How to configure reflexive access lists

Ensurepass This post describes how to configure reflexive access lists on your router. Reflexive access lists provide the ability to filter network traffic at a router, based on IP upper-layer protocol "session" information. 【Lab Topology】 【Lab Object】 Technical characteristics: 1. Reflexive Access List allows for IP packet-filter on the basis of high-level session. 2. Use the Reflexive Access List to allow for the outbound traffic and block the inbound traffic generated by Read more […] Read more »

CCSP SNRS Lab3 – Context-Based Access Control

Ensurepass 【Lab Topology】 【Lab Object】 Technical characteristics: 1. Traffic filtering CBAC checks not only the information of the network layer and the transport layer but also the information of the application layer. It can also filter the http traffic and block java plug-in 2. Traffic monitoring CBAC monitors the traffic passing through the router and handles the TCP and UDP state information which can be used to generate the temporary list to release the rebound traffic and other Read more […] Read more »

Few Words – IP Prefix Lists

Ensurepass Ip prefix-list provides the most powerful prefix based filtering mechanism Here is a quick little tutorial on Prefix-lists for you. A normal access-list CANNOT check the subnet mask of a network. It can only check bits to make sure they match, nothing more. A prefix-list has an advantage over an access-list in that it CAN check BOTH bits and subnet mask – both would have to match for the network to be either permitted or denied. For checking bits a prefix list ALWAYS goes Read more […] Read more »

Summary of Cisco IOS Firewall

Ensurepass IOS Firewall is firewall functionality that is included within specific feature licenses of the Cisco IOS. Cisco IOS is the operating system that most Cisco devices operate. All routers, including the new Integrated Services Routers (ISR) run Cisco IOS. Cisco IOS has had a form of firewalling included since the very early releases. This was in the form of packet-filtering technology. This was the first generation of firewall technology. Packet filtering is implemented in Cisco IOS by what Read more […] Read more »

Cisco Press – CANAC Implementing Cisco NAC Appliance Student Guide Ver.2.1.Vol.2

Ensurepass The 642-591 CANAC Implementing Cisco NAC Appliance exam is associated with both the Cisco Certified Security Professional and the Cisco Network Admission Control Specialist certifications. Candidates can prepare for this exam by taking the Implementing Cisco NAC Appliance course. This exam tests a candidate’s knowledge of the Cisco NAC Appliance solution. The Cisco Self-Defending Network (SDN) strategy addresses the need for Network Admission Control (NAC). The Cisco NAC Appliance is Read more […] Read more »

Cisco Security Deep Dive (ASA, Iron Port, IPS , CSM etc) – NEW 2010 and 2011

Ensurepass Cisco Security Deep Dive Series: TrustSec/802.1x Cisco SaaS Web Security (ScanSafe) Cisco IronPort Security Management 7.0 (New Management Features) Cisco IronPort Email Encryption Cisco IronPort Email Security – Data Loss Prevention Cisco IronPort Web Security Appliance Sorry you have no rights to view this post! [This content is only available for our VIP member]. HOT EXAM! 100-105 Dumps VCE PDF 200-105 Dumps VCE PDF 300-101 Dumps VCE PDF 300-115 Read more […] Read more »

Configuring Connection Limits on Cisco ASA Firewalls – Protect from DoS

Ensurepass The Cisco ASA firewall offers excellent protection for Denial of Service attacks, such as SYN floods, TCP excessive connection attacks etc. Using the new Policy Framework functionality, the ASA administrator can configure granular controls for TCP Connection limits and timeouts. For example, we can control and limit the maximum number of simultaneous TCP and UDP connections that are allowed towards a specific host (or subnet), the maximum number of simultaneous embryonic connections allowed Read more […] Read more »

Books online – Cisco Press – CCSP SNRS Quick Reference(642-504)

Ensurepass As a final exam preparation tool, the CCSP SNRS Quick Reference provides a concise review of all objectives on the new CCSP SNRS exam (642-503). This digital Short Cut provides you with detailed, graphical-based information, highlighting only the key topics in cram-style format. With this document as your guide, you will review topics on securing networks using routers and switches. These fact-filled Quick Reference Sheets allow you to get all-important information at a glance, helping Read more […] Read more »

Cisco PIX Firewall Lab Online

Ensurepass The Topology diagram is shown below: Sorry you have no rights to view this post! [This content is only available for our VIP member]. HOT EXAM! 100-105 Dumps VCE PDF 200-105 Dumps VCE PDF 300-101 Dumps VCE PDF 300-115 Dumps VCE PDF 300-135 Dumps VCE PDF 300-320 Dumps VCE PDF 400-101 Dumps VCE PDF 640-911 Dumps VCE PDF 640-916 Dumps VCE PDF 70-410 Dumps VCE PDF 70-411 Dumps VCE PDF 70-412 Dumps VCE PDF 70-413 Dumps VCE PDF 70-414 Dumps VCE PDF 70-417 Dumps VCE Read more […] Read more »

