Cisco Secure PIX Firewalls
暫譯: Cisco Secure PIX 防火牆

Reduce the threat of network attacks with an authorized self-study guide

One of the primary components of any organization's security policy is the implementation and maintenance of firewalls. Firewalls are network devices residing at the perimeter of corporate networks that protect internal networks from intrusion by the outside world. The integrated hardware/software PIX Firewall series delivers high security without impacting network performance while scaling to meet the entire range of customer requirements.

Based on the official instructor-led training course (Cisco Secure PIX Firewall Advanced-CSPFA), Cisco Secure PIX Firewalls teaches you the skills needed to describe, configure, verify, and manage the PIX Firewall product family and the Cisco IOS(r) Firewall feature set. Starting with a discussion of hacking methodologies and internal and external threats, this book opens by describing the Cisco Security Wheel, emphasizing network security as a continuous process. The authors then familiarize you with the characteristics of the various PIX models and examine upgrade tasks. This book covers basic installation details, as well as how to enable more advanced features and access control. In addition, this book details management and monitoring with PIX Syslog services and the PIX AAA subsystem. You also learn to configure the PIX Failover mechanism, IPSec on the PIX, and the Cisco IOS Firewall feature set. The appendixes provide helpful references, including configuring PIX intrusion detection features, SNMP management support, DHCP client and server, Secure Shell Protocol (SSH) connection, and dozens of security-related resources.

Whether you are preparing for the Cisco Security Specialist 1 certification or simply want to understand and make the most efficient use of PIX Firewalls, Cisco Secure PIX Firewalls provides you with a complete solution for planning, deploying, and managing PIX Firewall protected networks.

• Prepare for the Cisco Security Specialist 1 PIX exam with the official CSPFA self-study guide
• Understand the physical characteristics of PIX models 506, 515, 520, 525, and 535, including LED information and port and slot numbering
• Upgrade PIX OS code, perform password recovery, and install feature licenses
• Configure IPSec Phase I and Phase II Security Associations
• Configure Cisco routers to perform Context Based Access Control (CBAC)
• Examine the many operating features of the PIX, such as Cut-Through Proxy, Advanced Protocol Handling, Attack Guards, and the Adaptive Security Algorithm (ASA)
• Learn the ins and outs of address translation and access control
• Install the Cisco Secure ACS server and configure corresponding services on the PIX to authenticate and authorize users and services
• Understand attack guards such as Syn Flood, Fragmentation, AAA, DNS, and Mail
• Examine the workings of the PIX failover mechanism and learn the difference between failover, stateful failover, interface testing, and the failover poll

Table of Contents

1. Introduction to Network Security.
2. Cisco PIX Firewall Software and Hardware.
3. Working with and Upgrading the Cisco PIX Firewall Software Image.
4. Configuring the Cisco PIX Firewall.
5. Cisco PIX Firewall Translation.
6. Configuring Access Through the Cisco PIX Firewall.
7. Syslog and General Maintenance.
8. AAA Configuration on the Cisco PIX Firewall.
9. Cisco PIX Firewall Advanced Protocol Handling and Attack Guards.
10. Cisco PIX Firewall Failover.
11. Configuring IPSec for Cisco PIX Firewalls.
12. Cisco IOS Firewall Context-Based Access Control.
13. Cisco IOS Firewall Authentication Proxy Configuration.
Appendix A: Configuring the Cisco PIX Firewall for Intrusion Detection.
Appendix B: Configuring Simple Network Management Protocol (SNMP) on the PIX Firewall.
Appendix C: Configuring Dynamic Host Configuration Protocol (DHCP) on the PIX Firewall.
Appendix D: Configuring Secure Shell (SSH) on the PIX Firewall.
Appendix E: Security Resources.
Appendix F: Answers to Chapter Review Questions.