larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

Book

  • Sorry, this book is no longer in print.
Not for Sale
  • Description
  • Sample Content
  • Updates
  • Copyright 2006
  • Edition: 1st
  • Book
  • ISBN-10: 1-58705-209-1
  • ISBN-13: 978-1-58705-209-5

Identify, mitigate, and respond to network attacks

  • Understand the evolution of security technologies that make up the unified ASA device and how to install the ASA hardware
  • Examine firewall solutions including network access control, IP routing, AAA, application inspection, virtual firewalls, transparent (Layer 2) firewalls, failover and redundancy, and QoS
  • Evaluate Intrusion Prevention System (IPS) solutions including IPS integration and Adaptive Inspection and Prevention Security Services Module (AIP-SSM) configuration
  • Deploy VPN solutions including site-to-site IPsec VPNs, remote- access VPNs, and Public Key Infrastructure (PKI)
  • Learn to manage firewall, IPS, and VPN solutions with Adaptive Security Device Manager (ASDM)

Achieving maximum network security is a challenge for most organizations. Cisco® ASA, a new unified security device that combines firewall, network antivirus, intrusion prevention, and virtual private network (VPN) capabilities, provides proactive threat defense that stops attacks before they spread through the network.

This new family of adaptive security appliances also controls network activity and application traffic and delivers flexible VPN connectivity. The result is a powerful multifunction network security device that provides the security breadth and depth for protecting your entire network, while reducing the high deployment and operations costs and complexities associated with managing multiple point products.

Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance is a practitioner’s guide to planning, deploying, and troubleshooting a comprehensive security plan with Cisco ASA. The book provides valuable insight and deployment examples and demonstrates how adaptive identification and mitigation services on Cisco ASA provide a sophisticated security solution for both large and small network environments.

The book contains many useful sample configurations, proven design scenarios, and discussions of debugs that help you understand how to get the most out of Cisco ASA in your own network.

“I have found this book really highlights the practical aspects needed for building real-world security. It offers the insider’s guidance needed to plan, implement, configure, and troubleshoot the Cisco ASA in customer environments and demonstrates the potential and power of Self-Defending Networks.”

–Jayshree Ullal, Sr. Vice President, Security Technologies Group, Cisco Systems® 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Online Sample Chapter

