Cisco^® CCNA Exam Cram Notes : Next-generation firewalls and IPS

I. Networking Fundamentals

1. Explain role and function of network components

1.3. Next-generation firewalls and IPS

Next-generation firewalls: A traditional firewall provides stateful inspection of network traffic. It allows or blocks traffic based on state, port, and protocol, and filters traffic based on administrator-defined rules. In addition to access control, NGFWs can block modern threats such as advanced malware and application-layer attacks. According to Gartner's definition, a next-generation firewall must include:

• Standard firewall capabilities like stateful inspection

• Integrated intrusion prevention

• Application awareness and control to see and block risky apps

• Threat intelligence sources

• Upgrade paths to include future information feeds

• Techniques to address evolving security threats

In summary, a next-generation firewall includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.

Here are the common features of most NGFWs:

Standard firewall features: These include the traditional (first-generation) firewall functionalities such as stateful port/protocol inspection, Network Address Translation (NAT), and Virtual Private Network (VPN).

Application identification and filtering: This is the chief characteristic of NGFWs. This feature identifies and filters traffic based upon the specific applications, rather than just opening ports for all kinds of traffic. This prevents malicious applications and activity from using non-standard ports to avoid the firewall.

SSL and SSH inspection: NGFWs can even inspect SSL and SSH encrypted traffic. This feature decrypts traffic, makes sure the applications are allowed, checks other policies, and then re-encrypts the traffic. This provides additional protection from malicious applications and activity that tries to hide itself by using encryption to avoid the firewall.

Intrusion prevention: These are more intelligent capabilities and provide deeper traffic inspection to perform intrusion detection and prevention. Some of the NGFWs have built-in IPS functionality so that a stand-alone IPS might not be needed.

Directory integration: Most NGFWs include directory support (such as, Active Directory). For instance, they manage authorized applications based upon users and user groups.

Malware filtering: NGFWs can also provide reputation-based filtering to block applications that have a bad reputation. This functionality can check for phishing, viruses, and other malware sites and applications

Intrusion Prevention System (IPS): Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection feature that effectively mitigates a wide range of network attacks. IPS analyses network traffic, can report and take corrective action on traffic that it deems malicious or harmful. This can be implemented as an appliance, as a blade, or as a module in an ASA or IOS router. The primary method for identifying problem traffic is through signature matching.

The following are true about IPS (Intruder Prevention System):

• It adds some amount of delay to the network traffic, as it scans each packet for any malicious content.

•  Because the IPS is inline, it can normalize (manipulate or modify) traffic inline based on a current set of rules.

•  Unlike IDS (Intruder Detection System), an IPS works inline. So, every packet goes through IPS before being forwarded.

•  IPS/IDS sensors send out alerts if any suspicious event occurs. There are three main ways that are used widely for this purpose. These are:

  • Security device event exchange (SDEE)

  • Syslog

  • SNMP

•  IPS Manager Express (IME) and Cisco Security Manager (CSM) are two methods where you get alerts via SDEE. IME can support up to 10 sensors, where as CSM can support up to 25 sensors.

•  Intruder Prevention System (IPS): IPS analyses network traffic, can report and take corrective action on traffic that it deems malicious or harmful. This can be implemented as an appliance, as a blade, or as a module in an ASA or IOS router. The primary method for identifying problem traffic is through signature matching.

Cisco Security Manager (CSM): This is an enterprise-level configuration tool that you can use to manage most security devices.

Cisco Security Intelligence Operations (SIO) Service: The SIO researches and analyses threats and provides real-time updates on these threats. There is also an application for smart phones.

