Latest News

Motorola proposed what turned out to be a rather overambitious project known as Iridium. Other vendor consortia, which included companies like Hughes and Raytheon with space sector experience, proposed similar projects. After a number of years, spectrum was allocated, and after a number ... [full story]

Satellite Networks In the 1980s, first-generation cellular systems generally provided quite poor geographic coverage. It varied substantially from country to country and from operator to operator, but typically you might experience demographic coverage of 70 percent to 80 percent of the population, which would ... [full story]

Setting the Stage for Satellite An alternative method of hiding RF and switch hardware, and avoiding the NIMBY factor, is to put the hardware up in the sky or into space. There have been a number of proposals and demonstration projects showing the ... [full story]

The NIMBY Factor One reason for hiding base stations and antennas is that if people don’t know that the hardware is there, they cannot complain about it—the “not in my back yard,” or NIMBY factor. Although it is well beyond the scope of ... [full story]

Alternative Fixed-Access and Mobility Access Wireless Delivery Platforms As we move up in frequency, particularly above 10 GHz, radio waves behave in a very similar way to light. We showed in Chapter 11 that it makes a lot of sense to do indoor RF ... [full story]

Exploring the Navigation Bar The navigation bar provides access to the main areas of ASDM. Figure 4-10 shows the contents of the bar. The navigation bar contains three buttons that enable you to do the bulk of the work for configuring ... [full story]

ASDM Wizards Menu The Wizards menu enables you to launch the VPN Wizard and the Startup Wizard. Both of these wizards are covered in detail later in this book. The VPN Wizard is covered in Chapter 11, "Deploying VPNs"; the Startup ... [full story]

Tools Menu The Tools menu enables you to control various aspects of ASDM related to file management, system reloads, manual command entry, and service group setup. Figure 4-8 shows the Tools menu, and the list that follows describes the options available from ... [full story]

Exploring the Pull-Down Menus Across the top of the page in the ASDM display are seven pull-down menus. The menus are labeled File, Rules, Search, Options, Tools, Wizards, and Help. Table 4-1 provides a general overview of each pull-down menu. A more ... [full story]

Exploring the GUI ASDM has two main components, both of which are explored in this chapter: Pull-down menus Navigation bar These two components have several subcomponents that are addressed in detail in this chapter. In many cases, subcomponents have several layers of detail. The enable/disable ... [full story]

Cisco ASA 5540 Security Appliance The Cisco ASA 5540 Security Appliance is targeted to the larger enterprise/small service provider market. Its estimated throughput is 650 Mbps, with 280,000 maximum connections. The ASA Security Appliance optionally comes with an add-on security module ... [full story]

Cisco ASA 5520 Security Appliance The Cisco ASA 5520 Security Appliance is targeted to the medium-size business/ small-to medium-size enterprise market. Its estimated throughput is 450 Mbps, with 130,000 maximum connections. The ASA Security Appliance optionally comes with an add-on security ... [full story]

Cisco ASA 5510 Security Appliance The Cisco ASA 5510 Security Appliance is targeted to the small-to medium-size business/small enterprise market. Its estimated throughput is 300 Mbps, with 32,000 maximum connections with a base license and 64,000 with a security-plus license. The ... [full story]

PIX 535 The PIX 535 is a large enterprise (with high-traffic requirements) service provider class machine. The 535 can handle 500,000 connections and can pass 1.7 Gbps. It can also support up to ten physical interfaces. The concepts discussed and the ... [full story]

PIX 525 The PIX 525 is a large enterprise or small service provider class machine. The 525 can handle 280,000 connections and can pass 330 Mbps. It can also support up to eight physical interfaces. All the concepts discussed and the ... [full story]

PIX 515E The target market for the PIX 515E is the small business and low-to medium-end enterprise customers. The PIX 515E can handle 130,000 simultaneous connections. The theoretical limit for throughput on the 515E is 190 Mbps. The PIX 515E can support ... [full story]

Models The PIX Firewall has several different models, each intended to address the needs of a different portion of the firewall market. Because this book is targeted to small businesses and medium-to-small enterprises, the PIX 515E is the hardware that is ... [full story]

Cisco ASA/PIX Security Appliance Overview The ASA/PIX Security Appliance is a multipurpose security device designed to provide protection against many different security threats. The ASA/PIX Security Appliance is unique in that you can use it ... [full story]

Using the ASA/PIX Security Appliance Reporting System The ASA/PIX Security Appliance uses the syslog protocol for reporting error messages and alerts. Syslog data can be sent to the device running the ASDM software for troubleshooting purposes, but normally, the security appliance ... [full story]

Securing ASA/PIX Security Appliance Usernames and Passwords You should develop a password policy that helps to ensure that attackers cannot obtain access to your security appliance. In this book, the ASA/PIX Security Appliance is the most critical device in the network, ... [full story]

Security Management of the ASA/PIX Security Appliance You should look at security management as a serious issue. The bottom line is that the security of your network is only as good as the management policies that have been deployed. NOTE For an in-depth ... [full story]

Remote-Access Defense Remote access is a staple of many businesses in today's Internet environment. Increasingly, companies are finding that by allowing employees to telecommute from home or remote offices that productivity increases and expenses and overhead decrease. From a business perspective, ... [full story]

Additional Security Best Practices Along with defense in depth, you need to put some additional best practices into practice to ensure that network security is achieved in your business. Specific issues that you need to address include the following: VPN users are at ... [full story]

Global Correlation Engine CSA also has a powerful feature that can identify attacking machines that might be trying to scan or attack your hosts and stop traffic from those machines. This feature is called the global event correlation engine. The global event ... [full story]

Network Intrusion Prevention Network-based intrusion prevention is a key component of defense in depth and the ASA/PIX Security Appliance. The purpose of this technology is to recognize and stop attacks when they flow through the appliance. The ASA/PIX version 7 operating ... [full story]

ASA/PIX Security Appliance Hardening The hardening of the ASA/PIX Security Appliance discussed in this book includes the following: Turning off clear text management services to the security appliance Correctly applying access control lists limiting connectivity to the inside of your network Turning on auditing ... [full story]

Cisco Router Hardening You need to effectively lock down Cisco routers in your network. Cisco Router and Security Device Manager (SDM) is a tool to help you with this process. SDM has an easy-to-use GUI that enables you to connect to ... [full story]

Security Best Practices Even if defense in depth has been applied in your network, you should still follow certain network, host, and server security best practices to ensure additional protection. By implem-enting the technology previously described in this chapter, you can ... [full story]

Stopping a Computer Attack Although security experts debate the different methods to deploy defense in depth, each method involves the same technologies. The deployment of defense in depth used throughout this book involves four main layers of defense and some device-hardening ... [full story]

Understanding Defense in Depth Defense in depth is the key to stopping most network and computer-related attacks. It's a concept of deploying several layers of defense that mitigate security threats. As discussed in Chapter 1, "Internet Security 101," many hackers look ... [full story]