Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services, 3/e (Paperback)

Jazib Frahim, Omar Santos, Andrew Ossipov

買這商品的人也買了...

商品描述

Cisco® ASA

All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition

 

Identify, mitigate, and respond to today’s highly-sophisticated network attacks.

 

Today, network attackers are far more sophisticated, relentless, and dangerous. In response, Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services has been fully updated to cover the newest techniques and Cisco technologies for maximizing end-to-end security in your environment. Three leading Cisco security experts guide you through every step of creating a complete security plan with Cisco ASA, and then deploying, configuring, operating, and troubleshooting your solution.

 

Fully updated for today’s newest ASA releases, this edition adds new coverage of ASA 5500-X, ASA 5585-X, ASA Services Module, ASA next-generation firewall services, EtherChannel, Global ACLs, clustering, IPv6 improvements, IKEv2, AnyConnect Secure Mobility VPN clients, and more. The authors explain significant recent licensing changes; introduce enhancements to ASA IPS; and walk you through configuring IPsec, SSL VPN, and NAT/PAT.

 

You’ll learn how to apply Cisco ASA adaptive identification and mitigation services to systematically strengthen security in network environments of all sizes and types. The authors present up-to-date sample configurations, proven design scenarios, and actual debugs–
all designed to help you make the most of Cisco ASA in your rapidly evolving network.

 

Jazib Frahim, CCIE® No. 5459 (Routing and Switching; Security), Principal Engineer in the Global Security Solutions team, guides top-tier Cisco customers in security-focused network design and implementation. He architects, develops, and launches new security services concepts. His books include Cisco SSL VPN Solutions and Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting.

 

Omar Santos, CISSP No. 463598, Cisco Product Security Incident Response Team (PSIRT) technical leader, leads and mentors engineers and incident managers in investigating and resolving vulnerabilities in Cisco products and protecting Cisco customers. Through 18 years in IT and cybersecurity, he has designed, implemented, and supported numerous secure networks for Fortune® 500 companies and the U.S. government. He is also the author of several other books and numerous whitepapers and articles.

 

Andrew Ossipov, CCIE® No. 18483 and CISSP No. 344324, is a Cisco Technical Marketing Engineer focused on firewalls, intrusion prevention, and data center security. Drawing on more than 16 years in networking, he works to solve complex customer technical problems, architect new features and products, and define future directions for Cisco’s product portfolio. He holds several pending patents.

 

Understand, install, configure, license, maintain, and troubleshoot the newest ASA devices

Efficiently implement Authentication, Authorization, and Accounting (AAA) services

Control and provision network access with packet filtering, context-aware Cisco ASA next-generation firewall services, and new NAT/PAT concepts

Configure IP routing, application inspection, and QoS

Create firewall contexts with unique configurations, interfaces, policies, routing tables, and administration

Enable integrated protection against many types of malware and advanced persistent threats (APTs) via Cisco Cloud Web Security and Cisco Security Intelligence Operations (SIO)

Implement high availability with failover and elastic scalability with clustering

Deploy, troubleshoot, monitor, tune, and manage Intrusion Prevention System (IPS) features

Implement site-to-site IPsec VPNs and all forms of remote-access VPNs (IPsec, clientless SSL, and client-based SSL)

Configure and troubleshoot Public Key Infrastructure (PKI)

Use IKEv2 to more effectively resist attacks against VPNs

Leverage IPv6 support for IPS, packet inspection, transparent firewalls, and site-to-site IPsec VPNs

 

 

商品描述(中文翻譯)

Cisco® ASA全方位下一代防火牆、入侵防禦系統(IPS)和虛擬私人網路(VPN)服務,第三版

識別、緩解和應對當今高度複雜的網路攻擊。

如今,網路攻擊者變得更加複雜、無情和危險。為此,Cisco ASA:全方位下一代防火牆、IPS和VPN服務已經全面更新,以涵蓋最新的技術和Cisco技術,以最大程度地提高您環境中的端到端安全性。三位領先的Cisco安全專家將指導您完成使用Cisco ASA創建完整安全計劃的每一步,然後部署、配置、操作和疑難排解您的解決方案。

本版完全更新以適應當今最新的ASA版本,新增了對ASA 5500-X、ASA 5585-X、ASA服務模塊、ASA下一代防火牆服務、EtherChannel、全局ACL、集群、IPv6改進、IKEv2、AnyConnect安全移動VPN客戶端等的覆蓋。作者解釋了重大的最近授權變更;介紹了ASA IPS的增強功能;並指導您進行IPsec、SSL VPN和NAT/PAT的配置。

您將學習如何將Cisco ASA自適應識別和緩解服務應用於各種大小和類型的網路環境中,以系統地加強安全性。作者提供最新的示例配置、驗證的設計方案和實際的調試,旨在幫助您充分利用Cisco ASA在不斷變化的網路中。

Jazib Frahim, CCIE® No. 5459(路由和交換;安全性),全球安全解決方案團隊的首席工程師,指導頂級Cisco客戶進行以安全為重點的網路設計和實施。他設計、開發和推出新的安全服務概念。他的著作包括Cisco SSL VPN解決方案和Cisco網路入場控制,第二卷:NAC部署和疑難排解。

Omar Santos, CISSP No. 463598,Cisco產品安全事件響應團隊(PSIRT)技術負責人,領導和指導工程師和事件經理調查和解決Cisco產品的漏洞,並保護Cisco客戶。在IT和網路安全領域擁有18年的經驗,他為財富500強公司和美國政府設計、實施和支援了許多安全網路。他還是其他幾本書和大量白皮書和文章的作者。

Andrew Ossipov, CCIE® No. 18483和CISSP No. 344324,是一位專注於防火牆、入侵防禦和數據中心安全的Cisco技術營銷工程師。憑藉超過16年的網路經驗,他致力於解決複雜的客戶技術問題,設計新功能和產品,並為Cisco的產品組合定義未來方向。他擁有數項待批專利。

了解、安裝、配置、授權、維護和疑難排解最新的ASA設備

高效實施身份驗證、授權和計費(AAA)服務

通過封包過濾、上下文感知的Cisco ASA下一代防火牆服務和新的NAT/PAT概念控制和提供網路訪問

配置IP路由、應用程式檢查和QoS

創建具有獨特配置、接口、策略、路由表和管理的防火牆上下文

啟用對多種惡意軟體的綜合保護