• Aucun résultat trouvé

The Certification Exam and This Preparation Guide

The questions for each certification exam are a closely guarded secret. But even if you obtained the questions and passed the exam, you would be in for quite an embarrassment as soon as you arrived at your first job that required PIX skills. The point is to know the material, not just to successfully pass the exam. We know what topics you must understand to pass the exam. Coincidentally, these are the same topics required for you to be proficient with the PIX Firewall. We have broken these into “foundation topics” and cover them throughout this book. Table I-1 describes each foundation topic.

Table I-1 CSPFA Foundation Topics Reference

Number Exam Topic Description

1 Firewalls Firewalls process network traffic in three different ways. Chapter 2 discusses these technologies and their advantages.

2 PIX Firewall overview Chapter 2 explains the PIX Firewall’s design and its advantages compared to other firewall products.

3 PIX Firewall models Currently, the PIX Firewall has six different models. Chapter 3 discusses each model, its specifications, and how and when it is applied.

4 PIX Firewall licensing Chapter 3 discusses the different licensing options available for the PIX Firewall and how each license applies.

5 User interface The CLI is one of the methods used to configure the PIX Firewall.

Chapter 6 covers the CLI and many of the commands used to configure the firewall.

6 Configuring the PIX

Firewall

Many different commands are used to configure the PIX Firewall.

These commands are discussed in Chapters 6 through 15.

7 Examining the PIX

Firewall status

Verifying the configuration of the PIX Firewall helps you troubleshoot connectivity issues.

xxv

Reference

Number Exam Topic Description

8 Time setting and NTP

support

It is important to ensure that your firewall time is synchronized with your network. Chapter 6 covers the commands for configuring time on the PIX Firewall.

9 ASA security levels The Adaptive Security Algorithm is a key component of the PIX Firewall. It is discussed in great detail in Chapters 2, 3, 5, and 6.

10 Basic PIX Firewall

configuration

The basic configuration of the PIX Firewall is discussed in Chapter 6.

11 Syslog configuration The logging features of the PIX Firewall are covered in Chapter 8.

12 Routing configuration Because the firewall operates at multiple layers of the OSI model, it can route traffic as well as filter it. The route commands for the PIX Firewall are discussed in Chapter 6.

13 DHCP server

configuration

The PIX Firewall can function as both a DHCP server and a DHCP client. These configurations are covered in Chapters 3 and 6.

14 Transport Protocols The transport layer protocols and how they are handled by the PIX Firewall are discussed in Chapter 5.

15 Network Address

Translation

Network Address Translation is used by many different firewalls to secure network segments. This is discussed in Chapters 5 and 6.

16 Port Address

Translations

Port Address Translation is a method used by the PIX Firewall to NAT multiple internal sources to a single external address. This

configuration is covered in Chapters 5 and 6.

17 Configuring DNS

support

As a perimeter device, the PIX Firewall must support the Domain Name Service. Configuring DNS on the PIX is discussed in Chapter 5.

18 ACLs Access control lists are used to allow or deny traffic between different network segments that attach via the PIX Firewall. Configuring ACLs is discussed in Chapter 7.

19 Using ACLs Configuring ACLs is discussed in Chapter 7.

20 URL filtering The PIX Firewall can be configured to work with other products to perform URL content filtering. This is done to ensure that users use company assets in accordance with company policies. Configuring the PIX for content filtering is discussed in Chapter 12.

21 Overview of object

grouping

Service, host, and network objects can be grouped to make processing by the firewall more efficient. Object grouping is discussed in Chapter 7.

22 Getting started with group objects

Object grouping is discussed in Chapter 7.

23 Configuring group

objects

Object grouping is discussed in Chapter 7.

Table I-1 CSPFA Foundation Topics (Continued)

xxvi

Reference

Number Exam Topic Description

24 Nested object groups Object groups can be nested into other object groups. Object grouping is discussed in Chapter 7.

25 Advanced protocols Many advanced protocols require special handling by the firewall.

Some protocols require multiple inbound and outbound connections.

The handling of advanced protocols by the PIX Firewall is discussed in Chapter 7.

26 Multimedia support Multimedia protocols are considered advanced protocols. The handling of advanced protocols by the PIX Firewall is discussed in Chapter 7.

27 Attack guards The PIX Firewall can be configured to recognize an attack and react to it. This is covered in Chapter 15.

28 Intrusion detection The PIX Firewall can be configured to perform as an Intrusion Detection System as well as a firewall. It also can be configured to work with external IDSs. These issues are covered in Chapter 15.

29 Overview of AAA AAA is a method of ensuring that you can verify who is accessing your network resources, restrict their access to specific resources, and keep track of what actions they take on the network. Configuring the PIX Firewall to support AAA is discussed in Chapters 13 and 14.

30 Installation of CSACS for Windows NT/2000

CSACS is a Cisco AAA server product. Installing and configuring CSACS is covered in Chapter 13.

31 Authentication

configuration

Configuring CSACS is discussed in Chapters 13 and 14.

32 Downloadable ACLs Configuring CSACS is discussed in Chapters 13 and 14.

33 Understanding

failover

Mission-critical systems require high-availability solutions to minimize any chance of network outages. Two PIX firewalls can be configured as a high-availability solution. This configuration is covered in Chapter 9.

34 Failover configuration PIX failover configuration is discussed in Chapter 9.

35 LAN-based failover

configuration

PIX failover configuration is discussed in Chapter 9.

36 PIX Firewall enables a secure VPN

Dedicated circuits between different locations can be cost-prohibitive.

It is much less expensive and just as secure to create an encrypted connection between those locations across public network space.

Configuring virtual private networks is discussed in Chapter 10.

37 IPSec configuration tasks

Configuring virtual private networks is discussed in Chapter 10.

38 Prepare to configure VPN support

Both ends of a virtual private network must have a termination point.

The PIX Firewall can be configured as a VPN termination point.

Configuring virtual private networks is discussed in Chapter 10.

Table I-1 CSPFA Foundation Topics (Continued)

xxvii

Reference

Number Exam Topic Description

39 Configure IKE

parameters

IKE is a key exchange method used to ensure that the encrypted connection is not easily compromised.

Configuring virtual private networks is discussed in Chapter 10.

40 Configure IPSec

parameters

IP Security (IPSec) is a standard for creating an encrypted VPN connection. Configuring virtual private networks is discussed in Chapter 10.

41 Test and verify VPN

configuration

Configuration and troubleshooting of Virtual Private Networks is discussed in Chapter 10.

42 Cisco VPN Client Remote users can create a VPN from their computers to the company network using VPN client software. Configuring virtual private networks and VPN client software is discussed in Chapter 10.

43 Scale PIX Firewall

VPNs

Configuring virtual private networks is discussed in Chapter 10.

44 PPPoE and the PIX

Firewall

PPPoE is used to connect multiple hosts via a single dialup or broadband connection. Some PIX Firewall models support PPPoE.

This topic is covered in Chapter 10.

45 Remote access The PIX Firewall can be managed either locally or remotely.

Configuring the PIX to allow remote access is discussed in Chapter 4.

46 Command-level

authorization

Remote management of the PIX Firewall is discussed in Chapter 4.

47 PDM overview The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.

48 PDM operating

requirements

The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.

49 Prepare for PDM The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.

50 Using PDM to

configure the PIX Firewall

The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.

51 Using PDM to create

a site-to-site VPN

The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.

52 Using PDM to create

a remote access VPN

The PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 11.

Table I-1 CSPFA Foundation Topics (Continued)

xxviii

Documents relatifs