New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall
|
|
- Neil Randell Simon
- 6 years ago
- Views:
Transcription
1 New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall Claudiu Onisoru, Senior Network Specialist Cisco Connect - 15 May
2 Agenda Frontal Communication: Who we are? - Key points - Competencies Areas - Cisco Partnership Cisco NGFW Next Generation Firewall. - Introduction - Hardware overview - Packet flow - Management architecture 2
3 Key Points Established in 1994 Top Romanian SYSTEM INTEGRATOR Cisco GOLD Partner Oracle Gold Partner VMware Partner Enterprise Solution Provider EMC Premier Velocity Partner Areas of competency in Infrastructure, Datacenter, Multiservice, Security VMware Training Center due to strategic partnership with Omnilogic and Cisco Authorized Training Center Testing Center PEARSON VUE and PROMETRIC due to strategic partnership with Omnilogic VCE partner Citrix Silver Solution Advisor Partner 3
4 Competencies Areas DATA CENTER Storage Switching Applications Security Network Managementt NETWORK SYSTEMS Routing LAN Switching Network Management MOBILITY SOLUTIONS Wireless LAN Remote Access Business Class Teleworker Solutions Mobile Solutions for Unified Communications SECURITY Firewall Attack and Intrusion Prevention Spam and Virus Protection Virtual Private Networks Network Admission Control Security Management Physical Security Web and security Video Surveillance Identity Services Engine UNIFIED COMMUNICATION IP Telephony Applications Contact Center Voice Management Call accounting 4
5 Cisco Partnership Certifications Gold Certified Partner Specialization Advanced Collaboration Architecture (1st in Romania and Region) Advanced Borderless Architecture Advanced Routing & Switching Advanced Security Advanced Data Center Architecture Other Authorizations Cisco Learning Partner Associate Smart Care Registered Partner Academy Network Partner Customer Satisfaction Excellence ATP Telepresence Express ATP Identity Services Engine ATP IP Interoperability and Collaborative System (the only one in Romania) 5
6 Cisco NGFW Next Generation Firewall - Introduction - Hardware overview - Packet flow - Management architecture 6
7 Firewall Evolution IP & Ports Applications & Users Full Context- Awareness Phase 1 Phase 2 Phase 3 ASA NGFW adds context-aware security to the ASA product line. PRSM provides common management experience. 7
8 Cisco Next Generation Firewall Build on the best-of-breed ASA stateful inspection firewall Applies NAT to embedded application protocol data Integrates with many other solutions, including: Unified Communications technologies, Active Directory, etc. Acts as a VPN termination: Site-to-site, remote access, and clientless SSL VPN Provides next-generation firewall (NGFW) services: Web reputation for malware protection URL filtering to enforce acceptable use Application visibility and control (AVC) Threat protection (NGFW IPS) 8
9 Beyond ports and protocols How ASA NGFW Addresses Access Control Who: Identity and Authentication What: Application, URL Category, Reputation How: Device, OS, User Agent, Posture Where: Local, Remote 9
10 Application Visibility and Control Enforcing acceptable usage 1,200+ apps 150,000+ MicroApps Application Behavior Greatest control and visibility over mobile, collaborative, and web 2.0 applications Ensures security of (and from) port-hopping applications, such as Skype and BitTorrent Granular enforcement of behaviors within applications Visibility of activity across the network Visit 10
11 Application Visibility and Control Supported approximately 1200 applications Powered by the Cisco Security Intelligence Operation (SIO) By default, PRSM and ASA NGFW check for application signature updates every 5 minutes Supported applications are recognized on any port Supported 3 levels of granularity Application type Examples: Collaboration, Facebook, games, social networking Application Examples: BitTorrent, Cisco phones, ftp-agent, ftp-agent, Google Translate, itunes, LDAP, oracle-sqlnet, RADIUS, WCCP, WebEx Application behavior For example, you could allow the collaboration application type, but not allow uploads 11
