Cisco Press has, over the years, been known for its commercial ‘Certification Based’ books; however, every once in awhile, Cisco Press also gives birth to books that examine core technologies without certification boundaries which touch your imagination of advance technologies and make you more responsible towards your work. Thanks to the new found attention being given to core technology oriented books, there are many authors out there who have and are waiting in the wings to try their hand at writing books based on the real-time technologies. A few examples in the past have been books like “Routing TCP/IP” by Jeff Doyle, “BGP Design and Implementation” by Randy Zhang and Micah Bartell, and “MPLS and VPN Architectures” by Ivan Pepelnjak.
It is very hard to find a composite study resource to learn multiple technologies, but “Cisco ASA All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition” is one of that kind of study resource.
CCNA Training – Resources (Intense)
Cisco ASA All-in-One Next-Generation Firewall, IPS, and VPN Services, written by Jazib Frahim, Omar Santos and Andrew Ossipov, is designed to optimize your study time. The author’s communication skills are unsurpassed, making difficult technology concepts understandable. As network security professionals, we often face challenges and this book is a great reference for overcoming these challenges.
This book is a one-stop shop for all professionals and targets both entry level and advanced users. So let’s dive deep to understand the world of the Cisco ASA family.. The first 16 of 25 chapters cover ASA technologies from basic security introduction and the ASA hardware to advance technical deployment and maintenance of Cisco ASA.
Chapter 2 is very impressive and provides information on Cisco ASA products including 5505, 5510, 5512X, 5520X, 5545X, 5585X ASA models and also contains an informational overview of 6500 series ASA Services module, ASA 1000V cloud firewall, ASA AIP-SSM modules and ASA Gigabit Ethernet modules. The next chapters cover the Firewall Technology behind the ASA appliance including licensing, initial configuration, system maintenance (SSH, password recovery, SNMP, Net-flow, system monitoring) and hardware architecture.
Chapter 7 is dedicated to explain AAA services. This chapter describes AAA protocols and services supported by Cisco ASA. Here you can learn configuration authentication of administrative sessions like telnet/SSH/console/ASDM sessions. Chapter 8 explains traditional ways to control network access, provides in-depth explanation on standard, extended, ether-type, web-type ACLs with advance features like time, object, and ICMP filtering.
The next chapters explore core ASA technologies including Network Address Translation, IPv6, Routing Protocols, ASA inspection, Virtualization and the concept of Transparent Firewall (the best part is step-by-step configurations of security contexts and Transparent Firewalls). Finally, chapter 16 will make you comfortable with ASA High Availability features to configure most useful Failovers Active/Standby and Active/Active, Clustering features like zero downtime upgrade, cluster licencing and management.
Your wait is over to learn IPS. Chapters 17 and 18 provide a very objective overview on implementation of Cisco ASA Intrusion Prevention System with detailed descriptions of all the available features with commands and output examples but it is all on a basic functional level. They are way too short and feel as if it is not as important. The chapters contain in-depth knowledge of Cisco IPS software and hardware architecture; here you can learn the tuning and monitoring IPS signatures. I like the overview of Botnet Traffic filter section; GUI steps provide ease of learning and the author also explains the requirements and the use of described technologies with step-by-step implementation. All useful keywords are highlighted with bold font so you can easily understand the information on the first reading.
The next four chapters examine VPN services; this section explores the roles and requirements of VPN services with the best of configurations and management. These four chapters will make you capable of implementing and administrating site-to-site IPsec VPNs, IPsec Remote-Access VPNs, and SSL VPNs, etc. with all advance key features.
At last, you will get two bonus chapters to learn IP Multicast routing and QoS. Both chapters provide the basic fundamentals, which is important to deal with current network security deployment.\
After reading this book, you will be able to configure and maintain a Cisco ASA, IPS, and VPN Services to meet the requirements of your security policy. This comprehensive resource covers the latest features available in Cisco ASA and includes detailed examples of complex configurations and troubleshooting.
If you are an advanced user you can use this book as a (heavy) command reference. Beginners can start with an ASA device and I promise, this book really helps and covers most things that examine ASA technologies. This book is not only limited to Cisco ASA devices, but also skillfully explains various types of network security flaws, weaknesses, points of security failures and attacks.
The increased reliance on networking resources to provide productivity and corporate revenue network security concerns over cyber-terrorism, financial fraud, and theft of proprietary information have radically increased the demand for highly skilled networking security professionals. This book helps you understand and master the material you need to know to learn ASA, IPS, and VPN Services. I am quite happy with this book and if you want to start your way into Cisco ASAs, I’d say this book is a MUST HAVE and deserves 5 pings out of 5.
If you feel this review useful or informative then please give your feedback through the comments section. Your suggestions are always welcome and don’t forget to join our Facebook group (http://www.facebook.com/IntenseSchool) so you can get the regular updates on newly published articles.