Overview/Description
Deploying access control that is based on parameters for Open Systems Interconnection (OSI) Layer 3 and 4 establishes a minimal connectivity policy for network applications. However, this filtering alone cannot provide protection for exposed applications. The Cisco ASA adaptive Security Appliance Application Inspection and Control (AIC) features provide advanced application layer (OSI Layers 5 to 7) filtering to address these scenarios when risk assessment demands them. This course enables you to configure, verify, and troubleshoot these advanced applications inspections and controls of the Cisco ASA Security Appliance. You can configure the Cisco ASA adaptive Security Appliance for user-based policies (also known as cut-through proxy), where you can implement different network access policies for different users based on their authenticated identity. You implement user-based policies using the authentication, authorization, and accounting (AAA) system on the Cisco ASA Security Appliance. This course describes the Cisco ASA Security Appliance user authentication capabilities, followed by per-user authorization and traffic accounting features that you can integrate with the AAA infrastructure of an organization.
Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA adaptive Security Appliance perimeter security features to reduce risk to IT infrastructure
and its applications within their networking environments.
Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system.
Candidates who have completed the Cisco Certified Network Associate (CCNA) Certification and the Cisco Certified Network Associate Security Certification (CCNA Security).
Cisco FIREWALL 2.0: ASA Advanced Application Inspections and User-Based Policies
describe how to plan the deployment of application layer inspection on the Cisco ASA
describe how application inspection provides additional security services to OSI Layers 5 to 7 traffic flows using regular expressions
recognize the tasks to configure OSI Layers 5 to 7 application policies
recognize the CLI commands for configuring OSI Layers 5 to 7 policies
describe how to configure and verify application inspection of HTTP traffic using the GUI
describe how to configure and verify HTTP protection policy using the CLI
recognize the implementation guidelines for verifying HTTP inspection
recognize how to configure an application layer policy between an internal network, reachable over the inside interface of the appliance, to all web servers that are reachable over the outside interface of the appliance
configure HTTP inspection on a Cisco ASA
identify how to evaluate FTP inspection on the Cisco ASA
describe how to troubleshoot application layer inspection on the Cisco ASA
identify the general deployment guidelines for user-based policies on the Cisco ASA
describe how to configure cut-through authentication on the Cisco ASA Security Appliance
recognize how to use authentication timeouts on the Cisco ASA Security Appliance
describe how to configure cut-through authorization on the Cisco ASA Security Appliance
describe how to troubleshoot cut-through accounting on the Cisco ASA Security Appliance