Imagine the cost of improperly configured equipment:
Network downtime
Hacked systems
Wasted investment in underutilized expensive equipment
In just two days, we deliver a lot of knowledge!
Workshop Description
This Cisco® ASA training workshop is two intensive days filled with hands-on lab exercises where you'll learn how to reset the administrator password (even when you don't know it), how to build a basic firewall configuration from scratch in the command-line and in the GUI. Once you've finished building the configuration, you get lots of hands-on practice in how to manage it. You'll learn how to write and manage access-control lists, how to set up three different kinds of VPNs, a DMZ, and a lot more. You'll practice backing-up and restoring your configuration files and the firewall's operating system image. We'll show you how to set up centralized logging with a syslog server. You'll practice configuring login banners. You'll configure local usernames and privilege levels, plus you'll practice using Active Directory for authentication. You'll set up a DHCP server for automatic address assignment. You'll practice building three types of VPNs including site-to-site, remote access, and a clientless Web VPN. You'll build a DMZ with a Web server and a print server. You'll even practice port-scanning to test for vulnerabilities. We'll show you how to configure various types of filtering and you'll actually practice configuring filters to block Java applets.
In short, this Cisco® ASA training workshop is a lot of hands-on exercises and not a lot of talking! Our instructors are there to show you how to do things, answer your questions, and help you troubleshoot your configurations.
Now upgraded with even more "hands-on" lab exercises (and less talking)!
Bring this Workshop Onsite to Your Location. Small or large groups; Save on travel expense and time away from the office by bringing the training right to your door. Find out more.
Early registration rates apply to registrations received up to 30 days prior to the workshop
Early Registration/Late Registration
$1695/$1,895.00 for 1 person
$1495/$1695 per person for 2, Save over 10%
$1295/$1495 per person for 3, Save over 21%
$1095/$1295 per person for 4 or more. Save over 31%
Adobe Flash Player not installed or older than 9.0.115!
"Very good. Covered a lot of material, essentially all hands on...Everything taught included a lab...on the real thing. SoundTraining.net gives the training hands-on and comes to a location convenient for me. Very convenient."
--Jon Langel, Defense Information Systems Agency, Arizona
Learning Objectives
Upon completion of soundtraining.net's Cisco® ASA training workshop, you'll...
Practice password recovery techniques for the Cisco ASA security appliance
Practice two techniques for building a basic firewall configuration from scratch
Gain an understanding of logging configurations and practice using syslog with the security appliance
Practice two methods of backing up and restoring device's configurations
Practice two methods of backing up and restoring your device's software image (operating system), including how to recover the software in a catastrophic fault condition
Practice configuring and using three methods of remote management
Gain an understanding of Network Address Translation and Port Address Translation on the ASA Security Appliance and practice using them in your configurations
Practice configuring three types of banners
Gain an understanding of Cisco privilege levels and practice configuring local usernames and privilege levels
Practice configuring your security appliance to authenticate via Windows Active Directory using RADIUS
Practice buidling and troubleshooting a DHCP server
Practice building three types of VPNs including site-to-site, remote access, and a clientless Web VPN
Gain an understanding of DMZs and practice building one with a Web server and a print server
Practice testing security configurations with a port scanner
Gain an understanding of filtering techniques and practice blocking Java applets
Certifications and Exams
This Cisco® training workshop can help prepare the student for professional certification by Cisco including the CCSP certification. Exam candidates are encouraged to visit www.cisco.com for complete exam objectives and outlines.
Who should attend?
This workshop is intended for network security personnel who install, configure, support, and troubleshoot Cisco® ASA Security Appliances or PIX Firewall devices. Network administrators, network engineers, IT managers, CIOs, CTOs, and anyone responsible for network security will benefit from attending this Cisco Security Appliance training class including PIX firewall training and Cisco ASA Security Appliance training.
Q: What model of Cisco firewalls do you use in your workshop?
A: We use Cisco ASA 5505 security appliances.
Q: I use 5510s (or 5520s, 5540s, etc.). Will this class be relevant for me?
A: Yes. As with most Cisco products, the software is fairly consistent within product families. Certainly there are slight differences from one model to another in areas such as interface configuration and specific features, but the overall knowledge you gain from this seminar should be applicable to you regardless of the firewall model you use. Please review the course outline for specifics.
Q: I use a PIX firewall. Will this class be relevant for me.
A: It depends on what version of the software you're running. If you're running version 7.x or later, much of what we cover will be relevant. If you're running version 6.x or earlier, this class may not be so relevant for you. (You really should think about upgrading to an ASA!)
Q: What version of the software is loaded on your classroom firewalls?
