Introduction to Security and PIX Firewall

Similar documents
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Cisco PIX vs. Checkpoint Firewall

- Introduction to PIX/ASA Firewalls -

21.4 Network Address Translation (NAT) NAT concept

Introduction to Security and PIX Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

INTRODUCTION TO FIREWALL SECURITY

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

Cisco PIX Firewall 500 Series

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

FIREWALLS & CBAC. philip.heimer@hh.se

Cisco Secure PIX Firewall Series

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Introduction of Intrusion Detection Systems

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Source-Connect Network Configuration Last updated May 2009

Stateful Firewalls. Hank and Foo

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

CCNA Security 1.1 Instructional Resource

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Security Technology: Firewalls and VPNs

Securing Networks with PIX and ASA

Internet Security Firewalls

Protocol Security Where?

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Firewalls (IPTABLES)

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

8. Firewall Design & Implementation

Firewalls. Ahmad Almulhem March 10, 2012

Case Study for Layer 3 Authentication and Encryption

Firewalls and Network Defence

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls. Chapter 3

Overview - Using ADAMS With a Firewall

FIRE-ROUTER: A NEW SECURE INTER-NETWORKING DEVICE

Overview - Using ADAMS With a Firewall

Cisco Certified Security Professional (CCSP)

Using IPsec VPN to provide communication between offices

CSCE 465 Computer & Network Security

Intro to Firewalls. Summary

FIREWALLS IN NETWORK SECURITY

Internet Security Firewalls

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Chapter 9 Firewalls and Intrusion Prevention Systems

Network Defense Tools

Chapter 32 Internet Security

Table of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Troubleshooting the Firewall Services Module

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

Solution of Exercise Sheet 5

Securing Cisco Network Devices (SND)

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Recommended IP Telephony Architecture

OS/390 Firewall Technology Overview

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Small Business Server Part 2

Securizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei

Latest IT Exam Questions & Answers

Firewalls. Steven M. Bellovin Matsuzaki maz Yoshinobu

Cisco Which VPN Solution is Right for You?

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Firewall. Vyatta System. REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall VYATTA, INC.

Types of Firewalls E. Eugene Schultz Payoff

Implementing Cisco IOS Network Security

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

PIX/ASA 7.x with Syslog Configuration Example

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Securing E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing _06_2000_c1_sec3

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Cisco ASA, PIX, and FWSM Firewall Handbook

Fig : Packet Filtering

CSCI Firewalls and Packet Filtering

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

OLD DOMINION UNIVERSITY Router-Switch Best Practices. (last updated : )

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

2. Are explicit proxy connections also affected by the ARM config?

ELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006

VPN. Date: 4/15/2004 By: Heena Patel

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

Proxy firewalls.

Stateful Inspection Technology

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Cisco AnyConnect Secure Mobility Solution Guide

Chapter 1 Instructor Version

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls

Introduction. Technology background

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

Transcription:

Introduction to Security and PIX Firewall Agenda Dag 20 Föreläsning LAB CR 2006

Cisco Secure PIX Firewall Models and Features Firewall Operations Basic PIX Firewall concepts CR 2006

What is a firewall? By conventional definition, a firewall is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. It can also be used to isolate one compartment from another.

What is a firewall? When applying the term firewall to a computer network, a firewall is a system or group of systems that enforces an access control policy between two or more networks.

Firewall technologies Packet filtering. Proxy server. Stateful packet filtering. CR 2006

Firewall technologies Packet filtering Limits information into a network based on destination and source address. Static packet header information. A packet filter is a router with some intelligence. (ACL) CR 2006

Firewall technologies

Firewall technologies But there are problems with packet filtering: Arbitrary packets can be sent that fit the ACL criteria and, therefore, pass through the filter. Packets can pass through the filter by being fragmented. Complex ACLs are difficult to implement and maintain correctly. Some services cannot be filtered. CR 2006

Firewall technologies Proxy server (Application proxy ) Requests connections between a client on the inside of the firewall and the Internet. As their name implies, application proxy firewalls act as intermediaries in network sessions.the user s connection terminates at the proxy, and a corresponding separate connection is initiated from the proxy to the destination host. CR 2006

Firewall technologies Connections are analyzed all the way up to the application layer to determine if they are allowed. It is this characteristic that gives proxies a higher level of security than packet filters

Firewall technologies But there are problems with the proxy server because it Creates a single point of failure, which means that if the entrance to the network is compromised, then the entire network is compromised. Is difficult to add new services to the firewall. Performs slower under stress. CR 2006

Firewall technologies Stateful packet filtering Combines the best of packet filtering and proxy server technologies. Stateful packet filtering is the method used by the PIX Firewall. CR 2006

Stateful packet filtering This technology maintains complete session state. Each time a TCP/UDP connection is established for inbound or outbound connections, the information is logged in a stateful session flow table. CR 2006

Stateful packet filtering The stateful session flow table contains the source and destination addresses, port numbers, TCP sequencing information, and additional flags for each TCP/UDP connection associated with that particular session.

