XMind

CCIE SEC Cisco Security Appliances and Applications

1. Firewall

   1. Cisco Secure PIX Firewall

      This product is no longer being sold and might not be supported

      1. Service Provided

         1. Firewall

         2. VPN

            1. IPSEC

   2. Cisco Adaptive Security Appliance (ASA) Firewall

      1. 5505 Base /Security Plus

         1. 150 Mbps

         2. 8 port 10/100 switch with 2 Power over Ethernet ports

      2. 5510 Base /Security Plus

         1. 300 Mbps

         2. 5-10/100 /

         3. 2-10/100/1000, 3-10/100

         4. +4-10/100/1000, 4 SFP (with 4GE SSM)

      3. 5520

         1. 450 Mbps

         2. 4-10/100/1000,

         3. 1-10/100

         4. +4-10/100/1000, 4 SFP (with 4GE SSM)

      4. 5540

         1. 650 Mbps

         2. 4-10/100/1000,

         3. 1-10/100

         4. +4-10/100/1000, 4 SFP (with 4GE SSM)

      5. 5550

         1. 1.2 Gbps

         2. 8-10/100/1000,

         3. 4-SFP, 1-10/100

      6. 5580-20

         1. 5 Gbps (real-world HTTP), 10 Gbps (jumbo frames)

         2. 2-10/100/1000 Management

         3. +4-10/100/1000 (with ASA5580-4GE-CU)

         4. + 4 GE SR LC (with ASA5580-4GE-FI)

         5. +2 10GE SR LC (with ASA5580-2X10GE-SR)

      7. 5580-40

         1. 10 Gbps (real-world HTTP), 20 Gbps (jumbo frames)

         2. 2-10/100/1000 Management

         3. +4-10/100/1000 (with ASA5580-4GE-CU)

         4. + 4 GE SR LC (with ASA5580-4GE-FI)

         5. +2 10GE SR LC (with ASA5580-2X10GE-SR)

      8. Services Provided

         1. Firewall

            1. Context (Virtual) Firewalling

            2. Transparent (Layer2) Firewalling

         2. Unified Communications Security

         3. IPS

         4. VPN

            1. IPSEC

            2. SSL

         5. Content Filtering

            1. CSC10

            2. CSC20

            3. antivirus/anti-spyware

            4. PLUS

               1. URL filtering

               2. anti-phishing

               3. anti-spam

            5. Powered by TREND

      9. Modular Policy

   3. Cisco IOS Firewall

      1. CBAC

         1. Context Based Access List

      2. IP Inspect Commands

         1. Show ip inspect sessions

         2. IP inspect name FIREWALL tcp

      3. Effectively Dynamic Access lists

   4. 6500 FWSM

      1. 5-Gbps throughput, 100,000 CPS, and 1M concurrent connections

      2. scalability to 20 Gbps per chassis.

      3. Based on Cisco PIX Firewall technology

2. Cisco Intrusion Prevention System (IPS)

   1. IPS AIM for ISR

      1. IPS AIM

         1. up to 45 Mbps

      2. IPS NME

         1. upto 75 Mbps

   2. 4200 Series

      1. Cisco IPS 4270 Sensor

         1. up to 4 Gbps performance and is suitable for large enterprises and data centers

         2. up to 16 Gigabit Ethernet interfaces

      2. Cisco IPS 4260 Sensor

         1. 1 Gbps of intrusion prevention performance

         2. optional fiber or copper NIC cards

      3. Cisco IPS 4255 Sensor

         1. Upto 600 Mbps

         2. 10/100/1000 interfaces

      4. Cisco IPS 4240 Sensor

         1. Upto 250 Mbps

         2. 10/100/1000 interfaces

      5. Cisco IDS 4215 Sensor

         1. Upto 80 Mbps

         2. supports up to five sniffing interfaces

   3. ASA AIP-SSM

      1. AIP SSM-10

         1. • 150 Mbps with Cisco ASA 5510

         2. • 225 Mbps with Cisco ASA 5520

      2. AIP SSM-20

         1. • 375 Mbps with Cisco ASA 5520

         2. • 500 Mbps with Cisco ASA 5540

      3. AIP SSM-40

         1. • 450 Mbps with Cisco ASA 5520

         2. • 650 Mbps with Cisco ASA 5540

   4. 6500 IDSM2

      1. passive

         1. • 600 Mbps

         2. • 6,000 new TCP connections per second

         3. • 6,000 HTTP transactions per second

         4. • 60,000 concurrent connections

      2. inline

         1. • 500 Mbps

         2. • 5,000 new TCP connections per second

         3. • 5,000 HTTP transactions per second

         4. • 50,000 concurrent connections

         5. • Supports up to 500,000 concurrent connections

      3. With no slot restriction on Cisco Catalyst 6500/7600 Series chassis, the 1-RU IDSM-2 can scale to up to 8 modules per chassis, providing up to 4 Gbps of inline prevention

