Last bunch of notes!
Lots of this has already been covered (IPSec & PKI for example). It's a bit brief, most of it it common sense (like knowing what a VPN client is...). Most of the technologies listed are end of life (EoL) anyway.
Feel free to comment with anything useful to flesh it out a bit.
5.7 Cisco Secure ACS Solution Engine
Access policy control platformDevice administration
Remote access
Wireless
NAC
RADIUS & TACACS+
LDAP, ODBC, MS AD
PAP, CHAP, MS-CHAP, EAP
dACLs
5.8 Cisco Network Admission Control (NAC) Appliance Server
Uses Cisco Clean Access Agent - checks for patches etc. Now EoL.5.9 Endpoint and client
5.9.a Cisco AnyConnect VPN Client
Uses SSL & IPSec IKEv25.9.b Cisco VPN Client
5.9.c Cisco Secure Desktop
- minimizes risksEstablishes clientless SSL VPN or AnyConnect VPN
ASA downloads HostScan to the endpoint
Checks:
OS
Specified files
Specified registry keys
Digital certificates
IPv4 or IPv6 addess wi/in specified range
HostScan gathers AV, firewall, antispyware version information
endpoint does not meet requirements 0 login denied, interaction stops
endpoint does meet requirements - prelogin policy assigned, interaction continues
HostScan checks for keystroke loggers & host emulation
AV, firewall, antispyware remediation
User logs in
ASA applies dynamic access policy to session
User terminates, HostScan terminates, cache cleaner cleans up.
5.9.d Cisco NAC Agent
5.10 Secure access gateways (Cisco IOS router or ASA)
5.10.a IPsec
Already covered pretty much.5.10.b SSL VPN
http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htwebvpn.htmlhttp://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_sslvpn/configuration/15-mt/sec-conn-sslvpn-15-mt-book/sec-conn-sslvpn-smart-tunnels-support.pdf
clientless, thin-client & full-tunnel
Smart tunnels - uses Winsock library
do not support split-tunnelling, Cisco Secure Desktop, private socket libraries and MAPI proxy. cannot start in two web browsers simultaneously
5.10.c PKI
Already covered.5.11 Virtual security gateway
Multi-tenant, zone-based, context aware. Offloads packet-intensive processing to Nexus 1000V. Supports active/standby, VXLAN5.12 Cisco Catalyst 6500 Series ASA Services Modules
Already covered ASA.5.13 ScanSafe functionality and components
Cloud Web Security:malware protection
DLP
LDAP integration
reporting
EoL - replaced w/ UTM (ASA, SourceFire & WSA
5.14 Cisco Web Security Appliance and Cisco Email Security Appliance
web security, anti-malware,5.15 Security management
All much of a muchness.5.15.a Cisco Security Manager
5.15.b Cisco Adaptive Security Device Manager (ASDM)
5.15.c Cisco IPS Device Manager (IDM)
5.15.d Cisco IPS Manager Express (IME)
Supports up to ten IPS units
5.15.e Cisco Configuration Professional
Smart wizards & advanced configuration support for LAN and WAN, NAT, stateful and application firewall policy, IPS, IPSec, & SSL VPN, QoS & NAC.One-click router lockdown
Voice & Security auditing capabilities
Monitor router status
Troubleshooting
Express version lives on flash in ISRs:
Basic configuration of interfaces
Hostname, DNS, DHCp configs
User management
plug-n-play server
dashboard for troubleshooting & CLI
5.15.f Cisco Prime
simplifies network managementimproves operational efficiency
delivers predictable services
lower TCO