Web Security Deployment. Ryan Wager Technical Marketing Engineer
|
|
- Verity Gibbs
- 6 years ago
- Views:
Transcription
1 Web Security Deployment Ryan Wager Technical Marketing Engineer
2 Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication Web Security with Cisco Scansafe Critical Functionalities Places in the Network Authentication The Road to Hybrid Security Secure Mobility
3 1996
4 Today s Websites...
5 Appliance or Cloud?
6 Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication Web Security with Cisco Scansafe Critical Functionalities Places in the Network Authentication The Road to Hybrid Security
7 Rich security functionalities Reputation filtering Malware scanning URL Filtering Application visibility & control HTTPS inspection Authentication Reporting and tracking L4TM...more to come! Cisco Web Security Appliance Web Proxy incl. Caching (http,https, ftp, ftp over http)
8 Web Application Control Many Applications work on top of HTTP traffic Applications are detected and controlled by special Signatures Those Signatures are downloaded dynamically via regular Signature Updates from Cisco No reboot or manual installation required!
9 About Reputation Cisco SIO gathers statistical informations from Cisco Products and other resources Cisco SIO correlates informations Updated informations are delivered back to appliances Each IP / URL gets a score, ranging from -10 to +10 Outbreak Intelligence External feeds Web ASA IPS
10 About Reputation Malicious websites are tracked globally through SIO WSA evaluates each webrequest against the defined reputation score Reputation score and action is configured on WSA
11 Network Participation Admin can define the level of participation Requested URL with result is sent back User information and internal networks are not sent Disabled: No information is sent to Cisco SIO Database Limited: Server URL of request, hash of path segments Standard: Server URL and all path segments are sent back
12 Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication Web Security with Cisco Scansafe Critical Functionalities Places in the Network Authentication The Road to Hybrid Security
13 Explicit Proxy Client requests a website Browser connects first to WSA WSA connects to website Firewall usually only allows webtraffic for proxy Web Security Appliance ASA 5500 Firewall Internet Internet Web server
14 How does the Browser find the Proxy? Proxy setting in the browser Static definition with IP/NAME and PORT
15 How does the Browser find the Proxy? Automatic Configuration via PAC File function FindProxyForURL(url, host) { return "PROXY :3128"; } function FindProxyForURL(url, host) { return "PROXY :3128; :3128"; }
16 PAC Deployment Via AD and GPO Via script Via manual setting Via DHCP DHCP Option 252 Via Wpad Server
17 WPAD Server WPAD Server hosts PAC file as wpad.dat File is retrieved via HTTP and Javascript Automatic Settings creates a lookup on a server called wpad
18 Transparent Proxy via WCCP Client requests a website Browser tries to connect to Website Network Device redirects traffic to WSA using WCCP WSA proxies the request Web Security Appliance ASA 5500 Firewall Internet Internet Web server
19 Background on WCCP WCCPv1 developed in 1997 by Cisco Systems and publicly released in July 2000 WCCPv2 published as an IETF draft in July 2000 to make the specification open and remove the requirement for licensing Enhancements Configurable WCCP Router ID WCCP Variable Timers Improved Failover Improved Interaction between WCCP and NetFlow WCCPv3 is an internal specification targeted at IPv6 that was never released
20 Details Assignment The WCCP assignment method is used to determine which WCCP traffic and which WCCP device is chosen for the destination traffic. WCCP can use two types of Assignment Methods: Hash and Mask. Hash Based Assignment Uses a software based hash algorithm to determine which WCCP appliance receives traffic. In hardware based platforms the Netflow table is used to apply hardware assistance. Mask Based Assignment Uses the ACL TCAM to assign WCCP entities. This method is fully handled by hardware.
