What not to do if you are trying to study for a certification, work a fulltime job, interview for new positions, prepare to sell a house, and look for a new house in a new state… It is really not very the best way to focus on learning, but
“Control what you can control”
So on with a short day 11 of studying.
Section 32: The Security Threat Landscape
- Most of this Section is a review since I have passed both of my Comptia Security+ and Cysa+ certification, it is not until the site-to-sit VPN that we start focusing on setting up and configuration.
- Site-to-site VPN Virtual Private Networks – This
- Phase 1 – Initial Setup of the tunnel
- Command to setup site-to-site VPN
- (config)#crypto isakmp policy 1
- (confi-isakmp)#encryption aes
- (confi-isakmp)#hash sha
- (confi-isakmp)#authentication pre-share
- (confi-isakmp)#group 2
- (confi-isakmp)#lifetime 86400
- (confi-isakmp)#crypto isakmp key [pre-shared key] address [address connecting to]
- Command to setup ACL and define the Interesting traffic/traffic that will be transversing the VPN
- (config)#ip access-list extended [text name]
- (config-ext-nacl)#permint ip [source IP range] [source subnet index] [detination ip range] [ destination subnet index]
- Command to setup site-to-site VPN
- Phase 2 – encryption of data that will be transversing the tunnel
- Command for ipsec
- (config-ext-nacl)#crypto ipsec transform-set [textname] esp-aes esp-sha-hmac
- Command for defining the traffic
- (config)#crypto map [textname] 10 ipsec-isakmp
- (config-crypto-map)#set peer [destination ip]
- (config-crypto-map)#set transform-set [textname]
- (config-crypto-map)#match address [accesslistName]
- Command to assign encryption to the interface
- (config-crypto-map)#interface [interface]
- (config-if)#crypto map [cryptoMapName]
- Command for ipsec
- Phase 1 – Initial Setup of the tunnel
- Remote Access VPN Virtual Private networks
- Cisco AnyConnect is used on the ASA firewall for remote access
- uses TLS
- Split Tunneling
- Corporate traffic will go over the VPN, internet traffic will go direct to the internet
- Full Tunneling
- All traffic will go through the VPN traffic and internet traffic will then be sent to the internet.
- Cisco AnyConnect is used on the ASA firewall for remote access
- Threat Defense Solutions
- malware, phishing and data exfiltration
- Cisco ESA – Email Security Appliance
- Scans links and attachments in incoming emails for malware, phishing attacks, and spam.
- Cisco WSA – Web Security Appliance
- Prevents users from accessing dangerous websites
- Policies can be implemented on both systems to prevent sensitive information from being sent out of the org.
- Cisco ESA – Email Security Appliance
- DDoS – Distributed Denial of Service
- Advanced firewalls can offload incoming connection attempts from servers when the traffic rate reaches a threshold and respond with quicker connection timeouts and/or cookies
- malware, phishing and data exfiltration