12 Web Security Essentials Reputation Dedicated or hijacked sites persistently distributing key loggers, root kits and other malware. Almost guaranteed malicious. Aggressive Ad syndication and user tracking networks. Sites suspected to be malicious, but not confirmed Sites with some history of Responsible behavior or 3 rd party validation Phishing sites, bots, drive by installers. Extremely likely to be malicious. Well managed, Responsible content Syndication networks and user generated content Sites with long history of Responsible behavior. Have significant volume and are widely accessed Suspicious (-10 through -6) Default web reputation profile Not suspicious (-5.9 through +10) 12
13 Web Security Essentials URL Filtering Used to enforce acceptable use Predefined and custom URL categories 78 predefined URL categories 20,000,000+ URLs categorized 60+ languages Powered by the Cisco Security Intelligence Operation (SIO) Utilizes application signatures By default, PRSM and NGFW check for updates every 5 minutes 13
14 Cisco NGFW IPS New with NGFW 9.2 Simplified Operation Rich Policy Options Highly Dynamic Policy is driven by risk acceptance Threats are the focus, not signatures IPS policy is part of the overall NGFW access policy References application awareness References source reputation Daily and hourly updates available: Threats / signatures Reputation feeds Parsing engines 14
15 Cisco NGFW Next Generation Firewall - Introduction - Hardware overview - Packet flow - Management architecture 15
16 ASA NGFW Front View Two Hard Drives Raid 1 (Event Data) 8 GB eusb (System) 10GE and GE ports Two GE Management Ports 16
17 Cisco MultiScale Performance Next-Generation Security for the Internet Edge 200 Mbps NGFW 60 Mbps NGFW + IPS 100K Connections 10,000 CPS 350 Mbps NGFW 90 Mbps NGFW + IPS 250K Connections 15,000 CPS 650 Mbps NGFW 300 Mbps NGFW + IPS 500K Connections 20,000 CPS ASA 5525-X 1 Gbps NGFW 450 Mbps NGFW + IPS 750K Connections 30,000 CPS ASA 5545-X 1.4 Gbps NGFW 600 Mbps NGFW + IPS 1M Connections 50,000 CPS ASA 5555-X ASA 5515-X ASA 5512-X Branch Locations Small / Medium Internet Edge 17
18 Cisco MultiScale Performance Next-Generation Security for the Internet Edge New with 9.2 New with 9.2 ASA 5585-SSP60 ASA 5585-SSP10 2 Gbps NGFW 1 Gbps NGFW + IPS 500K Connections 40,000 CPS ASA 5585-SSP20 5 Gbps NGFW 1.5 Gbps NGFW + IPS 1 Million Connections 75,000 CPS ASA 5585-SSP40 9 Gbps NGFW 2.5 Gbps NGFW + IPS 1.8 Million Connections 120,000 CPS 13 Gbps NGFW 4 Gbps NGFW + IPS 4 Million Connections 160,000 CPS Medium Internet Edge Medium Internet Edge 18
19 Cisco NGFW Next Generation Firewall - Introduction - Hardware overview - Packet flow - Management architecture 19
20 Functional Distribution URL Category/Reputation HTTP Inspection AVC TLS Proxy TCP Proxy Multiple Policy Decision Points NGFW IPS NGFW Services Module TCP Normalization TCP Intercept IP Option Inspection IP Fragmentation Botnet Traffic Filter NAT Routing ACL VPN Termination ASA Module 20
21 Day-in-the-life of a packet -- example Note: Details of flow differs for different traffic characteristics Auth/Access Policy Broad AVC TCP Proxy TLS Proxy Check L3/L4 and Identity Access Policies Determine Protocol and Application Handle TCP 3-way handshake Proxy encryption to decrypt traffic for inspection HTTP Inspector Active Auth Access Policy Packet Egress Determine Application, URL Category, Reputation, User Agent If passive auth not available, authenticate using NTLM, Kerberos, or Basic auth Allow or Deny verdict based on access policy Return packet back to the ASA SSP with an allow verdict 21
22 TLS Proxy acts as a Liason Corporate Network TLS Proxy Web Server 4. Client authenticates server certificate Certificate is generated dynamically with destination name but signed by ASA NGFW 1. Negotiate algorithms 3. Generate proxied server certificate 5. Generate encryption keys 6. Encrypted data channel established 1. Negotiate algorithms 3. Authenticate server certificate 5. Generate encryption keys 6. Encrypted data channel established Two separate sessions, separate certificates, and keys ASA NGFW acts as a CA, and issues a certificate for the web server 22
