Foundation Summary
The "Foundation Summary" provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, this summary provides a convenient way to review the day before the exam.
Firewall Technologies
There are three firewall technologies:- Packet filtering Inspects the incoming and outgoing packets and allows/denies traffic based on source, destination, protocol, and service.
- Proxy Connections are initiated by the firewall on behalf of the requestor. Traffic does not pass through a proxy-based firewall but rather is re-created by the firewall.
- Stateful inspection Stateful inspection firewalls, also know as stateful packet filters, allow/deny traffic based on source, destination, and service while maintaining a state table to keep track of existing connections. This ensures that inbound connections are valid replies to outbound requests.
Cisco PIX Firewall
Four major characteristics of the Cisco Secure PIX Firewall design make it a leading-edge, high-performance security solution:- Secure real-time embedded system This is a single proprietary embedded system designed for improved security, functionality, and performance.
- Adaptive Security Algorithm The ASA is the key to stateful session control in the PIX Firewall. The ASA maintains state information in the state table and randomly generates TCP sequence numbers to prevent session hijacking.
- Cut-through proxy Cut-through proxy is a method for transparently performing authentication and authorization of inbound and outbound connections at the firewall.
- Redundancy The Cisco Secure PIX 515 series and above can be configured in pairs with a primary system and a hot standby.
|
لطفا منتظر باشید ...
