Free Delivery Over $100
|
|
|||
|
||||
OverviewBest practices for securing networks with FWSM Understand the differences between PIX/ASA firewall and FWSM deployments Review practical design and configuration advice for FWSM deployments Maximize FWSM security features and reduce deployment time Learn from coverage of the latest features and common installation best practices The Firewall Services Module (FWSM) is a high-performance stateful-inspection firewall that integrates into the Cisco 6500 switch and 7600 router chassis. It monitors traffic flows using application inspection engines to provide a strong level of network security. The FWSM defines the security parameter and enables the enforcement of security policies through authentication, access-control lists, and protocol inspection. This is a key component to anyone deploying network security. Many customers have been deploying the firewall services module without specific knowledge on how it functions. They have taken their experience with the PIX firewall and applied it to the FWSM, but there are significant differences between the two products. Cisco Secure Firewall Services Module (FWSM) is designed to help understand how the FWSM functions and the differences between it and the PIX. It also helps you through the design, configuration, implementation, and administration of the FWSM by providing practical examples using best security practices. Full Product DetailsAuthor: Raymond Blair , Arvind DuraiPublisher: Pearson Education (US) Imprint: Cisco Press Dimensions: Width: 18.60cm , Height: 2.80cm , Length: 23.00cm Weight: 0.880kg ISBN: 9781587053535ISBN 10: 1587053535 Pages: 528 Publication Date: 18 September 2008 Audience: Professional and scholarly , Professional & Vocational Format: Paperback Publisher's Status: Out of Print Availability: In Print  Limited stock is available. It will be ordered for you and shipped pending supplier's limited stock. Table of ContentsIntroduction Part I Introduction Chapter 1 Types of Firewalls Understanding Packet-Filtering Firewalls 5 Advantages 5 Caveats 6 Understanding Application/Proxy Firewalls 7 Advantages 8 Caveats 8 Understanding Reverse-Proxy Firewalls Advantages Caveats Utilizing Packet Inspection Reusing IP Addresses NAT PAT Summary Chapter 2 Overview of the Firewall Services Module Specifications Installation Performance Virtualization Comparing the FWSM to Other Security Devices IOS FW PIX ASA Hardware Architecture Software Architecture Summary Chapter 3 Examining Modes of Operation Working with Transparent Mode Advantages Disadvantages Traffic Flow Multiple Bridge Groups Working with Routed Mode Advantages Disadvantages Traffic Flow Summary References Chapter 4 Understanding Security Levels Traffic Flow Between Interfaces Network Address Translation/Port Address Translation Static NAT Number of Simultaneous TCP Connections Number of Embryonic Connections DNS Norandomseq TCP UDP Static PAT Dynamic NAT Dynamic PAT NAT Control NAT Bypass NAT 0 or Identity NAT Static Identity NAT Summary References Chapter 5 Understanding Contexts Benefits of Multiple Contexts Separating Security Policies Leveraging the Hardware Investment Disadvantages of Multiple Contexts Adding and Removing Contexts Adding a Context Removing a Context Storing Configuration Files Changing Between Contexts Understanding Resource Management Memory Partitions Summary Part II Initial Configuration Chapter 6 Configuring and Securing the 6500/7600 Chassis Understanding the Interaction Between the Host-Chassis and the FWSM Assigning Interfaces Securing the 6500/7600 (Host-Chassis) Controlling Physical Access Being Mindful of Environmental Considerations Controlling Management Access Disabling Unnecessary Services Controlling Access Using Port-Based Security Controlling Spanning Tree Leveraging Access Control Lists Securing Layer 3 Leveraging Control Plane Policing Protecting a Network Using Quality of Service Employing Additional Security Features Summary References Chapter 7 Configuring the FWSM Configuring FWSM in the Switch Exploring Routed Mode Exploring Transparent Mode Using Multiple Context Mode for FWSM Context Configurations System Context Configurations Admin Context Configurations Packet Classifier in FWSM Context Mode Understanding Resource Management in Contexts Configuration Steps for Firewall Services Module Type 1: Configuring Single Context Routed Mode Type 2: Configuring Single Context Transparent Mode Type 3: Configuring Multiple Context Mixed Mode Summary Chapter 8 