Cisco ASA Security Contexts

Downloadable Sample Chapter

Download - 184 KB -- Chapter 9: Security Contexts

Table of Contents

Foreword  

Introduction    

Part I Product Overview

Chapter 1 Introduction to Network Security

Firewall Technologies

Network Firewalls

Packet-Filtering Techniques

Application Proxies

Network Address Translation

Port Address Translation

Static Translation

Stateful Inspection Firewalls

Personal Firewalls

Intrusion Detection and Prevention Technologies

Network-Based Intrusion Detection and Prevention Systems

Pattern Matching and Stateful Pattern-Matching Recognition

Protocol Analysis

Heuristic-Based Analysis

Anomaly-Based Analysis

Host-Based Intrusion Detection Systems

Network-Based Attacks

DoS Attacks

TCP SYN Flood Attacks

land.c Attacks

Smurf Attacks

DDoS Attacks

Session Hijacking

Virtual Private Networks

Understanding IPSec

Internet Key Exchange

IKE Phase 1

IKE Phase 2

IPSec Protocols

Authentication Header

Encapsulation Security Payload

IPSec Modes

Transport Mode

Tunnel Mode

Summary


Chapter 2 Product History

Cisco Firewall Products

Cisco PIX Firewalls

Cisco FWSM

Cisco IOS Firewall

Cisco IDS Products

Cisco VPN Products

Cisco ASA All-in-One Solution

Firewall Services

IPS Services

VPN Services

Summary

Chapter 3 Hardware Overview

 Cisco ASA 5510 Model

Cisco ASA 5520 Model

Cisco ASA 5540 Model

AIP-SSM Modules

Summary

Part II Firewall Solution

Chapter 4 Initial Setup and System Maintenance

Accessing the Cisco ASA Appliances

Establishing a Console Connection

Command-Line Interface

Managing Licenses

Initial Setup

Setting Up the Device Name

Configuring an Interface

Configuring a Subinterface

Configuring a Management Interface

DHCP Services

IP Version 6

IPv6 Header

Configuring IPv6

IP Address Assignment


Setting Up the System Clock

Manual Clock Adjustment Using clock set

Automatic Clock Adjustment Using the Network Time Protocol

Time Zones and Daylight Savings Time

Configuration Management

Running Configuration

Startup Configuration

Removing the Device Configuration

Remote System Management

Telnet

Secure Shell

System Maintenance

Software Installation

Image Upgrade via the Cisco ASA CLI

Image Recovery Using ROMMON

Password Recovery Process

Disabling the Password Recovery Process

System Monitoring

System Logging

Enabling Logging

Logging Types

Additional Syslog Parameters

Simple Network Management Protocol

Configuring SNMP

SNMP Monitoring

CPU and Memory Monitoring

Summary

Chapter 5 Network Access Control

Packet Filtering

Types of ACLs

Standard ACLs

Extended ACLs

IPv6 ACLs

EtherType ACLs

WebVPN ACLs

Comparing ACL Features

Configuring Packet Filtering

Step 1: Set Up an ACL

Step 2: Apply an ACL to an Interface

Step 3: Set Up an IPv6 ACL (Optional)


Advanced ACL Features

Object Grouping

Object Types

Object Grouping and ACLs

Standard ACLs

Time-Based ACLs

Absolute

Periodic

Downloadable ACLs

ICMP Filtering

Content and URL Filtering

Content Filtering

ActiveX Filtering

Java Filtering

Configuring Content Filtering

URL Filtering

Configuring URL Filtering

Deployment Scenarios Using ACLs

Using ACLs to Filter Inbound and Outbound Traffic

Enabling Content Filtering Using Websense

Monitoring Network Access Control

Monitoring ACLs

Monitoring Content Filtering

Understanding Address Translation

Network Address Translation

Port Address Translation

Packet Flow Sequence

Configuring Address Translation

Static NAT

Dynamic Network Address Translation

Static Port Address Translation

Dynamic Port Address Translation

Policy NAT/PAT

Bypassing Address Translation

Identity NAT

NAT Exemption

NAT Order of Operation

Integrating ACLs and NAT

DNS Doctoring

Monitoring Address Translations

Summary


Chapter 6 IP Routing

Configuring Static Routes

RIP

Configuring RIP

Verifying the Configuration

Troubleshooting RIP

Scenario 1: RIP Version Mismatch

Scenario 2: RIP Authentication Mismatch

Scenario 3: Multicast or Broadcast Packets Blocked

Scenario 4: Correct Configuration and Behavior

OSPF

Configuring OSPF

Enabling OSPF

Virtual Links

Configuring OSPF Authentication

Configuring the Cisco ASA as an ASBR

Stub Areas and NSSAs

ABR Type 3 LSA Filtering

OSPF neighbor Command and Dynamic Routing over VPN

Troubleshooting OSPF

Useful Troubleshooting Commands

Mismatched Areas

OSPF Authentication Mismatch

Troubleshooting Virtual Link Problems

IP Multicast

IGMP

IP Multicast Routing

Configuring Multicast Routing

Enabling Multicast Routing

Statically Assigning an IGMP Group

Limiting IGMP States

IGMP Query Timeout

Defining the IGMP Version

Configuring Rendezvous Points

Configuring Threshold for SPT Switchover

Filtering RP Register Messages

PIM Designated Router Priority

PIM Hello Message Interval

Configuring a Static Multicast Route

Troubleshooting IP Multicast Routing

show Commands

debug Commands


Deployment Scenarios

Deploying OSPF

Deploying IP Multicast

Summary

Chapter 7 Authentication, Authorization, and Accounting (AAA)

AAA Protocols and Services Supported by Cisco ASA

RADIUS

TACACS+

RSA SecurID

Microsoft Windows NT

Active Directory and Kerberos

Lightweight Directory Access Protocol

Defining an Authentication Server

Configuring Authentication of Administrative Sessions

Authenticating Telnet Connections

Authenticating SSH Connections

Authenticating Serial Console Connections

Authenticating Cisco ASDM Connections

Authenticating Firewall Sessions (Cut-Through Proxy Feature)

Authentication Timeouts

Customizing Authentication Prompts

Configuring Authorization

Command Authorization

Configuring Downloadable ACLs

Configuring Accounting

RADIUS Accounting

TACACS+ Accounting

Deployment Scenarios

Deploying Authentication, Command Authorization, and Accounting for Administrative Sessions

Deploying Cut-Through Proxy Authentication

Troubleshooting AAA

Troubleshooting Administrative Connections to Cisco ASA

Troubleshooting Firewall Sessions (Cut-Through Proxy)