23 TLS Proxy Extends NGFW Services to TLS Traffic Decrypts SSL and TLS traffic across any port Self-signed (default) certificate or customer certificate and key Self-signed certificate can be downloaded and added to trusted root certificate store on client Decryption policies determine which traffic to decrypt ASA NGFW cannot determine the host name in the client request to choose a decryption policy because the traffic is encrypted FQDN and URL Category are determined using the server certificate If the decision is made to decrypt, ASA NGFW acts the liaison A new certificate is created, signed by ASA NGFW or by the customer CA Information such as FQDN and validity dates are copied from original certificate Name mismatches and expired certificate errors are ignored Name mismatches and expired certificate errors must be handled by the client 23
24 Requires HTTP request to initiate authentication 1. ASA NGFW sees HTTP request from a client to a remote website 2. ASA NGFW redirects the client to the ASA inside interface (port 885 by default) Redirect is accomplished by sending a proxy redirect to the client (HTTP return code 307) - spoofing the remote website 3. ASA sends a client authentication request (HTTP return code 401) 4. After authentication, the ASA NGFW redirects the client back to the remote website (HTTP return code 307) After authentication, the ASA NGFW uses the IP address to track the user Both HTTP and non-http traffic will now be associated with the user Integrates with enterprise infrastructure Supported directories include: Microsoft Active Directory OpenLDAP IBM Tivoli Directory Server Active Authentication 24
25 Example active authentication Client Forward HTTP traffic ASA & CX Target Server Client HTTP Request ASA CX-Policy Active Authentication required HTTP (307) redirect to ASA CT-Proxy Port/default port 885 HTTP (407) Auth. required Forward Authentication Data Validate Credentials with ADI Service HTTP (307) redirect again to final destination Regular HTTP traffic 25
26 Passive Authentication Endpoint must be a domain member Supported for all traffic and all clients Utilizes the Cisco Context Directory Agent (CDA), which includes: Standalone, Linux-based server that can be run as a virtual machine (VM) Intuitive, web-based GUI, and Cisco IOS Software-style CLI CDA gathers information from Active Directory server CDA caches information ASA NGFW/PRSM queries CDA for user information ASA NGFW/PRSM queries Active Directory server for group membership information 26
27 Cisco NGFW Next Generation Firewall - Introduction - Hardware overview - Software overview - Packet flow - Management architecture 27
28 Cisco Prime Security Manager (PRSM) Build-in Configuration Eventing Reporting Off-box Configuration Eventing Reporting Multi-device Manager for ASA NGFW (CX) Role Based Access Control Virtual Machine or UCS Appliance PRSM Virtual Machine supports VMWare ESX
29 PRSM ASA CX communication Cisco SIO ASA NGFW Application Identification Updates RESTful XML [REST = Representational State Transfer] Reliable Binary Logging PRSM HTTPS HTTPS 29
30 Q & A 30
Cisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationImproving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015
Improving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015 1 Agenda Frontal Communication: Who we are? - Key points - Competencies Areas
More informationCisco ASA Next-Generation Firewall Services
Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationCisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant
Cisco AnyConnect Secure Mobility Solution György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security Deployment Methods Live Q&A 2011 Cisco and/or its affiliates.
More informationCisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationNew Features for ASA Version 9.0(2)
FIREWALL Features New Features for ASA Version 9.0(2) Cisco Adaptive Security Appliance (ASA) Software Release 9.0 is the latest release of the software that powers the Cisco ASA family. The same core
More informationAll-in one security for large and medium-sized businesses.
