Cisco Secure Firewall Services Module (FWSM)

Cisco Secure Firewall Services Module (FWSM)

4.4 (5 ratings by Goodreads)
By (author)  , By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 3 business days
When will my order arrive?

Not expected to be delivered to the United States by Christmas Not expected to be delivered to the United States by Christmas

Description

Cisco Secure Firewall Services Module (FWSM) Best practices for securing networks with FWSM Ray Blair, CCIE (R) No. 7050Arvind Durai, CCIE No. 7016 The Firewall Services Module (FWSM) is a high-performance stateful-inspection firewall that integrates into the Cisco (R) 6500 switch and 7600 router chassis. The FWSM monitors traffic flows using application inspection engines to provide a strong level of network security. The FWSM defines the security parameter and enables the enforcement of security policies through authentication, access control lists, and protocol inspection. The FWSM is a key component to anyone deploying network security. Cisco Secure Firewall Services Module (FWSM) covers all aspects of the FWSM. The book provides a detailed look at how the FWSM processes information, as well as installation advice, configuration details, recommendations for network integration, and reviews of operation and management. This book provides you with a single source that comprehensively answers how and why the FWSM functions as it does. This information enables you to successfully deploy the FWSM and gain the greatest functional benefit from your deployment. Practical examples throughout show you how other customers have successfully deployed the FWSM. By reading this book, you will learn how the FWSM functions, the differences between the FWSM and the ASA Security Appliance, how to implement and maintain the FWSM, the latest features of the FWSM, and how to configure common installations. Ray Blair, CCIE (R) No. 7050, is a consulting systems architect who has been with Cisco for more than 8 years, working primarily on security and large network designs. He has 20 years of experience in designing, implementing, and maintaining networks that have included nearly all networking technologies. Mr. Blair maintains three CCIE certifications in Routing and Switching, Security, and Service Provider. He is also a CNE and a CISSP. Arvind Durai, CCIE No. 7016, is an advanced services technical leader for Cisco. His primary responsibility has been in supporting major Cisco customers in the enterprise sector. One of his focuses has been on security, and he has authored several white papers and design guides in various technologies. Mr. Durai maintains two CCIE certifications, in Routing and Switching and Security. Understand modes of operation, security levels, and contexts for the FWSM Configure routing protocols and the host-chassis to support the FWSM Deploy ACLs and Authentication, Authorization, and Accounting (AAA) Apply class and policy maps Configure multiple FWSMs for failover support Configure application and protocol inspection Filter traffic using filter servers, ActiveX, and Java filtering functions Learn how IP multicast and the FWSM interact Increase performance with firewall load balancing Configure IPv6 and asymmetric routing Mitigate network attacks using shunning, anti-spoofing, connection limits, and timeouts Examine network design, management, and troubleshooting best practices This security book is part of the Cisco Press (R) Networking Technology series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: SecurityCovers: Firewall securityshow more

Product details

  • Paperback | 528 pages
  • 182 x 230 x 32mm | 861.82g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587053535
  • 9781587053535
  • 1,903,813

