IMPORTANT COVID-19 UPDATES

9781587051586

Cisco ASA and PIX Firewall Handbook

by
  • ISBN13:

    9781587051586

  • ISBN10:

    1587051583

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2005-01-01
  • Publisher: Cisco Press
  • View Upgraded Edition

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $65.00 Save up to $16.25
  • Buy Used
    $48.75
    Add to Cart Free Shipping

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

Supplemental Materials

What is included with this book?

Summary

The complete guide to the most popular Cisco PIXreg;, ASA, FWSM, and IOSreg; firewall security features Learn about the various firewall models, user interfaces, feature sets, and configuration methods Understand how a Cisco firewall inspects traffic Configure firewall interfaces, routing, IP addressing services, and IP multicast support Maintain security contexts and Flash and configuration files, manage users, and monitor firewalls with SNMP Authenticate, authorize, and maintain accounting records for firewall users Control access through the firewall by implementing transparent and routed firewall modes, address translation, traffic filtering, user authentication, content filtering, application inspection, and traffic shunning Increase firewall availability with firewall failover operation Understand how firewall load balancing works Generate firewall activity logs and learn how to analyze the contents of the log Verify firewall operation and connectivity and observe data passing through a firewall Control access and manage activity on the Cisco IOS firewall Configure a Cisco firewall to act as an IDS sensor Every organization has data, facilities, and workflow processes that are critical to their success. As more organizations make greater use of the Internet, defending against network attacks becomes crucial for businesses. Productivity gains and returns on company investments are at risk if the network is not properly defended. Firewalls have emerged as the essential foundation component in any network security architecture. Cisco ASA and PIX Firewall Handbookis a guide for the most commonly implemented features of the popular Cisco Systemsreg; firewall security solutions. This is the first book to cover the revolutionary Cisco ASA and PIXreg; version 7 security appliances. This book will help you quickly and easily configure, integrate, and manage the entire suite of Ciscoreg; firewall products, including Cisco ASA, PIX version 7 and 6.3, the Cisco IOS router firewall, and the Catalyst Firewall Services Module (FWSM). Organized by families of features, this book helps you get up to speed quickly and efficiently on topics such as file management, building connectivity, controlling access, firewall management, increasing availability with failover, load balancing, logging, and verifying operation. Shaded thumbtabs mark each section for quick reference and each section provides information in a concise format, with background, configuration, and example components. Each section also has a quick reference table of commands that you can use to troubleshoot or display information about the features presented. Appendixes present lists of well-known IP protocol numbers, ICMP message types, and IP port numbers that are supported in firewall configuration commands and provide a quick reference to the many logging messages that can be generated from a Cisco PIX, ASA, FWSM, or IOS firewall. Whether you are looking for an introduction to the firewall features of the new ASA security appliance, a guide to configuring firewalls with the new Cisco PIX version 7 operating system, or a complete reference for making the most out of your Cisco ASA, PIX, IOS, and FWSM firewall deployments, Cisco ASA and PIX Firewall Handbook helps you achieve maximum protection of your network resources. "Many books on network security and firewalls settle for a discussion focused primarily on concepts and theory. This book, however, goes well beyond these topics. It covers in tremendous detail the information every network and security administrator needs to know when co

Author Biography

David Hucaby is a lead network engineer for the University of Kentucky, where he works with healthcare networks based on the Cisco Catalyst, IP Telephony, PIX, and VPN product lines.