Access Control Lists Introducing Types of Access Lists Understanding Access Control Entry Understanding Access List Commit Understanding Object Groups Monitoring Access List Resources Configuring Object Groups and Access Lists Working with Protocol Type Working with Network Type Working with Service Type Working with Nesting Type Working with EtherType Summary Chapter 9 Configuring Routing Protocols Supporting Routing Methods Static Routes Default Routes Open Shortest Path First SPF Algorithm OSPF Network Types Concept of Areas OSPF Link State Advertisement Types of Stub Area in OSPF OSPF in FWSM OSPF Configuration in FWSM Interface-Based Configuration for OSPF Parameters Summarization Stub Configuration NSSA Configuration Default Route Information Timers OSPF Design Example 1 OSPF Design Example 2 Routing Information Protocol RIP in FWSM Configuration Example of RIP on FWSM Border Gateway Protocol BGP in FWSM BGP Topology with FWSM Summary Chapter 10 AAA Overview Understanding AAA Components Authentication in FWSM Authorization in FWSM Accounting in FWSM Comparing Security Protocols Understanding Two-Step Authentication Understanding Fallback Support Configuring Fallback Authentication Configuring Local Authorization Understanding Cut-Through Proxy in FWSM Configuring Custom Login Prompts Using MAC Addresses to Exempt Traffic from Authentication and Authorization Summary Chapter 11 Modular Policy Using Modular Policy in FWSM Understanding Classification of Traffic Understanding Application Engines Defining Policy Maps Configuring Global Policy Configuring Service Policy Understanding Default Policy Map Sample Configuration of Modular Policy in FWSM Summary Part III Advanced Configuration Chapter 12 Understanding Failover in FWSM Creating Redundancy in the FWSM Understanding Active/Standby Mode Understanding Active/Active Mode Understanding Failover Link and State Link Requirements for Failover Synchronizing the Primary and Secondary Firewalls Monitoring Interfaces Configuring Poll Intervals Design Principle for Monitoring Interfaces Configuring Single Context FWSM Failover Configuring Multiple Context FWSM Failover Summary Chapter 13 Understanding Application Protocol Inspection Inspecting Hypertext Transfer Protocol Inspecting File Transfer Protocol Working with Supported Applications Configuring ARP Inspecting ARP Configuring Parameters for ARP Configuring MAC Entries Adding Static Entries Summary References Chapter 14 Filtering Working with URLs and FTP Configuring ActiveX and Java Summary References Chapter 15 Managing and Monitoring the FWSM Using Telnet Using Secure Shell Using Adaptive Security Device Manager Configuring the FWSM Using ASDM Managing the FWSM from the Client Securing Access Configuring the FWSM for VPN Termination Configuring the VPN Client Working with Simple Network Management Protocol Examining Syslog Working with Cisco Security Manager Monitoring Analysis and Response System Summary References Chapter 16 Multicast Protocol Independent Multicast Understanding Rendezvous Point PIM Interface Modes IGMP Protocol Multicast Stub Configuration Multicast Traffic Across Firewalls FWSM 1.x and 2.x Code Releases FWSM 3.x Code Release Configuration Methods Method 1: Configuration Example for Multicast Through Firewall in Single Context Routed Mode Method 2: Configuration Example for Multicast Through Firewall via GRE Method 3: Configuration Example for Multicast Through Transparent Firewall in Multiple Context Mode Summary Chapter 17 Asymmetric Routing Asymmetric Routing Without a Firewall Asymmetric Traffic Flow in a Firewall Environment Avoiding Asymmetric Routing Through Firewalls Option 1: Symmetric Routing Through Firewalls Option 2: Firewall Redundancy and Routing Redundancy Symmetry Supporting Asymmetric Routing in FWSM Asymmetric Routing Support in Active/Standby Mode Asymmetric Routing Support in Active/Active Mode Configuring ASR in FWSM Summary Chapter 18 Firewall Load Balancing Reasons for Load Balancing Firewalls Design Requirements for Firewall Load Balancing Firewall Load-Balancing Solutions Firewall Load Balancing with Policy-Based Routing Firewall Load Balancing with Content Switch Module Configuring the CSM Snapshot Configuration for CSM Supporting Firewall Load Balancing Firewall Load Balancing Using the Application Control Engine ACE Design for Firewall Load Balancing Firewall Load Balancing Configuration Example OUT2IN Policy Configuration Firewall Configuration IN2OUT Policy Configuration Summary Chapter 19 IP Version 