   5. Cisco IOS Intrusion Prevention System

      1. Getting Started

      2. Signature List

         1. Pre-Tuned Signature Definition Files (.SDF) Files

      3. IP Audit Commands

3. Cisco Security Monitoring, Analysis and Response System (MARS)

   1. Provides security monitoring for network devices and host applications supporting both Cisco and other vendors.

   2. * "Learns" the topology, configuration and behavior of your environment

   3. * Automatically updates knowledge of new Cisco IPS signatures, for up to the minute reporting on your environment

   4. * Promotes awareness of environmental anomalies with network behavior analysis using NetFlow and syslog

   5. * Provides simple access to audit compliance reports with more than 150 ready-to-use customizable reports

   6. * Makes precise recommendations for threat mitigation, including the ability to visualize the attack path and identify the source of the threat with detailed topological graphs that simplify security response at Layer 2 and Layer 3

   7. * Integrates with the Cisco Security Manager to correlate security events with the configured firewall rules and intrusion prevention system (IPS) signatures that can affect the security event.

4. Cisco Traffic Anomaly Detectors

   1. powerful family of solutions for detecting and defeating today's most complex and sophisticated distributed-denial-of-service (DDoS) attacks.

   2. Working in concert with Cisco Guard DDoS mitigation appliances and service modules, Cisco Traffic Anomaly Detectors detect the presence of a potential DDoS attack

   3. Detection is based on sophisticated anomaly detection capabilities that compare current activity to profiles of known "normal" behavior,

   4. Cisco Traffic Anomaly Detector XT

      1. XT 5600

         1. 10/100/1000BASE-T Ethernet ports

      2. XT 5700

         1. 1000BASE-SX multimode fiber optic ports with LC connectors

5. Cisco Guard DDoS Mitigation Appliance

   1. Working in concert with Cisco Traffic Anomaly Detectors, Cisco Guards detect the presence of a potential DDoS attack, and block malicious traffic in real time,

   2. Guard XT diverts traffic destined for a targeted device under attack (and only that traffic)

   3. Diverted Traffic is subjected to a unique Multi-Verification Process (MVP) architecture

   4. Two versions of the Cisco Guard XT 5650 are available. One provides 10/100/1000BASE-T Ethernet ports, while the other offers 1000BASE-SX multimode fiber optic ports with LC connectors

6. Cisco Catalyst 6500 Series Security Modules

   1. FWSM

   2. IDSM

   3. VPNSM

      1. This product is no longer being sold and might not be supported.

   4. WebVPN

      1. The Cisco® WebVPN Services Module is a high-speed, integrated Secure Sockets Layer (SSL) VPN services module for Cisco Catalyst® 6500 Series switches and Cisco 7600 Series routers

      2. Supporting up to 32,000 SSL VPN users and 128,000 connections per chassis,

   5. Cisco Traffic Anomaly Detector Module

   6. Cisco Guard Service Module

   7. SSL modules

      1. CSM-S

      2. The Catalyst 6500 Series Content Switching Module with SSL (CSM-S) combines high-performance server load balancing (SLB) with Secure Socket Layer (SSL) offload

7. VPN

   1. Cisco IOS IPSec VPN

   2. Cisco EzVPN Software and Hardware Clients

   3. Cisco VPN 3000 Series Concentrators

   4. DMVPM

      1. Dynamic Multipoint VPN

      2. IPSEC / GRE

8. Identity

   1. Cisco IOS Trust and Identity

   2. Cisco Secure Access Control Server

      1. Cisco Secure ACS Solution Engine

      2. Cisco Secure ACS for Windows

   3. Network Access Profiles

   4. 802.1x

   5. IBNS

      1. Identity Based Network Services