 Operationalizing a NGIPS 283 Summary 296 References 297 Chapter 7 IOS Firewall and Security Features 299 Network Address Translation (NAT) 299 Zone-Based Firewall (ZBF) 309 IOS Advanced Security Features 319 Summary 331 References 331 Part III <HTML> EHLO. You have threat in content </HTML> 333 Chapter 8 Content Security and Advanced Threat Protection 335 Content Security Overview 335 Web Security Appliance 336 Email Security Appliance 370 Security Management Appliance 390 Summary 391 References 391 Chapter 9 Umbrella and the Secure Internet Gateway 393 Umbrella Fundamentals 393 Umbrella Overview Dashboard 399 Deploying Umbrella 401 Cisco Investigate 423 Summary 425 References 425 Chapter 10 Protecting Against Advanced Malware 427 Introduction to Advanced Malware Protection (AMP) 427 Role of the AMP Cloud 429 Doing Security Differently 430 The Cloud 437 Cloud Proxy Mode 438 Air Gap Mode 440 Threat Grid 442 The Clean Interface 446 The Administrative Interface 446 The Dirty Interface 446 Comparing Public and Private Deployments 446 AMP for Networks 447 AMP for Endpoints 457 Custom Detections 462 AMP for Windows 474 Mac Policies 490 Linux Policies 495 AMP for Android 497 Groups, Groups, and More Groups 498 The Download Connector Screen 499 Distributing via Cisco AnyConnect 500 Installing AMP for Windows 501 Installing AMP for Mac 503 Installing AMP for Linux 504 Proxy Complications 511 AMP for Content Security 513 Content Security Connectors 513 Configuring AMP for Content Security Appliances 514 Configuring the Web Security Appliance (WSA) Devices 515 Configuring the Email Security Appliance (ESA) Devices 519 AMP Reports 522 Summary 524 9781587147067, TOC, 4/16/2018