Table of Contents

Introduction xxii
Firewall Overview
3(24)
Overview of Firewall Operation
4(5)
Initial Checking
5(1)
Xlate Lookup
6(1)
Conn Lookup
7(1)
ACL Lookup
8(1)
Uauth Lookup
8(1)
Inspection Engine
9(1)
Inspection Engines for ICMP, UDP, and TCP
9(10)
ICMP Inspection
10(2)
A Case Study in ICMP Inspection
12(1)
UDP Inspection
13(2)
TCP Inspection
15(2)
Additional TCP Connection Controls
17(1)
TCP Normalization
18(1)
Other Firewall Operations
19(1)
Hardware and Performance
19(2)
Basic Security Policy Guidelines
21(6)
Further Reading
25(2)
Configuration Fundamentals
27(16)
User Interface
27(7)
User Interface Modes
28(1)
User Interface Features
29(1)
Entering Commands
29(2)
Command Help
31(1)
Command History
32(1)
Searching and Filtering Command Output
32(2)
Terminal Screen Format
34(1)
Firewall Features and Licenses
34(6)
Upgrading a License Activation Key
38(2)
Initial Firewall Configuration
40(3)
Building Connectivity
43(92)
Configuring Interfaces
43(34)
Basic Interface Configuration
44(9)
Interface Configuration Examples
53(2)
Configuring IPv6 on an Interface
55(6)
Testing IPv6 Connectivity
61(1)
Configuring the ARP Cache
62(2)
Configuring Interface MTU and Fragmentation
64(3)
Configuring an Interface Priority Queue
67(4)
Displaying Information About the Priority Queue
71(1)
Firewall Topology Considerations
72(1)
Securing Trunk Links Connected to Firewalls
73(3)
Bypass Links
76(1)
Configuring Routing
77(23)
Using Routing Information to Prevent IP Address Spoofing
78(2)
Configuring Static Routes
80(2)
Static Route Example
82(1)
Configuring RIP to Exchange Routing Information
82(2)
RIP Example
84(1)
Configuring OSPF to Exchange Routing Information
85(1)
OSPF Routing Scenarios with a Firewall
85(3)
Configuring OSPF
88(8)
Redistributing Routes from Another Source into OSPF
96(2)
OSPF Example
98(2)
DHCP Server Functions
100(5)
Using the Firewall as a DHCP Server
100(3)
DHCP Server Example
103(1)
Relaying DHCP Requests to a DHCP Server
103(1)
DHCP Relay Example
104(1)
Multicast Support
105(30)
Multicast Overview
105(1)
Multicast Addressing
106(1)
Forwarding Multicast Traffic
107(1)
Multicast Trees
107(1)
Reverse Path Forwarding
108(1)
IGMP: Finding Multicast Group Recipients
108(1)
IGMPv1
108(1)
IGMPv2
109(1)
PIM: Building a Multicast Distribution Tree
109(1)
PIM Sparse Mode
110(5)
PIM RP Designation
115(1)
Configuring PIM
116(6)
Configuring Stub Multicast Routing (SMR)
122(3)
Configuring IGMP Operation
125(3)
Stub Multicast Routing Example
128(1)
PIM Multicast Routing Example
128(1)
Verifying IGMP Multicast Operation
129(1)
Verifying PIM Multicast Routing Operation
130(5)
Firewall Management
135(90)
Using Security Contexts to Make Virtual Firewalls
135(32)
Security Context Organization
136(1)
Sharing Context Interfaces
137(3)
Issues with Sharing Context Interfaces
140(3)
Configuration Files and Security Contexts
143(1)
Guidelines for Multiple-Context Configuration
144(1)
Initiating Multiple-Context Mode
145(3)
Navigating Multiple Security Contexts
148(1)
Context Prompts
148(1)
Changing a Session to a Different Context
149(1)
Configuring a New Context
149(6)
Context Definition Example
155(5)
Allocating Firewall Resources to Contexts
160(6)
Verifying Multiple-Context Operation
166(1)
Managing the Flash File System
167(17)
Using the PIX 6.x Flash File System
168(1)
Navigating a PIX 7.x or FWSM Flash File System
169(2)
Administering a PIX 7.x or FWSM Flash File System
171(4)
Identifying the Operating System Image
175(1)
Upgrading an Image from the Monitor Prompt
176(3)
Upgrading an Image from an Administrative Session
179(5)
Managing Configuration Files
184(11)
Managing the Startup Configuration
184(1)
Selecting a Startup Configuration File
184(2)
Displaying the Startup Configuration
186(1)
Saving a Running Configuration
187(1)
Viewing the Running Configuration
187(1)
Saving the Running Configuration to Flash Memory
187(1)
Saving the Running Configuration to a TFTP Server