Back cover copy

"Cisco Secure Firewall Services Module (FWSM)" Best practices for securing networks with FWSM Ray Blair, CCIE(R) No. 7050 Arvind Durai, CCIE No. 7016 The Firewall Services Module (FWSM) is a high-performance stateful-inspection firewall that integrates into the Cisco(R) 6500 switch and 7600 router chassis. The FWSM monitors traffic flows using application inspection engines to provide a strong level of network security. The FWSM defines the security parameter and enables the enforcement of security policies through authentication, access control lists, and protocol inspection. The FWSM is a key component to anyone deploying network security. "Cisco Secure Firewall Services Module (FWSM)" covers all aspects of the FWSM. The book provides a detailed look at how the FWSM processes information, as well as installation advice, configuration details, recommendations for network integration, and reviews of operation and management. This book provides you with a single source that comprehensively answers how and why the FWSM functions as it does. This information enables you to successfully deploy the FWSM and gain the greatest functional benefit from your deployment. Practical examples throughout show you how other customers have successfully deployed the FWSM. By reading this book, you will learn how the FWSM functions, the differences between the FWSM and the ASA Security Appliance, how to implement and maintain the FWSM, the latest features of the FWSM, and how to configure common installations. Ray Blair, CCIE(R) No. 7050, is a consulting systems architect who has been with Cisco for more than 8 years, working primarily on security and large network designs. He has 20 years of experience in designing, implementing, and maintaining networks that have included nearly all networking technologies. Mr. Blair maintains three CCIE certifications in Routing and Switching, Security, and Service Provider. He is also a CNE and a CISSP. Arvind Durai, CCIE No. 7016, is an advanced services technical leader for Cisco. His primary responsibility has been in supporting major Cisco customers in the enterprise sector. One of his focuses has been on security, and he has authored several white papers and design guides in various technologies. Mr. Durai maintains two CCIE certifications, in Routing and Switching and Security. Understand modes of operation, security levels, and contexts for the FWSM Configure routing protocols and the host-chassis to support the FWSM Deploy ACLs and Authentication, Authorization, and Accounting (AAA) Apply class and policy maps Configure multiple FWSMs for failover support Configure application and protocol inspection Filter traffic using filter servers, ActiveX, and Java filtering functions Learn how IP multicast and the FWSM interact Increase performance with firewall load balancing Configure IPv6 and asymmetric routing Mitigate network attacks using shunning, anti-spoofing, connection limits, and timeouts Examine network design, management, and troubleshooting best practices This security book is part of the Cisco Press(R) Networking Technology series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: Security Covers: Firewall securityshow more

About Ray Blair

Ray Blair is a consulting systems architect and has been with Cisco Systems for more than eight years, working primarily on security and large network designs. He has 20 years of experience with designing, implementing, and maintaining networks that have included nearly all networking technologies. His first four years in the high-technology industry started with designing industrial computer systems for process monitoring. Mr. Blair maintains three Cisco Certified Internetwork Expert (CCIE) certifications in Routing and Switching, Security, and Service Provider. He also is a Certified Novell Engineer (CNE) and a Certified Information Systems Security Professional (CISSP). Arvind Durai is an advanced services technical leader for Cisco Systems. His primary responsibility has been in supporting major Cisco customers in the Enterprise sector, some of which includes Financial, Manufacturing, E-commerce, State Government, and Health Care sectors. One of his focuses has been on security, and he has authored several white papers and design guides in various technologies. Mr. Durai maintains two Cisco Certified Internetwork Expert (CCIE) certifications in Routing and Switching and Security. Mr. Durai holds a Bachelor of Science degree in Electronics and Communication, a Master's degree in Electrical Engineering (MS), and Master's degree in Business Administration (MBA).show more

