6. ASA
Cisco ASA:
Is firewall and anti-malware security appliance
The Enterprise Editions include four versions: Firewall, IPS, Anti-X, and VPN.
ASA can also serve as an intrusion prevention system (IPS) and VPN concentrator.
Also covers new threats to a network like viruses, worms, unwanted applications (e.g., P2P, games, instant messaging), phishing, and application-layer attacks.
Act as an “all-in-one” device—or a unified threat management (UTM) device
ASA running in 7.2 v
Supporting Web VPN
Supporting Transparent Firewall, Security Context and Modular Policy
64 MB RAM
7. How translation happenings in ASA (TCP, UDP)
8. What is Modular Policy?
9. What are the Modules available in PIX and ASA?
10. Which IOS versions are you’re worked in PIX and ASA
11. Explain about Security Context. Explain about Active/Standby and Active/Active
12. Explain about Dynamic NAT, Static NAT, Identity NAT, Static PAT, Dynamic PAT and Policy Based Nat?
13. Explain about Packet Filtering, proxy server and stateful inspection
14. What is Firewall?
15. How to forcefully active secondary firewall to active firewall? Mean which command
16. Static NAT syntax?
17. About SSL VPN?
18. Command for disable anti-spoofing in ASA
19. Types of license in ASA
20. Fail-over commands
21. Explain about VPN Phase – I & Phase – II
22. How many packets are exchanging in Main mode and aggressive mode?
23. What is PFS?
24. Commands for vpn
25. Command for allow administrative access of SSH on firewall
26. How fail-over working (Mechanism)
27. How Stateful fail-over works?
28. Example of Packet Filtering, proxy server and stateful inspection (router,isa,checkpoint)
29. Default Security level for inside and outside
30. What are all routing protocol can support in asa
31. Port no for ESP and AH
32. What is the difference between ESP and AH
33. What is spoofing and what is anti-spoofing
34. Stateful firewall working architecture.
35. How firewall process the packet (rule, route, nat)
36. Edit the access-list using access-list line number.
36. IOS versions of pix and asa (6.0, 7.0, and 8.0) major release are enough.
37. Pix appliances series and ASA appliance series
38. How layer2 firewall (transparent firewall) works in ASA (FWSW)
39. ASA Can do vpn with other vendor firewall?
40. Default inspection protocol in asa?
41. IS it support ISP redundancy? Yes.
42. ICMP mechanism by-default in firewall.(high-low echo-req allow)
43.ASA IOS Name(finesse)
44. Integrating with 3 rd party devices
45. Difference between checkpoint and ASA
46. What is Data Confidentiality?
Data confidentiality This is done via encryption to protect data from eavesdropping attacks; supported encryption algorithms include DES, 3DES, and AES.
47. What is Data Integrity?
Data integrity and authentication This is done via HMAC functions to verify that packets haven't been tampered with and are being received from a valid peer; in other words, to prevent a man-in-the-middle or session hijacking attack. Supported HMAC functions include MD5 and SHA-1.
48. Anti-replay
Anti-replay detection This is done by including encrypted sequence numbers in data packets to ensure that a replay attack doesn't occur from a man-in-the-middle device.
49. Explain about Main mode and explain mode in Phase I?
ISAKMP/IKE Phase 1 is basically responsible for setting up the secure management connection. However, there are two modes for performing these three steps:
Main, Aggressive Modes
Main Mode: Main mode performs three two-way exchanges totaling six packets. The three exchanges are the three steps listed in the last section: negotiate the security policy to use for the management connection, use DH to encrypt the keys for the encryption algorithm and HMAC function negotiated in Step 1, and perform device authentication using either pre-shared keys, RSA encrypted nonces, or RSA signatures (digital certificates).
Main mode has one advantage: the device authentication step occurs across the secure management connection, because this connection was built in the first two steps. Therefore, any identity information that the two peers need to send to each other is protected from eavesdropping attacks. This is the Cisco default mode for site-to-site sessions and for remote access connections that use certificates for device authentication.
Aggressive Mode: In aggressive mode, two exchanges take place. The first exchange contains a list of possible policies to use to protect the management connection, the public key from the public/private key combination created by DH, identity information, and verification of the identity information (for example, a signature). All of this is squeezed into one packet. The second exchange is an acknowledgment of the receipt of the first packet, sharing the encrypted keys (done by DH), and whether or not the management connection has been established successfully.
Aggressive mode has one main advantage over main mode: it is quicker in establishing the secure management connection. However, its downside is that any identity information is sent in clear text; so if someone was eavesdropping on the transmission, they could see the actual identity information used to create the signature for device authentication. This shouldn't be a security issue, but if you are concerned about this, you can always use main mode.
As I mentioned in the last section, main mode is the default mode for Cisco VPNs with one exception: Aggressive mode is the default mode with the Cisco remote access VPN if the devices will be using group pre-shared keys for device authentication.
