Cisco - Troubleshooting Cisco Ios and Pix Firewall-Based Ipsec Implementations (2003)
1 Ppt on Pix Firewall
-
Upload
saharsh-gupta -
Category
Documents
-
view
232 -
download
0
Transcript of 1 Ppt on Pix Firewall
-
8/6/2019 1 Ppt on Pix Firewall
1/27
PPT on PIX FIREWALLPPT on PIX FIREWALL
Guided by: submitted by:Guided by: submitted by:
RamlalRamlal YadavYadav SAHARSH GUPTASAHARSH GUPTA(4(4thth year)year)
ComputerComputer EnggEngg..
-
8/6/2019 1 Ppt on Pix Firewall
2/27
CONTENTCONTENT
FIREWALLFIREWALL
PIXFIREWALLPIXFIREWALL
HISTORY of the PIXFIREWALLHISTORY of the PIXFIREWALL
ARCHITECTURE of the PIXARCHITECTURE of the PIX
FIREWALLFIREWALL
ACCESS LISTSACCESS LISTS
-
8/6/2019 1 Ppt on Pix Firewall
3/27
CONTENTCONTENT
Virtual Private Network (VPN)Virtual Private Network (VPN)
NEED of the PIXFIREWALLNEED of the PIXFIREWALL
ADVANTAGES of the PIXFIREWALLADVANTAGES of the PIXFIREWALL
FUTURE SCOPE of the PIXFIREWALLFUTURE SCOPE of the PIXFIREWALL
APPLI
CATI
ON of the PIX
APPLI
CATI
ON of the PIX
FIREWALLFIREWALL
-
8/6/2019 1 Ppt on Pix Firewall
4/27
FIREWALLFIREWALL
A FireWall is a tool used to preventA FireWall is a tool used to prevent
unauthorized access between two or moreunauthorized access between two or more
networks.networks.A FireWall is a network security device thatA FireWall is a network security device that
ensures that all communicationsensures that all communications
attempting to cross it meet anattempting to cross it meet anorganizations security policy.organizations security policy.
-
8/6/2019 1 Ppt on Pix Firewall
5/27
Configuration of the FIREWALLConfiguration of the FIREWALL
Inside NetworkInside Network ---- FirewallFirewall ---- InternetInternet
||
DMZDMZ
Firewall is configured between the inside networkFirewall is configured between the inside network
and the internet.and the internet.
-
8/6/2019 1 Ppt on Pix Firewall
6/27
Implementation methodsImplementation methods
1.As a Screening Router:1.As a Screening Router:A screeningA screeningrouter is a special computer or anrouter is a special computer or an
electronic device that screens (filters out)electronic device that screens (filters out)specific packets based on the criteria that isspecific packets based on the criteria that isdefined.defined.
2. As a Proxy Server:2. As a Proxy Server:A Proxy Server is anA Proxy Server is anapplication that mediates traffic between aapplication that mediates traffic between aprotected network and the Internet.protected network and the Internet.
-
8/6/2019 1 Ppt on Pix Firewall
7/27
PIXFIREWALLPIXFIREWALL
Cisco PIXwas developed by CISCO.Cisco PIXwas developed by CISCO.
PIXstands for (Private InternetPIXstands for (Private Internet
eXchange).eXchange). PIXFIREWALL is a popular IP firewallPIXFIREWALL is a popular IP firewall
and network address translation (NAT)and network address translation (NAT)
appliance.appliance.
It is the first hardware based firewall.It is the first hardware based firewall.
-
8/6/2019 1 Ppt on Pix Firewall
8/27
Continue.Continue.
The PIX runs a customThe PIX runs a custom--written proprietarywritten proprietary
operating system called as PIXOS.operating system called as PIXOS.
It is classified as a network layer, andIt is classified as a network layer, andtransport layer firewall.transport layer firewall.
The PIXcan be configured to performThe PIXcan be configured to perform
many functions including network addressmany functions including network addresstranslation (NAT) and port addresstranslation (NAT) and port address
translation (PAT).translation (PAT).
-
8/6/2019 1 Ppt on Pix Firewall
9/27
Continue.Continue.