Table of contents

IntroductionPart I IntroductionChapter 1 Types of FirewallsUnderstanding Packet-Filtering Firewalls 5 Advantages 5 Caveats 6Understanding Application/Proxy Firewalls 7 Advantages 8 Caveats 8Understanding Reverse-Proxy Firewalls Advantages Caveats Utilizing Packet Inspection Reusing IP Addresses NAT PAT Summary Chapter 2 Overview of the Firewall Services ModuleSpecifications Installation Performance Virtualization Comparing the FWSM to Other Security Devices IOS FW PIX ASA Hardware Architecture Software Architecture Summary Chapter 3 Examining Modes of OperationWorking with Transparent Mode Advantages Disadvantages Traffic Flow Multiple Bridge Groups Working with Routed Mode Advantages Disadvantages Traffic Flow Summary References Chapter 4 Understanding Security LevelsTraffic Flow Between Interfaces Network Address Translation/Port Address Translation Static NAT Number of Simultaneous TCP Connections Number of Embryonic Connections DNS Norandomseq TCP UDP Static PAT Dynamic NAT Dynamic PAT NAT Control NAT Bypass NAT 0 or Identity NAT Static Identity NAT Summary References Chapter 5 Understanding ContextsBenefits of Multiple Contexts Separating Security Policies Leveraging the Hardware Investment Disadvantages of Multiple Contexts Adding and Removing Contexts Adding a Context Removing a Context Storing Configuration Files Changing Between Contexts Understanding Resource Management Memory Partitions Summary Part II Initial ConfigurationChapter 6 Configuring and Securing the 6500/7600 ChassisUnderstanding the Interaction Between the Host-Chassis and the FWSM Assigning Interfaces Securing the 6500/7600 (Host-Chassis) Controlling Physical Access Being Mindful of Environmental Considerations Controlling Management Access Disabling Unnecessary Services Controlling Access Using Port-Based Security Controlling Spanning Tree Leveraging Access Control Lists Securing Layer 3 Leveraging Control Plane Policing Protecting a Network Using Quality of Service Employing Additional Security Features Summary References Chapter 7 Configuring the FWSMConfiguring FWSM in the Switch Exploring Routed Mode Exploring Transparent Mode Using Multiple Context Mode for FWSM Context Configurations System Context Configurations Admin Context Configurations Packet Classifier in FWSM Context Mode Understanding Resource Management in Contexts Configuration Steps for Firewall Services Module Type 1: Configuring Single Context Routed Mode Type 2: Configuring Single Context Transparent Mode Type 3: Configuring Multiple Context Mixed Mode Summary Chapter 8 Access Control ListsIntroducing Types of Access Lists Understanding Access Control Entry Understanding Access List Commit Understanding Object Groups Monitoring Access List Resources Configuring Object Groups and Access Lists Working with Protocol Type Working with Network Type Working with Service Type Working with Nesting Type Working with EtherType Summary Chapter 9 Configuring Routing ProtocolsSupporting Routing Methods Static Routes Default Routes Open Shortest Path First SPF Algorithm OSPF Network Types Concept of Areas OSPF Link State Advertisement Types of Stub Area in OSPF OSPF in FWSM OSPF Configuration in FWSM Interface-Based Configuration for OSPF Parameters Summarization Stub Configuration NSSA Configuration Default Route Information Timers OSPF Design Example 1 OSPF Design Example 2 Routing Information Protocol RIP in FWSM Configuration Example of RIP on FWSM Border Gateway Protocol BGP in FWSM BGP Topology with FWSM Summary Chapter 10 AAA OverviewUnderstanding AAA Components Authentication in FWSM Authorization in FWSM Accounting in FWSM Comparing Security Protocols Understanding Two-Step Authentication Understanding Fallback Support Configuring Fallback Authentication Configuring Local Authorization Understanding Cut-Through Proxy in FWSM Configuring Custom Login Prompts Using MAC Addresses to Exempt Traffic from Authentication and Authorization Summary Chapter 11 Modular PolicyUsing Modular Policy in FWSM Understanding Classification of Traffic Understanding Application Engines Defining Policy Maps Configuring Global Policy Configuring Service Policy Understanding Default Policy Map Sample Configuration of Modular Policy in FWSM Summary Part III Advanced ConfigurationChapter 12 Understanding Failover in FWSMCreating Redundancy in the FWSM Understanding Active/Standby Mode Understanding Active/Active Mode Understanding Failover Link and State Link Requirements for Failover Synchronizing the Primary and Secondary Firewalls Monitoring Interfaces Configuring Poll Intervals Design Principle for Monitoring Interfaces Configuring Single Context FWSM Failover Configuring Multiple Context FWSM Failover Summary Chapter 13 Understanding Application Protocol InspectionInspecting Hypertext Transfer Protocol Inspecting File Transfer Protocol Working with Supported Applications Configuring ARP Inspecting ARP Configuring Parameters for ARP Configuring MAC Entries Adding Static Entries Summary References Chapter 14 FilteringWorking with URLs and FTP Configuring ActiveX and Java Summary References Chapter 15 Managing and