CCNA Cram Notes Contents

• I. Networking Fundamentals
  • 1. Explain role and function of network components
    • 1.1 TCP and UDP
    • 1.2 TCP and UDP Frames
    • 1.3 Next-generation firewalls and IPS
    • 1.4 Access points
    • 1.5 Endpoints
    • 1.6 Routers,Switches and Servers
    • 1.7 Controllers (Cisco DNA Center and WLC)
  • 2. Network topologies and Flow control
    • 2.1 Different Types of N/w Topologies
    • 2.2 Ethernet and CSMA/CD
    • 2.3 3 tier
    • 2.4 2 tier
    • 2.5 Spine-leaf
    • 2.6 Small office/home office (SOHO)
  • 3. Compare physical interface and cabling types
    • 3.1. Single-mode fiber, multimode fiber,copper
    • 3.2 Connections (Ethernet shared media and point-to-point)
    • 3.3 Concepts of POE
  • 4. IPv4 Addressing
    • 4.1 Subnetting (IP4)
    • 4.2 VLSM
    • 4.3 Examples on subnetting
  • 5. IPv6 addressing
  • 6. Cloud computing
  • 7. Describe wireless principles
    • 7.1 Nonoverlapping Wi-Fi channels
    • 7.2 SSID
    • 7.3 RF
    • 7.4 Encryption
• II. Cisco IOS
  • 1. Cisco Router Architecture
    • 1.1 Block Diagram
    • 1.2 Architectural Components of a Router
    • 1.3 Memory Details of a Typical Cisco Router
  • 2. Cisco Router (25xx series) and its interfaces
    • 2.1 Interfaces Explained
    • 2.2 Console Port Configuration
  • 3. Router modes of operation
  • 4. Frequently used copy commands
  • 5. Different types of router passwords
• III. Routing Technologies
  • 1. Routed and Routing Protocol
  • 2. Routing protocol types
  • 3. Static and Default route
  • 4. Floating static route
  • 5. Distance vector and link-state routing protocols
  • 6. Interior and Exterior routing protocols
  • 7. OSPFv2 for IPv4
• IV. LAN Switching Technologies
  • 1. Introduction to Cisco Switches
  • 2. Switching methods
  • 3. File systems available in Catalyst switches and their usage
  • 4. Switch configuration commands
  • 5. VLANs and VTP
  • 6. Spanning Tree Protocol
  • 7. CDP and LLDP
  • 8. EtherChannel Configuration
• V. WAN Technologies
  • 1. WAN Terms
  • 2. PPP and MLPPP
  • 3. PPPoE
  • 4. MPLS
  • 5. MetroEthernet
  • 6. DTE and DCE
  • 7. Different cable types
  • 8. Interface specifications
  • 9. QoS
• VI. Network Access
  • 1. Wireless Architecture and AP modes
  • 2. Physical infrastructure connections of WLAN components
  • 3. Configure the components of a wireless LAN access for client connectivity using GUI
• VII. IP connectivity and Services
  • 1. DNS
  • 2. DHCP
  • 3. NAT
  • 4. FHRP
  • 5. HSRP
  • 6. NTP
  • 7. Capabilities and function of TFTP/FTP in the network
  • 8. SNMPv2 and SNMPv3
  • 9. Show commands and other related commands
• VIII. Security Fundamentals
  • 1. Security Concepts
  • 2. Describe Security Program elements
  • 3. Security Password policies elements
  • 4. Layer2 security features
  • 5. IPv4 access-list
  • 6. IPv6 access-list
  • 7. IP SLA
  • 8. AAA
  • 9. RADIUS Server
  • 10. TACACS+ Server
  • 11. VPN
  • 12. Wireless Security Protocols
• IX. Automation and Programmability
  • 1. SDN
  • 2. Capability of configuration management mechanism
  • 3. Interpret JSON encoded data
  • 4. Characteristics of Rest-based APIs
  • 5. Cisco DNA center
  • 6. Diagnostic commands
• X. Appendix
  • 1. IEEE standards
  • 2. OSI and DoD Models
  • 3. RIPv1 and RIPv2
  • 4. OSPFv3 for Ipv6
  • 5. EIGRP for IPv4
  • 6. EIGRP for IPv6