.NET ActiveX
Adobe ASP
AutoCad BackOffice
BizTalk C/C++
CBT System Certification
CGI Cisco
Cisco Router COBOL
COM Corel
Database DBA
Delphi eBookz
Firewalls FrontPage
HTML Internet
Intranet Java
JavaBeans JavaScript
Linux Lotus Notes
Macromedia MCSD
MCSE MS-Access
MS-Excel MS-Exchange
MS-IIS MS-Office
MS-Software MS-Word
Netscape Network
Oracle Others
Palm PERL
PowerPoint Programming
Proxy Server Scripting
Security SQL
TCP-IP Training
UNIX Visual Basic
VRML Web
Windows 2K Windows 95
Windows 98 Windows NT
Windows XP Wireless
XML
All eBooks

More Ebooks:

CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide (Exams SE

CCNP BCMSN Exam Certification Guide

CCNA Cisco Certified Network Associate Study Guide v3.0

CCIE-Cisco Certified Internetwork Expert Study Guide-Second Edition

CCIE Self Study CCIE Security Exam Certification Guide

CCIE Routing and Switching Exam Certification Guide

CCA Citrix MetaFrame XP 1.0 Administration Study Guide

Capital Instincts

Call Center Operation

C++ Standard Library, A Tutorial and Reference

find on eBook ToC:
Home My Cart Contact Us

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study)

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study)

Christian Degu, Cisco Press

ISBN:1587200678, Edition: , 2003-04-02

Price: $49.95

Table of Contents

Introduction xxii

Chapter 1 Network Security 3
Vulnerabilities 3
Threats 4
Types of Attacks 4
Reconnaissance Attacks 5
Access Attacks 5
Denial of Service (DoS) Attacks 6
Network Security Policy 7
Step 1: Secure 8
Step 2: Monitor 8
Step 3: Test 8
Step 4: Improve 8
AVVID and SAFE 9
What Is AVVID? 9
What Is SAFE? 10
Q&A 11

Chapter 2 Firewall Technologies and the Cisco PIX Firewall 13
How to Best Use This Chapter 13
"Do I Know This Already?" Quiz 13
Foundation Topics 15
Firewall Technologies 15
Packet Filtering 15
Proxy 16
Stateful Inspection 16
Cisco PIX Firewall 17
Secure Real-Time Embedded System 17
Adaptive Security Algorithm (ASA) 17
Cut-Through Proxy 18
Redundancy 18
Foundation Summary 19
Q&A 20

Chapter 3 The Cisco Secure PIX Firewall 23
How to Best Use This Chapter 23
"Do I Know This Already?" Quiz 23
Foundation Topics 25
Overview of the Cisco PIX Firewall 25
Adaptive Security Algorithm (ASA) 25
Cut-Through Proxy 26
Cisco PIX Firewall Models and Features 27
Intrusion Protection 28
AAA Support 28
X.509 Certificate Support 28
Network Address Translation/Port Address Translation 29
Firewall Management 29
Simple Network Management Protocol (SNMP) 29
Syslog Support 30
Virtual Private Networks (VPNs) 30
Cisco Secure PIX 501 30
Cisco Secure PIX 506 31
Cisco Secure PIX 515 33
Cisco Secure PIX 520 35
Cisco Secure PIX 525 38
Cisco Secure PIX 535 39
Foundation Summary 42
Q&A 44

Chapter 4 System Maintenance 47
How to Best Use This Chapter 47
"Do I Know This Already?" Quiz 47
Foundation Topics 48
Accessing the Cisco PIX Firewall 48
Accessing the Cisco PIX Firewall with Telnet 48
Accessing the Cisco PIX Firewall with Secure Shell (SSH) 49
Installing a New Operating System 50
Upgrading Your Activation Key 51
Upgrading the Cisco PIX OS 53
Upgrading the OS Using the copy tftp flash Command 53
Upgrading the OS Using Monitor Mode 54
Upgrading the OS Using an HTTP Client 56
Creating a Boothelper Diskette Using a Windows PC 56
Auto Update Support 57
Password Recovery 58
Cisco PIX Firewall Password Recovery: Getting Started 58
Password Recovery Procedure for a PIX with a Floppy Drive (PIX 520) 59
Password Recovery Procedure for a Diskless PIX (PIX 501, 506, 515, 525, and 535) 59
Foundation Summary 60
Q&A 61

