Securing Your Business with Cisco ASA and PIX Firewalls
- By Greg Abelar
- Published May 27, 2005 by Cisco Press. Part of the Networking Technology series.
Book
- Sorry, this book is no longer in print.
This book is Safari Enabled. When you buy this book, you get free access to the online edition for 45 days.
- Copyright 2005
- Edition: 1st
- Book
- ISBN-10: 1-58705-214-8
- ISBN-13: 978-1-58705-214-9
Protect critical data and maintain uptime with Cisco ASDM and Cisco Security Agent
- Understand how attacks can impact your business and the different ways attacks can occur
- Learn about the defense-in-depth model for deploying firewall and host protection
- Examine navigation methods and features of Cisco ASDM
- Set up Cisco ASA, PIX Firewall, and ASDM hardware and software
- Use the Cisco ASDM startup wizard to safely connect your network to the Internet and securely add public devices such as mail and web servers to your network
- Authenticate firewall users and users of public web servers
- Filter traffic and protect your network from perimeter attacks
- Deploy Cisco Intrusion Prevention System (IPS) to provide more granular traffic inspection and proactive threat response
- Stop attacks launched at the desktop by deploying Cisco Security Agent
- Extend the defense-in-depth model to remote users through IPSec virtual private networks (VPN)
- Enhance your security posture through proper security management
- Understand the advanced features available in the Cisco PIX version 7 operating system
- Recover from software failure with Cisco PIX version 7
Many people view security as a “black-box-voodoo” technology that is very sophisticated and intimidating. While that might have been true a few years ago, vendors have been successful in reducing the complexity and bringing security to a point where almost anyone with a good understanding of technology can deploy network security.
Securing Your Business with Cisco ASA and PIX Firewalls is an extension of the work to simplify security deployment. This easy-to-use guide helps you craft and deploy a defense-in-depth solution featuring the newly released Cisco® ASA and PIX® version 7 as well as Cisco Security Agent host intrusion prevention software. The book simplifies configuration and management of these powerful security devices by discussing how to use Cisco Adaptive Security Device Manager (ASDM), which provides security management and monitoring services through an intuitive GUI with integrated online help and intelligent wizards to simplify setup and ongoing management. In addition, informative, real-time, and historical reports provide critical insight into usage trends, performance baselines, and security events. Complete with real-world security design and implementation advice, this book contains everything you need to know to deploy the latest security technology in your network.
Securing Your Business with Cisco ASA and PIX Firewalls provides you with complete step-by-step processes for using Cisco ASDM in conjunction with Cisco Security Agent to ensure that your security posture is strong enough to stand up against any network or host attack whether sourced from the Internet or from inside your own network.
"Firewalls are a critical part of any integrated network security strategy, and books such as this will help raise awareness of both the threats inherent in today’s open, heterogeneous internetworking environments and the solutions that can be applied to make the Internet a safer place."
