Download
1 / 6

Introduction to - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

I. Introduction to. ASA Security Appliances and Basic Configuration Tasks. 1. 1. ASA Product Family. 3. 4. Cisco ASA Configuration HIS CHAPTER INTRODUCES THE FEATURES AND HARDWARE OF CISCO’S ADAPTIVE SECURITY APPLIANCE (ASA) PRODUCT LINE. THE TOPICS INCLUDE

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Introduction to' - pearly


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

I

Introductionto

ASASecurity

AppliancesandBasic

ConfigurationTasks

1


1

ASAProductFamily

3


4

CiscoASAConfiguration

HISCHAPTERINTRODUCESTHEFEATURESANDHARDWAREOFCISCO’SADAPTIVESECURITY

APPLIANCE(ASA)PRODUCTLINE.THETOPICSINCLUDE

▼FEATURESOFTHEASA,INCLUDINGTHEOPERATINGSYSTEM,SECURITYALGORITHM,

REDUNDANCY,ANDOTHERS

T

THEHARDWAREOFTHEASAPRODUCTLINE,INCLUDINGTHEMODELS,SUPPORTED

HARDWAREMODULES(CARDS),ANDLICENSING

ASAFEATURES

CISCO’SASAISASETOFSTATEFULSECURITYAPPLIANCESRANGINGFROMTHEMODEL5505,WHICH

ISDESIGNEDFORSMALLOFFICE,HOMEOFFICE(SOHO)ENVIRONMENTS,TOTHE5580,WHICHIS

DESIGNEDFORLARGEENTERPRISENETWORKSANDISPSITES.ALLOFTHESEPRODUCTSUSETHESAME

OPERATINGSYSTEMANDMANAGEMENTTOOLS,EASINGYOURIMPLEMENTATIONANDMONITORING

TASKS.BECAUSEALLTHESECURITYAPPLIANCESUSETHESAMEOPERATINGSYSTEM,THEMAJORDIF-

FERENCESBETWEENTHEMODELSPRIMARILYCONCERNSCALABILITYANDPERFORMANCE.

THEASAFAMILYOFPRODUCTS(ANDTHEIROLDERSIBLINGS,THEPIXPRODUCTS)CANBESTBE

DESCRIBEDASHYBRIDFIREWALLS.CISCO,HOWEVER,DOESNOTLIKETOUSETHETERM“FIREWALL”TO

DESCRIBETHEASAANDPIXPRODUCTFAMILY.INSTEAD,CISCOPREFERSUSINGTHETERM“SECURITY

APPLIANCE,”MAINLYBECAUSETHEASAPRODUCTSANDTHEPRODUCTSTHEYREPLACED,THEPIX

PRODUCTS,ARENOTJUSTSTATEFULFIREWALLS;THEYALSOSUPPORTMANYOTHERSECURITYFEATURES,

INCLUDING

SECURE,REAL-TIME,PROPRIETARYOPERATINGSYSTEM

STATEFULFIREWALLUSINGTHECISCOSECURITYALGORITHM(SA)

SEQUENCENUMBERRANDOMIZATION(SNR)TOSECURETCPCONNECTIONS

CUT-THROUGHPROXY(CTP)FORAUTHENTICATINGTELNET,HTTP,ANDFTPCONNECTIONS

DEFAULTSECURITYPOLICIESTOENSUREMAXIMUMPROTECTION,ASWELLASTHEABILITY

TOCUSTOMIZETHESEPOLICIESANDBUILDYOUROWNPOLICIES

VIRTUALPRIVATENETWORK(VPN)ABILITIES:IPSEC,SSL,ANDL2TP

INTRUSIONDETECTIONANDPREVENTIONSYSTEMS(IDSANDIPS)

ADDRESSTRANSLATIONUSINGDYNAMICANDSTATICNETWORKANDPORTADDRESS

TRANSLATION

STATEFULREDUNDANCYOFCONNECTIONSANDVPNSBETWEENTWOSECURITYAPPLIANCES

VIRTUALIZATIONOFPOLICIESUSINGCONTEXTS

THISISJUSTASMALLLISTOFSOMEMAJORFEATURESOFTHESECURITYAPPLIANCES.THEFOL-

LOWINGSECTIONSPROVIDEANOVERVIEWOFSOMEOFTHESEFEATURES.THEFEATURESTHATIDON’T

BRIEFLYCOVERINTHISCHAPTERARECOVEREDINSUBSEQUENTCHAPTERS.


5

Chapter1:

ASAProductFamily

NOTETHROUGHOUTTHEBOOK,WHENEVERTHETERMS“SECURITYAPPLIANCE”OR“APPLIANCE”AREUSED,THEY

REFERTOBOTHTHEASAANDPIXPRODUCTSUNLESSOTHERWISENOTED.