21 Details Redirect and Return Redirect Method WCCP GRE - Entire packet WCCP GRE tunneled to the WCCP Client (WSA, Cache, ) Layer 2 - Frame MAC address rewritten to MAC of WCCP Client Return Method The Return method determines how the traffic will be sent back from the router to the WCCP appliance if the traffic could not be serviced. Refered to as Proxy Bypass WCCP GRE Packet WCCP GRE returned router WCCP Layer 2 Frame rewritten to router MAC
22 Details Assignment The following best practices should be followed for implementing WCCP on a software-based platform: GRE Forwarding (Default) Hash Assignment (Default) Inbound or Outbound Interception "ipwccp redirect exclude in" on WCCP client interface (outbound interception only) The following best practices should be followed for implementing WCCP on a hardware-based platform: L2 Forwarding Mask Assignment Inbound Interception No "ipwccp redirect exclude in"
23 WCCP input redirect WCCP Input redirect Ingress Interface Egress Interface
24 WCCP output redirect and input exclude WCCP Output redirect Ingress Interface Egress Interface WCCP Exclude-in
25 How WCCP registration works 1. Registration WCCP Server 2. Here I am 3. I see you WCCP Client The WCCP client registers at the WCCP Server Both, Server and Client need to use the same WCCP Service Group ID One WCCP Server usually can server multiple Clients Server and Client exchange here i am and I see you Packets to check availability UDP/2048, unicast Multicast possible Traffic is redirected from Server to one or multiple Clients using the hash or mask algorithm
26 WCCP Protocol Failover When a WCCP client fails, the portion of the load handled by that client is automatically redistributed to the remaining WCCP clients in the service group If no other WCCP clients are available in the service group, the service group is taken offline and packets are forwarded normally Buckets Buckets 1 85 Buckets X A B C Buckets Buckets
27 Using WCCP for Traffic Redirection WCCPv2 support is availible on many Cisco Platforms: L3 Switches, Routers, ASA 5500 Security Appliance Cisco Ironport WSA supports all redirect and assign methods (software implementation) Method to use will be negotiated
28 WCCP Platform Recommendations Function Support / Recommend Software ISR & 7200 ASR 1000 Cat 6500 Sup720 Sup32 Cat 6500 Sup2 Cat 4500 Cat 3750 For Your Reference ASA 5500 Assignment Hash Only Mask Only Mask or Hash / Mask Mask or Hash / Mask Mask only Mask only Hash only Forwarding GRE Only L2 or GRE / L2 or GRE L2 or GRE / L2 or GRE L2 or GRE / L2 L2 only L2 only GRE Only Forwarding Redirect List Full extended ACL Full extended ACL Full extended ACL Full extended ACL No Redirect List Support Extended ACL (no deny) Full extended ACL Direction In or Out / In Return IP Forward, L2 or GRE In only In or Out / In In or Out / In IP Forward, L2, WCCP GRE, or generic GRE GRE, ngre, L2, & IP Forward / No GRE IP Forward or L2 / IP Forward In only In only In only IP Forward or L2 / IP Forward IP Forward or L2 / IP Forward GRE
29 Transparent Redirection and HTTPS Symptoms: Successfully configured WCCP on the L3 Device Successfully connect to HTTP sites Cannot connect to HTTPS Sites Switching to explicit Proxy works fine for HTTP and HTTPS Solution: Activate HTTPS Proxy Not necessary to decrypt the requests
30 Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication Web Security with Cisco Scansafe Critical Functionalities Places in the Network Authentication The Road to Hybrid Security
31 Policy - Authentication Policy objects can be managed from central access policy screen First step is to define the Identity: For whom does this policy apply?
32 Authentication Protocols Directory: LDAP or AD Method: Basic: Credentials are sent unencrypted NTLMSSP: Challenge-Response Tracking the User IP based Surrogates Cookie based Surrogates Authentication User Web Security Appliance User Directory
33 NTLM Authentication NTLM requires Account in the AD Domain Credentials to create a computer account are used only once, not stored on appliance Currently only one domain is supported via NTLM
34 LDAP Authentication LDAP queries on port 389 or 636 (Secure LDAP), 3268 (AD GC Server) Need to know the Base DN Name Parameter Can connect to multiple different domains
35 Authentication against LDAP Knowing the LDAP Base DN is fundamental Or check with DSQUERY command on a MS AD
36 Authentication in Explicit Deployment User Web Security Appliance User Directory http error 407 Proxy sends http response 407 (proxy auth. request) Client recognizes the proxy Client will then accept a http response 407 from the proxy Works for HTTPS Client sends a CONNECT request to the proxy Client will then accept a 407 response from the proxy
37 Authentication in Transparent Deployment User Internet Web server Internet User Directory Web Security Appliance Client is not aware of a proxy -> http response 407 cannot be used Need to use http response 401 basic authentication Client needs to be first redirected to the wsa
