LearnKey Training

Cisco® Authorized PIX® Firewall
(642-521)


LearnKey delivers authorized Cisco® training as a Sponsored Organization of Tech 2000, a Cisco Learning Solutions Partner.
A+


Cisco® Authorized PIX® Firewall
(642-521)

6 Sessions –
18 Hours of Interactive Training
The Cisco® Secure PIX® Firewall Advanced exam is one of four required for the Cisco® CSS® 1 designation. In the Cisco® PIX® Firewall course from LearnKey, you’ll learn how to define and describe network firewall security procedures and how they work specifically with Cisco® PIX® firewalls. Expert instructor Michael Storm will demonstrate how to configure PIX® firewall interfaces, protocols and attack guards to protect networks from security threats that may arrive via Internet traffic. At the conclusion of this course you will be prepared to pass the Cisco® Secure PIX® Firewall Advanced exam.

Prerequisites: Valid CCNA® certification required for CSS® 1 designation.
About The Author
For the past 16 years, Michael Storm has managed the design, security and implementation of enterprise networks for Fortune 100 companies around the globe. As the founder of Brainstorm International, Inc., Storm specializes in InfoSec Security and Internetwork Solutions Architectures. He is currently the Director of Network Engineering and Security Officer for Interface Technical Training of Phoenix, AZ and creator of the Immersion Learning System™, used by countless Cisco® and Microsoft Professionals for achieving technical mastery. Storm holds many IT certifications, including the Cisco® CCIE® Security, CCNP®, CCSP™, CCDP®, NSA/CNSS CISSP, MCSE and MCT.
Session 1

Section A: Introduction
· Network Threats
· Cisco® Certifications
· INFOSEC Professional
· CCIE® Security
· Course Focus

Section B: Security Threats/Solutions
· Types of Threats
· Attack Types
· Security Process
· Security Wheel
· Security Network
· Monitor
· Test/Improve
· SAFE Framework

Section C: Firewall Technologies
· Bastion Host
· Firewall
· Perimeter Network
· Categories
· Packet Filters
· Proxy Filters
· Stateful Packet

Section D: PIX® Firewall Features
· ASA
· Firewall Traffic
· Large Enterprise
· Med/Large Enterprise
· Med/Small Enterprise
· Small Enterprise

Section E: PIX® Maintenance
· Accessing
· Basic Commands
· Configuration/Testing
· New OS Install
· Monitor Mode
· Upgrade OS
· Password Recovery

Section F: Upgrade PIX® OS
· Show Version
· New PIX® Upgrade
· New PIX® PW Recovery
· Boot Recovery Disk
· Old PIX® PW Recovery

Section G: ASA Security Rules
· Configuration Concepts
· Security Levels
· Traffic Flow Rules
· Interface Associations
· Using Security Levels
· Advantages
· Algorithm
· Conduits

Session 2

Section A: ASA Operations
· Negotiations
· Translation
· Address Assignment
· Response Packets

Section B: Six Basic Commands
· Nameif
· Interface
· IP Address
· NAT
· Global
· Route
· View Configuration

Section C: Configure PIX® Firewall
· Basic Lab
· Security Levels
· Interface Info
· IP Addresses
· Route
· Address Translation
· Save/Verify

Section D: Translation Rules
· TCP/IP Conversations
· Inside to Outside
· Outside to Inside
· Static
· Conduit
· Static/Conduit Example
· Using ACLs
· Additional Features

Section E: NAT & PAT
· Address Allocation
· NAT Types
· Address Management
· NAT/PAT Limitations
· NAT Configurations
· PIX® Configuration
· Managing Translations
· Managing Connections

Section F: PIX® Device Manager
· PDM 2.1x Features
· PDM 3.0 Features
· Requirements
· Install/Upgrade
· Prepare for PDM
· Download PDM

Session 3

Section A: Configure PIX® with PDM
· Load PDM
· PDM Startup Wizard
· Save Configuration
· Access/Translation
· Hosts/Networks
· Static Translations
· Create an ACL
· System Properties