OPERATINGSYSTEM

THEOPERATINGSYSTEM(VERSION7ANDLATER)YOUCURRENTLYSEEONTHEASAAPPLIANCESAND

ONTHEPIX515ANDHIGHERAPPLIANCESISBASEDONTHEPIXFINESSEOPERATINGSYSTEM

(FOS).THEFOSISAPROPRIETARY,STAND-ALONEOPERATINGSYSTEM.ITIMPLEMENTSTHEAC-

TUALSECURITYFUNCTIONSTHATTHESECURITYAPPLIANCEHARDWAREPERFORMS.INTHISSENSE,IT

ISSOMEWHATSIMILARTOTHEINTERNETWORKOPERATINGSYSTEM(IOS)OFCISCOROUTERSAND

SWITCHES,ORWHATTHEMICROSOFTWINDOWSXPORLINUXOPERATINGSYSTEMSARETOPCS.

CISCONOLONGERUSESTHETERMFOSTODESCRIBETHEOPERATINGSYSTEM,THOUGH.STARTING

INVERSION7ANDLATER,CISCOREFERSTOTHESECURITYAPPLIANCEOPERATINGSYSTEMASJUSTTHE

“OPERATINGSYSTEM.”

NOTEEVENTHOUGHCISCO’SPIXAPPLIANCESARENOLONGERFORSALE,WHICHCISCODENOTESASEND-

OF-SALE(EOS),THEPIX515SANDHIGHERSUPPORTTHESAMEOPERATINGSYSTEMASTHEASAS.THEMAIN

DIFFERENCEBETWEENTHEPIXSANDASASISTHATTHELOWER-ENDPIX501AND506EDONOTSUPPORTVERSION

7ANDLATEROFTHEOS,ANDNONEOFTHEPIXSSUPPORTSSSLVPNS.THISBOOKFOCUSESONTHEUSEOFTHE

ASAS;HOWEVER,THETOPICSDISCUSSEDCANBEEQUALLYAPPLIEDTOTHEPIXSINMOSTSITUATIONS.

FIREWALLAPPLICATIONS

SOMEFIREWALLPRODUCTSRUNONTOPOFANOPERATINGSYSTEM;THESESOLUTIONSARECOMMONLY

CALLEDFIREWALLAPPLICATIONS.ONEDISADVANTAGETHATFIREWALLAPPLICATIONSHAVECOMPARED

WITHAPROPRIETARYOPERATINGSYSTEMISTHATTHEFIREWALLVENDORMUSTDEALWITHTWOSOFT-

WAREPRODUCTSINCREATINGAFIREWALL:THEOPERATINGSYSTEMANDTHEFIREWALLAPPLICATION.

THISPROCESSCANOFTENLEADTOALESSSECURESYSTEM.THISISESPECIALLYTRUEWHENYOUCON-

SIDERALLTHESECURITYTHREATSTHATHAVEBEENDIRECTEDSPECIFICALLYATUNIXANDMICROSOFT

OPERATINGSYSTEMS.

ANEXAMPLEOFAFIREWALLPRODUCTTHATUSESFIREWALLAPPLICATIONSISCHECKPOINT.THISIS

NOTTOSAYTHATCHECKPOINT’SFIREWALLISAWORSESOLUTIONTHANAFIREWALLPRODUCTTHATUSES

APROPRIETARYOPERATINGSYSTEM.HOWEVER,AFIREWALLVENDORLIKECHECKPOINTWILLHAVETO

DOMANYMORETHINGSTOENSURETHATTHEFIREWALLAPPLICATIONANDOPERATINGSYSTEMPROVIDE

ASECURESOLUTION.(NOTETHATCHECKPOINT’SNEXT-GENERATIONPRODUCT,SECUREPLATFORM1,IS

MOVINGAWAYFROMTHISAPPROACHANDMOVINGTOWARDANINTEGRATEDSOLUTION.)

THEMAINPROBLEMWITHAFIREWALLAPPLICATIONSOLUTIONISTHATTHEVENDORNOTONLYHAS

TOPROVIDEASECUREFIREWALLAPPLICATION,BUTMUSTALSOSECURETHEOPERATINGSYSTEMITRUNS

ON.HOWEVER,FIREWALLAPPLICATIONSDOPROVIDETWOADVANTAGES:

THEYTENDTOBEEASYTOINSTALLANDMAINTAIN.

THEYRUNONAWIDEVARIETYOFPC/SERVERPLATFORMS.


6

CiscoASAConfiguration

PROPRIETARYOPERATINGSYSTEM

PROPRIETARYOPERATINGSYSTEMSPROVIDEASECURITYADVANTAGEOVERFIREWALLAPPLICATIONS—A

PROPRIETARYOPERATINGSYSTEMVENDORHASTOBECONCERNEDABOUTONLYONESYSTEM,INSTEAD

OFTWO,INPROVIDINGASECUREFIREWALLSOLUTION.ANOTHERHUGEADVANTAGEOFPROPRIETARY

OPERATINGSYSTEMSISSCALABILITY.BECAUSEAPROPRIETARYOPERATINGSYSTEMCANBECUSTOM-

IZEDTOASPECIFICHARDWAREPLATFORM,THISFIREWALLSYSTEMCANPROVIDEEXTREMELYFASTPACK-

ETFILTERINGABILITIESANDSECURITYCAPABILITIES.

