Synopses & Reviews
Reduce the threat of network attacks with the official CSPFA Coursebook
- Prepare for the Cisco Security Specialist 1 PIX exam with the official CSPFA Coursebook
- Understand the physical characteristics of PIX models 506, 515, 520, 525, and 535, including LED information and port and slot numbering
- Upgrade PIX OS code, perform password recovery, and install feature licenses
- Configure IPSec Phase I and Phase II Security Associations
- Configure Cisco routers to perform Context Based Access Control (CBAC)
- Examine the many operating features of the PIX, such as Cut-Through Proxy, Advanced Protocol Handling, Attack Guards, and the Adaptive Security Algorithm (ASA)
- Learn the ins and outs of address translation and access control
- Install the Cisco Secure ACS server and configure corresponding services on the PIX to authenticate and authorize users and services
- Understand attack guards such as Syn Flood, Fragmentation, AAA, DNS, and Mail
- Examine the workings of the PIX failover mechanism and learn the difference between failover, stateful failover, interface testing, and the failover poll
One of the primary components of any organization's security policy is the implementation and maintenance of firewalls. Firewalls are network devices residing at the perimeter of corporate networks that protect internal networks from intrusion by the outside world. The integrated hardware/software PIX Firewall series delivers high security without impacting network performance while scaling to meet the entire range of customer requirements.
Based on the official instructor-led training course (Cisco Secure PIX FirewallAdvanced-CSPFA), Cisco Secure PIX Firewalls teaches you the skills needed to describe, configure, verify, and manage the PIX Firewall product family and the Cisco IOS(r) Firewall feature set. Starting with a discussion of hacking methodologies and internal and external threats, the book opens by describing the Cisco Security Wheel, emphasizing network security as a continuous process. The authors then familiarize you with the characteristics of the various PIX models and examine upgrade tasks. The book covers basic installation details, as well as how to enable more advanced features and access control. In addition, the book details management and monitoring with PIX Syslog services and the PIX AAA subsystem. You also learn to configure the PIX Failover mechanism, IPSec on the PIX, and the Cisco IOS Firewall feature set. The appendixes provide helpful references, including configuring PIX intrusion detection features, SNMP management support, DHCP client and server, Secure Shell Protocol (SSH) connection, and dozens of security-related resources.
Whether you are preparing for the Cisco Security Specialist 1 certification or simply want to understand and make the most efficient use of PIX Firewalls, Cisco Secure PIX Firewalls provides you with a complete solution for planning, deploying, and managing PIX Firewall protected networks.
This volume is in the Certification and Training Series offered by Cisco Press. Books in this series provide officially developed training solutions on key internetworking topics to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.
Synopsis
This is the only book that concentrates solely on implementation of Cisco PIX Firewalls, the market leading firewall product. It is full of configuration techniques and security management details.
Description
Based on the official instructor-led training courses (Cisco Secure PIX Firewall Fundamentals CSPFF and Cisco Secure PIX Firewall Advanced CSPFA), Cisco Secure PIX Firewalls teaches network security fundamentals while focusing on PIX Firewall hardware characteristics. Learn how to configure basic and advanced features of PIX Firewall hardware as well as how to configure PIX Firewalls for VPN connectivity using IPSec. The material also covers firewalling techniques using Cisco IOS software. The first section focuses on network security fundamentals. The second section covers PIX hardware and software features. The third section discusses basic configuration of PIX Firewalls. The fourth section delves into more advanced features of the PIX. The fifth section introduces readers to VPN implementation with PIX and IPSec. The last section presents use of Cisco IOS routers as firewalls. Cisco Secure PIX Firewalls also includes configuration techniques, security management details, and real-life examples of firewall security implementation.
About the Author
David Chapman, a Cisco Certified Network Professional with a Security Specialization, is a Cisco Security Instructor with Global Knowledge Networks. He delivers the Cisco Secure PIX Firewall Fundamentals (CSPFF) and Cisco Secure PIX Firewall Advanced (CSPFA) classes to servce provider and enterprise students around the world. He designed and delivered an enhanced, real-world PIX-to-PIX Lab for the CSPFA course. Previous to joining Global Knowledge, David was a Senior Network Engineer for FirstWorld, Inc., where his duties included network design, firewall design/implementation, VPN design/implementation, network management, and troubleshooting. His protocol expertise includes TCP/IP, IPSec, BGP, IPX, SNA, AppleTalk, Frame Relay, PPP, HDLC, LLC, and NetBIOS/SMB. David has passed the CCIE qualification exam and is working on attaining CCIE status.
Andy Fox, CCSA, CCNA, CCDA is a Certified Cisco Systems Instructor with Global Knowledge, Inc. Andy has been teaching Cisco Certified Classes for more than 5 years and is the Course Director for the Managing Cisco Network Security course. After graduating from Purdue University in 1980, Andy began his career in Computer Science as a Computer Operator in the Air Force. Andy worked in various jobs in his 5-year enlistment. One of his jobs was System Administrator of a BBN C70 MINET host at Ramstein AFB in Germany. That job helped him get his next position as a Network Operations Controller at Bolt Beranek and Newman in Cambridge, MA. Working in the Network Operations Center, Andy helped maintain many wide area networks including the ARPANET, MILNET, and MINET. Andy became an instructor in 1996 after working as a Systems Engineer at TYMNET (British Telecom) in New York City, and RPR Pharmaceuticals in Collegeville, PA.
Table of Contents
1. Introduction to Network Security.
2. Cisco PIX Firewall Software and Hardware.
3. Working with and Upgrading the Cisco PIX Firewall Software Image.
4. Configuring the Cisco PIX Firewall.
5. Cisco PIX Firewall Translation.
6. Configuring Access Through the Cisco PIX Firewall.
7. Syslog and General Maintenance.
8. AAA Configuration on the Cisco PIX Firewall.
9. Cisco PIX Firewall Advanced Protocol Handling and Attack Guards.
10. Cisco PIX Firewall Failover.
11. Configuring IPSec for Cisco PIX Firewalls.
12. Cisco IOS Firewall Context-Based Access Control.
13. Cisco IOS Firewall Authentication Proxy Configuration.
Appendix A: Configuring the Cisco PIX Firewall for Intrusion Detection.
Appendix B: Configuring Simple Network Management Protocol (SNMP) on the PIX Firewall.
Appendix C: Configuring Dynamic Host Configuration Protocol (DHCP) on the PIX Firewall.
Appendix D: Configuring Secure Shell (SSH) on the PIX Firewall.
Appendix E: Security Resources.
Appendix F: Answers to Chapter Review Questions.