38 DEMO WSA with transparent redirection
39 IE8/IE9 with Single-Sign On SSO on WSA correctly configured but Clients still getting prompted Check if WSA Redirect Name is listed in Trusted Sites Check Security Settings on Trusted Sites and set to Automatic Logon with current user name and password
40 Transparent User Identification (TUI) Web Security Release Client logs on to the AD Domain 2. Client request a Web Site 3. Traffic is transparently redirected to the WSA 4. WSA needs to authenticate and queries the AD Agent for the User/Group 5. AD Agent looks up the IP and delivers User/Group 6. Request is proxied and forwarded to the Internet 4 AD Controller w/ Agent WSA 3 6 Internet AD User Switch w/ WCCP
41 DEMO WSA with Transparent User Identification
42 Cisco Ironport WSA & IPv6 Support Current version of WSA does not yet support IPv6 Support is planned for Q4CY2012 IPv6 Support for explicit mode Transparent is depending on implementation on ISR, ASA and Switches, done in a later release WSA will listen for connections both on IPv4 and IPv6 Admin can configure, if IPv4 or IPv6 should be prefered Depending on Configuration, A-record or AAAA-record will be delivered IPv6 Internet Internal IPv6 IPv4
43 Sizing for WSA Main Parameter for sizing is requests per second Rule of thumb: Each request/s is approx Kbps of HTTP traffic Each Mbps of HTTP translates to approx. 10 requests/s 100 Mbps of sustained HTTP traffic is approx requests/s Easy way to find out on a WSA: use the rate CLI command This parameter allows a quite correct sizing depending on features together with the Cisco SE
44 Sizing Table Example S370 Appliance
45 Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication Web Security with Cisco Scansafe Overview and Critical Functionalities Places in the Network Authentication The Road to Hybrid Security
46 Websecurity through Cloudservice Hosted Websecurity through Cisco Scansafe Cloud Service Central reporting and administration through Scancenter Portal
47 Data Flow with ScanSafe Client requests are redirected to a proxy in the cloud Requests are checked and filtered Internet Clean requests are directed back to the client Web requests Allowed traffic Filtered traffic User
48 Scalability & Reliability Billions of web requests per day <50 ms latency High-Availability Infrastructure Parallel Processing See BRKSEC-2346: Inside the Scansafe Architecture
49 Outbreak Intelligence <web> <html> <js> <swf> <pdf> <jpg> JAVA Scanlet Archive Scanlet Script Scanlet PDF Scanlet SWF Scanlet Win EXE Scanlet Multiple AV File Anomaly Scanlet Phishing Scanlet Context Scanlet MF Scanlet META Scanner Parallel Processing in the Scantower provides maximum performance Scanlets provide scanning for malware through code anomaly analysis
50 Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication Web Security with Cisco Scansafe Overview and Critical Functionalities Places in the Network Authentication The Road to Hybrid Security
51 Challenge:Branch Office with local Breakout Corporate Network Internet VPN Webtraffic destined for the central DC is sent via VPN Tunnel Normal Webtraffic goes directly to the Internet bandwidth saving in the central site But how to secure the webtraffic?
52 ISR G2 with integrated Connector Connector is integrated in the Cisco ISR G2 Router Platforms No need to install Connector seperatly in branch networks Redirect of the webtraffic is happening transparently for the user on the router Provides Scantower redundancy Provides User granularity Authenticate User via NTLM (transparent authentication) or Basic (Prompt for Credentials) NTLM works without prompting for IE, Firefox and Google Chrome Internet AD Server BRKSEC-3007: Advanced Cisco IOS Security Features 61
53 ISR G2 with Integrated Connector Simple Config parameter-map type content-scan global server scansafe primary name proxy100.scansafe.net port http 8080 https 8080 license source interface FastEthernet8 timeout server 60 timeout session-inactivity 120 user-group munlab username tmayer server scansafe on-failure block-all interface FastEthernet8 description $WAN-Interface$ ip address dhcp client-id FastEthernet8 ip nat outside content-scan out 62
54 Sizing and Scalability for ISR with Connector Phase 1: Feb 2012 Phase 2: May 2012 ScanSafe Users Supported per ISR G2 Platform For Your Reference 3945E 3925E Phase II Phase I No Auth Web Proxy HTTP Basic NTLM
55 ASA ScanSafe Integration Internet Scansafe Tower Google Server Headquarters and Branch office web traffic scanned by Scansafe Both Headquarters and Branch office web traffic whitelisted AAA AAA ASA ASA Employees Employees Headquarters Branch Office
56 Browser Redirection via GPO / PAC file Proxy Settings are pushed to browsers via Active Directory GPO Browsers connect through Firewall on port 8080 to Web Security Service Firewall blocks all other GET requests Provides Site/External IP granularity AD Server GPO Update Internet