OFF-THE-SHELFOPERATINGSYSTEMSLIKEUNIXANDMICROSOFTWINDOWSAREGENERAL-

PURPOSEOPERATINGSYSTEMSTHATWEREDEVELOPEDTOPERFORMMANYTASKS,NOTALLOFWHICH

AREPERFORMEDATANOPTIMALLEVEL.USINGAGENERALOPERATINGSYSTEMDECREASESTHEPER-

FORMANCEOFTHEPACKETFILTERINGANDFIREWALLFUNCTIONSOFTHEFIREWALLAPPLICATION.TO

PROVIDEFORSCALABILITY,YOUMUSTLOADYOURFIREWALLAPPLICATIONONVERYEXPENSIVESERVER

PLATFORMS.

USINGAPROPRIETARYOPERATINGSYSTEMINAFIREWALLSOLUTIONALSOMAKESITMUCHMORE

DIFFICULTFORHACKERSTOPENETRATETHEFIREWALL.ATTACKERSAREFAMILIARWITHTHEFUNCTIONSOF

COMMONOPERATINGSYSTEMSLIKEUNIXANDMICROSOFTPRODUCTS,WHICHMAKESITALITTLEBIT

EASIERFORTHEMTOATTACKTHEFIREWALLAPPLICATION.HOWEVER,WHENVENDORSUSEAPROPRI-

ETARYOPERATINGSYSTEMTOIMPLEMENTTHEIRFIREWALLSOLUTION,ANATTACKERWILLHAVELITTLE

ORNOKNOWLEDGEABOUTTHEFUNCTIONSANDPROCESSESOFTHEOPERATINGSYSTEM,MAKINGIT

VERYDIFFICULTFORTHEATTACKERTOCOMPROMISETHEFIREWALLSOLUTION.

USINGAPROPRIETARYOPERATINGSYSTEMHASSOMEDISADVANTAGES.FIRST,BECAUSETHEOP-

ERATINGSYSTEMISPROPRIETARY,YOURSECURITYPERSONNELWILLHAVETOLEARNTHENEWSYSTEM.

MANYOFYOURPERSONNELWILLALREADYHAVEEXPERIENCEWITHUNIXORMICROSOFTWINDOWS,

ANDTHUSTHEIRLEARNINGCURVEINIMPLEMENTINGTHESOLUTIONWILLBESHORTENED.

NOTEWHENYOUAREUSINGANUNDERLYINGPROPRIETARYOPERATINGSYSTEMSUCHASCISCO’SSECURITY

APPLIANCES,THEADMINISTRATORISUNABLETOINTERACTWITHTHEUNDERLYINGOS.

ALSO,BECAUSEFIREWALLAPPLICATIONSAREDEVELOPEDFORASPECIFICOPERATINGSYSTEM

PLATFORMLIKEUNIXORMICROSOFTWINDOWS,YOURSECURITYPERSONNELWILLALREADYBEFA-

MILIARWITHTHEINTERFACETHATISEMPLOYEDBYTHEFIREWALL.AGOODEXAMPLEOFTHISIS

CHECKPOINT’SFIREWALLSOLUTION—ITHASAVERYGOOD,INTUITIVEGUIINTERFACE,WHICHMAKES

CONFIGURATIONEASYANDALSOREDUCESTHELIKELIHOODOFMAKINGMISTAKESANDOPENINGUP

UNINTENDEDHOLESINYOURFIREWALLSYSTEM.

HEREARESOMEOFTHEMAINADVANTAGESOFUSINGPROPRIETARYOSSFORFIREWALLS:

THEYTENDTOBEMORESECURETHANFIREWALLAPPLICATIONS.

THEYPROVIDEFORBETTERSCALABILITYANDPACKETFILTERINGSPEEDSBECAUSETHE

OPERATINGSYSTEMISCUSTOMIZEDDIRECTLYTOWORKWITHSPECIFICHARDWARE.

ASAMANAGEMENT

BECAUSETHESECURITYAPPLIANCESUSETHESAMEOPERATINGSYSTEM,THECONFIGURATIONOF

CISCO’SASASANDPIXSISSIMPLIFIED.YOUHAVEACHOICEOFTHREEMETHODSTOCONFIGURE

YOURSECURITYAPPLIANCE:


Thank you for evaluating Wondershare PDF Editor.

You can only convert 5 pages with the trial version.

To get all the pages converted, you need to purchase the software from:

http://cbs.wondershare.com/go.php?pid=1140&m=db


ad