Section B: Object Grouping
· Use Object Group
· ICMP Groups
· Network Groups
· Protocol Groups
· Service Groups
· Nesting Groups
· Groups in PDM

Section C: Syslog
· Configuring Syslog
· Logging Levels

Section D: Cut-Through Proxy
· AAA Support
· Security Architecture
· AAA Technology
· Remote Security DB
· Secure ACS
· Install ACS
· Advanced Options

Section E: CSACS Configuration
· ACS Interface
· Create User
· Group Setup

Section F: AAA Configuration
· Authentication
· Configure Authorization
· Enable Authentication
· Accounting
· Verification Commands

Section G: Advanced Protocol Handling
· Protocol Operations
· FTP Protocol
· Rsh Protocol
· SQL*Net Protocol
· Configure Fixup

 

Cisco® Authorized PIX® Firewall (642-521) continued
Session 4

Section A: Multimedia Operation
· Firewall Functions
· Enable Multimedia
· Add Protocols
· New Version Support

Section B: Attack Guard
· Mail Guard
· DNS Guard
· Frag/Flood Guard
· Other Options
· Websense

Section C: Service Configuration
· DHCP Server
· DHCP Config. Steps
· Config. Example
· Intrusion Detection
· IDS Configuration
· PDM Service Config.
· Setup PDM IDS
· Verify Audit

Section D: Failover
· Failover Events
· Failover Transfer
· Failover Communication
· Monitoring/Testing
· Failover Types
· Failover Example
· Failover Configuration

Section E: IPSec/VPN
· VPN Topologies
· VPN Scenarios
· IPSec
· IPSec Standards
· More IPSec Standards
· Security Associations

Section F: IPSec Process
· IPSec Modes & Protection
· Scaling IPSec Networks
· Supported CA Servers

Session 5

Section A: Configuring IPSec
· Create IKE Policies
· Pre-shared Keys
· Crypto Access Lists
· Transform Sets
· Crypto Maps
· Verify Configuration

Section B: Scaling IPSec
· Configure CA
· Sample CA
· Verify/Update CA

Section C: Configuring PIX VPN
· Create Access Lists
· ISAKMP Policy
· Crypto Map
· Check Configuration

Section D: PPPoE/VPN with PDM
· PPPoE
· PPPoE on PIX
· Create Site-to-Site
· IPSec
· IKE Policy
· Remote Access VPN
· Authentication
· Authorization

Section E: Configuring CSIS
· IOS Firewall
· IDS Configuration
· CBAC
· CBAC Configuration
· ACL Filtering
· Lock-and-Key
· Prevent DoS Attacks
· Logging Events

Section F: Authentication Proxy
· Configuring Auth-Proxy
· Add Auth-Proxy
· Custom Attributes
· AAA & Auth-Proxy

Session 6

Section A: Version 6.3
· Technology Updates
· 6.3 vs. 6.2
· 6.3 Additional Features
· Enhanced Security
· Other Support

Section B: Security & Licensing
· Conduits to ACLs
· Conduits vs. ACLs
· Conversion Tools
· Licensing Process & Options
· Activation Key

Section C: 6.3 VPN Enhancements
· AES
· AES Cipher Process
· NAT Traversal for IPSec
· Enable PIX® NAT-T
· Management Tools
· VPN Wizard
· VPDN Mode Configuration

Section D: Enterprise-Level PIX®
· FWSM
· FWSM Requirements
· Enterprise Management
· Install Mgmt. Console
· Prepare PIX® Firewall
· Management Center

Section E: Workflow in MC
· Basic User Taskflow
· Workflow/Tasks
· Implement Steps
· Create Activity
· Import/Create Device
· View Settings
· Access Rules
· Deploy Configuration

Section F: Auto Update Server
· Setup AUS
· Using Auto Update
· Reporting
· Administration

CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and Networking Academy are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this web site are the property of their respective owners.