CCNA Security

GUI

CSM

ACS: relate to security
TACTACS+: both authentication & authorisation
vty: Authentication
Debug by password not name
Authorise -> user Name
Default 狀態使用一次
“FAIF” pass wrong
AAA new model 後纔有 Customer list
ACL 的vty視所有爲平級對話communcation
VPN: intergrity & confidential
ISR: integrity -> back to work
ISE<==>A
AnyConnect=> full VPN SSL=>VPN 802.1x ; posture checking
Full VPN SSL=> traffic protect/security policy/ASA/remote/headquart
Cloud-base MDM不一定安全
ARS：WIFI 接入點
RSA=> OTP(ONE TIME PASS) => Asymetric（最有效）：DH【RSA】DH的結果爲Symmetric Key(用於Key Exchange)
3DES: Symetreic Key
AD: Authentication
CA:Certificate
NTP: perform
NAT: inside local -> same internal network -> relate to traffic ??
Site-Site VPN: IPsec
Shared secure Key: unsecure network
Sender’s private Key: Encrypt (digital symmetric)
Sender’s public Key: RSA Verify ID
revok: relate to time
SCEP: simplest client?? & CA’s ID
Protect Data: TLS/IPsec/SSL/HTTPS
IPsec=> ESP => Integrity(MD5) => Layer 3: RSA => Sending? & Receiving? VPN gateway
2048 the least size of ?
PKCS#10: request format from CA relate to “verify” “digital certificate”
Structure defined: Digital certificate => X.509V3
Prevent Sniffer: IPsec (Cannot get data even got access in the packet)
The first need: root’s public key
IKE1: Authenticate(PSK/RSA(request digital certificate/signature)
->> communication ->> encryption ->> hash ->> DH Group (site-site VPN: Group 2)
DH
Authenticate
IKE2: HMAC (Verify & integrity) (Site-site: PFS=>interface)

AH51/ESP50 VPN ???
ESA: Antispam
URL ⇒ WSA/CWS/Others
Policing/TCP SYN: ASA/IFS

Lagacy

MIE

SMIphing

PVLAN Isolate?
NAT

CoPP

AAA:command level
顯示level:
Sh asleep as ?

peer remote ip 錯誤，encrypt 沒收到

conceal inter address？

host level: IPS

Clientless?

IDP/ISP ? Monitor?

Blacklist/UrL router

tunnel mode?

Transparent mode?

one-firewall: self terminate?

CWS: s->security

Resilent 相關的?

Group policy?sales?

Radius 1812/1813? TACTAS++

datacenter?位置？ 正中/最上/最下？

Stateful firewall? inspect what? pass?

mobile hybrid? on-promise

HDLP?
IKE1: data integrity, encryption, reverse …?

Crpto Map site-site:: peer/transform set

Traffic

Steteful: record recovery? Layer 3/4/5 => reply traffic? 來回走
Initial： High -》》》 Low
Keychain: RIPV2
EIGRP: MD5

If packet transfer via private: Layer 3 ⇒ 使用正規PACKET 作掩體把此PACKET 放入，有正規的Destination address
WSA: AsyncOS
Adjacent Traffic : ip cef

Command

run-configure
boost-image
crypto-map: if-then/ transform set