Category: Cisco Data Center Solutions
-
VPN Essentials – Cisco Virtual Private Network (VPN)
VPN Essentials VPN technology leverages a variety of protocols and algorithms to provide information security services. In VPN architectures, confidentiality is maintained by encrypting the packet, integrity is guaranteed by validating the hash function, and availability to authorized users is confirmed by matching the secret keys. Figure 19-1 shows three main components of information security—confidentiality,…
-
“Do I Know This Already?” Quiz – Cisco Traffic Decryption Policy
“Do I Know This Already?” Quiz The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read…
-
Traffic Decryption Essentials – Cisco Traffic Decryption Policy
Traffic Decryption Essentials Secrecy and privacy are of vital importance for communication. Prior to the electronic communication era, a person was appointed as a messenger. Sometimes, a pigeon was used for its homing instinct. However, neither a person nor a pigeon was able to ensure the confidentiality of a message. The longer the distance they…
-
Decryption Techniques on Secure Firewall – Cisco Traffic Decryption Policy
Decryption Techniques on Secure Firewall The full suite of access control rule capabilities can be performed only on nonencrypted traffic. To decrypt, inspect, and block encrypted traffic, you need to configure an SSL policy and select the SSL policy from within your access control policy. When an SSL policy is associated with an access control…
-
Best Practices for Traffic Decryption – Cisco Traffic Decryption Policy
Best Practices for Traffic Decryption Enabling traffic decryption functionality introduces additional CPU overhead, which can impact the overall throughput of the system. Therefore, you should consider the following best practices when you configure an SSL policy: Configuring a Decryption Policy In the following sections, you learn how to configure an SSL policy to decrypt network…
-
Analyzing QoS Events and Statistics – Cisco Quality of Service (QoS)
Analyzing QoS Events and Statistics If you have enabled logging for the connections that also match your QoS rule conditions, you can view the QoS-related statistics in the Connection Events page. Here are the steps to view them: Step 1. Navigate to Analysis > Connections > Events. Step 2. Select Connection Events as the table…
-
“Do I Know This Already?” Quiz – Cisco System Logging (Syslog)
“Do I Know This Already?” Quiz The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read…
-
Secure Firewall Logging Essentials – Cisco System Logging (Syslog)
Secure Firewall Logging Essentials Secure Firewall can generate syslog alerts for various security events, such as intrusion policies, file and malware policies, discovery policies, and access control policies. It can also send syslog alerts to provide the health status of its various hardware and software components. You can configure a management center to generate and…
-
Best Practices for Logging – Cisco System Logging (Syslog)
Best Practices for Logging Consider the following issues when configuring Secure Firewall to send alerts to a syslog server: Prerequisites To learn and test the syslog configuration, you can utilize the same lab that you built in previous chapters. You can simply install the syslog service to your administrator computer. Figure 21-1 shows the lab…
-
Sending Syslog from Threat Defense – Cisco System Logging (Syslog)
Sending Syslog from Threat Defense By using the platform settings policy, you can deploy different logging configurations to different threat defense devices. The platform settings policy allows you to configure many device-specific options in one place and then deploy them to one or more threat defense devices as needed. For example, you can add a…