Book Review: Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

I was invited to a Cisco education round table during the Networkers 2009 in Barcelona and I got a voucher to hand in at the Cisco shop for participating in that round table. After I screened the available books at the store I finally decided to buy the book Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (written by Jazib Frahim and Omar Santos) for about 5 Euro 🙂

CiscoASA

ASAs are another topic I basically didnt know anything about, but since we still use VPN Concetrators and their End-of-Life time is already running, I thought its a good idea to get started with ASAs to be prepared when the time comes to exchange those boxes. My main focus was/is on Remote Access (IPSec Client and Anyconnect) and WebVPN since we handle LAN to LAN connections over Routers and use a different Firewall vendor.

The book holds the following chapters:

  1. Introduction to Network Security
  2. Product History
  3. Hardware Overview
  4. Initial Setup and System Maintenance
  5. Network Access Control
  6. IP Routing
  7. Authentication, Authorization and Accounting (AAA)
  8. Application Inspection
  9. Security Contexts
  10. Transparent Firewalls
  11. Failover and Redundancy
  12. Quality of Service
  13. Intrusion Prevention System Integration
  14. Configuring and Troubleshooting Cisco IPS Software via CLI
  15. Site-to-Site IPSec VPNs
  16. Remote Access VPNs
  17. Public Key Infrastructure (PKI)
  18. Introduction to ASDM
  19. Firewall Management Using ASDM
  20. IPS Management Using ASDM
  21. VPN Management Using ASDM
  22. Case Studies

To get started with an ASA this book really helps and covers most things I was looking for, except PPPoE.  For testing purposes I used an ADSL access and put the DSL modem into the bridge mode so I was able to build the connection via PPPoE. But to get that running I had to use the Cisco Configuration Guide for the ASA which is available in Cisco’s documentation section. Another thing to mention is, that the code used for examples in that book is before Version 8.x (guess its 7.x or something) so quite some commands got their names changed with the release change.

Im quite happy with that book and if you want to start your way into Cisco ASAs, I’d say have a closer look at it 🙂

Allg.
OOBM Security, Callback Security überprüfen.
snmp-server host 10.0.197.233 12straumann65abc auf allen Geräten entfernen
aaa accounting exec default start-stop group radius, brauchts das?
Radius Server keepalives
ch01e005, Backup der Config. Management
WS-C3750 IQ erstellen
de06b099 ip inspect rate-limit anpassen
aaa authorization console wo nötig konfigurieren
Erledigt: at01b002, be01b002, uk01b002
CBAC und CDP
Erledigt: at01b002, be01b002, de01b002, de06b001, de09b002, dk01b002, es01b002, fi01b002, fr01b002, nl01b002, se01b002, uk01b002
End of HW Support Daten:
2621XM (ch01b011, ch01b012, de06b099, us01b011, us01b013, us01b015,  ) -> October 9, 2013 ??  http://www.cisco.com/en/US/prod/collateral/routers/ps259/eol_c51-464644.html
3745 (ch01b013, ch01b014, us01b012, us01b014) -> 25-MAR-2012  https://www.cisco.com/en/US/prod/collateral/routers/ps282/prod_end-of-life_notice0900aecd80444877.html
2950G -> December 30, 2011 https://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps628/prod_end-of-life_notice0900aecd804658c9.html
3550 -> May 2, 2011 http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps646/prod_end-of-life_notice0900aecd8029f777.html
VPNC3020 -> August 4, 2012 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/prod_end-of-life_notice0900aecd805cd5a0.html

Advertisements

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s