CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Greg Bastien; Earl Carter; Christian Degu

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Copyright

About the Authors

About the Technical Reviewers

Acknowledgments

Icons Used in This Book

Command Syntax Conventions

Introduction

Why the "Second Edition"?

Who Should Read This Book?

How to Use This Book

Certification Exam and This Preparation Guide

Overview of the Cisco Certification Process

Cisco Security Specialist in the Real World

PIX AND Cisco IOS Commands

Rules of the Road

Chapter 1. Network Security

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation and Supplemental Topics

Foundation Summary

Q&A

Chapter 2. Firewall Technologies and the Cisco PIX Firewall

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 3. Cisco PIX Firewall

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 4. System Management/Maintenance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 5. Understanding Cisco PIX Firewall Translation and Connection

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 6. Getting Started with the Cisco PIX Firewall

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 7. Configuring Access

How Best to Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 8. Syslog and the PIX

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 9. Routing and the PIX Firewall

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation and Supplemental Topics

Foundation Summary

Q&A

Chapter 10. Cisco PIX Firewall Failover

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 11. Virtual Private Networks

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Scenario

Chapter 12. Configuring Access VPNs

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation and Supplemental Topics

Foundation Summary

Q&A

Chapter 13. PIX Device Manager

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 14. CiscoWorks Management Center for Firewalls (PIX MC)

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation and Supplemental Topics

Foundation Summary

Q&A

Chapter 15. Content Filtering on the PIX

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 16. Overview of AAA and the PIX

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 17. Configuration of AAA on the PIX

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 18. Attack Guards and Advanced Protocol Handling

How To Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Foundation Summary

Q&A

Chapter 19. Firewall Services Module

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation and Supplemental Topics

Foundation Summary

Q&A

Chapter 20. Case Study and Sample Configuration

Remote Offices

Firewall

Growth Expectation

Task 1: Basic Configuration for the Cisco PIX Firewall

Task 2: Configuring Access Rules on HQ

Task 3: Configuring Authentication

Task 4: Configuring Logging

Task 5: Configuring a VPN Between HQ and Remote Sites

Task 6: Configuring a Remote Access VPN to HQ

Task 7: Configuring Failover

What Is Wrong with This Picture?

Appendix A. Answers to the "Do I Know This Already?" Quizzes and Q&A Sections

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Chapter 11

Chapter 12

Chapter 13

Chapter 14

Chapter 15

Chapter 16

Chapter 17

Chapter 18

Chapter 19

Chapter 20

Index
توضیحات
افزودن یادداشت جدید






  • Foundation Summary


    The "Foundation Summary" provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, this summary provides a convenient way to review the day before the exam.


    Adaptive Security Algorithm


    The ASA is an algorithm used by the PIX Firewall to provide better security than packet filters and better performance than application proxies. Each interface of the firewall is assigned a security level. Traffic flows through the firewall are managed by the security level combined with ACLs or conduits. TCP sequence numbers for outbound connections are randomly generated by the PIX Firewall to greatly reduce the chances of an inbound TCP session being hijacked.


    Cut-Through Proxy


    Cut-through proxy is the method used by the PIX Firewall to authorize users and then allow the connection to occur at the network level after completing the ASA process. This greatly improves firewall performance over application proxy firewalls because every packet traversing the firewall is not inspected.


    Cisco PIX Firewall Models and Features


    The following is a list of the Cisco PIX Firewall models. Chapter 19.

    Table 3-7. PIX Models and Features

    Firewall Model

    501

    506E

    515E

    525

    535

    Intended Business Application

    SOHO

    ROBO

    Small- to medium-size business

    Enterprise

    Enterprise/ ISP

    Intrusion Protection

    Yes

    Yes

    Yes

    Yes

    Yes

    AAA Support

    Yes

    Yes

    Yes

    Yes

    Yes

    X.509 Certificate Support

    Yes

    Yes

    Yes

    Yes

    Yes

    AVVID Partner Support

    Yes

    Yes

    Yes

    Yes

    Yes

    Maximum Installed Interfaces

    One plus a four-port 10/100 switch

    Two 10/100

    Six 10/100

    Eight 10/100

    or

    three Gigabit and two 10/100

    Ten 10/100

    or

    Nine Gigabit

    Supports DHCP

    Yes

    Yes

    Yes

    Yes

    Yes

    NAT

    Yes

    Yes

    Yes

    Yes

    Yes

    PAT

    Yes

    Yes

    Yes

    Yes

    Yes

    PPP over Ethernet

    Yes

    Yes

    Yes

    Yes

    Yes

    Cisco PIX Command Line

    Yes

    Yes

    Yes

    Yes

    Yes

    PIX Device Manager

    Yes

    Yes

    Yes

    Yes

    Yes

    Cisco Secure Policy Manager

    Yes

    Yes

    Yes

    Yes

    Yes

    SNMP and Syslog Support

    Yes

    Yes

    Yes

    Yes

    Yes

    Failover Support

    No

    No

    Yes

    Yes

    Yes

    Maximum Throughput

    60 Mbps

    100 Mbps

    188 Mbps

    330 Mbps

    1.7 GBps

    Maximum Throughput (DES)