Monitoring the FWSMUsing Telnet Using Secure Shell Using Adaptive Security Device Manager Configuring the FWSM Using ASDM Managing the FWSM from the Client Securing Access Configuring the FWSM for VPN Termination Configuring the VPN Client Working with Simple Network Management Protocol Examining Syslog Working with Cisco Security Manager Monitoring Analysis and Response System Summary References Chapter 16 MulticastProtocol Independent Multicast Understanding Rendezvous Point PIM Interface Modes IGMP Protocol Multicast Stub Configuration Multicast Traffic Across Firewalls FWSM 1.x and 2.x Code Releases FWSM 3.x Code Release Configuration Methods Method 1: Configuration Example for Multicast Through Firewall in Single Context Routed Mode Method 2: Configuration Example for Multicast Through Firewall via GRE Method 3: Configuration Example for Multicast Through Transparent Firewall in Multiple Context Mode Summary Chapter 17 Asymmetric RoutingAsymmetric Routing Without a Firewall Asymmetric Traffic Flow in a Firewall Environment Avoiding Asymmetric Routing Through Firewalls Option 1: Symmetric Routing Through Firewalls Option 2: Firewall Redundancy and Routing Redundancy Symmetry Supporting Asymmetric Routing in FWSM Asymmetric Routing Support in Active/Standby Mode Asymmetric Routing Support in Active/Active Mode Configuring ASR in FWSM Summary Chapter 18 Firewall Load BalancingReasons for Load Balancing Firewalls Design Requirements for Firewall Load Balancing Firewall Load-Balancing Solutions Firewall Load Balancing with Policy-Based Routing Firewall Load Balancing with Content Switch Module Configuring the CSM Snapshot Configuration for CSM Supporting Firewall Load Balancing Firewall Load Balancing Using the Application Control Engine ACE Design for Firewall Load Balancing Firewall Load Balancing Configuration Example OUT2IN Policy Configuration Firewall Configuration IN2OUT Policy Configuration Summary Chapter 19 IP Version 6Understanding IPv6 Packet Header Examining IPv6 Address Types Neighbor Discovery Protocol IPv6 in FWSM Configuring Multiple Features of IPv6 in FWSM Interface Configuration Router Advertisement Duplicate Address Detection Timer for Duplicate Address Detection Configuring Access Lists Configuring Static Routes Configuring IPv6 Timers in FWSM Configuring IPv6 in FWSM Configuring PFC (Layer 3 Device) on the Outside Security Domain Configuring FWSM Configuring a Layer 3 Device on the Inside Security Domain Verify the Functionality of FWSM Working with the showCommand for IPv6 in FWSM Summary Chapter 20 Preventing Network AttacksProtecting Networks Shunning Attackers Spoofing Understanding Connection Limits and Timeouts Configuring Connection Limits Configuring Timeouts Summary References Chapter 21 Troubleshooting the FWSM Understanding Troubleshooting Logic Assessing Issues Logically Connectivity Test of a Flow at the FWSM Troubleshooting Flow Issues FAQs for Troubleshooting How Do You Verify Whether the Traffic Is Forwarded to a Particular Interface in the FWSM? How Do I Verify ACL Resource Limits? How Do I Verify the Connectivity and Packet Flow Through the Firewall? What Is Network Analysis Module? What Are Some Useful Management and Monitoring Tools? How Do I Recover Passwords? Summary Part IV Design Guidelines and Configuration ExamplesChapter 22 Designing a Network InfrastructureDetermining Design Considerations Documenting the Process Determining Deployment Options Determining Placement Working with FWSM and the Enterprise Perimeter FWSM in the Datacenter Throughput Flexibility Availability Supporting Virtualized Networks Summary Reference Chapter 23 Design ScenariosLayer 3 VPN (VRF) Terminations at FWSM Configuring the PFC Configuring the FWSM Failover Configuration in Mixed Mode Interdomain Communication of Different Security Zones Through a Single FWSM Configuring the PFC FWSM Configuration Dynamic Learning of Routes with FWSM Single Box Solution with OSPF Data Center Environment with the FWSM Method 1: Layer 3 VPN Segregation with Layer 3 FWSM (Multiple Context Mode) Method 2: Layer 3 VPN Segregation with Layer 2 FWSM (Multiple Context Mode) PVLAN and FWSM PVLAN Configuration in FWSM Design Scenario 1 for PVLAN in FWSM Design Scenario 2 for PVLAN in FWSM Configuring PVLAN Summary Part V FWSM 4.xChapter 24 FWSM 4.x Performance and Scalability ImprovementsIncreasing Performance by Leveraging the Supervisor Using the PISA for Enhanced Traffic Detection Improving Memory Partitioning Memory Reallocating Rules Optimizing ACL Summary Chapter 25 Understanding FWSM 4.x Routing and Feature Enhancements Configuring EIGRP Configuring Route Health Injection Understanding Application Support Configuring Regular Expressions Understanding Application Inspection Improvements Additional Support for Simple Network Management Protocol Management Information Base Miscellaneous Security Features Dynamic Host Configuration Protocol Option 82 Smartfilter HTTPS Support Summary References 1587053535 TOC 8/12/2008show more

Rating details

5 ratings
4.4 out of 5 stars
5 60% (3)
4 20% (1)
3 20% (1)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X