CCSP Books

Ensurepass CCSP™ (Cisco Certified Security Professional) certification is designed for IT professionals responsible for delivering self-defending networks that are integrated, collaborative, and adaptive. A CCSP validates that a network professional can secure and manage network infrastructures to protect productivity and reduce costs. The content emphasizes topics such as perimeter security, virtual private networks, intrusion prevention, as well as how to combine these technologies in a single, Read more […] Read more »

Basic PIX Firewall Configuration

Ensurepass There is basic PIX Firewall configuration on-hand from time to time. The client that does the following: 1. NAT overload from an inside network to an outside network 2. Accept incoming PPTP VPN connections from ouside clients 3. Turns on the web-based GUI on the PIX : Saved : PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full :These two lines activate the outside (Ethernet0) and inside (Ethernet1) interfaces nameif ethernet0 outside security0 nameif ethernet1 inside Read more […] Read more »

VPN Virtual Tunnel Interfaces

Ensurepass While doing a recent deployment, I ran across this concept. It’s a slightly different way to configure VPNs on a Cisco router that (for me) is far less confusing and finicky. If you’ve ever configured VPNs using a PIX firewall or IOS router, you probably know of the pain associated with making sure your crypto map is correctly configured. There are SO MANY pieces of it, you’re almost assured that something is not going to match between one side of the connection and the Read more […] Read more »

Firewall Technologies

Ensurepass Firewalls are used to protect computer networks from hostile intrusions. A hardware firewall separates trusted internal networks (e.g Internal corporate LAN) from external non-trusted networks (e.g Internet or untrusted WAN). The primary objective of the firewall is to examine all inbound and outbound traffic to see if it meets specific criteria (firewall policy rules). If the traffic complies with the firewall policy it is permitted, otherwise it is dropped. Firewall operations are based Read more […] Read more »

Simple configuration of Context-Based Access Control

Ensurepass Technical characteristics: 1. Traffic filtering CBAC checks not only the information of the network layer and the transport layer but also the information of the application layer. It can also filter the http traffic and block java plug-in 2. Traffic monitoring CBAC monitors the traffic passing through the router and handles the TCP and UDP state information which can be used to generate the temporary list to release the rebound traffic and other traffic allowed. 3. Alert and audit 4. Read more […] Read more »

Cisco ASA 5505 Firewall License Restriction for DMZ

Ensurepass The Cisco ASA 5505 is the smallest model in the newest 5500 series of Cisco firewalls. It is a great product for small businesses (5-10 employees) or even for home network use. However, if you need to create a DMZ zone (in addition to your Inside and Outside zones) in order to install a publicly accessible server (e.g WEB server, MAIL server etc), then the default basic license won’t work for you. The basic license does not allow more than 2 security zones. You will need to upgrade to Read more […] Read more »

CBT Nuggets – Cisco 642-515: CCSP SNAA

Ensurepass Take your ASA skills to the next level! In this video series, Jeremy Cioara focuses on ASA”s graphic interface (called the ASDM). By the time you”ve finished watching, you”ll feel like a network star on SSLVPNs (the next-generationVPN connection for remote users), Certificate-based VPNs and application layer inspection. Plus, you”ll be fully prepared to add killer SSLVPN technology to your cooperate network, feel a lot more comfortable working with Cisco”s Read more […] Read more »

Cisco ASA 5500 Dual ISP Connection

Ensurepass Starting from version 7.2(1) and upwards, the Cisco ASA 5500 series firewall supports now the Dual-ISP capability. You can connect two interfaces of the firewall to two different ISPs and use the new “SLA Monitor” feature (SLA=Service Level Monitoring) to monitor the link to the primary ISP, and if that fails, the traffic is routed to the Backup ISP. The diagram below shows how to implement the Dual-ISP feature. Assume that the Primary ISP (ISP-1) has assigned to us the public IP Read more […] Read more »

CiscoPress – Cisco Firewall Video Mentor 2009(Torrent)

Ensurepass Cisco Firewall Video Mentor is a unique video product that provides you with more than five hours of personal visual instruction from best-selling author and lead network engineer David Hucaby. In the 16 videos presented on the DVD, David walks you through common Cisco® firewall configuration and troubleshooting tasks. Designed to develop and enhance hands-on skills, each 10–30 minute video guides you through essential configuration tasks on the Cisco ASA and FWSM platforms and shows Read more […] Read more »