57 Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication Web Security with Cisco Scansafe Overview and Critical Functionalities Places in the Network Authentication The Road to Hybrid Security
58 Easy ID Clientless User authentication via webbrowser User authenticates via Webportal Policies are applied from Scancenter Portal verifying User Name and Group through AD Connection AD Connection is done via LDAPS query from Scancenter to the LDAP Directory at customer site Scancenter is sending a cookie that is used for subsequent authentication
59 Standalone Connector Proxy Settings are pushed to browsers via AD,GPO or PAC file to ScanSafe on port 8080/443 to the Cloud based Tower Connector receives Client info and queries Active Directory Server for Group Information, then proxies to ScanSafe upstream Set Firewall to block all other GET requests Provides IP/End User/Group granularity Scalable up to Users per Connector, depending on which HW it is installed Connector AD Server Internet
60 Roaming Users Installs a Network Driver which binds to all connections (LAN, Wireless, 3G) Automatic Peering Identifies nearest ScanSafe Datacenter and whether a connection is possible. AD information can be remembered from when the user was last on the corporate network using the Gpresult API (group policy) Proxy Firewall Hotspot Client with Websecurity
61 Web Security & AnyConnect Supported on Windows & MAC OS X Client settings are controlled via Profile Profile can be centrally distributed via the Scancenter Portal 71
62 Web Security & AnyConnect Single and modular client VPN (SSL, IKEv2, Always-On,...) 802.1x (Wired, Wireless, MACSEC...) Websecurity Posture for VPN Telemetry (SIO) All modules can be used independently or all together If VPN Module is used, profile management can be done centrally through ASA 72
63 How Does it Work? Authenticates and directs your external client Web traffic to our scanning infrastructure Automatically connect to nearest Scantower SSL encryption of all Web traffic sent improves security over public networks (example: Firesheep Plugin for FF) 73
64 Web Security & AnyConnect Configuration for Web Security with VPN Configured through a profile, downloaded from ASA at connect VPN is lower in the stack than the Websecurity Module Split tunnel Scansafe gateways in the VPN Config (on the ASA) Exclude Corporate adresses from beeing forwarded to the scansafe towers Internet Client with Websecurity Corporate traffic 74
65 Web Security & AnyConnect Configuration Client Profile For Your Reference Scanning Tower selection Proxy ports
66 Web Security & AnyConnect Configuration Client Profile Exceptions for internal networks & public websites to be excluded from scanning Exceptions for authorized internal proxies Static Exceptions like VPN Gateways
67 Web Security & AnyConnect Configuration Client Profile For Your Reference Automatic selection of nearest Scantower Activate Beacon Checking, Deploy public key
68 Web Security & AnyConnect Configuration Client Profile For Your Reference License Key Authentication Settings
69 Web Security & AnyConnect Configuration for Web Security without VPN Scancenter Portal provides hosting of PAC file and / or Client Profile Differentiate Usergroups due to usage of group keys Upload Client Profile Specify Client Profile Key for Authentication
70 Beacon Server for the AnyConnect Web Security Module Beacon Server runs on an internal Server Client gets public key from Beacon Server during deployment If the client has reachability to the Beacon Server, client module is deactivated TND in ASA 9.0
71 DEMO AnyConnect with Web Security
72 Scansafe & IPv6 Support Current version of Web Security does not yet support IPv6 IPv6 traffic scanning can be excluded by adding ::/0 to Static Exceptions Full IPv6 Support will be added mid CY 2012 in two phases: IPv6 Internal IPv6 IPv4 Internet AC 3.1 or Standalone / integrated Connector Internet AC 3.1 or Standalone / integrated Connector
73 Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication Web Security with Cisco Scansafe Critical Functionalities Places in the Network Authentication The Road to Hybrid Security
74 Secure Mobility Future Hybrid Security Internet traffic secure through web security cloud service Corporate traffic secure through tunnel and WSA Consistent Policy and Monitoring Cisco ASA Internet Corporate Network Cisco WSA Remote User w/ AnyConnect Client 3.0
75 Hybrid Security what has been done and what lies ahead Unification of URL Databases AVC integration Connector Integration in ISR G2 Router Unification of features Q1/Q2 CY2012 Application visibility and control Web Reputation Connector Integration in ASA Q3 CY2012 Connector Integration in WSA Provide common management Provide common logging and reporting
76 Summary Cisco Web Security Solution leverages a comprehensive architected featurelist to protect the dynamic environment from the ubiquitios web 2.0 world... Or... Cisco Web Security Solution simply ROCK!
