Chapter 8. Deploying Perimeter Protection

This chapter explains how to deploy perimeter protection for your network using the ASA/PIX Security Appliance. This chapter addresses the following topics:

• The Importance of Perimeter Protection This section is a brief description of why perimeter protection is important and how it can add additional security to your network.

• Deploying Perimeter Protection This section explains how you can use ASDM to deploy perimeter protection in your network.

By this point in the book, you have completed the steps to connect your network to the Internet, deploy public services, and lock down authentication on your network devices and services. The next step, which is addressed in this chapter, is to lock down the perimeter of your network.

The following are the four steps you need to accomplish to lock down your network perimeter using the ASA/PIX Security Appliance:

• Ensure that traffic traversing your security appliance matches protocol specifications.

• Customize protocol application inspection.

• Ensure that appropriate filters are in place, allowing only desired traffic through your security appliance.

• Deploy ASA/PIX Security Appliance denial-of-service protection.

Because the ASA/PIX is shipped pre-optimized for perimeter protection, you might be surprised at how little you need to do to deploy additional perimeter security.