Stateful packet filtering This information creates a connection object and, consequently, all inbound and outbound packets are compared against session flows in the stateful session flow table. Data is permitted through the firewall only if an appropriate connection exists to validate its passage.

Stateful packet filtering This method is effective because it Works on packets and connections. Operates at a higher performance level than packet filtering or using a proxy server. CR 2006

Stateful packet filtering Records data in a table for every connection or connectionless transaction. This table serves as a reference point to determine if packets belong to an existing connection or are from an unauthorized source.

What is the PIX Firewall? PIX (Private Internet Exchange) Firewall is a key element in the overall Cisco end-to-end security solution.

What is the PIX Firewall? The PIX Firewall is a dedicated hardware/software security solution that delivers high-level security without impacting network performance. It is a hybrid system because it uses features from both the packet filtering and proxy server technologies.

What is the PIX Firewall? Unlike typical CPU-intensive, full-time proxy servers that perform extensive processing on each data packet at the application level, the PIX Firewall uses a proprietary operating system that is a secure, real-time, embedded system.

What is the PIX Firewall? The PIX Firewall provides the following benefits and features: Non-UNIX, non-windows NT, secure, real-time, embedded system. Eliminates the risks associated with the general-purpose operating systems. CR 2006

The PIX Firewall provides the following benefits and features: Adaptive Security Algorithm (ASA) Implements stateful connection control through the PIX Firewall.

The PIX Firewall provides the following benefits and features: The stateful, connection-oriented ASA design creates session flows based on source and destinations addresses. It randomizes TCP sequence numbers, port numbers, and additional TCP flags before completion of the connection.

The PIX Firewall provides the following benefits and features: This function is always in operation, monitoring return packets to ensure they are valid, and allows one-way (inside to outside) connections without an explicit configuration for each internal system and application.

The PIX Firewall provides the following benefits and features: The randomizing of the TCP sequence numbers is to minimize the risk of a TCP sequence number attack. Because of the ASA, the PIX Firewall is less complex and more robust than a packet filtering-designed firewall.

The PIX Firewall provides the following benefits and features: Cut-through proxy A user-based authentication method of both inbound and outbound connections, providing improved performance in comparison to that of a proxy server. CR 2006

Cut-through Proxy Operation Cisco Secure

The PIX Firewall provides the following benefits and features: Stateful failover/hot standby The PIX Firewall enables you to configure two PIX Firewall units in a fully redundant topology. The two units must be running the same version of software. Configuration replication will occur under the following circumstances: CR 2006

Stateful failover/hot standby When a secondary unit completes its initial bootup, the primary unit will replicate its entire configuration to the secondary unit. As commands are entered on the primary unit, they are sent across to the secondary unit. The commands are sent via failover cable. CR 2006

Stateful failover/hot standby Entering the write standby command on the primary unit forces the entire configuration to the secondary unit.

Stateful failover/hot standby Because configuration replication is automatic from the active unit to the standby unit, configuration should be modified only on the active unit. When failover occurs, syslog messages are generated indicating the cause of failure. Failover detection occurs within 30 to 45 seconds.

The PIX Firewall provides the following benefits and features: Stateful packet filtering A secure method of analyzing data packets that places extensive information about a data packet into a table. In order for a session to be established, information about the connection must match the information in the table.

The PIX Firewall provides the following benefits and features: The PIX Firewall is interoperable and scalable with Internet Protocol Security Encryption (IPSec), which includes an umbrella of security and authentication protocols such as Internet Key Exchange (IKE) and Public Key Infrastructure (PKI).

The PIX Firewall provides the following benefits and features: The PIX Firewall offers an IPSec-based virtual private network (VPN). Remote clients can securely access corporate networks through their Internet service providers (ISP).

PIX Firewall models http://www.cisco.com/en/us/products/hw/vpn devc/index.html

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information