77 Q&A #CiscoPlusCA
78 We value your feedback. Please be sure to complete the Evaluation Form for this session. Access today s presentations at cisco.com/ca/plus and join the #CiscoPlusCA conversation
79 Thank you.
Cisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant
Cisco AnyConnect Secure Mobility Solution György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security Deployment Methods Live Q&A 2011 Cisco and/or its affiliates.
More information2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco AnyConnect as a Service György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security
More informationPolicing The Borderless Network: Integrating Web Security
Policing The Borderless Network: Integrating Web Security Hrvoje Dogan Consulting Systems Engineer, Security March 16, 2012 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 About Cisco
More informationIdentity Firewall. About the Identity Firewall
This chapter describes how to configure the ASA for the. About the, on page 1 Guidelines for the, on page 7 Prerequisites for the, on page 9 Configure the, on page 10 Monitoring the, on page 16 History
More informationAdvanced Web Security Deployment with WSA in IPv4 & IPv6 Networks
Advanced Web Security Deployment with WSA in IPv4 & IPv6 Networks Tobias Mayer, Consulting Systems Engineer Abstract This Session is about advanced deployment and troubleshooting scenarios of the WSA for
More informationNew Features for ASA Version 9.0(2)
FIREWALL Features New Features for ASA Version 9.0(2) Cisco Adaptive Security Appliance (ASA) Software Release 9.0 is the latest release of the software that powers the Cisco ASA family. The same core
More informationSelftestengine q
Selftestengine 700-281 49q Number: 700-281 Passing Score: 800 Time Limit: 120 min File Version: 18.5 http://www.gratisexam.com/ 700-281 Web Security for Field Engineers Still Valid in Egypt, Passed today
More informationIdentity Firewall. About the Identity Firewall. This chapter describes how to configure the ASA for the Identity Firewall.
This chapter describes how to configure the ASA for the. About the, page 1 Guidelines for the, page 7 Prerequisites for the, page 9 Configure the, page 10 Collect User Statistics, page 19 Examples for
More informationCisco Cloud Web Security
Cisco Cloud Web Security WSA ment Guide Internal Use Only 1 October 2014 Cisco CWS WSA/WSAv ment Guide Contents Introduction... 1 Cloud ment... 1 Additional Redirect Methods... 1... 2 Verify connection
More informationNew methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall
New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall Claudiu Onisoru, Senior Network Specialist Cisco Connect - 15 May 2014 1 Agenda Frontal Communication: Who
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationConfiguring Cache Services Using the Web Cache Communication Protocol
Configuring Cache Services Using the Web Cache Communication Protocol Finding Feature Information, page 1 Prerequisites for WCCP, page 1 Restrictions for WCCP, page 2 Information About WCCP, page 3 How
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationConfiguring Traffic Interception
4 CHAPTER This chapter describes the WAAS software support for intercepting all TCP traffic in an IP-based network, based on the IP and TCP header information, and redirecting the traffic to wide area
More informationCisco Passguide Exam Questions & Answers
Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationCisco Cloud Web Security Troubleshooting Guide
Troubleshooting Guide Cisco Cloud Web Security Troubleshooting Guide 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 13 Contents Introduction... 3 Connectivity
More informationIntercepting Web Requests
This chapter contains the following sections: Overview of, on page 1 Tasks for, on page 1 Best Practices for, on page 2 Web Proxy Options for, on page 3 Client Options for Redirecting Web Requests, on
More informationCCNP Security VPN
CCNP Security VPN 642-647 Official Cert Guide Howard Hooper, CCIE No. 23470 Cisco Press 800 East 96th Street Indianapolis, IN 46240 Contents Introduction xxiv Part I ASA Architecture and Technologies Overview
More informationRelease Notes for Cisco IronPort AsyncOS for Web
Release Notes for Cisco IronPort AsyncOS 7.1.1 for Web Published: May 11, 2011 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.1.1 for the Web Security
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationCisco AnyConnect Secure Mobility & VDI Demo Guide
Cisco AnyConnect Secure Mobility & VDI Demo Guide (partner version) Overview... 2 Value Proposition... 2 Deployment Scenario... 3 Role Play Demo Script... 5 Demo Equipment Bill of Material... 9 Demo Documentation
More informationRelease Notes for Cisco IronPort AsyncOS for Web
Release Notes for Cisco IronPort AsyncOS 7.0.1 for Web Published: January 20, 2011 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.0.1 for the Web Security
More informationRelease Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues...
SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues... 6 Release Purpose SonicOS 6.1.1.4 is a maintenance
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationConnect the Appliance to a Cisco Cloud Web Security Proxy
Connect the Appliance to a Cisco Cloud Web Security Proxy This chapter contains the following sections: How to Configure and Use Features in Cloud Connector Mode, on page 1 Deployment in Cloud Connector
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-210 Title : Implementing Cisco Threat Control Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-210
More informationCisco Exam Implementing Cisco Network Security Version: 12.0 [ Total Questions: 186 ]
s@lm@n Cisco Exam 210-260 Implementing Cisco Network Security Version: 12.0 [ Total Questions: 186 ] Cisco 210-260 : Practice Test Question No : 1 When an IPS detects an attack, which action can the IPS
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-618 Title : Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0) Vendors : Cisco
More informationThe following topics provide more information on user identity. Establishing User Identity Through Passive Authentication
You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the dashboards, and configure access control based on user or user
More informationIdentity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication
You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the dashboards, and configure access control based on user or user
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationRelease Notes for Cisco IronPort AsyncOS 7.0 for Web
Release Notes for Cisco IronPort AsyncOS 7.0 for Web Published: December 01, 2010 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.0 for the Web Security
More informationBIG-IP Access Policy Manager : Visual Policy Editor. Version 12.1
BIG-IP Access Policy Manager : Visual Policy Editor Version 12.1 Table of Contents Table of Contents Visual Policy Editor...7 About the visual policy editor...7 Visual policy editor conventions...7 About
More informationCisco ISR G2 and Cloud Web Security Troubleshooting Guide
Design Guide Cisco ISR G2 and Cloud Web Security Troubleshooting Guide Design Guide September, 2014 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 18 Contents
More informationCisco CISCO Securing Networks with ASA Advanced. Practice Test. Version
Cisco 642-515 CISCO 642-515 Securing Networks with ASA Advanced Practice Test Version 3.1 QUESTION NO: 1 Cisco 642-515: Practice Exam Which two statements correctly describe configuring active/active failover?
More informationConfiguring Transparent Redirection for Standalone Content Engines
CHAPTER 6 Configuring Transparent Redirection for Standalone Content Engines This chapter discusses the following methods for transparently redirecting content requests to standalone Content Engines: Web
More informationCreate and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN
Create and Apply Clientless SSL VPN Policies for Accessing Resources, page 1 Connection Profile Attributes for Clientless SSL VPN, page 1 Group Policy and User Attributes for Clientless SSL VPN, page 3
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 642-618 EXAM QUESTIONS & ANSWERS Number: 642-618 Passing Score: 800 Time Limit: 120 min File Version: 39.6 http://www.gratisexam.com/ CISCO 642-618 EXAM QUESTIONS & ANSWERS Exam Name: Deploying Cisco
More informationMcAfee Web Gateway Administration Intel Security Education Services Administration Course Training
McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction
More informationMcAfee Web Gateway Administration
McAfee Web Gateway Administration Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction to the tasks crucial
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo
Vendor: Cisco Exam Code: 300-207 Exam Name: Implementing Cisco Threat Control Solutions Version: Demo DEMO QUESTION 1 When learning accept mode is set to auto, and the action is set to rotate, when is
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationConfiguring Request Authentication and Authorization
CHAPTER 15 Configuring Request Authentication and Authorization Request authentication and authorization is a means to manage employee use of the Internet and restrict access to online content. This chapter
More informationSophos Web Appliance Configuration Guide. Product Version Sophos Limited 2017
Sophos Web Appliance Configuration Guide Product Version 4.3.5 Sophos Limited 2017 ii Contents Sophos Web Appliance Contents 1 Copyrights and Trademarks...1 2 Introduction...2 3 Features...4 4 Network
More informationConfiguring Network Admission Control
CHAPTER 59 This chapter describes how to configure Network Admission Control (NAC) in Cisco IOS Release 12.2SX. Note For complete syntax and usage information for the commands used in this chapter, see
More informationManaging Authentication and Identity Services
You can create access policies based on user identity rather than IP addresses. To enable identity-based services, you configure policies and options to obtain user identity, and then use identity objects