188(1)
Forcing the Running Configuration to Be Copied Across a Failover Pair
189(1)
Forcing the Startup (Nonvolatile) Configuration to Be Cleared
190(1)
Importing a Configuration
191(1)
Entering Configuration Commands Manually
191(1)
Merging Configuration Commands from Flash Memory
191(1)
Merging Configuration Commands from a TFTP Server
192(1)
Merging Configuration Commands from a Web Server
192(1)
Merging Configuration Commands from an Auto Update Server
193(2)
Managing Administrative Sessions
195(13)
Console Connection
196(1)
Telnet Sessions
196(1)
SSH Sessions
197(4)
PDM/ASDM Sessions
201(2)
Starting the PDM or ASDM Application from a Web Browser
203(1)
Starting ASDM from a Local Application
204(2)
User Session Banners
206(1)
Monitoring Administrative Sessions
207(1)
Firewall Reloads and Crashes
208(7)
Reloading a Firewall
209(1)
Reloading a Firewall Immediately
209(1)
Reloading a Firewall at a Specific Time and Date
210(1)
Reloading a Firewall After a Time Interval
210(2)
Obtaining Crash Information
212(1)
Enabling Crashinfo Creation
212(1)
Generating a Test Crashinfo Image
213(1)
Forcing an Actual Firewall Crash
213(1)
Viewing the Crashinfo Information
214(1)
Deleting the Previous Crashinfo File Contents
214(1)
Monitoring a Firewall with SNMP
215(10)
Overview of Firewall SNMP Support
216(2)
Firewall MIBs
218(1)
Firewall SNMP Traps
219(1)
SNMP Configuration
220(5)
Managing Firewall Users
225(44)
Managing Generic Users
226(2)
Authenticating and Authorizing Generic Users
226(1)
Accounting of Generic Users
227(1)
Managing Users with a Local Database
228(7)
Authenticating with Local Usernames
229(2)
Authorizing Users to Access Firewall Commands
231(4)
Accounting of Local User Activity
235(1)
Defining AAA Servers for User Management
235(7)
Configuring AAA to Manage Administrative Users
242(7)
Enabling AAA User Authentication
242(3)
Enabling AAA Command Authorization
245(3)
Enabling AAA Command Accounting
248(1)
Configuring AAA for End-User Cut-Through Proxy
249(15)
Authenticating Users Passing Through
249(4)
Authorizing User Activity with TACACS+ Servers
253(3)
Authorizing User Activity with RADIUS Servers
256(5)
Keeping Accounting Records of User Activity
261(1)
AAA Cut-Through Proxy Configuration Examples
262(2)
Firewall Password Recovery
264(5)
Recovering a PIX or ASA Password
264(1)
Recovering an FWSM Password
265(4)
Controlling Access Through the Firewall
269(124)
Transparent Firewall Mode
269(11)
Configuring a Transparent Firewall
272(8)
Routed Firewall Mode and Address Translation
280(32)
Defining Access Directions
281(1)
Outbound Access
281(1)
Inbound Access
282(1)
Same-Security Access
282(1)
Types of Address Translation
283(3)
Handling Connections Through an Address Translation
286(1)
UDP and TCP Connection Limits
287(1)
Limiting Embryonic Connections
288(1)
TCP Initial Sequence Numbers
289(1)
Static NAT
289(4)
Policy NAT
293(4)
Identity NAT
297(2)
NAT Exemption
299(1)
Dynamic Address Translation (NAT or PAT)
300(6)
Dynamic NAT and PAT Example
306(1)
Controlling Traffic
307(2)
Controlling Access with Medium-Security Interfaces
309(3)
Controlling Access with Access Lists
312(24)
Defining Object Groups
314(1)
Defining Network Object Groups
314(1)
Defining ICMP Type Object Groups
315(2)
Defining Protocol Object Groups
317(2)
Defining Service Object Groups
319(1)
Configuring an Access List
320(1)
Manipulating Access Lists
321(1)
Adding Descriptions to an Access List
322(1)
Defining a Time Range to Activate an ACE
323(2)
Adding an ACE to an Access List
325(4)
Access List Examples
329(4)
Logging ACE Activity
333(1)
Monitoring Access Lists
334(2)
Filtering Content
336(7)
Configuring Content Filters
336(6)
Content-Filtering Examples
342(1)
Defining Security Policies in a Modular Policy Framework
343(22)
Classifying Traffic
345(5)
Defining a Policy
350(2)
Submit Matched Traffic for Application Inspection
352(3)
Set Connection Limits on the Matched Traffic
