Cisco IOS Firewall. Scenarios



Similar documents
Cisco IOS Advanced Firewall

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Lucent VPN Firewall Security in x Wireless Networks

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Basic Network Configuration

Creating a VPN Using Windows 2003 Server and XP Professional

Routing Security Server failure detection and recovery Protocol support Redundancy

Using a VPN with Niagara Systems. v0.3 6, July 2013

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Assuring Your Business Continuity

Using a VPN with CentraLine AX Systems

Configure a Microsoft Windows Workstation Internal IP Stateful Firewall

Firewall Defaults and Some Basic Rules

SpiderCloud E-RAN Security Overview

WAN Failover Scenarios Using Digi Wireless WAN Routers

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Cisco Which VPN Solution is Right for You?

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Network Virtualization Network Admission Control Deployment Guide

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

Cisco Virtual Office Express

IIUC Implementing Cisco IOS Unified Communications (IIUC) Version: Demo. Page <<1/9>>

Cisco RV 120W Wireless-N VPN Firewall

Cisco RV220W Network Security Firewall

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Verizon Managed SD WAN with Cisco IWAN. October 28, 2015

CCNA. Course Fee: 8500 INR (Lab Access, Software s, Books, Tool Kits & Tax Included) Course Duration: 5 Days

Chapter 1 Personal Computer Hardware hours

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

VegaStream Information Note Considerations for a VoIP installation

Cisco RV220W Network Security Firewall

Securing Networks with PIX and ASA

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Configuring IPsec VPN with a FortiGate and a Cisco ASA

iphone in Business How-To Setup Guide for Users

Exam Questions SY0-401

Recommended IP Telephony Architecture

Cornerstones of Security

ISG50 Application Note Version 1.0 June, 2011

Simple security is better security Or: How complexity became the biggest security threat

Wireless Networking for Small Businesses, Branches and Home Offices

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Knowledgebase Solution

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Cisco RV215W Wireless-N VPN Router

Internet Privacy Options

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Using IPsec VPN to provide communication between offices

Secure Network Design: Designing a DMZ & VPN

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

SIP Security Controllers. Product Overview

Network Access Security. Lesson 10

Configuring the Transparent or Routed Firewall

Chapter 5. Data Communication And Internet Technology

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

AppDirector Load balancing IBM Websphere and AppXcel

(d-5273) CCIE Security v3.0 Written Exam Topics

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

IP Telephony Management

Live Communications Server 2005 SP1 Office Communications Server Matt Newton Network Engineer MicroMenders, Inc

- Introduction to PIX/ASA Firewalls -

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

7.1. Remote Access Connection

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Lab Developing ACLs to Implement Firewall Rule Sets

SonicWALL PCI 1.1 Implementation Guide

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

WAN Traffic Management with PowerLink Pro100

Cisco Networking Professional-6Months Project Based Training

CCNA Cisco Associate- Level Certifications

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Best Practices for Outdoor Wireless Security

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

FIREWALLS & CBAC. philip.heimer@hh.se

Security. TestOut Modules

SIP Trunking with Microsoft Office Communication Server 2007 R2

Deploying Firewalls Throughout Your Organization

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Cisco Certified Security Professional (CCSP)

SonicWALL Unified Threat Management. Alvin Mann April 2009

SIP Trunking Configuration with

Multi-Homing Dual WAN Firewall Router

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

CCIE Security Written Exam ( ) version 4.0

Lecture 17 - Network Security

Gigabit SSL VPN Security Router

Transcription:

Cisco IOS Firewall Common Deployment Scenarios http://www.cisco.com/go/iosfirewall com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1

Cisco IOS Firewall Feature Overview Stateful firewall: Full Layer 3 through 7 deep packet inspection Flexible embedded application layer gateway (ALG): Dynamic protocol and application engines for seamless granular control Application inspection and control (AIC): Visibility into both control and data channels to help ensure protocol and application conformance Virtual firewall: Separation between virtual contexts, addressing overlapping IP addresses Transparent (Layer 2) firewall: Deploy in existing network without changing the statically defined IP addresses Intuitive GUI management: Easy policy setup and refinement with CCP and CSM Resiliency: High availability for users and applications with stateful firewall failover Interfaces: Most WAN and LAN interfaces Selected List of Recognized Protocols HTTP, HTTPS, and JAVA E-mail: POP, SMTP, ESMTP, IMAP P2P and IM (AIM, MSN, and Yahoo!) FTP, TFTP, and Telnet Voice: H.323, SIP, and SCCP Database: Oracle, SQL, and MYSQL Citrix: ICA and CitrixImaClient Multimedia: Apple and RealAudio IPSec VPN: GDOI and ISAKMP Microsoft: MSSQL and NetBIOS Tunneling: L2TP and PPTP 2

