Integrated Security Technologies and Solutions - Volume I Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security CCIE Professional Development Series

The essential reference for security pros and CCIE Security candidates: policies, standards, infrastructure/perimeter and content security, and threat protection

Integrated Security Technologies and Solutions ? Volume I offers one-stop expert-level instruction in security design, deployment, integration, and support methodologies to help security professionals manage complex solutions and prepare for their CCIE exams. It will help security pros succeed in their day-to-day jobs and also get ready for their CCIE Security written and lab exams.

Part of the Cisco CCIE Professional Development Series from Cisco Press, it is authored by a team of CCIEs who are world-class experts in their Cisco security disciplines, including co-creators of the CCIE Security v5 blueprint. Each chapter starts with relevant theory, presents configuration examples and applications, and concludes with practical troubleshooting.

Volume 1 focuses on security policies and standards; infrastructure security; perimeter security (Next-Generation Firewall, Next-Generation Intrusion Prevention Systems, and Adaptive Security Appliance [ASA]), and the advanced threat protection and content security sections of the CCIE Security v5 blueprint. With a strong focus on interproduct integration, it also shows how to combine formerly disparate systems into a seamless, coherent next-generation security solution.

• Review security standards, create security policies, and organize security with Cisco SAFE architecture
• Understand and mitigate threats to network infrastructure, and protect the three planes of a network device
• Safeguard wireless networks, and mitigate risk on Cisco WLC and access points
• Secure the network perimeter with Cisco Adaptive Security Appliance (ASA)
• Configure Cisco Next-Generation Firewall Firepower Threat Defense (FTD) and operate security via Firepower Management Center (FMC)
• Detect and prevent intrusions with Cisco Next-Gen IPS, FTD, and FMC
• Configure and verify Cisco IOS firewall features such as ZBFW and address translation
• Deploy and configure the Cisco web and email security appliances to protect content and defend against advanced threats
• Implement Cisco Umbrella Secure Internet Gateway in the cloud as your first line of defense against internet threats
• Protect against new malware with Cisco Advanced Malware Protection and Cisco ThreatGrid
  

Introduction xxv
Part I Hi There! This Is Network Security 1
Chapter 1 Let’s Talk About Network Security 3
Know Thy Enemy 4
Know Thy Self 6
Security Standards and Frameworks 9
Regulatory Compliance 15
Payment Card Industry Data Security Standard (PCI DSS) 16
Security Models 18
Integrating Security Solutions 23
Summary 25
References 25
Chapter 2 Infrastructure Security and Segmentation 27
The Three Planes 27
Securing the Management Plane 28
Securing the Control Plane 38
Securing the Data Plane 49
Visibility with NetFlow 76
Summary 77
References 78
Chapter 3 Wireless Security 79
What Is Wireless? 79
Wireless Security Overview 90
Securing the WLAN 94
Configuring Wireless Protection Policies 98
Management and Control Plane Protection 114
Integrating a WLC with Other Security Solutions 120
Summary 122
References 122
Part II Deny IP any any 123
Chapter 4 Firewalling with the ASA 125
ASA Fundamentals 125
Traffic with the ASA 151
ASA Advanced Features 167
Advanced Firewall Tuning 172
Troubleshooting the ASA 176
Summary 180
References 181
Chapter 5 Next-Gen Firewalls 183
Firepower Deployment Options 184
Configuring Firepower Threat Defense 186
Access Control Policies 206
Analysis and Reporting 229
Summary 237
References 238
Chapter 6 Next-Gen Intrusion Detection and Prevention 239
NGIPS Overview 239
Cisco NGIPS Appliances 248
Snort 256
Configuring a NGIPS 267
Operationalizing a NGIPS 283
Summary 296
References 297
Chapter 7 IOS Firewall and Security Features 299
Network Address Translation (NAT) 299
Zone-Based Firewall (ZBF) 309
IOS Advanced Security Features 319
Summary 331
References 331
Part III <HTML> EHLO. You have threat in content </HTML> 333
Chapter 8 Content Security and Advanced Threat Protection 335
Content Security Overview 335
Web Security Appliance 336
Email Security Appliance 370
Security Management Appliance 390
Summary 391
References 391
Chapter 9 Umbrella and the Secure Internet Gateway 393
Umbrella Fundamentals 393
Umbrella Overview Dashboard 399
Deploying Umbrella 401
Cisco Investigate 423
Summary 425
References 425
Chapter 10 Protecting Against Advanced Malware 427
Introduction to Advanced Malware Protection (AMP) 427
Role of the AMP Cloud 429
Doing Security Differently 430
The Cloud 437
Cloud Proxy Mode 438
Air Gap Mode 440
Threat Grid 442
The Clean Interface 446
The Administrative Interface 446
The Dirty Interface 446
Comparing Public and Private Deployments 446
AMP for Networks 447
AMP for Endpoints 457
Custom Detections 462
AMP for Windows 474
Mac Policies 490
Linux Policies 495
AMP for Android 497
Groups, Groups, and More Groups 498
The Download Connector Screen 499
Distributing via Cisco AnyConnect 500
Installing AMP for Windows 501
Installing AMP for Mac 503
Installing AMP for Linux 504
Proxy Complications 511
AMP for Content Security 513
Content Security Connectors 513
Configuring AMP for Content Security Appliances 514
Configuring the Web Security Appliance (WSA) Devices 515
Configuring the Email Security Appliance (ESA) Devices 519
AMP Reports 522
Summary 524
9781587147067, TOC, 4/16/2018

Aaron Woland, CCIE No. 20113, is a principal engineer in Cisco’s Advanced Threat Security group and works with Cisco’s largest customers all over the world. His primary job responsibilities include security design, solution enhancements, standards development, advanced threat solution design, endpoint security, and futures.

Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards and standards body working groups. Prior to joining Cisco, Aaron spent 12 years as a consultant and technical trainer.

Aaron is the author of both editions of Cisco ISE for BYOD and Secure Unified Access, Cisco Next-Generation Security Solutions: All-in-one Cisco ASA FirePOWER Services, NGIPS, and AMP; CCNP Security SISAS 300-208 Official Cert Guide, CCNA Security 210-260 Complete Video Course, and many published white papers and design guides.

Aaron is one of only five inaugural members of the Hall of Fame Elite for Distinguished Speakers at Cisco Live, and he is a security columnist for Network World, where he blogs on all things related to security. His many other certifications include GHIC, GCFE, GSEC, CEH, MCSE, VCP, CCSP, CCNP, and CCDP.

You can follow Aaron on Twitter: @aaronwoland.

Vivek Santuka, CCIE No. 17621 is a consulting systems engineer at Cisco and is a security consultant to some of Cisco’s largest customers. He has over 13 years of experience in security, focusing on identity management and access control. Vivek is a member of multiple technical advisory groups.

Vivek holds two CCIE certifications: Security and Routing and Switching. In addition, he holds RHCE and CISSP certifications.

Vivek is author of the Cisco Press book AAA Identity Management Security.

You can follow Vivek on Twitter: @vsantuka.

Mason Harris, CCIE No. 5916, is a solutions architect for Cis

• The must-have ready-reference for all Cisco security professionals
• First of two volumes: Volume 1 focuses on network security, next-generation firewalling and intrusion prevention, and advanced threat and content security
• Discover how Cisco firewalls, IPS systems, access control, and other security products and solutions integrate in the real world