355(1)
Adjust TCP Options for the Matched Traffic
356(3)
Send the Matched Traffic to an IPS Module
359(1)
Use a Policer to Limit the Matched Traffic Bandwidth
360(3)
Give Matched Traffic Priority Service (LLQ)
363(1)
Default Policy Definitions
364(1)
Application Inspection
365(21)
Configuring Application Inspection
368(5)
Configuring ICMP Inspection
373(3)
Configuring Enhanced HTTP Inspection (http-map)
376(5)
Configuring Enhanced FTP Inspection (ftp-map)
381(2)
Configuring Enhanced SNMP Inspection (SNMP Map)
383(1)
Configuring an MGCP Map
383(2)
Configuring Enhanced GTP Inspection (GTP Map)
385(1)
Shunning Traffic
386(7)
Shun Example
389(4)
Increasing Firewall Availability with Failover
393(56)
Firewall Failover Overview
393(11)
How Failover Works
394(4)
Firewall Failover Roles
398(2)
Detecting a Firewall Failure
400(1)
Failover Communication
401(2)
Active-Active Failover Requirements
403(1)
Configuring Firewall Failover
404(14)
Firewall Failover Configuration Examples
418(11)
Active-Standby Failover Example with PIX Firewalls
419(2)
Active-Standby Failover Example with FWSM
421(1)
Active-Active Failover Example
422(1)
Primary Firewall Configuration
423(2)
Secondary Firewall Configuration
425(1)
Allocating Interfaces to the Contexts
426(1)
Configuring Interfaces in Each Context
427(2)
Managing Firewall Failover
429(9)
Displaying Information About Failover
429(1)
Displaying the Current Failover Status
430(3)
Displaying the LAN-Based Failover Interface Status
433(1)
Displaying a History of Failover State Changes
434(1)
Debugging Failover Activity
434(1)
Monitoring Stateful Failover
435(2)
Manually Intervening in Failover
437(1)
Forcing a Role Change
437(1)
Resetting a Failed Firewall Unit
438(1)
Reloading a Hung Standby Unit
438(1)
Upgrading Firewalls in Failover Mode
438(11)
Upgrading an Active-Standby Failover Pair
439(2)
Running with Mismatched Image Releases
441(3)
Upgrading an Active-Active Failover Pair
444(5)
Firewall Load Balancing
449(54)
Firewall Load Balancing Overview
449(3)
Firewall Load Balancing in Software
452(19)
IOS FWLB Configuration Notes
453(4)
IOS FWLB Configuration
457(5)
IOS Firewall Load-Balancing Example
462(1)
Basic Firewall Configuration
463(2)
Outside IOS FWLB Configuration
465(2)
Inside IOS FWLB Configuration
467(1)
Displaying Information About IOS FWLB
468(1)
IOS FWLB Output Example
469(2)
Firewall Load Balancing in Hardware
471(22)
FWLB in Hardware Configuration Notes
473(1)
CSM FWLB Configuration
474(9)
CSM Firewall Load-Balancing Example
483(1)
CSM Components Needed
484(1)
Basic Firewall Configuration
485(2)
Outside CSM FWLB Configuration
487(2)
Inside CSM Configuration
489(2)
Displaying Information About CSM FWLB
491(1)
CSM FWLB Output Example
491(2)
Firewall Load-Balancing Appliance
493(10)
CSS FWLB Configuration
494(2)
CSS Appliance Firewall Load-Balancing Example
496(1)
Basic Firewall Configuration
497(3)
Outside CSS FWLB Configuration
500(1)
Inside CSS FWLB Configuration
500(1)
Displaying Information About CSS FWLB
501(2)
Firewall Logging
503(38)
Managing the Firewall Clock
503(5)
Setting the Clock Manually
504(1)
Setting the Clock with NTP
505(3)
Generating Logging Messages
508(23)
Syslog Server Suggestions
511(1)
Logging Configuration
512(1)
PIX 7.x Logging Filters
513(1)
Logging Configuration Steps
514(15)
Verifying Message Logging Activity
529(1)
Manually Testing Logging Message Generation
530(1)
Fine-Tuning Logging Message Generation
531(4)
Pruning Messages
531(1)
Changing the Message Severity Level
532(1)
Access List Activity Logging
533(2)
Analyzing Firewall Logs
535(6)
Verifying Firewall Operation
541(84)
Checking Firewall Vital Signs
541(39)
Using the Syslog Information
542(1)
Checking System Resources
543(1)
Firewall CPU Load
543(5)
Firewall Memory
548(4)
Checking Stateful Inspection Resources
552(1)
Xlate Table Size
552(1)
Conn Table Size
552(2)
Checking Firewall Throughput
554(1)
PDM
554(1)
Syslog
555(1)