The PIXwas the first commerciallyThe PIXwas the first commercially
available firewall product to introduceavailable firewall product to introduce
protocol specific filtering.protocol specific filtering.
Two protocols for which specific fix upTwo protocols for which specific fix up
behaviors were developed are DNS andbehaviors were developed are DNS andSMTP.SMTP.
-
8/6/2019 1 Ppt on Pix Firewall
10/27
HISTORYHISTORY
PIXwas originally conceived in early 1994PIXwas originally conceived in early 1994
by John Mayes of Redwood City,by John Mayes of Redwood City,
California .California .The PIXname is derived from its creators'The PIXname is derived from its creators'
aim of creating the functional equivalent ofaim of creating the functional equivalent of
an IP PBX to solve the thenan IP PBX to solve the then--emergingemergingregistered IP address shortage.registered IP address shortage.
-
8/6/2019 1 Ppt on Pix Firewall
11/27
Architecture of PIXFIREWALLArchitecture of PIXFIREWALL
Cisco PIX is a largely deployed firewall forCisco PIX is a largely deployed firewall for
security features.security features.
PIXarchitecture is built around the ASA.PIXarchitecture is built around the ASA.
It is the security engine that performs theIt is the security engine that performs the
inspection and maintains the session stateinspection and maintains the session stateinformation and handles the networkinformation and handles the network
translation.translation.
-
8/6/2019 1 Ppt on Pix Firewall
12/27
DiagramDiagram
-
8/6/2019 1 Ppt on Pix Firewall
13/27
Access ListsAccess Lists
Access lists are the newly recommendedAccess lists are the newly recommended
security enforcement mechanism.security enforcement mechanism.
An access list is applied to an interface andAn access list is applied to an interface andchecks all traffic with no differencechecks all traffic with no difference
between the direction of traffic.between the direction of traffic.
Access lists are statefull and are part of theAccess lists are statefull and are part of theASA engine.ASA engine.
-
8/6/2019 1 Ppt on Pix Firewall
14/27
Virtual Private Network (VPN)Virtual Private Network (VPN)
A virtual private network (VPN) is the
extension of a private network that
contains links across shared or publicnetworks like the Internet.
A VPN enables us to send data between
two computers across a shared or publicnetwork
-
8/6/2019 1 Ppt on Pix Firewall
15/27
NEED of the PIXFIREWALLNEED of the PIXFIREWALL
1)1) NAT (Network Address Translation)NAT (Network Address Translation)
Network Address Translation (NAT) is theNetwork Address Translation (NAT) is the
process of modifying network addressprocess of modifying network addressinformation in (IP) packetinformation in (IP) packet
It enhances network privacy by hiding internalIt enhances network privacy by hiding internal
addresses from public view.addresses from public view.
e.g. to block the network havingIP addresse.g. to block the network havingIP address
172.24.0.254172.24.0.254
-
8/6/2019 1 Ppt on Pix Firewall
16/27
Continue..Continue..
2)2) PAT (Port Address Translation)PAT (Port Address Translation)
Port Address Translation (PAT) is a featurePort Address Translation (PAT) is a feature
of a network device that translates TCP orof a network device that translates TCP orUDP communications made between hostsUDP communications made between hosts
on a private network and hosts on a publicon a private network and hosts on a public
network.network.e.g. web server having port no 80 and wee.g. web server having port no 80 and we
have to block web server.have to block web server.
-
8/6/2019 1 Ppt on Pix Firewall
17/27
ContinueContinue
3)3) Content FilteringContent Filtering: PIXFIREWALL is: PIXFIREWALL is
used to filter the content either to block orused to filter the content either to block or
forward it.forward it.e.g. Protects against unidentified, maliciouse.g. Protects against unidentified, malicious
Java applets.Java applets.
4)4) URL filteringURL filtering: It is used to filter out the: It is used to filter out theURL.URL.
e.g. blocking the site of orkut.e.g. blocking the site of orkut.
-
8/6/2019 1 Ppt on Pix Firewall
18/27
Continue..Continue..