Summary


 Chapter 8 Application Inspection

Enabling Application Inspection Using the Modular Policy Framework

Selective Inspection

Computer Telephony Interface Quick Buffer Encoding Inspection

Domain Name System

Extended Simple Mail Transfer Protocol

File Transfer Protocol

General Packet Radio Service Tunneling Protocol

GTPv0

GTPv1

Configuring GTP Inspection

H.323

H.323 Protocol Suite

H.323 Version Compatibility

Enabling H.323 Inspection

Direct Call Signaling and Gatekeeper Routed Control Signaling

T.38

HTTP

Enabling HTTP Inspection

strict-http

content-length

content-type-verification

max-header-length

max-uri-length

port-misuse

request-method

transfer-encoding type

ICMP

ILS

MGCP

NetBIOS

PPTP

Sun RPC

RSH


RTSP

SIP

Skinny

SNMP

SQL*Net

TFTP

XDMCP

Deployment Scenarios

ESMTP

HTTP

FTP

Summary

Chapter 9 Security Contexts

Architectural Overview

System Execution Space

Admin Context

Customer Context

Packet Flow in Multiple Mode

Packet Classification

Packet Forwarding Between Contexts

Configuration of Security Contexts

Step 1: Enabling Multiple Security Contexts Globally

Step 2: Setting Up the System Execution Space

Step 3: Specifying a Configuration URL

Step 4: Allocating the Interfaces

Step 5: Configuring an Admin Context

Step 6: Configuring a Customer Context

Step 7: Managing the Security Contexts (Optional)

Deployment Scenarios

Virtual Firewall Using Two Customer Contexts

Virtual Firewall Using a Shared Interface

Monitoring and Troubleshooting the Security Contexts

Monitoring

Troubleshooting

Summary


Chapter 10 Transparent Firewalls

Architectural Overview

Single-Mode Transparent Firewall

Packet Flow in an SMTF

Multimode Transparent Firewall

Packet Flow in an MMTF

Transparent Firewalls and VPNs

Configuration of Transparent Firewall

Configuration Guidelines

Configuration Steps

Step 1: Enabling Transparent Firewalls

Step 2: Setting Up Interfaces

Step 3: Configuring an IP Address

Step 4: Configuring Interface ACLs

Step 5: Adding Static L2F Table Entries (Optional)

Step 6: Enabling ARP Inspection (Optional)

Step 7: Modifying L2F Table Parameters (optional)

Deployment Scenarios

SMTF Deployment

MMTF Deployment with Security Contexts

Monitoring and Troubleshooting the Transparent Firewall

Monitoring

Troubleshooting

Summary

Chapter 11 Failover and Redundancy

Architectural Overview

Conditions that Trigger Failover

Failover Interface Tests

Stateful Failover

Hardware and Software Requirements

Types of Failover

Active/Standby Failover

Active/Active Failover

Asymmetric Routing

Failover Configuration

Active/Standby Failover Configuration

Step 1: Select the Failover Link

Step 2: Assign Failover IP Addresses

Step 3: Set the Failover Key (Optional)


Step 4: Designating the Primary Cisco ASA

Step 5: Enable Stateful Failover (Optional)

Step 6: Enable Failover Globally

Step 7: Configure Failover on the Secondary Cisco ASA

Active/Active Failover Configuration

Step 1: Select the Failover Link

Step 2: Assign Failover Interface IP Addresses

Step 3: Set Failover Key

Step 4: Designate the Primary Cisco ASA

Step 5: Enable Stateful Failover

Step 6: Set Up Failover Groups

Step 7: Assign Failover Group Membership

Step 8: Assign Interface IP Addresses

Step 9: Set Up Asymmetric Routing (Optional)

Step 10: Enable Failover Globally

Step 11: Configure Failover on the Secondary Cisco ASA

Optional Failover Commands

Specifying Failover MAC Addresses

Configuring Interface Policy

Managing Failover Timers

Monitoring Failover Interfaces

Zero-Downtime Software Upgrade

Deployment Scenarios

Active/Standby Failover in Single Mode

Active/Active Failover in Multiple Security Contexts

Monitoring and Troubleshooting Failovers

Monitoring

Troubleshooting

Summary

Chapter 12 Quality of Service

Architectural Overview

Traffic Policing

Traffic Prioritization

Packet Flow Sequence

Packet Classification

IP Precedence Field

IP DSCP Field

IP Access Control List

IP Flow

VPN Tunnel Group

QoS and VPN Tunnels


Configuring Quality of Service

Step 1: Set Up a Class Map

Step 2: Configure a Policy Map

Step 3: Apply the Policy Map on the Interface

Step 4: Tune the Priority Queue (Optional)