More informationConfiguring Network Admission Control
45 CHAPTER This chapter describes how to configure Network Admission Control (NAC) on Catalyst 6500 series switches. With a PFC3, Release 12.2(18)SXF2 and later releases support NAC. Note For complete
More informationVRF-Aware Cloud Web Security
The feature adds virtual routing and forwarding (VRF) support to the Cisco Cloud Web Security configuration. VRF instances in IP-based networks enable a device to have multiple instances of the routing
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationConfiguring Content Authentication and Authorization on Standalone Content Engines
CHAPTER 10 Configuring Content Authentication and Authorization on Standalone Content Engines This chapter describes how to configure content authentication and authorization on standalone Content Engines
More informationDeploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2
Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationSophos Web Appliance Configuration Guide. Product Version Sophos Limited 2017
Sophos Web Appliance Configuration Guide Product Version 4.3.2 Sophos Limited 2017 ii Contents Sophos Web Appliance Contents 1 Copyrights and Trademarks...4 2 Introduction...5 3 Features...7 4 Network
More informationRelease Notes for Cisco IronPort AsyncOS for Web
Release Notes for Cisco IronPort AsyncOS 7.1.4-101 for Web Published: June 25, 2013 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.1.4 for the Web Security
More informationDeployment Scenarios for Standalone Content Engines
CHAPTER 3 Deployment Scenarios for Standalone Content Engines This chapter introduces some sample scenarios for deploying standalone Content Engines in enterprise and service provider environments. This
More informationWireless LAN Controller Web Authentication Configuration Example
Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process
More informationConfiguring Hybrid REAP
13 CHAPTER This chapter describes hybrid REAP and explains how to configure this feature on controllers and access points. It contains the following sections: Information About Hybrid REAP, page 13-1,
More informationExam Actual. Higher Quality. Better Service! QUESTION & ANSWER
Higher Quality Better Service! Exam Actual QUESTION & ANSWER Accurate study guides, High passing rate! Exam Actual provides update free of charge in one year! http://www.examactual.com Exam : 642-617 Title
More informationQuestion: 1 An engineer is using the policy trace tool to troubleshoot a WSA. Which behavior is used?
Volume: 418 Questions Question: 1 An engineer is using the policy trace tool to troubleshoot a WSA. Which behavior is used? A. External DLP policies are evaluated by tool B. Socks policies are evaluated
More informationChapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM
Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2015 Cisco and/or its affiliates. All rights
More informationConfiguring FlexConnect Groups
Information About FlexConnect Groups, page 1, page 5 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 10 Configuring WLAN-VLAN Mappings on FlexConnect Groups, page 11 Information About FlexConnect
More informationConfiguring Web-Based Authentication
CHAPTER 42 This chapter describes how to configure web-based authentication. It consists of these sections: About Web-Based Authentication, page 42-1, page 42-5 Displaying Web-Based Authentication Status,
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationTest - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version
Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version ACE Exam Question 1 of 50. Traffic going to a public IP address is being translated by your Palo Alto Networks firewall to your
More informationRelease Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...
SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues... 5 Release Purpose SonicOS 6.1.1.5 is a general
More informationRADIUS Servers for AAA
This chapter describes how to configure RADIUS servers for AAA. About, page 1 Guidelines for, page 14 Configure, page 14 Test RADIUS Server Authentication and Authorization, page 19 Monitoring, page 19
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationWCCPv2 and WCCP Enhancements
WCCPv2 and WCCP Enhancements Release 12.0(11)S June 20, 2000 This feature module describes the Web Cache Communication Protocol (WCCP) Enhancements feature and includes information on the benefits of the
More informationConfigure WSA to Upload Log Files to CTA System
Configure WSA to Upload Log Files to CTA System Last updated: April 19, 2018 Conventions Introduction Prerequisites Requirements Components Used Configure Configure the Proxy Connect to Active Directory
More informationImplementing Core Cisco ASA Security (SASAC)
1800 ULEARN (853 276) www.ddls.com.au Implementing Core Cisco ASA Security (SASAC) Length 5 days Price $6215.00 (inc GST) Overview Cisco ASA Core covers the Cisco ASA 9.0 / 9.1 core firewall and VPN features.