    6 Mbps

    20 Mbps

    Not listed

    Not listed

    Not listed

    Maximum Throughput (3DES)

    3 Mbps

    17 Mbps

    63-Mbps VAC

    140-Mbps VAC+

    72-Mbps VAC

    155-Mbps VAC+

    100-Mbps VAC

    440-Mbps VAC+

    Maximum Throughput (AES)

    4.5 Mbps

    (128 AES)

    30 Mbps

    (128 AES)

    135 Mbps (128 AES)

    140 Mbps (256 AES)

    165 Mbps (128 AES)

    170 Mbps (256 AES)

    535 Mbps (128 AES)

    440 Mbps (256 AES)

    Maximum Concurrent Connections

    7500

    25,000

    130,000

    280,000

    500,000

    Maximum Concurrent VPN Peers

    10

    25

    2000

    2000

    2000

    Processor

    133 MHz

    300 MHz

    433 MHz

    600 MHz

    1.0 GHz

    RAM

    16 MB

    32 MB

    32/64 MB

    Up to 256 MB

    Up to 1 GB

    Flash Memory

    8 MB

    8 MB

    16 MB

    16 MB

    16 MB

    • PIX 501 Designed for SOHO use and has two effective interfaces, a single outside interface and a four-port inside switch.

    • PIX 506E Designed for ROBO use and has a single outside interface and a single inside interface.

    • PIX 515E Designed for small- to medium-size networks.

    • PIX 525 Designed for large enterprise networks.

    • PIX 535 Designed for large enterprise networks and ISPs.

    • FWSM A firewall blade designed for the Cisco Catalyst 6500 Series Switch and 7600 Series Router.



    Intrusion Protection


    PIX firewalls were designed to independently detect and react to a variety of attacks. They can also be integrated with the Cisco Secure Intrusion Detection System to dynamically react to different threats.


    AAA Support


    The PIX Firewall supports the following AAA technologies:

    • Local database It is possible to configure a local AAA database on the PIX Firewall; however, it is not recommended because the additional processing required to utilize the local database can adversely effect the performance of the firewall.

    • RADIUS The PIX Firewall supports RADIUS.

    • TACACS+ The PIX Firewall supports TACACS+.



    X.509 Certificate Support


    The PIX Firewall supports X.509 certificates for digital identity verification. X.509 certificates are used in conjunction with encryption for the following:

    • Authentication Digital certificates are used to authenticate the identity of a user or server.

    • Integrity A digital certificate becomes invalid if the digitally signed data has been altered.

    • Token verification Digital certificates can be used as a replacement for passwords.

    • Encryption Digital certificates simplify the identity authentication process when negotiating a VPN connection.


    The Cisco PIX Firewall supports the Simple Certificate Enrollment Protocol (SCEP) and can be integrated with the following X.509 digital identification solutions:

    • Entrust Technologies, Inc. Entrust/PKI 4.0

    • Microsoft Corp. Windows 2000 Certificate Server 5.0

    • VeriSign Onsite 4.5

    • Baltimore Technologies UniCERT 3.05



    Network Address Translation/Port Address Translation


    The PIX Firewall can perform both NAT and PAT.


    Firewall Management


    PIX firewalls can be managed using one of three methods:

    • Cisco command-line interface (CLI)

    • PIX Device Manager (PDM)

    • CiscoWorks Management Center for Firewalls (PIX MC)



    Simple Network Management Protocol


    PIX firewalls allow limited SNMP support. Because SNMP was designed as a network management protocol and not a security protocol, it can be used to exploit a device. For this reason, the PIX Firewall allows only read-only access to remote connections. This allows the manager to remotely connect to the device and monitor SNMP traps but does not allow the manager to change any SNMP settings.


    Syslog Support


    PIX firewalls log four different types of events onto syslog:

    • Security

    • Resource

    • System

    • Accounting



    Virtual Private Networks


    All PIX firewalls are designed to function as a termination point, or VPN gateway, for VPNs. This functionality enables administrators to create encrypted connections with other networks over the Internet.


      • / 191