—Martin E. Hellman, professor emeritus of Electrical Engineering,
Stanford University and co-inventor of public key cryptography
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Links
Download related content from TechRepublic.com
Cisco PIX Firewall: Lock it down in 10 steps
Firewall failure plan checklist
Design the best network security topology for your firewall using these diagrams
Downloadable Sample Chapter
Download - 493 KB -- Chapter 5: Deploying Secure Internet Connectivity
Table of Contents
Table of Contents
Foreword
Introduction
Part I Network Security and the ASA/PIX Security Appliance
Chapter 1 Internet Security 101
Network Attacks: A Serious Problem
Rising Security Incidents
Hacking Tools
Assessing Your Vulnerability to Network Attacks
Attack Impact
Tangible Costs
Intangible Costs
Government Network Security Regulations
Attackers
Motivation for Attacks
Anatomy of a Computer Attack
Choosing Victims
Protecting Yourself and Your Business
Developing a Security Policy
Summary
Chapter 2 Principles of Network Defense
Understanding Defense in Depth
Stopping a Computer Attack
Defense-in-Depth Implementation Details
Authentication, Authorization, and Accounting
Perimeter Security
Network Intrusion Prevention
Host Intrusion Prevention
Additional Security Best Practices
Remote-Access Defense
Security Management of the ASA/PIX Security Appliance
Summary
Chapter 3 Getting Started with the ASA/PIX Security Appliance
Cisco ASA/PIX Security Appliance Overview
Denial-of-Service Protection
Traffic Filtering
Interface Isolation (DMZ Deployment)
Stateful Traffic Inspection
Application Inspection
User Authentication
Intrusion Prevention
Secure Management
Event Logging
Models
PIX 515E
PIX 525
PIX 535
Cisco ASA 5510 Security Appliance
Cisco ASA 5520 Security Appliance
Cisco ASA 5540 Security Appliance
Installing the ASA/PIX Security Appliance
Understanding the ASA/PIX Hardware Ports
Installing Power
Booting the ASA/PIX Security Appliance
Troubleshooting
Installing the ASA/PIX Software
Manual ASA/PIX Version 7 Installation
ASA/PIX Licenses
Installing the PIX License Key
Summary
Chapter 4 Exploring the Adaptive Security Device Manager
Exploring the GUI
Exploring the Pull-Down Menus
Exploring the Navigation Bar
Summary
Part II Securing Network Infrastructures with ASDM
Chapter 5 Deploying Secure Internet Connectivity
Introducing the ASDM Startup Wizard
Basic Network Topology
Understanding the Elements of Your Network
Using the ASDM Startup Wizard
Connecting to the ASA/PIX Security Appliance with ASDM
Using the ASDM Startup Wizard to Configure the ASA/PIX 
Security Appliance
Summary
Chapter 6 Deploying Web and Mail Services
Review of Your Current Network Topology
Designing the Network Topology to Include Web and Mail Services
Logical Placement of the Servers
Defining Inside and Outside Server Addresses
Defining Services
New Topology
Use the ASDM Startup Wizard to Deploy Web and Mail Services
Connect the New Servers to the ASA/PIX Security Appliance
Configure Your ASA/PIX Security Using ASDM
Summary
Chapter 7 Deploying Authentication
Defining Authentication
The Purpose of Authentication
Implementing Authentication
Securing Access to the Security Appliance
Monitoring Security Appliance Access
AAA Authentication Access
Authentication for Inbound and Outbound Services
Outbound URL Filtering for Public Services
VPN Authentication
Summary
Chapter 8 Deploying Perimeter Protection
Perimeter Protocol Enforcement
Customizing Protocol Inspections
Perimeter Traffic Filtering
Perimeter Denial-of-Service Protection
Mitigating Network Bandwidth DoS Attacks
Mitigating Resource-Intensive DoS Attacks
Summary
Chapter 9 Deploying Network Intrusion Prevention
What Is Intrusion Prevention?
Why Use IPS and IP Audit?
What Are the ASA/PIX IPS and IP Audit Signatures?
Deploying Intrusion Prevention on the ASA/PIX
Viewing and Changing ASA/PIX IP Audit Signatures
Summary
Chapter 10 Deploying Host Intrusion Prevention
Why Use Host Intrusion Prevention
Anatomy of a Host or Server Attack
CSA Internals
CSA in Action
Implementing Host Intrusion Prevention
CSA Deployment Suggestions
Virus Scanners and CSA: The Complete Solution
Summary
Chapter 11 Deploying VPNs
Understanding Virtual Private Networks
Implementing VPN Using ASDM
Downloading and Installing the Cisco VPN Client
Configure VPN on the ASA/PIX Security Appliance
Configure and Connect Using the VPN Client
Using the VPN Client with NAT
Monitoring VPN Usage with ASDM
VPN Client | Statistics Panel
Monitor VPN Statistics from ASDM
Summary
Part III Appendixes
Appendix A Deploying Effective Security Management
Appendix B ASA/PIX Version 7 Advanced Features
Appendix C ASA/PIX Version 7 and ASDM Software Recovery
Index
Index
Download - 58 KB -- Index