50. Explain about Transport mode and Tunnel mode in Phase II?
Phase 2 Connection Modes
As I mentioned in the last two sections, there are two types of modes that AH and ESP can use to transport protected information to a destination:
Transport mode, Tunnel mode
In transport mode, the real source and destination of the user data are performing the protection service. It becomes more difficult to manage as you add more and more devices using this connection mode. This mode is commonly used between two devices that need to protect specific information, like TFTP transfers of configuration files or syslog transfers of logging messages.
In tunnel mode, intermediate devices (typically) are performing the protection service for the user data. This connection mode is used for site-to-site and remote access connections. Because the original IP packet is protected and embedded in AH/ESP and an outer IP header is added, the internal IP packet can contain private IP addresses. Plus, if you're using ESP for encryption, the real source and destination of the user data is hidden from eavesdroppers. The main advantage of tunnel mode over transport mode is that the protection service function can be centralized on a small number of devices, reducing the amount of configuration and management required. Both of these modes were discussed in detail in Chapter 1, "Overview of VPNs."
51. PPTP?
PPTP: PPTP originally was developed by Microsoft to provide a secure remote access solution where traffic needed to be transported from a client, across a public network, to a Microsoft server (VPN gateway). One of the interesting items about PPTP's implementation is that it is an extension of the Point-to-Point Protocol (PPP). Because PPTP uses PPP, PPTP can leverage PPP's features. For example, PPTP allows the encapsulation of multiple protocols, such as IP, IPX, and NetBEUI, via the VPN tunnel. Also, PPP supports the use of authentication via PAP, CHAP, and MS-CHAP. PPTP can use this to authenticate devices.
52. L2TP?
L2TP: L2TP is a combination of PPTP and L2F. It is defined in RFCs 2661 and 3438. L2TP took the best of both PPTP and L2F and integrated them into a single protocol. Like PPTP, L2TP uses PPP to encapsulate user data, allowing the multiple protocols to be sent across a tunnel. L2TP, like PPTP, extends the PPP protocol. As an additional security enhancement, L2TP can be placed in the payload of an IPsec packet, combining the security advantages of IPsec and the benefits of user authentication, tunnel address assignment and configuration, and multiple protocol support with PPP. This combination is commonly referred to as L2TP over IPsec or L2TP/IPsec. The remainder of this chapter is devoted to an overview of L2TP, how it is implemented, and the advantages it has over PPTP.
Cisco ASA:
Is firewall and anti-malware security appliance
The Enterprise Editions include four versions: Firewall, IPS, Anti-X, and VPN.
ASA can also serve as an intrusion prevention system (IPS) and VPN concentrator.
Also covers new threats to a network like viruses, worms, unwanted applications (e.g., P2P, games, instant messaging), phishing, and application-layer attacks.
Act as an “all-in-one” device—or a unified threat management (UTM) device
ASA running in 7.2 v
Supporting Web VPN
Supporting Transparent Firewall, Security Context and Modular Policy
64 MB RAM
7. How translation happenings in ASA (TCP, UDP)
8. What is Modular Policy?
9. What are the Modules available in PIX and ASA?
10. Which IOS versions are you’re worked in PIX and ASA
11. Explain about Security Context. Explain about Active/Standby and Active/Active
12. Explain about Dynamic NAT, Static NAT, Identity NAT, Static PAT, Dynamic PAT and Policy Based Nat?
13. Explain about Packet Filtering, proxy server and stateful inspection
14. What is Firewall?
15. How to forcefully active secondary firewall to active firewall? Mean which command
16. Static NAT syntax?
17. About SSL VPN?
18. Command for disable anti-spoofing in ASA
19. Types of license in ASA
20. Fail-over commands
21. Explain about VPN Phase – I & Phase – II
22. How many packets are exchanging in Main mode and aggressive mode?
23. What is PFS?
24. Commands for vpn
25. Command for allow administrative access of SSH on firewall
26. How fail-over working (Mechanism)
27. How Stateful fail-over works?
28. Example of Packet Filtering, proxy server and stateful inspection (router,isa,checkpoint)
29. Default Security level for inside and outside
30. What are all routing protocol can support in asa
31. Port no for ESP and AH
32. What is the difference between ESP and AH
33. What is spoofing and what is anti-spoofing
34. Stateful firewall working architecture.
35. How firewall process the packet (rule, route, nat)
36. Edit the access-list using access-list line number.
36. IOS versions of pix and asa (6.0, 7.0, and 8.0) major release are enough.
37. Pix appliances series and ASA appliance series
38. How layer2 firewall (transparent firewall) works in ASA (FWSW)
39. ASA Can do vpn with other vendor firewall?
40. Default inspection protocol in asa?
41. IS it support ISP redundancy? Yes.
42. ICMP mechanism by-default in firewall.(high-low echo-req allow)
43.ASA IOS Name(finesse)
44. Integrating with 3 rd party devices
45. Difference between checkpoint and ASA
46. What is Data Confidentiality?
Data confidentiality This is done via encryption to protect data from eavesdropping attacks; supported encryption algorithms include DES, 3DES, and AES.