Cisco IOS Firewall Common Deployments Scenarios Internal firewall: branch or small office Example: Retail outlet IOS Firewall segments the network for compliance requirements in transparent t or routed environments, wireless to wired segments Internet connected location: branch or small office Example: Retail store with wi-fi hotspot IOS Firewall separates VPN traffic to corporate headquarters and Internet traffic Virtual firewall: location with co-located partners Example: retail location with co-located photo kiosk or pharmacy IOS Firewall supports partners overlapping IP addresses and secures the shared WAN connection between business partners Transparent firewall: large to medium sized branch office Example: branch office with many existing network nodes IOS Firewall provides network protection without disrupting the existing network scheme Securing Unified Communications: branch location with unified communications Example: any branch office with Voice over IP IOS Firewall enables trusted media control and helps to prevent impersonation attacks 3

Cisco IOS Firewall Deployment Scenario 1 Retail Outlet PoS Store Router Private WAN Local LAN Mobile devices Cisco Integrated Services Router Head Office PCI compliance requires firewalling of Point-of-Sale systems, wired and wireless network segments Cisco IOS Firewall creates separate security zones for Point-of-Sale (Server/Electronic Cash register), LAN and wireless LAN network segments Cisco has its retail design guide certified through a third party (CyberTrust) 4

Cisco IOS Firewall Deployment Scenario 2 Retail Outlet with Internet Hotspot POS Store Router IPSec Tunnel Local LAN Wi-Fi Users Payment Devices Cisco Integrated Services Router Internet Head Office Internet Hotspot (Wi-Fi) services opens the network to additional risk Cisco IOS Firewall creates separate security zones for Point of Sale (Server/Electronic Cash register), LAN and wireless LAN Firewall policies segregate and protect the corporate vlans and the Internet Wi-Fi vlans 5

Cisco IOS Firewall Deployment Scenario 3 Virtual Firewall (VRF-aware Firewall) VRF A Photo kiosk VRF B Point-of-Sales VRF C Pharmacy Store Router Cisco Integrated Services Router IPSec Tunnel Internet Retail Store Head Office Partner Photo Shop Head Office Cisco IOS Firewall separates network segments and supports overlapping address space in environments where partners share the same physical location Each virtual firewall helps secure a partner s Internet access and isolates risk factors such as a photo kiosk with media card slots PCI compliance requires retail stores to firewall wired and wireless network segments as well as Point-of-Sales (PoS) segments 6

Cisco IOS Firewall Deployment Scenario 4 Transparent Firewall Servers Branch Router IP WAN Clients Cisco Integrated Services Router Head Office The Transparent Cisco IOS Firewall feature allows users to "drop" a Cisco IOS Firewall in front of their existing network without changing the statically defined IP addresses of their networkconnected devices The tedious and costly overhead that t is required to renumber devices on the trusted network is eliminated 7

Cisco IOS Firewall Deployment Scenario 5 Unified Communications Trusted Firewall Shared secret configured in TRPs and FWs STUN/ICE message with crypto token CUCM FW opens pinhole after verifying crypto token IP WAN Endpoint Access Switch Cisco IOS Firewall with Trust Relay Point (TRP) Cisco IOS Firewall with TRP Access Switch Endpoint Cisco IOS Firewall enables trusted media control and helps to prevent impersonation attacks Trusted Firewall authenticates/authorizes ti t i calls to ensure pinholes are only opened for legitimate calls Trusted Firewall is voice protocol version independent and it secures encrypted signaling paths asymmetric signaling and media paths 8

Cisco IOS Firewall Summary Cisco IOS Firewall Helps meet PCI requirements by segmenting and protecting Point of Sale systems Segregates and defends corporate networks from Wi-Fi hotspots connected to the Internet Supports overlapping address space in environments where partners share the same physical location Provides network protection without disrupting the existing network scheme Secures Unified Communications 9

10