5)5) Peer Router AuthenticationPeer Router Authentication ::
It ensures that routers receive reliableIt ensures that routers receive reliable
routing information from trusted sources.routing information from trusted sources.
e.g. the authentication providede.g. the authentication provided
in the internet of the college.in the internet of the college.
-
8/6/2019 1 Ppt on Pix Firewall
19/27
Advantages of the PIXFIREWALLAdvantages of the PIXFIREWALL
FlexibilityFlexibility ::--performs multiprotocolperforms multiprotocol
routing, perimeter security and perrouting, perimeter security and per--useruser
authentication and authorization.authentication and authorization. Strongest SecurityStrongest Security ::-- The heart of the PIXThe heart of the PIX
Firewall series is a protection scheme basedFirewall series is a protection scheme based
on ASA, which offers stateful connectionon ASA, which offers stateful connection--oriented security.oriented security.
-
8/6/2019 1 Ppt on Pix Firewall
20/27
Continue.Continue.
Platform Extensibility:Platform Extensibility:-- The strongThe strong
security provided by its platformsecurity provided by its platform
extensibility features.extensibility features.
It provides multiple network interfacesIt provides multiple network interfaces
allows publicly accessible Web, mail, andallows publicly accessible Web, mail, and
Domain Name System (DNS)Domain Name System (DNS)
-
8/6/2019 1 Ppt on Pix Firewall
21/27
Continue..Continue..
Lowest Cost of OwnershipLowest Cost of Ownership ::--
The Cisco Secure PIXFirewall series offersThe Cisco Secure PIXFirewall series offers
the lowest cost of ownership of anythe lowest cost of ownership of anysecurity device, including proxy servers.security device, including proxy servers.
It is simple to install and configure using theIt is simple to install and configure using the
Setup Wizard and Firewall ManagerSetup Wizard and Firewall Managersoftware toolssoftware tools
-
8/6/2019 1 Ppt on Pix Firewall
22/27
Future Scope of the PIXFIREWALLFuture Scope of the PIXFIREWALL
Sharing the loadSharing the load ::--
. Transmissions have to negotiate their way. Transmissions have to negotiate their way
through all relevant components of thisthrough all relevant components of thisedge network before being allowed intoedge network before being allowed into
the corporate network.the corporate network.
e.g. checking or verifying the files from thee.g. checking or verifying the files from the
viruses.viruses.
-
8/6/2019 1 Ppt on Pix Firewall
23/27
Continue..Continue..
PIXFIREWALL must be used to access inPIXFIREWALL must be used to access in
the APPLICATION layer.the APPLICATION layer.
It should overcome from the problem ofIt should overcome from the problem of
the mangle.the mangle.
-
8/6/2019 1 Ppt on Pix Firewall
24/27
Application of PIXFIREWALL Application of PIXFIREWALL
1. Corporate Internet Perimeter:1. Corporate Internet Perimeter:--
The firewall is configured to protect againstThe firewall is configured to protect against
unauthorized access from the untrustedunauthorized access from the untrustedInternet to the corporation's privateInternet to the corporation's private
network, and to prevent unauthorizednetwork, and to prevent unauthorized
access from the internal private network toaccess from the internal private network tountrusted sites.untrusted sites.
-
8/6/2019 1 Ppt on Pix Firewall
25/27
Continue.Continue.
2.Corporate Intranet2.Corporate Intranet::--
The firewall policy for the corporate intranetThe firewall policy for the corporate intranet
is designed to restrict traffic and access tois designed to restrict traffic and access toinformation between various departmentsinformation between various departments
within the corporation.within the corporation.
Destination URL Policy Management alsoDestination URL Policy Management alsocontrols access to internal Web site andcontrols access to internal Web site and
Web applications.Web applications.
-
8/6/2019 1 Ppt on Pix Firewall
26/27
ContinueContinue
Telecommuter/Home OfficeTelecommuter/Home Office ::--
Corporate telecommuters and home officeCorporate telecommuters and home office
workers similarly maintain a LAN networkworkers similarly maintain a LAN networkin the home with several computersin the home with several computers
connected to it.connected to it.
-
8/6/2019 1 Ppt on Pix Firewall
27/27
Any QuestionsAny Questions
or Comments?or Comments?
THANKYOU