About :- :-
The
Cisco IOS Firewall is a security-specific option for Cisco IOS Software. It
integrates robust firewall functionality and intrusion detection for every
network perimeter. It adds greater depth and flexibility to existing Cisco IOS
security solutions i.e., authentication, encryption, and failover, by
delivering state-of-the-art security features: stateful, application-based
filtering; dynamic per-user authentication and authorization; URL Filtering and
others. When combined with Cisco IOS IPSec and Cisco IOS Technologies such as
L2TP tunneling and Quality of Service (QoS), Cisco IOS Firewall provides a
complete, integrated virtual private network (VPN) solution.
Definition Of Firewall
A
FireWall is a network security device that ensures that all communications
attempting to cross it meet an organization’s security policy.FireWalls track
and control communications deciding whether to allow ,reject or encrypt
communications.
FireWalls
are used to connect a corporate’s local network to the Internet and also within
networks.In otherwords they stand in between the trusted network and the
untrusted network.
Firewall
Implementation Methods
1.As a Screening Router
A
screening router is a special computer or an electronic device that screens
(filters out) specific packets based on the criteria that is defined.
2. As a Proxy Server
A
Proxy Server is an application that mediates traffic between a protected
network and the Internet. Proxies are often used instead of router-based
traffic controls, to prevent traffic from passing directly between networks.
Proxy servers are application specific. In order to support a new protocol via
a proxy, a proxy must be developed for it. Here there is no direct connection
between the local network and the untrusted network. The Proxy Server transfers an isolated copy of
each approved packet from one network to the other network. No information
about the local network is available to untrusted networks.
Regional / Branch Office Perimeter
Regional
or branch offices can also deploy a Cisco IOS Firewall-enabled router at the
perimeter of their network. Data and voice traffic between the regional or
branch office and the corporate headquarters is transported via the virtual
private network (VPN) connection. A separate, direct connection to the Internet
from the regional or branch location is also available for access to public
servers and information available on the Web. With this firewall deployment
scenario, the firewall policy created for the corporate internet perimeter deployment
scenario works in conjunction with the firewall policy at the regional or
branch office perimeter. No connections are permitted from the untrusted
Internet to the regional or branch office network; instead, Internet users
connect to servers on the corporate DMZ network to access public corporate
information. The DMZ network provides all the services that the corporation
wishes to offer to outside users.
To
better manage individual access from the regional office location to the
Internet and internal resources, AAA and URL Policy Management servers are
deployed at the regional location. Access to services and resources will be
granted to employees only when they have the appropriate access privilege based
on their individual security profiles. A syslog server is also made available
for the regional office administrator to track and respond to potential attacks
and nonstandard activities. For smaller branch office locations without system
administration resources, centralized firewall policy management can be
provided remotely by the resources on the main corporate network.
The Cisco PIX Firewall And Cisco IOS Firewall
The
Cisco PIX Firewall is the world’s leading dedicated firewall appliance. It has
received the highest level of security certification granted to any firewall
product. The Cisco PIX Firewall is a turnkey appliance with unmatched
performance and unparalleled features. Integration of third-party content
solutions, such as NetPartner’s WebSENSE URL management software, further
enhances the industry-leading capabilities of the Cisco PIX Firewall. For
IP-based network security, the Cisco PIX Firewall is the clear choice for those
requiring dedicated firewall appliances. When combined with IP Security
(IPsec), Cisco PIX Firewall provides an integrated virtual private network
(VPN) solution.The Cisco IOS Firewall integrates robust firewall and intrusion
detection technology into the Cisco IOS Software. The Cisco IOS Firewall
enhances existing Cisco IOS Software by including stateful, application-based
filtering, dynamic per-user authentication and authorization, and real-time
alerts. When combined with Cisco IOS IPsec software, the Cisco IOS Firewall
provides an integrated VPN solution.
Conclusion
The
Cisco IOS Firewall offers integrated network security through Cisco IOS
software. A robust security policy entails more than perimeter control or
firewall setup and management—security policy enforcement must be an inherent
component of the network. Cisco IOS Software, with many advanced security
features such as a firewall, firewall-IDS, IPSec/VPN, and quality of service
(QoS) is an ideal vehicle for implementing a global security policy. Building
an end-to-end Cisco solution allows managers to enforce security policies
throughput the network as they grow.
0 comments:
Post a Comment