Chapter 5 Understanding Cisco PIX Firewall Translation and Connections 65
How to Best Use This Chapter 65
"Do I Know This Already?" Quiz 65
Foundation Topics 67
How the PIX Firewall Handles Traffic 67
Interface Security Levels and the Default Security Policy 67
Transport Protocols 67
Address Translation 71
Translation Commands 73
Network Address Translation 74
Port Address Translation 75
Static Translation 75
Using the static Command for Port Redirection 77
Configuring Multiple Translation Types on the Cisco PIX Firewall 77
Bidirectional Network Address Translation 79
Translation Versus Connection 79
Configuring DNS Support 82
Foundation Summary 83
Q&A 87

Chapter 6 Getting Started with the Cisco PIX Firewall 91
"Do I Know This Already?" Quiz 91
Foundation Topics 92
Access Modes 92
Configuring the PIX Firewall 92
interface Command 93
nameif Command 94
ip address Command 95
nat Command 96
global Command 96
route Command 98
RIP 98
Testing Your Configuration 99
Saving Your Configuration 100
Configuring DHCP on the Cisco PIX Firewall 100
Using the PIX Firewall DHCP Server 101
Configuring the PIX Firewall DHCP Client 102
Configuring Time Settings on the Cisco PIX Firewall 102
Network Time Protocol (NTP) 102
PIX Firewall System Clock 104
Sample PIX Configuration 105
Foundation Summary 107
Q&A 108

Chapter 7 Configuring Access 111
"Do I Know This Already?" Quiz 111
Foundation Topics 112
Configuring Inbound Access Through the PIX Firewall 112
Static Network Address Translation 112
Static Port Address Translation 113
TCP Intercept Feature 114
nat 0 Command 115
Access Lists 115
TurboACL 118
Configuring Individual TurboACL 119
Globally Configuring TurboACL 119
Object Grouping 119
network object-type 120
protocol object-type 121
service object-type 121
icmp-type object-type 121
Nesting Object Groups 122
Using the fixup Command 122
Advanced Protocol Handling 123
File Transfer Protocol (FTP) 123
Multimedia Support 124
Foundation Summary 125
Q&A 126

Chapter 8 Syslog 129
"Do I Know This Already?" Quiz 129
Foundation Topics 130
How Syslog Works 130
Logging Facilities 131
Logging Levels 131
Configuring Syslog on the Cisco PIX Firewall 132
Configuring the PIX Device Manager to View Logging 133
Configuring Syslog Messages at the Console 134
Viewing Messages in a Telnet Console Session 134
Configuring the Cisco PIX Firewall to Send Syslog Messages to a Log Server 134
Configuring a Syslogd Server 135
PIX Firewall Syslog Server (PFSS) 136
Configuring SNMP Traps and SNMP Requests 136
How Log Messages Are Organized 137
How to Read System Log Messages 138
Disabling Syslog Messages 138
Foundation Summary 139
Q&A 140

Chapter 9 Cisco PIX Firewall Failover 143
"Do I Know This Already?" Quiz 143
Foundation Topics 145
What Causes a Failover Event 145
What Is Required for a Failover Configuration 145
Failover Monitoring 146
Configuration Replication 147
Stateful Failover 148
LAN-Based Failover 149
Configuring Failover 150
Foundation Summary 155
Q&A 156

Chapter 10 Virtual Private Networks 159
How to Best Use This Chapter 159
"Do I Know This Already?" Quiz 159
Foundation Topics 161
Overview of VPN Technologies 161
Internet Protocol Security (IPSec) 162
Internet Key Exchange (IKE) 164
Certification Authorities (CAs) 167
Configuring the PIX Firewall as a VPN Gateway 168
Selecting Your Configuration 168
Configuring IKE 169
Configuring IPSec 173
Troubleshooting Your VPN Connection 180
Cisco VPN Client 184
VPN Groups 185
Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) 185
Configuring PIX Firewalls for Scalable VPNs 187
PPPoE Support 188
Foundation Summary 189
Q&A 191
Scenario 192
VPN Configurations 192
Los Angeles Configuration 198
Boston Configuration 199
Atlanta Configuration 199
Completed PIX Configurations 201
How the Configuration Lines Interact 206

Chapter 11 PIX Device Manager 209
"Do I Know This Already?" Quiz 209
Foundation Topics 210
PDM Overview 210
PIX Firewall Requirements to Run PDM 211
PDM Operating Requirements 212
Browser Requirements 212
Windows Requirements 212
SUN Solaris Requirements 213
Linux Requirements 213
PDM Installation and Configuration 213
Using the PDM to Configure the Cisco PIX Firewall 214
Using PDM for VPN Configuration 227
Using PDM to Create a Site-to-Site VPN 227
Using PDM to Create a Remote-Access VPN 232
Foundation Summary 240
Q&A 242

