Book Review: Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

I was invited to a Cisco education round table during the Networkers 2009 in Barcelona and I got a voucher to hand in at the Cisco shop for participating in that round table. After I screened the available books at the store I finally decided to buy the book Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (written by Jazib Frahim and Omar Santos) for about 5 Euro

ASAs are another topic I basically didnt know anything about, but since we still use VPN Concetrators and their End-of-Life time is already running, I thought its a good idea to get started with ASAs to be prepared when the time comes to exchange those boxes. My main focus was/is on Remote Access (IPSec Client and Anyconnect) and WebVPN since we handle LAN to LAN connections over Routers and use a different Firewall vendor.

The book holds the following chapters:

1. Introduction to Network Security
2. Product History
3. Hardware Overview
4. Initial Setup and System Maintenance
5. Network Access Control
6. IP Routing
7. Authentication, Authorization and Accounting (AAA)
8. Application Inspection
9. Security Contexts
10. Transparent Firewalls
11. Failover and Redundancy
12. Quality of Service
13. Intrusion Prevention System Integration
14. Configuring and Troubleshooting Cisco IPS Software via CLI
15. Site-to-Site IPSec VPNs
16. Remote Access VPNs
17. Public Key Infrastructure (PKI)
18. Introduction to ASDM
19. Firewall Management Using ASDM
20. IPS Management Using ASDM
21. VPN Management Using ASDM
22. Case Studies

To get started with an ASA this book really helps and covers most things I was looking for, except PPPoE.  For testing purposes I used an ADSL access and put the DSL modem into the bridge mode so I was able to build the connection via PPPoE. But to get that running I had to use the Cisco Configuration Guide for the ASA which is available in Cisco’s documentation section. Another thing to mention is, that the code used for examples in that book is before Version 8.x (guess its 7.x or something) so quite some commands got their names changed with the release change.

Im quite happy with that book and if you want to start your way into Cisco ASAs, I’d say have a closer look at it

Allg.
OOBM Security, Callback Security überprüfen.
snmp-server host 10.0.197.233 12straumann65abc auf allen Geräten entfernen
aaa accounting exec default start-stop group radius, brauchts das?
Radius Server keepalives
ch01e005, Backup der Config. Management
WS-C3750 IQ erstellen
de06b099 ip inspect rate-limit anpassen
aaa authorization console wo nötig konfigurieren
Erledigt: at01b002, be01b002, uk01b002
CBAC und CDP
Erledigt: at01b002, be01b002, de01b002, de06b001, de09b002, dk01b002, es01b002, fi01b002, fr01b002, nl01b002, se01b002, uk01b002
End of HW Support Daten:
2621XM (ch01b011, ch01b012, de06b099, us01b011, us01b013, us01b015,  ) -> October 9, 2013 ??  http://www.cisco.com/en/US/prod/collateral/routers/ps259/eol_c51-464644.html
3745 (ch01b013, ch01b014, us01b012, us01b014) -> 25-MAR-2012  https://www.cisco.com/en/US/prod/collateral/routers/ps282/prod_end-of-life_notice0900aecd80444877.html
2950G -> December 30, 2011 https://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps628/prod_end-of-life_notice0900aecd804658c9.html
3550 -> May 2, 2011 http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps646/prod_end-of-life_notice0900aecd8029f777.html
VPNC3020 -> August 4, 2012 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/prod_end-of-life_notice0900aecd805cd5a0.html

---

Possibly related posts: (automatically generated)

• CISCO EBOOK FREE Download in PDF-CHM

October 8, 2009 - Posted by pashtuk | Book Reviews | ASA, Book Review, Ciscopress | No Comments Yet