Traffic Counters
555(3)
Perfmon Counters
558(2)
Checking Inspection Engine and Service Policy Activity
560(1)
Checking Failover Operation
561(1)
Verifying Failover Roles
561(2)
Verifying Failover Communication
563(3)
Determining if a Failover Has Occurred
566(1)
Determining the Cause of a Failover
567(1)
An Example of Finding the Cause of a Failover
568(2)
Intervening in a Failover Election
570(1)
Checking Firewall Interfaces
571(1)
Interface Name and Status
572(1)
Interface Control
572(1)
Interface Addresses
573(1)
Inbound Packet Statistics
574(1)
Outbound Packet Statistics
575(2)
Packet Queue Status
577(3)
Watching Data Pass Through a Firewall
580(19)
Using Capture
581(1)
Defining a Capture Session
582(6)
Getting Results from a Capture Session
588(2)
Using a Capture Session to Display Trunk Contents
590(1)
Copying Capture Buffer Contents
591(3)
Controlling a Capture Session
594(1)
A Capture Example
595(2)
Using Debug Packet
597(2)
Verifying Firewall Connectivity
599(26)
Step 1: Test with Ping Packets
600(2)
Step 2: Check the ARP Cache
602(2)
Step 3: Check the Routing Table
604(1)
Step 4: Use Traceroute to Verify the Forwarding Path
604(3)
Step 5: Check the Access Lists
607(2)
Step 6: Verify Address Translation Operation
609(1)
Monitoring Translations
609(2)
Monitoring Connections
611(3)
Monitoring Specific Hosts
614(2)
Clearing Xlate Table Entries
616(1)
Adjusting Table Timeout Values
617(1)
Step 7: Look for Active Shuns
618(2)
Step 8: Check User Authentication
620(1)
Authentication Proxy (Uauth)
620(1)
Content Filtering
621(1)
Step 9: See What Has Changed
622(3)
Cisco IOS Firewall: Controlling Access
625(44)
IOS Transparent Firewall
625(4)
Configuring a Transparent IOS Firewall
627(2)
Configuring Network Address Translation
629(16)
NAT Operation
630(3)
Using Static Address Translations
633(3)
Static NAT Example
636(1)
Conditional or Policy Static NAT Example
637(1)
Port Static Translation Example
638(1)
Using Dynamic Address Translations
638(6)
Dynamic Address Translation Example
644(1)
Configuring IOS Firewall Stateful Inspection
645(16)
How CBAC Works
646(3)
Configuring CBAC Inspection
649(9)
CBAC Example
658(1)
Monitoring CBAC Operation
659(1)
Tearing Down Connections
659(1)
Blocked Traffic
660(1)
HTTP, Java, and URL Filtering
661(8)
Monitoring URL Filtering
665(4)
Cisco IOS Firewall: Managing Activity
669(24)
Synchronizing the IOS Firewall Clock
669(5)
Setting the Clock Manually
670(2)
Setting the Clock with NTP
672(2)
NTP Example
674(1)
Configuring IOS Firewall Logging
674(10)
Syslog Server Suggestions
676(1)
Logging Configuration
677(3)
IOS Firewall Logging Messages
680(4)
Using Authentication Proxy to Manage User Access
684(9)
Configuring Authentication Proxy
685(5)
Authentication Proxy Example
690(3)
Intrusion Detection System (IDS) Sensors
693(44)
IDS Overview
693(4)
Cisco Embedded IDS Sensor Availability
694(1)
IDS Alarms
694(3)
IDS Embedded Sensor Configuration
697(16)
Locating the Signature Definitions
697(1)
Using a Signature Update with an IOS IPS Sensor
698(3)
Configuring an Embedded IDS Sensor
701(10)
IDS Sensor Examples
711(2)
Monitoring IDS Activity
713(9)
Verifying Syslog Operation
714(1)
Verifying Post Office Operation
715(5)
Verifying IDS Activity on a Router Sensor
720(1)
Verifying IDS Activity on a Firewall Sensor
721(1)
IDS Sensor Signature List
722(15)
Appendix A Well-Known Protocol and Port Numbers
737(8)
IP Protocol Numbers
737(1)
ICMP Message Types
738(2)
IP Port Numbers
740(5)
Appendix B Security Appliance Logging Messages
745(46)
Alerts---Syslog Severity Level 1 Messages
747(3)
Critical---Syslog Severity Level 2 Messages
750(1)
Errors---Syslog Severity Level 3 Messages
751(11)
Warnings---Syslog Severity Level 4 Messages
762(5)
Notifications---Syslog Severity Level 5 Messages
767(6)
Informational---Syslog Severity Level 6 Messages
773(8)
Debugging---Syslog Severity Level 7 Messages
781(10)
Index 791

Rewards Program

Write a Review