• Chapter 1: Describing Network Requirements
• Chapter 2: Topologies for Teleworker Connectivity
• Chapter 3: Using Cable to Connect to a Central Site
• Chapter 4: Using DSL to Connect to a Central Site
• Chapter 5: Configuring DSL Access with PPPoE
• Chapter 6: Configuring DSL Access with PPPoA
• Chapter 7: DSL Connection Troubleshooting
• Chapter 8: The MPLS Conceptual Model
• Chapter 9: MPLS Architecture
• Chapter 10: Configuring Frame Mode MPLS
• Chapter 11: MPLS VPN Technologies
• Chapter 12: IPsec Overview
• Chapter 13: Site-to-Site VPN Operations
• Chapter 14: GRE Tunneling over IPsec
• Chapter 15: IPsec High Availability Options
• Chapter 16: Configuring Cisco Easy VPN
• Chapter 18: Cisco Device Hardening
• Chapter 19: Securing Administrative Access
• Chapter 20: Using AAA to Scale Access Control
• Chapter 21: Cisco IOS Threat Defense Features
• Chapter 22: Implementing Cisco IOS Firewalls
• Chapter 23: Implementing Cisco IDS and IPS

Chapter 21: Cisco IOS Threat Defense Features

Firewall Technologies

• Packet Filtering - Access Control Lists (ACLs) are used to restrict traffic to and from certain addresses and port numbers.
• Application Layer Gateway (ALG) - An ALG operates at the application layer and sits between a client and server (example: HTTP proxy).
• Stateful Packet Filtering - Packet filtering with the added capability of tracking session state.

IOS Firewall Features

IOS Firewall

• Permits/denies TCP and UDP traffic
• Maintains a state table
• Dynamically modifies ACLs
• Denial of Service (DoS) mitigation
• Packet inspection

Authentication Proxy

Provides authentication and authorization for services via TACACS+ or RADIUS.

Supported protocols:

• HTTP
• HTTPS
• FTP
• Telnet

IOS Intrusion Prevention System (IPS)

Responds to suspect traffic with one or more actions:

• Drop - Drop the packet
• Block - Blocks origin IP for a specified amount of time
• Reset - Terminates the TCP session
• Alarm - Logs an alarm