47. What is Data Integrity?
Data integrity and authentication This is done via HMAC functions to verify that packets haven't been tampered with and are being received from a valid peer; in other words, to prevent a man-in-the-middle or session hijacking attack. Supported HMAC functions include MD5 and SHA-1.
48. Anti-replay
Anti-replay detection This is done by including encrypted sequence numbers in data packets to ensure that a replay attack doesn't occur from a man-in-the-middle device.
49. Explain about Main mode and explain mode in Phase I?
ISAKMP/IKE Phase 1 is basically responsible for setting up the secure management connection. However, there are two modes for performing these three steps:
Main, Aggressive Modes
Main Mode: Main mode performs three two-way exchanges totaling six packets. The three exchanges are the three steps listed in the last section: negotiate the security policy to use for the management connection, use DH to encrypt the keys for the encryption algorithm and HMAC function negotiated in Step 1, and perform device authentication using either pre-shared keys, RSA encrypted nonces, or RSA signatures (digital certificates).
Main mode has one advantage: the device authentication step occurs across the secure management connection, because this connection was built in the first two steps. Therefore, any identity information that the two peers need to send to each other is protected from eavesdropping attacks. This is the Cisco default mode for site-to-site sessions and for remote access connections that use certificates for device authentication.
Aggressive Mode: In aggressive mode, two exchanges take place. The first exchange contains a list of possible policies to use to protect the management connection, the public key from the public/private key combination created by DH, identity information, and verification of the identity information (for example, a signature). All of this is squeezed into one packet. The second exchange is an acknowledgment of the receipt of the first packet, sharing the encrypted keys (done by DH), and whether or not the management connection has been established successfully.
Aggressive mode has one main advantage over main mode: it is quicker in establishing the secure management connection. However, its downside is that any identity information is sent in clear text; so if someone was eavesdropping on the transmission, they could see the actual identity information used to create the signature for device authentication. This shouldn't be a security issue, but if you are concerned about this, you can always use main mode.
As I mentioned in the last section, main mode is the default mode for Cisco VPNs with one exception: Aggressive mode is the default mode with the Cisco remote access VPN if the devices will be using group pre-shared keys for device authentication.
50. Explain about Transport mode and Tunnel mode in Phase II?
Phase 2 Connection Modes
As I mentioned in the last two sections, there are two types of modes that AH and ESP can use to transport protected information to a destination:
Transport mode, Tunnel mode
In transport mode, the real source and destination of the user data are performing the protection service. It becomes more difficult to manage as you add more and more devices using this connection mode. This mode is commonly used between two devices that need to protect specific information, like TFTP transfers of configuration files or syslog transfers of logging messages.
In tunnel mode, intermediate devices (typically) are performing the protection service for the user data. This connection mode is used for site-to-site and remote access connections. Because the original IP packet is protected and embedded in AH/ESP and an outer IP header is added, the internal IP packet can contain private IP addresses. Plus, if you're using ESP for encryption, the real source and destination of the user data is hidden from eavesdroppers. The main advantage of tunnel mode over transport mode is that the protection service function can be centralized on a small number of devices, reducing the amount of configuration and management required. Both of these modes were discussed in detail in Chapter 1, "Overview of VPNs."
51. PPTP?
PPTP: PPTP originally was developed by Microsoft to provide a secure remote access solution where traffic needed to be transported from a client, across a public network, to a Microsoft server (VPN gateway). One of the interesting items about PPTP's implementation is that it is an extension of the Point-to-Point Protocol (PPP). Because PPTP uses PPP, PPTP can leverage PPP's features. For example, PPTP allows the encapsulation of multiple protocols, such as IP, IPX, and NetBEUI, via the VPN tunnel. Also, PPP supports the use of authentication via PAP, CHAP, and MS-CHAP. PPTP can use this to authenticate devices.
52. L2TP?
L2TP: L2TP is a combination of PPTP and L2F. It is defined in RFCs 2661 and 3438. L2TP took the best of both PPTP and L2F and integrated them into a single protocol. Like PPTP, L2TP uses PPP to encapsulate user data, allowing the multiple protocols to be sent across a tunnel. L2TP, like PPTP, extends the PPP protocol. As an additional security enhancement, L2TP can be placed in the payload of an IPsec packet, combining the security advantages of IPsec and the benefits of user authentication, tunnel address assignment and configuration, and multiple protocol support with PPP. This combination is commonly referred to as L2TP over IPsec or L2TP/IPsec. The remainder of this chapter is devoted to an overview of L2TP, how it is implemented, and the advantages it has over PPTP.
No comments:
Post a Comment