QoS Deployment Scenarios

QoS for VoIP Traffic

QoS for the Remote-Access VPN Tunnels

Monitoring QoS

Summary

Part III Intrusion Prevention System (IPS) Solution

Chapter 13 Intrusion Prevention System Integration

Adaptive Inspection Prevention Security Services Module Overview (AIP-SSM)

AIP-SSM Management

Inline Versus Promiscuous Mode

Directing Traffic to the AIP-SSM

AIP-SSM Module Software Recovery

Additional IPS Features

IP Audit

Shunning

Summary

Chapter 14 Configuring and Troubleshooting Cisco IPS Software via CLI

Cisco IPS Software Architecture

MainApp

SensorApp

Network Access Controller

AuthenticationApp

cipsWebserver

LogApp

EventStore

TransactionSource

Introduction to the CIPS 5.x Command-Line Interface

Logging In to the AIP-SSM via the CLI

CLI Command Modes

Initializing the AIP-SSM

User Administration


User Account Roles and Levels

Administrator Account

Operator Account

Viewer Account

Service Account

Adding and Deleting Users by Using the CLI

Creating Users

Deleting Users

Changing Passwords

AIP-SSM Maintenance

Adding Trusted Hosts

SSH Known Host List

TLS Known Host List

Upgrading the CIPS Software and Signatures via the CLI

One-Time Upgrades

Scheduled Upgrades

Displaying Software Version and Configuration Information

Backing Up Your Configuration

Displaying and Clearing Events

Displaying and Clearing Statistics

Advanced Features and Configuration

IPS Tuning

Disabling and Retiring IPS Signatures

Custom Signatures

IP Logging

Automatic Logging

Manual Logging of Specific Host Traffic

Configuring Blocking (Shunning)

Summary

Part IV Virtual Private Network (VPN) Solution

Chapter 15 Site-to-Site IPSec VPNs

Preconfiguration Checklist

Configuration Steps

Step 1: Enable ISAKMP

Step 2: Create the ISAKMP Policy

Step 3: Set the Tunnel Type

Step 4: Configure ISAKMP Preshared Keys

Step 5: Define the IPSec Policy


Step 6: Specify Interesting Traffic

Step 7: Configure a Crypto Map

Step 8: Apply the Crypto Map to an Interface

Step 9: Configuring Traffic Filtering

Step 10: Bypassing NAT (Optional)

Advanced Features

OSPF Updates over IPSec

Reverse Route Injection

NAT Traversal

Tunnel Default Gateway

Optional Commands

 Perfect Forward Secrecy

Security Association Lifetimes

Phase 1 Mode

Connection Type

Inheritance

ISAKMP Keepalives

Deployment Scenarios

Single Site-to-Site Tunnel Configuration Using NAT-T

Fully Meshed Topology with RRI

Monitoring and Troubleshooting Site-to-Site IPSec VPNs

Monitoring Site-to-Site VPNs

Troubleshooting Site-to-Site VPNs

ISAKMP Proposal Unacceptable

Mismatched Preshared keys

Incompatible IPSec Transform Set

Mismatched Proxy Identities

Summary

Chapter 16 Remote Access VPN

Cisco IPSec Remote Access VPN Solution

Configuration Steps

Step 1: Enable ISAKMP

Step 2: Create the ISAKMP Policy

Step 3: Configure Remote-Access Attributes

Step 4: Define the Tunnel Type

Step 5: Configure ISAKMP Preshared Keys

Step 6: Configure User Authentication

Step 7: Assign an IP Address


Step 8: Define the IPSec Policy

Step 9: Set Up a Dynamic Crypto Map

Step 10: Configure the Crypto Map

Step 11: Apply the Crypto Map to an Interface

Step 12: Configure Traffic Filtering

Step 13: Set Up a Tunnel Default Gateway (Optional)

Step 14: Bypass NAT (Optional)

Step 15: Set Up Split Tunneling (Optional)

