© 2003, Cisco Systems, Inc. All rights reserved. CSPFA 3.13-1 Chapter 3 Cisco PIX Firewall Technology and Features.

Презентация:



Advertisements
Похожие презентации
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 3 Cisco PIX Firewall Technology and Features.
Advertisements

© 2000, Cisco Systems, Inc. CSPFF Chapter 2 Cisco Secure PIX Firewall Models and Features.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
© 2000, Cisco Systems, Inc. 7-1 Chapter 7 Access Configuration Through the Cisco Secure PIX Firewall.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Configuring Cisco IOS Firewall Authentication Proxy.
© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Examining Cisco IOS Firewall.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client.
© 2000, Cisco Systems, Inc. CSPFF Chapter 5 Cisco Secure PIX Firewall Configuration.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 13 Configure the Cisco Virtual Private Network 3002 Hardware Client for Software.
© 2000, Cisco Systems, Inc. CSPFF Chapter 10 Cisco Secure PIX Firewall Advanced Features.
© 2000, Cisco Systems, Inc. CSPFF Chapter 1 Network Security and the Cisco Secure PIX Firewall.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 4 Cisco Intrusion Detection System Architecture.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 18 Enterprise PIX Firewall Maintenance.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Connecting Networks Understanding How TCP/IP Works.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 6 Translations and Connections.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 12 Authentication, Authorization, and Accounting.
Транксрипт:

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Objectives

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe firewall technologies. Define the three types of firewalls used to secure todays computer networks. Describe PIX Firewall technology and features.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Firewalls

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA What Is a Firewall? A firewall is a system or group of systems that manages access between two networks.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Firewall Technologies Firewall operations are based on one of three technologies: Packet filtering Proxy server Stateful packet filtering

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA ACL Packet Filtering Limits information into a network based on the destination and source address.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Proxy Server Requests connections between a client on the inside of the firewall and the Internet.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Stateful Packet Filtering Limits information into a network based not only on the destination and source address, but also on the packet data content.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA PIX Firewall Overview

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA PIX FirewallWhat Is it? The PIX Firewall is a stateful firewall with high security and fast performance. The following are its characteristics: Secure, real-time, embedded operating system no UNIX or NT security holes. ASA provides stateful security. Cut-through proxy eliminates application-layer bottlenecks.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Finesse Operating System Eliminates the risks associated with general-purpose operating systems.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Adaptive Security Algorithm (ASA) ASA provides stateful connection security: –It tracks source and destination ports and addresses, TCP sequence numbers, and additional TCP flags. –It randomizes initial TCP sequence numbers. By default, ASA allows connections originating from hosts on inside (higher security level) interfaces. By default, ASA drops connection attempts originating from hosts on outside (lower security level) interfaces. ASA supports authentication, authorization, and accounting.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Cut-Through Proxy Operation Internal/ external user IS resource 1. The user makes a request to an IS resource. 2. The PIX Firewall intercepts the connection. 3. At the application layer, the PIX Firewall prompts the user for a username and password. It then authenticates the user against a RADIUS or TACACS+ server and checks the security policy. 5. The PIX Firewall directly connects the internal or external user to the IS resource via ASA. Communication then takes place at a lower level of the OSI model. 4. The PIX Firewall initiates a connection from the PIX Firewall to the destination IS resource. Cisco Secure PIX Firewall Username and Password Required Enter username for CCO at User Name: Password: OKCancel student 3.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Failover P P.0 Student PC Web, FTP, or Cisco Secure ACS P.0 Web FTP Failover cable Primary PIX Firewall.1 Secondary PIX Firewall Remote: 10.1.P.11 Local: 10.0.P P.0 RTS Web and Cisco Secure ACS Web and FTP RBB

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Summary

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Summary There are three firewall technologies: packet filtering, proxy server, and stateful packet filtering. The PIX Firewall features include the following: Finesse operating system, ASA, cut-through proxy, stateful failover, and stateful packet filtering.