Summary

Previous page
Table of content
Next page

So far in Part II, "Securing Network Infrastructures with ASDM" (the deployment section of this book), the following has been completed:

  • Chapter 5 , "Deploying Secure Internet Connectivity" The initial configuration of your security appliance and connection of the security appliance to the Internet

  • Chapter 6 , "Deploying Web and Mail Services" The addition of a web and a mail server

  • Chapter 7 , "Deploying Authentication" The deployment of authentication to the device and the instruction of how to deploy authentication to web services

In this chapter, perimeter protection on your ASA/PIX security appliance has been deployed.

Perimeter protection has mitigated several different forms of attacks. Most of these attacks have been DoS attacks. However, by also using restrictive access rules, you have blocked unknown other types of attacks.

Specifically, within this chapter, you

  • Ensured that traffic traversing your security appliance matches protocol specifications

  • Customized protocol inspection

  • Ensured that appropriate filters are in place, allowing only desired traffic through your security appliance

  • Gained an understanding of ASA/PIX Security Appliance DoS protection

Attack mitigation was achieved with each one of these items listed.

Enforcing protocol specification stops an attacker from exploiting a protocol to attack your network. This is effectively done with the default inspection parameters set by default in the ASA/PIX.

You stepped through an exercise customizing protocol inspections, which enabled you to dynamically create a new filter that discovers and classifies new attacks against your system.

You stepped through the creation of new access rules, and you enforced restrictive inbound filtering on your security appliance, which will mitigate more attacks than you can calculate.

You then went through an exercise of examining and understanding the importance of ASA/PIX timeouts. The timeout defaults are effective in both reducing the amount of overhead caused by DoS attacks and returning CPU and memory back to the device so that it can better handle the traffic that you want to allow through your security appliance. The remaining steps to fully deploy defense in depth in your network are covered in the following chapters:

  • Chapter 9, "Deploying Network Intrusion Prevention"

  • Chapter 10, "Deploying Host Intrusion Prevention"

  • Chapter 11, "Deploying VPNs"


Previous page
Table of content
Next page
Securing Your Business with Cisco ASA and PIX Firewalls
Securing Your Business with Cisco ASA and PIX Firewalls
ISBN: 1587052148
EAN: 2147483647
Year: 2006
Pages: 120
Authors: Greg Abelar
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Beginning Cryptography with Java
A Practitioners Guide to Software Test Design
Ruby Cookbook (Cookbooks (OReilly))
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy