Securing Your Business with Cisco ASA and PIX Firewalls

Description

Protect critical data and maintain uptime with Cisco ASDM and Cisco Security Agent

• Understand how attacks can impact your business and the different ways attacks can occur
• Learn about the defense-in-depth model for deploying firewall and host protection
• Examine navigation methods and features of Cisco ASDM
• Set up Cisco ASA, PIX Firewall, and ASDM hardware and software
• Use the Cisco ASDM startup wizard to safely connect your network to the Internet and securely add public devices such as mail and web servers to your network
• Authenticate firewall users and users of public web servers
• Filter traffic and protect your network from perimeter attacks
• Deploy Cisco Intrusion Prevention System (IPS) to provide more granular traffic inspection and proactive threat response
• Stop attacks launched at the desktop by deploying Cisco Security Agent
• Extend the defense-in-depth model to remote users through IPSec virtual private networks (VPN)
• Enhance your security posture through proper security management
• Understand the advanced features available in the Cisco PIX version 7 operating system
• Recover from software failure with Cisco PIX version 7

Many people view security as a “black-box-voodoo” technology that is very sophisticated and intimidating. While that might have been true a few years ago, vendors have been successful in reducing the complexity and bringing security to a point where almost anyone with a good understanding of technology can deploy network security.

Securing Your Business with Cisco ASA and PIX Firewalls is an extension of the work to simplify security deployment. This easy-to-use guide helps you craft and deploy a defense-in-depth solution featuring the newly released Cisco® ASA and PIX® version 7 as well as Cisco Security Agent host intrusion prevention software. The book simplifies configuration and management of these powerful security devices by discussing how to use Cisco Adaptive Security Device Manager (ASDM), which provides security management and monitoring services through an intuitive GUI with integrated online help and intelligent wizards to simplify setup and ongoing management. In addition, informative, real-time, and historical reports provide critical insight into usage trends, performance baselines, and security events. Complete with real-world security design and implementation advice, this book contains everything you need to know to deploy the latest security technology in your network.

Securing Your Business with Cisco ASA and PIX Firewalls

provides you with complete step-by-step processes for using Cisco ASDM in conjunction with Cisco Security Agent to ensure that your security posture is strong enough to stand up against any network or host attack whether sourced from the Internet or from inside your own network.

"Firewalls are a critical part of any integrated network security strategy, and books such as this will help raise awareness of both the threats inherent in today’s open, heterogeneous internetworking environments and the solutions that can be applied to make the Internet a safer place."

—Martin E. Hellman, professor emeritus of Electrical Engineering,

Stanford University and co-inventor of public key cryptography

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Back Cover

Protect critical data and maintain uptime with Cisco ASDM and Cisco Security Agent

• Understand how attacks can impact your business and the different ways attacks can occur
• Learn about the defense-in-depth model for deploying firewall and host protection
• Examine navigation methods and features of Cisco ASDM
• Set up Cisco ASA, PIX Firewall, and ASDM hardware and software
• Use the Cisco ASDM startup wizard to safely connect your network to the Internet and securely add public devices such as mail and web servers to your network
• Authenticate firewall users and users of public web servers
• Filter traffic and protect your network from perimeter attacks
• Deploy Cisco Intrusion Prevention System (IPS) to provide more granular traffic inspection and proactive threat response
• Stop attacks launched at the desktop by deploying Cisco Security Agent
• Extend the defense-in-depth model to remote users through IPSec virtual private networks (VPN)
• Enhance your security posture through proper security management
• Understand the advanced features available in the Cisco PIX version 7 operating system
• Recover from software failure with Cisco PIX version 7

Many people view security as a “black-box-voodoo” technology that is very sophisticated and intimidating. While that might have been true a few years ago, vendors have been successful in reducing the complexity and bringing security to a point where almost anyone with a good understanding of technology can deploy network security.

Securing Your Business with Cisco ASA and PIX Firewalls is an extension of the work to simplify security deployment. This easy-to-use guide helps you craft and deploy a defense-in-depth solution featuring the newly released Cisco® ASA and PIX® version 7 as well as Cisco Security Agent host intrusion prevention software. The book simplifies configuration and management of these powerful security devices by discussing how to use Cisco Adaptive Security Device Manager (ASDM), which provides security management and monitoring services through an intuitive GUI with integrated online help and intelligent wizards to simplify setup and ongoing management. In addition, informative, real-time, and historical reports provide critical insight into usage trends, performance baselines, and security events. Complete with real-world security design and implementation advice, this book contains everything you need to know to deploy the latest security technology in your network.

Securing Your Business with Cisco ASA and PIX Firewalls

provides you with complete step-by-step processes for using Cisco ASDM in conjunction with Cisco Security Agent to ensure that your security posture is strong enough to stand up against any network or host attack whether sourced from the Internet or from inside your own network.

"Firewalls are a critical part of any integrated network security strategy, and books such as this will help raise awareness of both the threats inherent in today’s open, heterogeneous internetworking environments and the solutions that can be applied to make the Internet a safer place."