All-in one security for large and medium-sized businesses www.entensys.com sales@entensys.com Overview UserGate UTM provides firewall, intrusion detection, anti-malware, spam and content filtering, and
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More information2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco AnyConnect as a Service György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo
Vendor: Cisco Exam Code: 300-207 Exam Name: Implementing Cisco Threat Control Solutions Version: Demo DEMO QUESTION 1 When learning accept mode is set to auto, and the action is set to rotate, when is
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationDeploying Next Generation Firewalling
Deploying Next Generation Firewalling BRKSEC-2699 Christian Heinel Security Systems Engineer EMEAR NORTH, Denmark Deploying Next Generation Firewalling Abstract This session will explain the technology
More informationUse Cases for Firepower Threat Defense
The following topics explain some common tasks you might want to accomplish with Firepower Threat Defense using Firepower Device Manager. These use cases assume that you completed the device configuration
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 12.1
BIG-IP Access Policy Manager : Secure Web Gateway Version 12.1 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...11 About Secure Web Gateway for web access...11 About the benefits
More informationManaging SSL/TLS Traffic Flows
Some protocols, such as HTTPS, use Secure Sockets Layer (SSL) or its follow-on version, Transport Layer Security (TLS), to encrypt traffic for secure transmissions. Because encrypted traffic cannot be
More informationSRX als NGFW. Michel Tepper Consultant
SRX als NGFW Michel Tepper Consultant Firewall Security Challenges Organizations are looking for ways to protect their assets amidst today s ever-increasing threat landscape. The latest generation of web-based
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-210 Title : Implementing Cisco Threat Control Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-210
More informationDeploying Next Generation Firewalling with ASA-CX
Deploying Next Generation Firewalling with ASA-CX Christian Heinel, Systems Engineer Deploying Next Generation Firewalling with ASA-CX Abstract This session will explain the technology and capabilities
More informationCreate Decryption Policies to Control HTTPS Traffic
Create Decryption Policies to Control HTTPS Traffic This chapter contains the following sections: Overview of Create Decryption Policies to Control HTTPS Traffic, page 1 Managing HTTPS Traffic through
More informationBIG-IP Access Policy Manager : Visual Policy Editor. Version 12.1
BIG-IP Access Policy Manager : Visual Policy Editor Version 12.1 Table of Contents Table of Contents Visual Policy Editor...7 About the visual policy editor...7 Visual policy editor conventions...7 About
More informationUser Identity Sources
The following topics describe Firepower System user identity sources, which are sources for user awareness. These users can be controlled with identity and access control policies: About, on page 1 The
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More informationSSL VPNs or IPsec VPNs The Challenges of Remote Access. February 2 nd, 2007 Chris Witeck- Director of Product Marketing
SSL VPNs or IPsec VPNs The Challenges of Remote Access February 2 nd, 2007 Chris Witeck- Director of Product Marketing Agenda Remote access challenges Drivers for remote access New challenges for IT Remote
More informationManaging CX Devices in Multiple Device Mode
Tip Device inventory management applies to PRSM in Multiple Device mode only. If you are configuring a CX device through a direct connection to the device, you do not need to add the device to the inventory
More informationPalo Alto Networks PCNSE7 Exam
Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationCisco NAC Network Module for Integrated Services Routers
Cisco NAC Network Module for Integrated Services Routers The Cisco NAC Network Module for Integrated Services Routers (NME-NAC-K9) brings the feature-rich Cisco NAC Appliance Server capabilities to Cisco
More informationUse Cases for Firepower Threat Defense
The following topics explain some common tasks you might want to accomplish with Firepower Threat Defense using Firepower Device Manager. These use cases assume that you completed the device configuration
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More informationStonesoft Management Center. Release Notes Revision A
Stonesoft Management Center Release Notes 5.10.5 Revision A Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...
