Cisco IOS Firewall

About :- :-

The Cisco IOS Firewall is a security-specific option for Cisco IOS Software. It integrates robust firewall functionality and intrusion detection for every network perimeter. It adds greater depth and flexibility to existing Cisco IOS security solutions i.e., authentication, encryption, and failover, by delivering state-of-the-art security features: stateful, application-based filtering; dynamic per-user authentication and authorization; URL Filtering and others. When combined with Cisco IOS IPSec and Cisco IOS Technologies such as L2TP tunneling and Quality of Service (QoS), Cisco IOS Firewall provides a complete, integrated virtual private network (VPN) solution.

Definition Of Firewall

A FireWall is a network security device that ensures that all communications attempting to cross it meet an organization’s security policy.FireWalls track and control communications deciding whether to allow ,reject or encrypt communications.

        FireWalls are used to connect a corporate’s local network to the Internet and also within networks.In otherwords they stand in between the trusted network and the untrusted network.

Firewall Implementation Methods

1.As a Screening Router

A screening router is a special computer or an electronic device that screens (filters out) specific packets based on the criteria that is defined.

2. As a Proxy Server

A Proxy Server is an application that mediates traffic between a protected network and the Internet. Proxies are often used instead of router-based traffic controls, to prevent traffic from passing directly between networks. Proxy servers are application specific. In order to support a new protocol via a proxy, a proxy must be developed for it. Here there is no direct connection between the local network and the untrusted network. The  Proxy Server transfers an isolated copy of each approved packet from one network to the other network. No information about the local network is available to untrusted networks.

Regional / Branch Office Perimeter

Regional or branch offices can also deploy a Cisco IOS Firewall-enabled router at the perimeter of their network. Data and voice traffic between the regional or branch office and the corporate headquarters is transported via the virtual private network (VPN) connection. A separate, direct connection to the Internet from the regional or branch location is also available for access to public servers and information available on the Web. With this firewall deployment scenario, the firewall policy created for the corporate internet perimeter deployment scenario works in conjunction with the firewall policy at the regional or branch office perimeter. No connections are permitted from the untrusted Internet to the regional or branch office network; instead, Internet users connect to servers on the corporate DMZ network to access public corporate information. The DMZ network provides all the services that the corporation wishes to offer to outside users.

To better manage individual access from the regional office location to the Internet and internal resources, AAA and URL Policy Management servers are deployed at the regional location. Access to services and resources will be granted to employees only when they have the appropriate access privilege based on their individual security profiles. A syslog server is also made available for the regional office administrator to track and respond to potential attacks and nonstandard activities. For smaller branch office locations without system administration resources, centralized firewall policy management can be provided remotely by the resources on the main corporate network.

The Cisco PIX Firewall And Cisco IOS Firewall

The Cisco PIX Firewall is the world’s leading dedicated firewall appliance. It has received the highest level of security certification granted to any firewall product. The Cisco PIX Firewall is a turnkey appliance with unmatched performance and unparalleled features. Integration of third-party content solutions, such as NetPartner’s WebSENSE URL management software, further enhances the industry-leading capabilities of the Cisco PIX Firewall. For IP-based network security, the Cisco PIX Firewall is the clear choice for those requiring dedicated firewall appliances. When combined with IP Security (IPsec), Cisco PIX Firewall provides an integrated virtual private network (VPN) solution.The Cisco IOS Firewall integrates robust firewall and intrusion detection technology into the Cisco IOS Software. The Cisco IOS Firewall enhances existing Cisco IOS Software by including stateful, application-based filtering, dynamic per-user authentication and authorization, and real-time alerts. When combined with Cisco IOS IPsec software, the Cisco IOS Firewall provides an integrated VPN solution. 

Conclusion

The Cisco IOS Firewall offers integrated network security through Cisco IOS software. A robust security policy entails more than perimeter control or firewall setup and management—security policy enforcement must be an inherent component of the network. Cisco IOS Software, with many advanced security features such as a firewall, firewall-IDS, IPSec/VPN, and quality of service (QoS) is an ideal vehicle for implementing a global security policy. Building an end-to-end Cisco solution allows managers to enforce security policies throughput the network as they grow.