6 Understanding IPv6 Packet Header Examining IPv6 Address Types Neighbor Discovery Protocol IPv6 in FWSM Configuring Multiple Features of IPv6 in FWSM Interface Configuration Router Advertisement Duplicate Address Detection Timer for Duplicate Address Detection Configuring Access Lists Configuring Static Routes Configuring IPv6 Timers in FWSM Configuring IPv6 in FWSM Configuring PFC (Layer 3 Device) on the Outside Security Domain Configuring FWSM Configuring a Layer 3 Device on the Inside Security Domain Verify the Functionality of FWSM Working with the showCommand for IPv6 in FWSM Summary Chapter 20 Preventing Network Attacks Protecting Networks Shunning Attackers Spoofing Understanding Connection Limits and Timeouts Configuring Connection Limits Configuring Timeouts Summary References Chapter 21 Troubleshooting the FWSM Understanding Troubleshooting Logic Assessing Issues Logically Connectivity Test of a Flow at the FWSM Troubleshooting Flow Issues FAQs for Troubleshooting How Do You Verify Whether the Traffic Is Forwarded to a Particular Interface in the FWSM? How Do I Verify ACL Resource Limits? How Do I Verify the Connectivity and Packet Flow Through the Firewall? What Is Network Analysis Module? What Are Some Useful Management and Monitoring Tools? How Do I Recover Passwords? Summary Part IV Design Guidelines and Configuration Examples Chapter 22 Designing a Network Infrastructure Determining Design Considerations Documenting the Process Determining Deployment Options Determining Placement Working with FWSM and the Enterprise Perimeter FWSM in the Datacenter Throughput Flexibility Availability Supporting Virtualized Networks Summary Reference Chapter 23 Design Scenarios Layer 3 VPN (VRF) Terminations at FWSM Configuring the PFC Configuring the FWSM Failover Configuration in Mixed Mode Interdomain Communication of Different Security Zones Through a Single FWSM Configuring the PFC FWSM Configuration Dynamic Learning of Routes with FWSM Single Box Solution with OSPF Data Center Environment with the FWSM Method 1: Layer 3 VPN Segregation with Layer 3 FWSM (Multiple Context Mode) Method 2: Layer 3 VPN Segregation with Layer 2 FWSM (Multiple Context Mode) PVLAN and FWSM PVLAN Configuration in FWSM Design Scenario 1 for PVLAN in FWSM Design Scenario 2 for PVLAN in FWSM Configuring PVLAN Summary Part V FWSM 4.x Chapter 24 FWSM 4.x Performance and Scalability Improvements Increasing Performance by Leveraging the Supervisor Using the PISA for Enhanced Traffic Detection Improving Memory Partitioning Memory Reallocating Rules Optimizing ACL Summary Chapter 25 Understanding FWSM 4.x Routing and Feature Enhancements Configuring EIGRP Configuring Route Health Injection Understanding Application Support Configuring Regular Expressions Understanding Application Inspection Improvements Additional Support for Simple Network Management Protocol Management Information Base Miscellaneous Security Features Dynamic Host Configuration Protocol Option 82 Smartfilter HTTPS Support Summary References 1587053535 TOC 8/12/2008ReviewsAuthor InformationRay Blair is a consulting systems architect and has been with Cisco Systems for more than eight years, working primarily on security and large network designs. He has 20 years of experience with designing, implementing, and maintaining networks that have included nearly all networking technologies. His first four years in the high-technology industry started with designing industrial computer systems for process monitoring. Mr. Blair maintains three Cisco Certified Internetwork Expert (CCIE) certifications in Routing and Switching, Security, and Service Provider. He also is a Certified Novell Engineer (CNE) and a Certified Information Systems Security Professional (CISSP). Arvind Durai is an advanced services technical leader for Cisco Systems. His primary responsibility has been in supporting major Cisco customers in the Enterprise sector, some of which includes Financial, Manufacturing, E-commerce, State Government, and Health Care sectors. One of his focuses has been on security, and he has authored several white papers and design guides in various technologies. Mr. Durai maintains two Cisco Certified Internetwork Expert (CCIE) certifications in Routing and Switching and Security. Mr. Durai holds a Bachelor of Science degree in Electronics and Communication, a Master’s degree in Electrical Engineering (MS), and Master’s degree in Business Administration (MBA). Tab Content 6Author Website:Countries AvailableAll regions |
||||