More informationAccess Control. Access Control Overview. Access Control Rules and the Default Action
The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationThe following topics provide more information on user identity. Establishing User Identity Through Passive Authentication
You can use identity policies to collect user identity information from connections. You can then view usage based on user identity in the dashboards, and configure access control based on user or user
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More informationWeb Security Deployment. Ryan Wager Technical Marketing Engineer
Web Security Deployment Ryan Wager Technical Marketing Engineer Agenda Overview Web Security Web Security with Cisco Ironport Web Security Critical Functionalities Places in the Network Authentication
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationUnderstanding Cisco Unified Communications Security
Cisco Support Community Presents Tech-Talk Series Understanding Cisco Unified Communications Security Akhil Behl Solutions Architect, akbehl@cisco.com Author of Securing Cisco IP Telephony Networks 2010
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationChapter 1: Content Security
Chapter 1: Content Security Cisco Cloud Web Security (CWS) Cisco offers Cisco Cloud Web Security (CWS) to protect End Stations and Users devices from infection. Cisco Cloud Web Security (CWS) depends upon
More informationTest - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version
Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version ACE Exam Question 1 of 50. Traffic going to a public IP address is being translated by your Palo Alto Networks firewall to your
More informationStonesoft Next Generation Firewall. Release Notes Revision C
Stonesoft Next Generation Firewall Release Notes 5.10.4 Revision C Table of contents 1 About this release...3 System requirements... 3 Build version...6 Compatibility...7 2 New features...8 3 Enhancements...
More informationStonesoft Management Center. Release Notes Revision A
Stonesoft Management Center Release Notes 5.10.2 Revision A Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...
More informationTECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple
APPGATE TECHNOLOGY UNIFIED TECHNOLOGY Introduction The AppGate solution truly delivers holistic security and access control where other approaches fall short. It is designed to address the security and
More informationArchitecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal
Architecture: Consolidated Platform Eddie Augustine Major Accounts Manager: Federal Current DoD Situation Stovepipes of Technology icontrol Customization irules Solutions Security Access Availability Load
More informationMcAfee Next Generation Firewall 5.9.1
Release Notes Revision A McAfee Next Generation Firewall 5.9.1 Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Find product documentation About
More informationPassit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers
Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed
More informationSymantec & Blue Coat Technical Update Webinar 29. Juni 2017
Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication
More informationStonesoft Next Generation Firewall. Release Notes Revision B
Stonesoft Next Generation Firewall Release Notes 5.10.5 Revision B Table of contents 1 About this release...3 System requirements... 3 Build version...6 Compatibility...7 2 New features...8 3 Enhancements...
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationNetwork. Arcstar Universal One
Network Universal One ARCSTAR UNIVERSAL ONE Universal One Enterprise Network NTT Communications' Universal One is a highly reliable, premium-quality network service, delivered and operated in more than
More informationCheck Point Virtual Systems & Identity Awareness
Check Point Virtual Systems & Identity Awareness Jason Card, Senior Security Consultant, CISSP card@avantec.ch Agenda Check Point Virtual Systems Private Cloud Simplify Security Overview Identity Awareness
More informationRealms and Identity Policies
The following topics describe realms and identity policies: About, page 1 Create a Realm, page 8 Create an Identity Policy, page 15 Create an Identity Rule, page 15 Manage a Realm, page 20 Manage an Identity
More informationHardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012
Hardening the Education IT Environment with NGFW Narongveth Yutithammanurak Business Development Manager 23 Feb 2012 Technology Trends Security Performance Bandwidth Efficiency Manageability Page 2 What
More informationClientless SSL VPN Overview
Introduction to Clientless SSL VPN, page 1 Prerequisites for Clientless SSL VPN, page 2 Guidelines and Limitations for Clientless SSL VPN, page 2 Licensing for Clientless SSL VPN, page 3 Introduction to
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationTest Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version
Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version ACE Exam Question 1 of 50. Which of the following statements is NOT True regarding a Decryption Mirror interface? Supports SSL outbound
More informationRelease Notes for Cisco IronPort AsyncOS for Web
Release Notes for Cisco IronPort AsyncOS 7.1.1 for Web Published: May 11, 2011 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.1.1 for the Web Security
More informationMcAfee Network Security Platform 8.3
8.3.7.28-8.3.7.6 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision B Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationRealms and Identity Policies
The following topics describe realms and identity policies: Introduction:, page 1 Creating a Realm, page 5 Creating an Identity Policy, page 11 Creating an Identity Rule, page 15 Managing Realms, page
More informationMcAfee Network Security Platform 8.3
8.3.7.28-8.3.3.9 Manager-Mxx30-series Release Notes McAfee Network Security Platform 8.3 Revision C Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationRelease Notes for Cisco IronPort AsyncOS for Web
Release Notes for Cisco IronPort AsyncOS 7.1.3 for Web Published: November 21, 2011 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.1.3 for the Web Security
More informationRelease Notes for Cisco IronPort AsyncOS for Web
Release Notes for Cisco IronPort AsyncOS 7.1.4-101 for Web Published: June 25, 2013 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.1.4 for the Web Security
More informationCisco Exam Questions & Answers
Cisco 648-385 Exam Questions & Answers Number: 648-385 Passing Score: 800 Time Limit: 120 min File Version: 34.4 http://www.gratisexam.com/ Cisco 648-385 Exam Questions & Answers Exam Name: CXFF - Cisco
More informationCertKiller q
CertKiller.500-451.28q Number: 500-451 Passing Score: 800 Time Limit: 120 min File Version: 5.3 500-451 Cisco Unified Access Systems Engineer Exam I just passed today with 89%. My sole focus was the VCE.