More informationConfiguring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER
CHAPTER 5 This chapter describes how to configure the Web Cache Communication Protocol version 2 (WCCPv2) on Cisco NX-OS devices. This chapter includes the following sections: Information About WCCPv2,
More informationRealms and Identity Policies
The following topics describe realms and identity policies: Introduction:, page 1 Creating a Realm, page 5 Creating an Identity Policy, page 11 Creating an Identity Rule, page 15 Managing Realms, page
More informationASA with CX/FirePower Module and CWS Connector Configuration Example
ASA with CX/FirePower Module and CWS Connector Configuration Example Document ID: 118687 Contributed by Jennifer Halim, Ashok Sakthivel, and Chirag Saxena, Cisco TAC Engineers. Dec 23, 2014 Contents Introduction
More informationWeb server Access Control Server
2 You can use access lists to control traffic based on the IP address and protocol. However, you must use authentication and authorization in order to control access and use for specific users or groups.
More informationITdumpsFree. Get free valid exam dumps and pass your exam test with confidence
ITdumpsFree http://www.itdumpsfree.com Get free valid exam dumps and pass your exam test with confidence Exam : 642-583 Title : Security Solutions for Systems Engineers Vendors : Cisco Version : DEMO Get
More informationVMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager
VMware Identity Manager Cloud Deployment DEC 2017 VMware AirWatch 9.2 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationVMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager
VMware Identity Manager Cloud Deployment Modified on 01 OCT 2017 VMware Identity Manager You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The
More informationCisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
More informationExam Questions
Exam Questions 300-209 SIMOS Implementing Cisco Secure Mobility Solutions (SIMOS) https://www.2passeasy.com/dumps/300-209/ 1. Refer to the exhibit. Which VPN solution does this configuration represent?
More informationConfiguring Web-Based Authentication
CHAPTER 61 This chapter describes how to configure web-based authentication. Cisco IOS Release 12.2(33)SXH and later releases support web-based authentication. Note For complete syntax and usage information
More informationConfigure WSA to Upload Log Files to CTA System
Configure WSA to Upload Log Files to CTA System Last updated: January 30, 2018 Contents Conventions Introduction Prerequisites Requirements Components Used Configure Configure the Proxy Connect to Active
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationConfiguring F5 for SSL Intercept
Configuring F5 for Welcome to the F5 deployment guide for configuring the BIG-IP system for SSL intercept (formerly called with Air Gap Egress Inspection). This document contains guidance on configuring
More informationCisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release
:: Seite 1 von 5 :: Datenblatt zum Produkt Cisco ANYCONNECT ESSENTIALS VPN mit DC# 554678 :: Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2
More informationDeploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3
Deploying VMware Identity Manager in the DMZ SEPT 2018 VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationBarracuda Firewall Release Notes 6.6.X
Please Read Before Upgrading Before installing the new firmware version, back up your configuration and read all of the release notes that apply to the versions that are more current than the version that
More informationISE Primer.
ISE Primer www.ine.com Course Overview Designed to give CCIE Security candidates an intro to ISE and some of it s features. Not intended to be a complete ISE course. Some topics are not discussed. Provides
More informationRelease Notes for Cisco IronPort AsyncOS for Web
Release Notes for Cisco IronPort AsyncOS 7.1.3 for Web Published: November 21, 2011 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.1.3 for the Web Security
More informationFirepower Threat Defense Remote Access VPNs
About, page 1 Firepower Threat Defense Remote Access VPN Features, page 3 Firepower Threat Defense Remote Access VPN Guidelines and Limitations, page 4 Managing, page 6 Editing Firepower Threat Defense
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationASACAMP - ASA Lab Camp (5316)
ASACAMP - ASA Lab Camp (5316) Price: $4,595 Cisco Course v1.0 Cisco Security Appliance Software v8.0 Based on our enhanced FIREWALL and VPN courses, this exclusive, lab-based course is designed to provide
More informationKillTest. 半年免费更新服务
KillTest 质量更高 服务更好 学习资料 http://www.killtest.cn 半年免费更新服务 Exam : 642-618 Title : Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0) Version : DEMO 1 / 9 1.On the Cisco ASA, tcp-map can be applied to
More informationDeploying Cisco ASA VPN Solutions v2.0 (VPN)
Deploying Cisco ASA VPN Solutions v2.0 (VPN) Course Overview: The Deploying Cisco ASA VPN Solutions (VPN) v2.0 course is part of the curriculum path that leads to the Cisco CCNP Security certification.
More informationRemote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN
Remote Access virtual private network (VPN) allows individual users to connect to your network from a remote location using a laptop or desktop computer connected to the Internet. This allows mobile workers
More information