A: We believe in keeping our software current. As of this writing (October 2008), our firewalls are loaded with asa804-k8.bin and asdm-613.bin.
Q: How much of this class is taught in the command line as opposed to the GUI?
A: It's about 50/50.
Q: What operating system is loaded on the classroom computers?
A: We use Windows XP Professional SP3.
Bring this Workshop Onsite to Your Location. Small or large groups; Save on travel expense and time away from the office by bringing the training right to your door. Find out more.
Workshop Outline
Module One: Understanding Firewall Fundamentals
There are myriad firewalls available from personal firewalls to network firewalls; from application firewalls to firewall appliances. In this module, you'll learn the different types and classifications of firewalls and how to choose the right one for your workplace. We'll cover AAA (Authentication, Authorization, and Accounting) and provide an excellent overview of encryption concepts including both single key and PKI. You'll learn about stateful inspection and how the ASA (Adaptive Security Algorithm) provides a high level of security wtihout sacrificing performance. We'll go over each of the models of the Cisco PIX firewall and the new Cisco ASA Security Appliances. This module includes five great hands-on exercises in which you'll actually break in to the firewall (when it's done legitimately, it's called "password recovery"), erase its configuration, and build a new configuration from scratch.
What do firewalls do?
Types of Firewalls
Classification of Firewalls
AAA: Authentication, Authorization, and Accounting
Basics of Encryption including Single Key and PKI
Stateful Inspection
Adaptive Security Algorithm
Network Address Translation
An Overview of Cisco Security Appliances
Understanding VLANs
Understanding the Eight Basic Commands on a Cisco ASA Security Appliance
Controlling the Appliance from its Console
Password Recovery
Student Exercise 1.1: Password Recovery and Initial Configuration
Student Exercise 1.2: Removing the Existing Configuration
Student Exercise 1.3: Using the Eight Commands Required to Enable Basic Firewall Functionality
Student Exercise 1.4: Building a Base Configuration on the ASA Security Appliance
Student Exercise 1.5: Building an Initial Configuration on the ASA Security Appliance
Module Two: Backing Up and Restoring Configurations and Software Images
Once you've invested the time and effort in building a firewall configuration, you sure don't want to risk losing all your hard work through a hardware failure or some other anomoly. (Hey, things happen in systems and networks...the key is to have a backup.) In this module, you'll learn how to use a TFTP (Trivial File Transfer Protocol) server to backup and restore your configurations and software images. After all, when you've got backups, you've got peace-of-mind.
Analyzing the Base Configuration of the Security Appliance
Student Exercise 2.1: Analyzing the Base Configuration and Saving It
Student Exercise 2.2: Backing Up and Restoring the Configuration
Student Exercise 2.3: Backing Up and Restoring the Software Image
Module Three: Sending Logging Output to a Syslog Server
One of the hallmarks of a great system or network administrator is someone who is intimately familiar with every performance aspect of his/her gear. The logs are your best friend for really understanding what's going on with your systems. In this module, you'll learn how to send logging output to an external server. We'll show you how to use the free Kiwi syslogd tool to offload your logs from the security appliance to a Windows host. We'll help you understand logging severity levels and how to configure the amount of logging information that is sent to your logging host.
Using syslogd with the Security Appliance
Student Exercise 3.1: Sending Logging Output to a Syslog Server
Module Four: Remote Management Options
Most of us manage our network devices remotely instead of sitting at the physical console of the device. In this module, you'll learn how to use Telnet (and why you shouldn't use Telnet), SSH, and Web-based management tools to remotely manage your security appliance.
Remote Console Access
Telnet
SSH (Secure Shell)
Configuring and Managing Remote Management through ASDM
Student Exercise 4.1: Telnet and Secure Shell (SSH)
Module Five: Configuring Logon Banners, Usernames, and Authentication, Authorization, and Accounting (AAA)
Your legal department may have already supplied you with the text for your logon banners. In this module, we'll show you how to take that text and create the logon banners for your appliance. Then, you'll learn how about assigning commands to privilege levels, how to create usernames, and associate the usernames with privilege levels to control exactly what individuals can do with the security appliance. We'll also help you understand ways to offload authentication using RADIUS (Remote Authentication Dial-In User Service), TACACS+ (Terminal Access Controller Access Control System Plus), and CiscoSecure Access Control Server. Then, you'll actually configure a local database of usernames and privilege levels on your classroom security appliance.