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More informationMcAfee Network Security Platform 9.1
9.1.7.15-9.1.5.9 Manager-NS-series Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More informationCisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release
:: Seite 1 von 5 :: Datenblatt zum Produkt Cisco ANYCONNECT ESSENTIALS VPN mit DC# 554678 :: Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationConfiguring F5 for SSL Intercept
Configuring F5 for Welcome to the F5 deployment guide for configuring the BIG-IP system for SSL intercept (formerly called with Air Gap Egress Inspection). This document contains guidance on configuring
More informationRelease Notes for Cisco IronPort AsyncOS for Web
Release Notes for Cisco IronPort AsyncOS 7.0.1 for Web Published: January 20, 2011 Contents This document contains release information for running Cisco IronPort AsyncOS AsyncOS 7.0.1 for the Web Security
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-207 Title : Implementing Cisco Threat Control Solutions (SITCS) Vendor : Cisco Version : DEMO Get Latest & Valid
More informationFireproofing your network Do your own security check
Fireproofing your network Do your own security check bb! Cisco Connect 2016, October 19 th Cristian Ionescu, CTO, CCIE #20005 Cosmin Voicu, Senior Solution Engineer, CCIE #37076 1. About us About us IT
More informationKASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security
KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT Open Space Security Cyber-attacks are real. Today alone, Lab technology prevented nearly 3 million of them aimed at our customers worldwide.
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationCisco Passguide Exam Questions & Answers
Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying
More informationPalo-Alto PCNSE7. Palo Alto Networks Certified Network Security Engineer.
Palo-Alto PCNSE7 Palo Alto Networks Certified Network Security Engineer http://killexams.com/exam-detail/pcnse7 Answer: B, E (https://www.paloaltonetworks.com/documentation/60/panorama/panorama adminguide/se
More informationDesigning Workspace of the Future for the Mobile Worker
Designing Workspace of the Future for the Mobile Worker Paulo Jorge Correia Technical Solutions Architect Building Business Value Enable mobile workers and BYOD Locate and access remote experts Collaborate
More informationNext Generation Firewall
Next Generation Firewall Release Notes 5.10.10 Revision A Contents About this release on page 2 Lifecycle model on page 2 System requirements on page 3 Build version on page 6 Compatibility on page 7 New
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationHow to Configure Virus Scanning in the Firewall for FTP Traffic
How to Configure Virus Scanning in the Firewall for FTP Traffic The X-Series Firewall scans FTP traffic for malware on a per-access-rule basis when FTP virus scanning in the firewall is enabled. Both active
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationIntroduction to Cisco ASA Firewall Services
Firewall services are those ASA features that are focused on controlling access to the network, including services that block traffic and services that enable traffic flow between internal and external
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationAbout DPI-SSL. About DPI-SSL. Functionality. Deployment Scenarios
DPI-SSL About DPI-SSL Configuring Client DPI-SSL Settings Configuring Server DPI-SSL Settings About DPI-SSL About DPI-SSL Functionality Deployment Scenarios Customizing DPI-SSL Connections per Appliance
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More information