Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.

Published bySabrina Arnold Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features."— Presentation transcript:

1 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features

2 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-2 Objectives

3 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-3 Objectives Upon completion of this lesson, you will be able to perform the following tasks: Describe firewall technologies. Define the three types of firewalls used to secure today’s computer networks. Describe PIX Firewall technology and features.

4 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-4 Firewalls

5 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-5 What Is a Firewall? A firewall is a system or group of systems that manages access between two networks. Outside network DMZ network Inside network Internet

6 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-6 Firewall Technologies Firewall operations are based on one of three technologies: Packet filtering Proxy server Stateful packet filtering

7 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-7 ACL Packet Filtering Limits information into a network based on the destination and source address

8 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-8 Proxy Server Requests connections between a client on the inside of the firewall and the Internet Outside network Proxy server Inside network Internet

9 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-9 Stateful Packet Filtering Limits information into a network based not only on the destination and source address, but also on the packet data content

10 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-10 PIX Firewall Overview

11 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-11 PIX Firewall—What Is it? The Cisco PIX Firewall family delivers enterprise- class security for small-to-medium business and enterprise networks in a modular, purpose-built appliance. Some of the PIX Firewall family product highlights are as follows: Proprietary operating system Stateful inspection Protocol and application inspection User-based authentication Virtual private networking Web-based management solutions Stateful failover capabilities

12 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-12 Proprietary Operating System— Finesse Eliminates the risks associated with general-purpose operating systems

13 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-13 Stateful Inspection—ASA ASA provides “stateful” connection security: –It tracks source and destination ports and addresses, TCP sequence numbers, and additional TCP flags. –It randomizes initial TCP sequence numbers. By default, ASA allows connections originating from hosts on inside (higher security level) interfaces. By default, ASA drops connection attempts originating from hosts on outside (lower security level) interfaces. ASA supports authentication, authorization, and accounting.

14 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-14 Cut-Through Proxy Operation Internal/ external user IS resource 1.The user makes a request to an IS resource. 2.The PIX Firewall intercepts the connection. 3.At the application layer, the PIX Firewall prompts the user for a username and password. It then authenticates the user against a RADIUS or TACACS+ server and checks the security policy. 5.The PIX Firewall directly connects the internal or external user to the IS resource via ASA. Communication then takes place at a lower level of the OSI model. 4.The PIX Firewall initiates a connection from the PIX Firewall to the destination IS resource. Cisco Secure PIX Firewall Username and Password Required Enter username for CCO at www.com User Name: Password: OKCancel student 123@456 3.

15 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-15 Virtual Private Networking B A N K Internet B A N K Site to site Remote access

16 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-16 “Application-Aware” Inspection Protocols such as FTP, HTTP, H.323, and SQL*Net need to negotiate connections to dynamically assigned source or destination ports through the firewall. PIX Firewall inspects packets above the network layer. PIX Firewall securely opens and closes negotiated ports for legitimate client-server connections through the firewall. FTP server Client Control port 2008 Data port 2010 Data port 20 Control port 21 Data - port 2010 Port 2010 OK Data

17 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-17 Web-Based Management Solutions PIX Device Manager Firewall Management Center

18 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-18 Secondary: Standby PIX Firewall Primary: Active PIX Firewall Failover Failover protects the network should the primary PIX Firewall go offline. Stateful failover maintains operating state during failover. Internet Primary: Standby PIX Firewall Internet Secondary: Active PIX Firewall

19 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-19 Summary

20 © 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-20 Summary There are three firewall technologies: packet filtering, proxy server, and stateful packet filtering. The PIX Firewall features include the following: Finesse operating system, ASA, cut-through proxy, stateful failover, VPN, Web-based management, and stateful packet filtering.

Download ppt "© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.

Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
ASA 5500 series adaptive security appliances Has replaced Cisco’s PIX firewalls since 2008 Security services Source:

ASA 5500 series adaptive security appliances Has replaced Cisco’s PIX firewalls since 2008 Security services Source:
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Similar presentations

Ads by Google