Post on 27-Nov-2015
description
transcript
NE7212 CASE STUDY
C.Namasivayam. DCT, B.E, M.E (Network Engineering).
Dhanalakshmi Srinivasan Engineering College
namasivayam.cse@gmail.com
https://www.facebook.com/namasivayam.cse
http://menetworkengineering.blogspot.in/.
What is Firewall
• Firewall is a software or hardware-based network security system
• Protect our inside network from outside world internet.
• Controls the incoming and outgoing network traffic
• Analyzing the data packets and determining whether they should be allowed through or not.
• Computer operating systems include software-based firewalls to protect against threats from the public Interne.
• Many firewalls can perform basic routing functions
TYPES OF FIREWALL
Desktop Firewall
• Protect internal host or node
• Software Firewall
Network Firewall
• Protect our entire network from outside internet
• Hardware and Software Firewall
Firewall Basics Functions
• Add your first bullet point here
• Add your second bullet point here
• Add your third bullet point here
Best Firewall in the Market
• Checkpoint Software Technologies
• Cisco Systems
• Fortinet
• Juniper Networks
• Mcafee
• Watchguard
Cisco ASA Firewall
• Adaptive Security Appliance (ASA).
• The best firewall in the market.
• Java Based Firewall.
• CLI and GUI Based Firewall.
• Combines firewall, antivirus, intrusion prevention, and virtual private network (VPN).
• Packet Filtering firewall.
CISCO ASA Firewall Features:
• Antivirus
• Anti spam
• URL Filtering
• VPN device
• SSL device
• Content inspection
System/Software Requirements
• GNS3 (Graphical Network Simulator 3) http://www.gns3.net/
• GNS3 is an open source software that simulate complex networks while being as close as possible to the way real networks perform
• Without having dedicated network hardware such as routers and switches.
• Provides an intuitive graphical user interface to design and configure virtual networks.
Continue
• Cisco asa842-initrd.gz
• Cisco asa842-vmlinuz
• Cisco asdm-715.bin
• Tftpd32 Server
• Web Server
• Microsoft Loopback Adapter
• One Cisco Router
• Oracle Virtual Box
CISCO ASA Firewall Access Modes
Unprivileged Mode
• This Mode provides restricted views of the security appliance.
• Cannot configure anything from this mode.
• The enable command used in this mode.
ciscoasa>enable Unprivileged Mode
Password: Initially its Blank
ciscoasa# Privileged Mode
Continue
Privileged Mode
• Displays the # prompt.
• Unprivileged commands also works in this mode.
• Cannot configure anything in this mode.
• Access the configuration mode using the #configure terminal command from the Privileged mode.
ciscoasa#configure terminal Privileged Mode
ciscoasa(config)# Configuration Mode
Continue
Configuration Mode
• Displays the (config)# prompt
• Change all system configuration in this mode.
• The mode some times called Global Configuration Mode.
ciscoasa(config)#interface GigabitEthernet0/1 Configuration Mode
ciscoasa(config-if) Configure interface specific parameters
Firewall Security Level Interfaces
• Security Level 0 Outside Interface (INTERNET)
• Security Level 1 to 99 Management Interface ( DMZ)
• Security Level 100 Inside Interface (LAN)
Rules For Traffic Flow Between Security Levels
1. Traffic from Higher Security Level to Lower Security Level
• Allow all Traffic from higher security levels unless specifically
restricted by an Access Control List(ACL).
• nat/global Translation pair between High-to-Low Security Level
Interface.
Continue
2. Traffic from Lower Security Level to Higher Security Level.
• Drop All Traffic unless specifically allowed by an ACL.
• Static NAT between High-to-Low Security Level Interface
Continue
3. Traffic Between interface with same security Level
• By default this is not allowed.
• Unless you configure the same-security-traffic permit command.
Thank you
• C.Namasivayam, DCT, B.E, M.E (Network Engineering).
• Department of IT,
• Dhanalakshmi Srinivasan Engineering College Perambalur,
• E.mail id : namasivayam.cse@gmail.com
• Cell No: +91-9626319896
• Facebook : https://www.facebook.com/namasivayam.cse
• Blogspot : http://menetworkengineering.blogspot.in/
Thank you
• C.Namasivayam, DCT, B.E, M.E (Network Engineering).
• Department of IT,
• Dhanalakshmi Srinivasan Engineering College Perambalur,
• E.mail id : namasivayam.cse@gmail.com
• Cell No: +91-9626319896
• Facebook : https://www.facebook.com/namasivayam.cse
• Blogspot : http://menetworkengineering.blogspot.in/