Chapter 12 Content Filtering with the Cisco PIX Firewall 245
"Do I Know This Already?" Quiz 245
Filtering Java Applets 246
Filtering ActiveX Objects 248
Filtering URLs 248
Identifying the Filtering Server 248
Configuring Filtering Policy 249
Filtering Long URLs 251
Viewing Filtering Statistics and Configuration 251
Foundation Summary 253
Q&A 254

Chapter 13 Overview of AAA and the Cisco PIX Firewall 257
How to Best Use This Chapter 257
"Do I Know This Already?" Quiz 257
Foundation Topics 259
Overview of AAA and the Cisco PIX Firewall 259
Definition of AAA 259
AAA and the Cisco PIX Firewall 260
Cut-Through Proxy 260
Supported AAA Server Technologies 262
Cisco Secure Access Control Server (CSACS) 262
Minimum Hardware and Operating System Requirements for CSACS 262
Installing CSACS on Windows 2000/NT Server 263
Foundation Summary 269
Q&A 270

Chapter 14 Configuration of AAA on the Cisco PIX Firewall 273
How to Best Use This Chapter 273
"Do I Know This Already?" Quiz 273
Foundation Topics 275
Specifying Your AAA Servers 275
Configuring AAA on the Cisco PIX Firewall 276
Step 1: Identifying the AAA Server and NAS 276
Step 2: Configuring Authentication 279
Step 3: Configuring Authorization 287
Step 4: Configuring Accounting 295
Cisco Secure and Cut-Through Configuration 300
Configuring Downloadable PIX ACLs 300
Troubleshooting Your AAA Setup 303
Checking the PIX Firewall 304
Checking the CSACS 306
Foundation Summary 307
Q&A 309

Chapter 15 Attack Guards and Multimedia Support 313
"Do I Know This Already?" Quiz 313
Foundation Topics 314
Multimedia Support on the Cisco PIX Firewall 314
Real-Time Streaming Protocol (RTSP) 315
H.323 315
Attack Guards 317
Fragmentation Guard and Virtual Reassembly 317
Domain Name System (DNS) Guard 318
Mail Guard 319
Flood Defender 320
AAA Floodguard 320
PIX Firewall's Intrusion Detection Feature 321
Intrusion Detection Configuration 322
Dynamic Shunning 323
ip verify reverse-path Command 324
Foundation Summary 326
Q&A 327

Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Questions 331
Chapter 1 331
Q&A 331
Chapter 2 331
"Do I Know This Already?" Quiz 331
Q&A 333
Chapter 3 334
"Do I Know This Already?" Quiz 334
Q&A 335
Chapter 4 336
"Do I Know This Already?" Quiz 336
Q&A 337
Chapter 5 339
"Do I Know This Already?" Quiz 339
Q&A 340
Chapter 6 342
"Do I Know This Already?" Quiz 342
Q&A 343
Chapter 7 345
"Do I Know This Already?" Quiz 345
Q&A 346
Chapter 8 348
"Do I Know This Already?" Quiz 348
Q&A 349
Chapter 9 350
"Do I Know This Already?" Quiz 350
Q&A 351
Chapter 10 354
"Do I Know This Already?" Quiz 354
Q&A 355
Chapter 11 356
"Do I Know This Already?" Quiz 356
Q&A 357
Chapter 12 359
"Do I Know This Already?" Quiz 359
Q&A 360
Chapter 13 363
"Do I Know This Already?" Quiz 363
Q&A 364
Chapter 14 365
"Do I Know This Already?" Quiz 365
Q&A 366
Chapter 15 368
"Do I Know This Already?" Quiz 368
Q&A 369

Appendix B 371
Appendix B Case Study and Sample Configuration 377
Task 1: Basic Configuration for the Cisco PIX Firewall 380
Basic Configuration Information for PIX HQ 380
Basic Configuration Information for PIX Minneapolis 382
Basic Configuration Information for PIX Houston 383
Task 2: Configuring Access Rules on HQ 385
Task 3: Configuring Authentication 385
Task 4: Configuring Logging 386
Task 5: Configuring VPN 386
Configuring the Central PIX Firewall, HQ_PIX, for VPN Tunneling 386
Configuring the Houston PIX Firewall, HOU_PIX, for VPN Tunneling 389
Configuring the Minneapolis PIX Firewall, MN_PIX, for VPN Tunneling 392
Verifying and Troubleshooting 394
Task 6: Configuring Failover 395
What's Wrong with This Picture? 398

Glossary 409

Index 425