© 2006 Cisco Systems, Inc. All rights reserved.SNRS v2.05-1 Adaptive Threat Defense Examining Cisco IOS Firewall.

Презентация:

Advertisements

Похожие презентации

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary The Cisco IOS Firewall feature set combines existing Cisco IOS Firewall technology.

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco IOS Threat Defense Features Introducing the Cisco IOS Firewall.

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Configuring Cisco IOS Firewall Authentication Proxy.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring a Cisco IOS Firewall Configuring a Cisco IOS Firewall with the Cisco SDM Wizard.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Module Summary IDS technology is passive; it monitors the network for suspicious activity and.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing Networks with Cisco IOS IPS Configuring Cisco IOS IPS.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing the Perimeter Applying a Security Policy for Cisco Routers.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 3 Cisco PIX Firewall Technology and Features.

© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.

© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Module Summary The Cisco Discovery Protocol is an information-gathering tool used by network.

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Secured Connectivity Examining Cisco IOS VPNs.

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Cisco Network Foundation Protection Securing the Management Plane.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Minimizing Service Loss and Data Theft in a Campus Network Securing Network Switches.

© 2005 Cisco Systems, Inc. All rights reserved. INTRO v Module Summary TCP/IP is the most widely used networking protocol, with functions that can.

© 2007 Cisco Systems, Inc. All rights reserved. Securing Networks with Cisco Routers and Switches (SNRS) v2.0 SNRS v2.01.

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Introduction to VoIP Considering Security Implications of VoIP Networks.

© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Module Summary IPsec is designed to provide interoperable, high-quality, cryptographically.

© 2006 Cisco Systems, Inc. All rights reserved. SND v2.0#-1 Configuring a Cisco IOS Firewall Introducing Firewall Technologies.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Module Summary Cisco IOS Firewall combines the stateful firewall engine with application-layer.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Site-to-Site IPsec VPN Operation.

Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Examining Cisco IOS Firewall

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Firewalls Router with Firewall Corporate Resources DMZ Corporate Headquarters Branch Office Research and Development Partner

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v IOS Firewall Deploy: As an Internet Firewall Between groups on internal network As a VPN end point from branches Between partner network and corporate Features: Cisco IOS Software Stateful Packet Inspection Protection Against Attack Alerts and Audit Trails Authentication Proxy Support for NAT and Port-to-Application Mapping (PAM)

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Cisco IOS Firewall Feature Set Classic firewall Authentication proxy Cisco IOS IPS ACLs –Standard and extended –Lock-and-key (Dynamic ACLs) –Reflexive TCP Intercept PAM NAT Security server support –RADIUS, TACACS+, Kerberos User authentication and authorization

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Cisco IOS Classic Firewall Packets are inspected entering the firewall by Cisco IOS classic firewall if they are not specifically denied by an ACL. Cisco IOS classic firewall permits or denies specified TCP and UDP traffic through a firewall. A state table is maintained with session information. ACLs are dynamically created or deleted. Cisco IOS classic firewall protects against DoS attacks. TCP UDP Internet

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Cisco IOS Firewall Authentication Proxy HTTP, HTTPS, FTP, and Telnet authentication Provides dynamic, per-user authentication and authorization via TACACS+ and RADIUS protocols

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v TCP UDP Internet Cisco IOS IPS Acts as an in-line Cisco IOS intrusion prevention sensor When a packet or packets match a signature, it can perform any of the following configurable actions: –Alarm: Send an alarm to a security device manager or syslog server –Drop: Drop the packet –Reset: Send TCP resets to terminate the session Identifies 1500-plus common attacks

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Summary Firewalls are networking devices that control access to network assets of your organization. The Cisco IOS Firewall feature set combines existing Cisco IOS Firewall technology and Cisco IOS Classic Firewall. The Cisco IOS Firewall is a security-specific option for Cisco IOS Software. Cisco IOS classic firewall intelligently filters TCP and UDP packets based on applicationlayer protocol session information. The Cisco IOS Firewall authentication proxy feature allows network administrators to apply specific security policies on a per- user basis. The Cisco IOS IPS acts as an in-line intrusion detection sensor.

© 2006 Cisco Systems, Inc. All rights reserved.SNRS v2.05-9