—Martin E. Hellman, professor emeritus of Electrical Engineering,

Stanford University and co-inventor of public key cryptography

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Contents

Table of Contents

Foreword

Introduction

Part I  Network Security and the ASA/PIX Security Appliance

Chapter 1  Internet Security 101

Network Attacks: A Serious Problem

Rising Security Incidents

Hacking Tools

Assessing Your Vulnerability to Network Attacks

Attack Impact

Tangible Costs

Intangible Costs

Government Network Security Regulations

Attackers

Motivation for Attacks

Anatomy of a Computer Attack

Choosing Victims

Protecting Yourself and Your Business

Developing a Security Policy

Summary

Chapter 2  Principles of Network Defense

Understanding Defense in Depth

Stopping a Computer Attack

Defense-in-Depth Implementation Details

Authentication, Authorization, and Accounting

Perimeter Security

Network Intrusion Prevention

Host Intrusion Prevention

Additional Security Best Practices

Remote-Access Defense

Security Management of the ASA/PIX Security Appliance

Summary

Chapter 3  Getting Started with the ASA/PIX Security Appliance

Cisco ASA/PIX Security Appliance Overview

Denial-of-Service Protection

Traffic Filtering

Interface Isolation (DMZ Deployment)

Stateful Traffic Inspection

Application Inspection

User Authentication

Intrusion Prevention

Secure Management

Event Logging

Models

PIX 515E

PIX 525

PIX 535

Cisco ASA 5510 Security Appliance

Cisco ASA 5520 Security Appliance

Cisco ASA 5540 Security Appliance

Installing the ASA/PIX Security Appliance

Understanding the ASA/PIX Hardware Ports

Installing Power

Booting the ASA/PIX Security Appliance

Troubleshooting

Installing the ASA/PIX Software

Manual ASA/PIX Version 7 Installation

ASA/PIX Licenses

Installing the PIX License Key

Summary

Chapter 4  Exploring the Adaptive Security Device Manager

Exploring the GUI

Exploring the Pull-Down Menus

Exploring the Navigation Bar

Summary

Part II  Securing Network Infrastructures with ASDM

Chapter 5  Deploying Secure Internet Connectivity

Introducing the ASDM Startup Wizard

Basic Network Topology

Understanding the Elements of Your Network

Using the ASDM Startup Wizard

Connecting to the ASA/PIX Security Appliance with ASDM

Using the ASDM Startup Wizard to Configure the ASA/PIX
Security Appliance

Summary

Chapter 6  Deploying Web and Mail Services

Review of Your Current Network Topology

Designing the Network Topology to Include Web and Mail Services

Logical Placement of the Servers

Defining Inside and Outside Server Addresses

Defining Services

New Topology

Use the ASDM Startup Wizard to Deploy Web and Mail Services

Connect the New Servers to the ASA/PIX Security Appliance

Configure Your ASA/PIX Security Using ASDM

Summary

Chapter 7  Deploying Authentication

Defining Authentication

The Purpose of Authentication

Implementing Authentication

Securing Access to the Security Appliance

Monitoring Security Appliance Access

AAA Authentication Access

Authentication for Inbound and Outbound Services

Outbound URL Filtering for Public Services

VPN Authentication

Summary

Chapter 8  Deploying Perimeter Protection

Perimeter Protocol Enforcement

Customizing Protocol Inspections

Perimeter Traffic Filtering

Perimeter Denial-of-Service Protection

Mitigating Network Bandwidth DoS Attacks

Mitigating Resource-Intensive DoS Attacks

Summary

Chapter 9  Deploying Network Intrusion Prevention

What Is Intrusion Prevention?

Why Use IPS and IP Audit?

What Are the ASA/PIX IPS and IP Audit Signatures?

Deploying Intrusion Prevention on the ASA/PIX

Viewing and Changing ASA/PIX IP Audit Signatures

Summary

Chapter 10  Deploying Host Intrusion Prevention

Why Use Host Intrusion Prevention

Anatomy of a Host or Server Attack

CSA Internals

CSA in Action

Implementing Host Intrusion Prevention

CSA Deployment Suggestions

Virus Scanners and CSA: The Complete Solution

Summary

Chapter 11  Deploying VPNs

Understanding Virtual Private Networks

Implementing VPN Using ASDM

Downloading and Installing the Cisco VPN Client

Configure VPN on the ASA/PIX Security Appliance

Configure and Connect Using the VPN Client

Using the VPN Client with NAT

Monitoring VPN Usage with ASDM

VPN Client | Statistics Panel

Monitor VPN Statistics from ASDM

Summary

Part III  Appendixes

Appendix A  Deploying Effective Security Management

Appendix B  ASA/PIX Version 7 Advanced Features

Appendix C  ASA/PIX Version 7 and ASDM Software Recovery

Index

Author
Greg Abelar has been an employee of Cisco Systems® since December 1996. He was an original member of the Cisco Technical Assistance Security team, helping to hire and train many of the engineers. He has held various positions in both the Security Architecture and Security Technical Marketing Engineering teams at Cisco. Greg is the primary founder and project manager of the Cisco written CCIE® Security exam.