Tài liệu miễn phí An ninh - Bảo mật
Download Tài liệu học tập miễn phí An ninh - Bảo mật
Basic Firewall Troubleshooting Three predominant situations with firewalls require some form of troubleshooting
8/29/2018 5:54:36 PM +00:00
Broadcast and Multicast Most of this discussion of IP traffic has revolved around the process of unicast traffic, which is traffic that is addressed for a single host.
8/29/2018 5:54:36 PM +00:00
Choosing Between the PIX and the ASA One of the first questions to answer when trying to determine what Cisco firewall your environment requires is what the difference between the Cisco PIX Firewall and the Cisco ASA is.
8/29/2018 5:54:36 PM +00:00
Cisco PIX Firewall and ASA Models To implement a Cisco PIX or ASA in a given network, you need only purchase the PIX or ASA hardware and software from Cisco
8/29/2018 5:54:36 PM +00:00
Doing so includes changing the default administrative password, configuring the default gateway, configuring the IP addresses for the internal and external (and possibly other) interfaces,
8/29/2018 5:54:36 PM +00:00
Common Troubleshooting Tools The most fundamental troubleshooting technique for network devices is to merely determine whether a device is reachable
8/29/2018 5:54:36 PM +00:00
This interface is accessible by default from any internal host and is accessed using a web browser such as Microsoft Internet Explorer.
8/29/2018 5:54:36 PM +00:00
Configuring NetFilter The NetFilter packet filter is configured through the iptables command utility. Like its predecessor, ipchains, iptables enables firewall administrators to control a wide variety of features in the NetFilter packet filter
8/29/2018 5:54:36 PM +00:00
Configuring the Cisco PIX/ASA Complete configuration of the Cisco PIX is beyond the scope of this book.
8/29/2018 5:54:36 PM +00:00
Content Filtering Many enterprises are beginning to concern themselves with the use of the corporate Internet connection by their employees.
8/29/2018 5:54:36 PM +00:00
Default Passwords When you purchase a new firewall (or any network device in general) such as a Cisco PIX, a Linksys, a NetScreen, or a SonicWall
8/29/2018 5:54:36 PM +00:00
Firewalls should not be relegated exclusively to the realm of providing access to and protection from Internet-based resources
8/29/2018 5:54:36 PM +00:00
Developing a Troubleshooting Checklist There is an old saying that when you practice what you need to do in the time of a crisis, when the crisis occurs the reaction tends to be automatic
8/29/2018 5:54:36 PM +00:00
By just telnetting to TCP port 80 and typing GET / HTTP/1.0 and then pressing Enter a few times, I can retrieve the default web page for the server
8/29/2018 5:54:36 PM +00:00
The first question to ask when implementing a firewall is whether the firewall is going be located at a central location or a remote location.
8/29/2018 5:54:36 PM +00:00
The dual-firewall architecture is more complex than the single-firewall architecture, but it is also a more secure overall design and provides for a much more granular level of control over traffic traversing the firewalls
8/29/2018 5:54:36 PM +00:00
The underlying objective of a forensic analysis is trying to determine what happened and to establish facts that can be used in court.
8/29/2018 5:54:36 PM +00:00
What Is a Firewall? When most people think of a firewall, they think of a device that resides on the network and controls the traffic that passes between network segments
8/29/2018 5:54:36 PM +00:00
Firewall Log Review and Analysis After the decision has been made to log events from your firewall, the next step is determining what you should be looking for in the logs and how you should properly perform log analysis
8/29/2018 5:54:36 PM +00:00
This section provides an overview and some examples of these interfaces. Managing Firewalls with a CLI A CLI enables you to use a specific instruction set to configure the firewall
8/29/2018 5:54:36 PM +00:00
The previously mentioned policies focus primarily on defining the requirements and expectations of the firewall and interrelated systems.
8/29/2018 5:54:36 PM +00:00
Because the DMZ has a single interface for all traffic going to either the Internet or the internal network
8/29/2018 5:54:36 PM +00:00
You can find a wide variety of firewall products on the market today, comprising three basic physical firewalls: software based, appliance based, and integrated
8/29/2018 5:54:36 PM +00:00
Firewall Taxonomy Firewalls come in various sizes and flavors. The most typical idea of a firewall is a dedicated system or appliance that sits in the network and segments an internal network from the external Internet
8/29/2018 5:54:36 PM +00:00
This section focuses on the technologies used in various firewalls and how they work. The firewall taxonomy in Figure 2-1 shows the general types of firewalls.
8/29/2018 5:54:36 PM +00:00
The information provided through the use of logging is arguably the most important tool that a firewall administrator has available.
8/29/2018 5:54:36 PM +00:00
One of the most common questions with regard to designing a firewall implementation is how VLANs and firewalls interact with each other
8/29/2018 5:54:36 PM +00:00
NIST Guidelines on Firewalls and Firewall Policy, http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf Firewall Software and Internet Security FAQ
8/29/2018 5:54:36 PM +00:00
General Security Information Microsoft's Security at Home, http://www.microsoft.com/athome/security/default.mspx Intrusion Detection FAQ, http://www.sans.org/resources/idfaq/ Intrusion
8/29/2018 5:54:36 PM +00:00
Many broadband routers and firewalls function primarily through the use of Network Address Translation (NAT) to hide the internal systems behind a single external IP address.
8/29/2018 5:54:36 PM +00:00