Web Security Appliance (WSA)

The WSA main features are  L4 Traffic Monitor and Web Proxy. Other features are – URL filtering – Web usage controls – Application visibility & control – Anti-Malware scanning (Sophos, McAfee, Webroot) Secure web proxy monitors and scans web traffic for malicious  content. When you enable the web proxy, you can configure it to be in transparent or explicit forward  mode The L4 Traffic Monitor detects and blocks rogue traffic across all ports and IP addresses. The L4 Traffic Monitor listens to network traffic that comes in over all ports and IP addresses on the appliance and matches domain names and IP addresses against entries in its own  database tables to determine whether to allow outgoing traffic. L4 Traffic Monitor deployment is independent of the Web Proxy deployment. You can connect the L4 Traffic Monitor to a network tap or the mirror/span port of a switch. When you enable the web proxy, you can configure it to be in transparent or explicit forward mode. Deployment Features you enable determine how you deploy and physically connect the appliance to the network. Two main deployment methods are Explicit forward proxy and Transparent Proxy. Explicit Forward Proxy: Client applications, such as web browsers, are aware of the Web Proxy and must be configured to point to a single Web Security appliance. This deployment requires a connection to a standard network switch. When you deploy the Web Proxy in explicit forward mode, you can place it anywhere in the network. IP spoofing is disabled by default ON – IP address of original source is maintained. OFF – Changing IP address to WSA IP address Automatic: Configure each client application to use a PAC file to detect the appliance Web […]

By |August 13th, 2013|CCIE, Cisco, Security|0 Comments

CCIE Security Lab Equipment and Software v4.0

Occasionally, you may see more recent software versions installed in the lab. Listed below are the base versions used. Only the features in these versions will be tested. We may use later software revisions in the lab to accommodate fixes etc, but we will not test features outside of those in the exam blueprints and checklist. Cisco 3800 Series Integrated Services Routers (ISR) Cisco 1800 Series Integrated Services Routers (ISR) Cisco 2900 Series Integrated Services Routers (ISR G2) Cisco Catalyst 3560-24TS Series Switches Cisco Catalyst 3750-X Series Switches Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances Cisco IPS Series 4200 Intrusion Prevention System sensors Cisco S-series Web Security Appliance Cisco ISE 3300 Series Identity Services Engine Cisco WLC 2500 Series Wireless LAN Controller Cisco Aironet 1200 Series Wireless Access Point Cisco IP Phone 7900 Series* Cisco Secure Access Control System Notes: The ASA appliances can be configured using CLI or ASDM/Cisco Prime Tools. *Device Authentication only, provisioning of IP phones is NOT required. Software Versions Cisco ISR Series running IOS Software Version 15.1(x)T and 15.2(x)T Cisco Catalyst 3560/3750 Series Switches running Cisco IOS Software Release 12.2SE/15.0(x)SE Cisco ASA 5500 Series Adaptive Security Appliances OS Software Versions 8.2x, 8.4x, 8.6x Cisco IPS Software Release 7.x Cisco VPN Client Software for Windows, Release 5.x Cisco Secure ACS System software version 5.3x Cisco WLC 2500 Series software 7.2x Cisco Aironet 1200 series AP Cisco IOS Software Release 12.4J(x) Cisco WSA S-series software version 7.1x Cisco ISE 3300 series software version 1.1x Cisco NAC Posture Agent v4.X Cisco AnyConnect Client v3.0X

By |August 8th, 2013|Security|0 Comments

CCIE Security Lab Exam Topics v4.0

The following topics are general guidelines for the content likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to reflect better the contents of the exam and for clarity purposes, the exam topics may change at any time without notice. Candidates may be required to perform implementation, optimization and troubleshooting actions in each of the exam topics sections and should also be comfortable with both IPv4 and IPv6 concepts and application.CCIE Security Lab Exam Topics v4.0 System Hardening and AvailabilityRouting plane security features (e.g. protocol authentication, route filtering)Control Plane PolicingControl Plane Protection and Management Plane ProtectionBroadcast control and switchport securityAdditional CPU protection mechanisms (e.g. options drop, logging interval)Disable unnecessary servicesControl device access (e.g. Telnet, HTTP, SSH, Privilege levels)Device services (e.g. SNMP, Syslog, NTP)Transit Traffic Control and Congestion Management Threat Identification and MitigationIdentify and protect against fragmentation attacksIdentify and protect against malicious IP option usageIdentify and protect against network reconnaissance attacksIdentify and protect against IP spoofing attacksIdentify and protect against MAC spoofing attacksIdentify and protect against ARP spoofing attacksIdentify and protect against Denial of Service (DoS) attacksIdentify and protect against Distributed Denial of Service (DDoS) attacksIdentify and protect against Man-in-the-Middle (MiM) attacksIdentify and protect against port redirection attacksIdentify and protect against DHCP attacksIdentify and protect against DNS attacksIdentify and protect against MAC Flooding attacksIdentify and protect against VLAN hopping attacksIdentify and protect against various Layer2 and Layer3 attacksNBARNetFlowCapture and utilize packet captures Intrusion Prevention and Content SecurityIPS 4200 Series Sensor Appliance(a) Initialize the Sensor Appliance(b) Sensor Appliance management(c) Virtual Sensors on the Sensor Appliance(d) Implementing security policies(e) Promiscuous and inline monitoring on the Sensor Appliance(f) Tune signatures on the Sensor Appliance(g) […]

By |June 27th, 2013|Security|0 Comments