Cisco VPN Client Configuration

Software-Based VPN Clients

Hardware-Based VPN Clients

Advanced Cisco IPSec VPN Features

Transparent Tunneling

NAT Traversal

IPSec over TCP

IPSec over UDP

IPSec Hairpinning

VPN Load-Balancing

Client Auto-Update

Client Firewalling

Personal Firewall Check

Central Protection Policy

Hardware based Easy VPN Client Features

Interactive Hardware Client Authentication

Individual User Authentication

Cisco IP Phone Bypass

Leap Bypass

Hardware Client Network Extension Mode

Deployment Scenarios of Cisco IPSec VPN

IPSec Hairpinning with Easy VPN and Firewalling

Load-Balancing and Site-to-Site Integration

Monitoring and Troubleshooting Cisco Remote Access VPN

Monitoring Cisco Remote Access IPSec VPNs

Troubleshooting Cisco IPSec VPN Clients

Cisco WebVPN Solution

Configuration Steps

Step 1: Enable the HTTP Service

Step 2: Enable WebVPN on the Interface

Step 3: Configure WebVPN Look and Feel

Step 4: Configure WebVPN Group Attributes

Step 5: Configure User Authentication


Advanced WebVPN Features

Port Forwarding

Configuring URL Mangling

E-Mail Proxy

Authentication Methods for E-Mail Proxy

Identifying E-Mail Servers for E-Mail Proxies

Delimiters

Windows File Sharing

WebVPN Access Lists

Deployment Scenarios of WebVPN

WebVPN with External Authentication

WebVPN with E-Mail Proxies

Monitoring and Troubleshooting WebVPN

Monitoring WebVPN

Troubleshooting WebVPN

SSL Negotiations

WebVPN Data Capture

E-Mail Proxy Issues

Summary

Chapter 17 Public Key Infrastructure (PKI)

Introduction to PKI

Certificates

Certificate Authority

Certificate Revocation List

Simple Certificate Enrollment Protocol

Enrolling the Cisco ASA to a CA Using SCEP

Generating the RSA Key Pair

Configuring a Trustpoint

Manual (Cut-and-Paste) Enrollment

Configuration for Manual Enrollment

Obtaining the CA Certificate

Generating the ID Certificate Request and Importing the ID Certificate

Configuring CRL Options

Configuring IPSec Site-to-Site Tunnels Using Certificates

Configuring the Cisco ASA to Accept Remote-Access VPN Clients Using Certificates

Enrolling the Cisco VPN Client

Configuring the Cisco ASA


Troubleshooting PKI

Time and Date Mismatch

SCEP Enrollment Problems

CRL Retrieval Problems

Summary

Part V Adaptive Security Device‡Manager

Chapter 18 Introduction to ASDM

Setting Up ASDM

Uploading ASDM

Setting Up Cisco ASA

Accessing ASDM

Initial Setup

Startup Wizard

Functional Screens

Configuration Screen

Monitoring Screen

Interface Management

System Clock

Configuration Management

Remote System Management

Telnet

SSH

SSL (ASDM)

System Maintenance

Software Installation

File Management

System Monitoring

System Logging

SNMP

Summary

Chapter 19 Firewall Management Using ASDM

Access Control Lists

Address Translation


Routing Protocols

RIP

OSPF

Multicast

AAA

Application Inspection

Security Contexts

Transparent Firewalls

Failover

QoS

Summary

Chapter 20 IPS Management Using ASDM

Accessing the IPS Device Management Console from ASDM

Configuring Basic AIP-SSM Settings

Licensing

Verifying Network Settings

Adding Allowed Hosts

Configuring NTP

Adding Users

Advanced IPS Configuration and Monitoring Using ASDM

Disabling and Enabling Signatures

Configuring Blocking

Creating Custom Signatures

Creating Event Action Filters

Installing Signature Updates and Software Service Packs

Configuring Auto-Update

Summary

Chapter 21 VPN Management Using ASDM

Site-to-Site VPN Setup Using Preshared Keys

Site-to-Site VPN Setup Using PKI

Cisco Remote-Access IPSec VPN Setup

WebVPN

VPN Monitoring

Summary


Chapter 22 Case Studies

Case Study 1: Deploying the Cisco ASA at Branch Offices and Small Businesses

Branch Offices

Small Business Partners

Case Study 2: Large Enterprise Firewall, VPN, and IPS Deployment

Internet Edge and DMZ

Filtering Websites

Remote Access VPN Cluster

Application Inspection

IPS

Case Study 3: Data Center Security with Cisco ASA

Summary

Index

Foreword

Download - 13 KB -- Foreword from Jayshree Ullal, Senior Vice President, Security Technology Group, Cisco Systems, Inc.

Index

Download - 115 KB -- Index

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020