How to Configure a Banner
Configuring Authentication, Authorization, and Accounting (AAA)
Remote Authentication Technologies
Cisco Secure Access Control Server
Installing and Configuring CACS
Authentication of Clients
Student Exercise 5.1: Creating Banners on the Security Appliance
Student Exercise 5.2: Configuring Usernames and Local Authentication
Student Exercise 5.3: Configuring Privilege Levels on the Security Appliance
Student Exercise 5.4: Authenticating Through Windows Active Directory
Module Six: Configuring the Appliance as a DHCP Server
Often, a security appliance such as the ASA must serve many roles in addition to security. One frequently used role is that of dynamic address allocation as a DHCP server. In this module, you'll learn how to configure your ASA security appliance as a DHCP server including how to provide IP options.
Understanding the DHCP commands on the security appliance
Student Exercise 6.1: Reconfiguring Your DHCP Server
Module Seven: Virtual Private Networking (VPNs)
Virtual Private Networks (VPNs) are one of the most widely used tools to connect remote users to an office LAN and to connect remote offices to main office LANs. Cisco security appliances support both Site-to-Site and Remote Access LANs, plus the new Cisco ASA Security Appliance supports Web-based VPNs, thus eliminating the need for either a hardware or software VPN client. In this module, you'll learn about VPN protocols including PPTP and L2TP, VPN encryption technologies including IPSec, DES and 3DES (Data Encryption Standard), the Diffie-Hellman public-key cryptography protocol, ISAKMP (Internet Security Association Key Management Protocol) and IKE (Internet Key Exchange), AES (Advanced Encryption Standard), and more. We'll cover IKE phase 1 and IKE phase 2. Admittedly, it's a lot of acronyms, but we break it down so you can really understand the whole process.
PPTP
L2TP
IPSec
Encryption Algorithms
Hashing Algorithms
Authentication Methods
Troubleshooting VPN Connections
Configuring the Cisco VPN Client and Connecting to Your VPN
Creating a Web-Based SSL VPN
Student Exercise 7.1: Site-to-Site VPNs
Student Exercise 7.2: Remote Access VPNs
Student Exercise 7.3: Configuring a Web-Based SSL VPN
Student Exercise 7.4: Configuring the Cisco AnyConnect Client
Student Exercise 7.5: Logging Off VPN Users through the ASDM
Module Eight: DMZs (De-Militarized Zones)
DMZs (Demilitarized Zones) are not a new concept, but now even the most basic Cisco security appliance supports configuring VLANs and DMZs to isolate network hosts. In this module, you'll learn various applications for DMZs and how to configure a static routes, access control lists, security levels, and how to build a DMZ at the CLI (Command Line Interface).
Understanding DMZ concepts
Security Levels
Access Control Lists
Static Routes
Port Scanning
Student Exercise 8.1: Configuring a DMZ
Student Exercise 8.2: Analyzing Potential Vulnerabilities with Port Scanning
Module Nine: Filtering Content
Cisco ASA security appliance has extensive filtering and blocking capability. In this module, you'll learn how to configure Unicast RPF to help address problems caused by malformed or spoofed IP packets, how to block fragmented packets, how to implement intrusion detection and prevention through IP auditing, how to configure URL filtering with WebSense and Secure Computing's SmartFilter. You'll also learn how to filter dynamic content using Java Applets and ActiveX. Such content certainly can enhance the users' experience while visiting a website. Unfortunately, such applications can also be used to deliver malicious content. In this module, we'll show you how to use the filtering capabilities of the ASA Security Appliance to prevent Java Applets and ActiveX content from entering your network.
Prospective attendees should have completed soundtraining.net's Cisco Router Fundamentals workshop or have equivalent knowledge.
Schedule and Registration
Two consecutive days.
Registration (day one): 8:30 a.m. to 9:00 a.m.
Morning session (each day): 9:00 a.m. to noon
Lunch (on your own each day): 11:45 a.m. to 12:45 p.m.
Afternoon session (each day): 12:45 p.m. to 4:00 p.m.
Private Onsite Training
Bring us onsite to your location! All of soundtraining.net's outstanding training programs are available for presentation onsite at your location (or the location of your choice). You choose the time, the topic, and the location and we'll be there with top-notch training, delivered by the best trainers in the industry. Practical, understandable, and relevant is what makes the soundtraining.net difference! Please call 206.988.5858 or click here for more information about bringing the training right to your door.
Workshops 
Now upgraded with even more "hands-on" lab exercises (and less talking)!
Module One: Understanding Firewall Fundamentals
Bring us onsite to your location! All of soundtraining.net's outstanding training programs are available for presentation onsite at your location (or the location of your choice). You choose the time, the topic, and the location and we'll be there with top-notch training, delivered by the best trainers in the industry. Practical, understandable, and relevant is what makes the soundtraining.net difference! Please call 206.988.5858 or click 
