Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Business Security : Cisco ASA/PIX Security Appliance Overview

Cisco ASA/PIX Security Appliance Overview

Oct 13,2011 by admin

small font medium font large font
image

Cisco ASA/PIX Security Appliance Overview

The ASA/PIX Security Appliance is a multipurpose security device designed to provide protection against many different security threats. The ASA/PIX Security Appliance is unique in that you can use it as a perimeter device, and it can handle many of the layers of the tradition defense-in-depth model.

The ASA/PIX Security Appliance has many functions that protect your network. This book addresses the following specific functions:

  • Denial-of-service protection

  • Traffic filtering

  • Interface isolation (DMZ deployment)

  • Stateful traffic inspection

  • Application inspection

  • User authentication

  • Intrusion prevention

  • Secure management

  • Event logging

Denial-of-Service Protection

The ASA/PIX Security Appliance uses various technologies to determine whether a distributed denial-of-service/denial-of service (DDoS/Dos) attack is launched against the security appliance. In general, it determines whether invalid data flows are being sent to the ASA/PIX Security Appliance leaving half-open connects. If so, the security appliance determines which attempted flows are invalid and cleans them up so that the appliance hardware resources are available to do the intended job of securing the network.

Traffic Filtering

The ASA/PIX Security Appliance uses access control lists (ACLs) to determine which protocols should be let into and out of the security appliance. The ACLs ensure that users on your inside network can access the Internet while keeping Internet traffic from entering into your network unless you explicitly allow access.

Interface Isolation (DMZ Deployment)

The ASA/PIX Security Appliances have multiple interfaces that you can dedicate to isolating Internet servers. This topology is often referred to as a demilitarized zone (DMZ). This feature is significant because, as discussed in earlier chapters, Internet servers are often the devices that hackers attack. If hackers want to get to hosts or devices on the inside of the network, and they compromise a host on the DMZ, they still face getting through the security appliance to get to the inside devices.

Stateful Traffic Inspection

Stateful inspection means that the security appliance keeps track of connections going in and out. This monitoring capability is significant because it enforces the concept that only traffic sourced from the inside of a security appliance or explicitly allowed with an ACL will be let back through the appliance. Stateful inspection keeps possible malicious traffic sourced from the Internet from traversing the security appliance and helps secure your inside network from application-level attacks.

Application Inspection

Application inspection has two functions in the ASA/PIX security appliance, as follows:

User Authentication

The ASA/PIX Security Appliance can authenticate protocols that are let through the security appliance such as Telnet, FTP, and HTTP. If you elect to authenticate users using these protocols, they must enter a username and password before traffic can cross the security appliance. If users enter the correct set of authentication credentials, they are allowed to access the requested service. If the username and password are not entered or entered incorrectly, users are denied access and the access attempt is logged to your security appliance syslog server. The ASA/PIX Security Appliance also offers several options for authenticating users who are managing the security appliance.

Intrusion Prevention

The Cisco ASA/PIX Security Appliance uses a set of well-known attack signatures to determine whether attack traffic is attempting to traverse the security appliance. You can configure the security appliance to either drop the attack traffic it finds or report the traffic to a syslog server. In addition, the security appliance enables you to write custom access service policy that enforces protocol compliance on certain traffic traversing the appliance.

Secure Management

The ASA/PIX Security Appliance uses two secure methods to manage the appliance from the network: Secure Shell (SSH) or Hypertext Transport Protocol Secure (HTTPS). Although you do learn in this book how to configure SSH, all the configurations herein use ASDM, which uses HTTPS to secure its connection to the device. The ASA/PIX Security Appliance also has built-in management support for Telnet and HTTP. Because these protocols pass traffic, including usernames and passwords, in clear text, which makes it easy for someone to steal access credentials, these methods are not recommended.

Event Logging

Many different levels of logging are available on the ASA/PIX Security Appliance. This book uses syslog with the output destined for the ASDM application. Along with providing vital information regarding the status of your appliance, syslog makes troubleshooting the security appliance much more user friendly. ASA/PIX Security Appliance syslog enables you to identify possible network attacks and helps you perform attack analysis.


321 times read

Related news
No matching news for this article
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.