CSO PERIMETER NETWORK SECURITY

CSO Perimeter Network Security

Table of Contents

Introduction1

Cisco PIX Firewall1

Basic properties1

The main advantages2

Firewalls PIX (Private Internet Exchange)3

Cisco ASA 5500 Firewall4

Security4

Main Features5

Perimeter Defenses5

Network perimeter and defense6

The perimeter of the network, first point to protect7

Email and infection7

Web mail, free infections8

Features needed in the filters8

End Notes10

Information Security: CSO Perimeter Network Security

Introduction

A firewall is a system that protects computer or computer network intrusions from a third-party network (including internet). The firewall is a system for filtering data packets and the network, and it is a filtering gateway providing at least the following network interfaces:

An interface for the system to be protected (internal network).

The firewall system is a software system, based sometimes on dedicated network hardware, providing an intermediary between the local network (and local machine) and one or more external networks. It is possible to put a firewall on any machine with any system provided that:

The machine is powerful enough to handle the traffic;

The system is secure;

No other service that the packet filtering service is running on the server.

In the event that the firewall system is supplied in a black box "turnkey,” we use the term "appliance".

Cisco PIX Firewall

PIX firewall from Cisco Systems belongs to a class of packet filters that utilize state control (crateful inspection). It allows you to control access from both the Internet to the internal network, and vice versa.

To configure the PIX, you can use graphical environment that facilitates and simplifies this process. Unlike traditional packet filter, PIX allows you to authenticate users. Authentication protocols are used for TACACS + and RADIUS, which enable us to authenticate as normal UNIX passwords, and one-time password system S / Key.

PIX can support up to 16,000 simultaneous TCP / IP connections and provide capacity of up to 90 Mbit / sec. PIX is based on a network operating system CISCO IOS, which provides full compatibility with protocol and means for monitoring and control equipment, CISCO, scalable network based on, CISCO, CISCO familiar to administrators router interface.

Basic properties

Protection technology based condition-monitoring protection for network connections; you can restrict unauthorized users from accessing network resources.

Technology interception at the application layer enables users to authenticate using the standard protocols TACACS + and RADIUS

Supports over 16,000 simultaneous connections

Convenient and easy firewall manager provides easy administration of multiple firewalls PIX

Support for third network interface to support open to Internet users for services such as WWW, email, etc.

Support for Point-to-Point Tunneling Protocol (PPTP) Microsoft Developer to implement the virtual corporate networks (VPN)

Support for Oracle SQL * Net to protect the client / server applications

The command interface inherent CISCO IOS System

High reliability through duplication and hot spare

Network Address Translation (NAT) in accordance with RFC 1631

Port Address Translation (PAT) allows to expand the pool of addresses of the company - through a single IP address, you can display 64 000 addresses (both 16.384)

Aliases allow you to display the network address overlapping IP addresses in one address space

For the registered IP addresses, you can cancel the broadcast address, which allows users to use their real addresses

Transparent support for all ...