1 Ppt on Pix Firewall

8/6/2019 1 Ppt on Pix Firewall

1/27

PPT on PIX FIREWALLPPT on PIX FIREWALL

Guided by: submitted by:Guided by: submitted by:

RamlalRamlal YadavYadav SAHARSH GUPTASAHARSH GUPTA(4(4thth year)year)

ComputerComputer EnggEngg..


2/27

CONTENTCONTENT

FIREWALLFIREWALL

PIXFIREWALLPIXFIREWALL

HISTORY of the PIXFIREWALLHISTORY of the PIXFIREWALL

ARCHITECTURE of the PIXARCHITECTURE of the PIX

FIREWALLFIREWALL

ACCESS LISTSACCESS LISTS


3/27

CONTENTCONTENT

Virtual Private Network (VPN)Virtual Private Network (VPN)

NEED of the PIXFIREWALLNEED of the PIXFIREWALL

ADVANTAGES of the PIXFIREWALLADVANTAGES of the PIXFIREWALL

FUTURE SCOPE of the PIXFIREWALLFUTURE SCOPE of the PIXFIREWALL

APPLI

CATI

ON of the PIX

APPLI

CATI

ON of the PIX

FIREWALLFIREWALL


4/27

FIREWALLFIREWALL

A FireWall is a tool used to preventA FireWall is a tool used to prevent

unauthorized access between two or moreunauthorized access between two or more

networks.networks.A FireWall is a network security device thatA FireWall is a network security device that

ensures that all communicationsensures that all communications

attempting to cross it meet anattempting to cross it meet anorganizations security policy.organizations security policy.


5/27

Configuration of the FIREWALLConfiguration of the FIREWALL

Inside NetworkInside Network ---- FirewallFirewall ---- InternetInternet

||

DMZDMZ

Firewall is configured between the inside networkFirewall is configured between the inside network

and the internet.and the internet.


6/27

Implementation methodsImplementation methods

1.As a Screening Router:1.As a Screening Router:A screeningA screeningrouter is a special computer or anrouter is a special computer or an

electronic device that screens (filters out)electronic device that screens (filters out)specific packets based on the criteria that isspecific packets based on the criteria that isdefined.defined.

2. As a Proxy Server:2. As a Proxy Server:A Proxy Server is anA Proxy Server is anapplication that mediates traffic between aapplication that mediates traffic between aprotected network and the Internet.protected network and the Internet.


7/27

PIXFIREWALLPIXFIREWALL

Cisco PIXwas developed by CISCO.Cisco PIXwas developed by CISCO.

PIXstands for (Private InternetPIXstands for (Private Internet

eXchange).eXchange). PIXFIREWALL is a popular IP firewallPIXFIREWALL is a popular IP firewall

and network address translation (NAT)and network address translation (NAT)

appliance.appliance.

It is the first hardware based firewall.It is the first hardware based firewall.


8/27

Continue.Continue.

The PIX runs a customThe PIX runs a custom--written proprietarywritten proprietary

operating system called as PIXOS.operating system called as PIXOS.

It is classified as a network layer, andIt is classified as a network layer, andtransport layer firewall.transport layer firewall.

The PIXcan be configured to performThe PIXcan be configured to perform

many functions including network addressmany functions including network addresstranslation (NAT) and port addresstranslation (NAT) and port address

translation (PAT).translation (PAT).


9/27

Continue.Continue.

The PIXwas the first commerciallyThe PIXwas the first commercially

available firewall product to introduceavailable firewall product to introduce

protocol specific filtering.protocol specific filtering.

Two protocols for which specific fix upTwo protocols for which specific fix up

behaviors were developed are DNS andbehaviors were developed are DNS andSMTP.SMTP.


10/27

HISTORYHISTORY

PIXwas originally conceived in early 1994PIXwas originally conceived in early 1994

by John Mayes of Redwood City,by John Mayes of Redwood City,

California .California .The PIXname is derived from its creators'The PIXname is derived from its creators'

aim of creating the functional equivalent ofaim of creating the functional equivalent of

an IP PBX to solve the thenan IP PBX to solve the then--emergingemergingregistered IP address shortage.registered IP address shortage.


11/27

Architecture of PIXFIREWALLArchitecture of PIXFIREWALL

Cisco PIX is a largely deployed firewall forCisco PIX is a largely deployed firewall for

security features.security features.

PIXarchitecture is built around the ASA.PIXarchitecture is built around the ASA.

It is the security engine that performs theIt is the security engine that performs the

inspection and maintains the session stateinspection and maintains the session stateinformation and handles the networkinformation and handles the network

translation.translation.


12/27

DiagramDiagram


13/27

Access ListsAccess Lists

Access lists are the newly recommendedAccess lists are the newly recommended

security enforcement mechanism.security enforcement mechanism.

An access list is applied to an interface andAn access list is applied to an interface andchecks all traffic with no differencechecks all traffic with no difference

between the direction of traffic.between the direction of traffic.

Access lists are statefull and are part of theAccess lists are statefull and are part of theASA engine.ASA engine.


14/27

Virtual Private Network (VPN)Virtual Private Network (VPN)

A virtual private network (VPN) is the

extension of a private network that

contains links across shared or publicnetworks like the Internet.

A VPN enables us to send data between

two computers across a shared or publicnetwork


15/27

NEED of the PIXFIREWALLNEED of the PIXFIREWALL

1)1) NAT (Network Address Translation)NAT (Network Address Translation)

Network Address Translation (NAT) is theNetwork Address Translation (NAT) is the

process of modifying network addressprocess of modifying network addressinformation in (IP) packetinformation in (IP) packet

It enhances network privacy by hiding internalIt enhances network privacy by hiding internal

addresses from public view.addresses from public view.

e.g. to block the network havingIP addresse.g. to block the network havingIP address

172.24.0.254172.24.0.254


16/27

Continue..Continue..

2)2) PAT (Port Address Translation)PAT (Port Address Translation)

Port Address Translation (PAT) is a featurePort Address Translation (PAT) is a feature

of a network device that translates TCP orof a network device that translates TCP orUDP communications made between hostsUDP communications made between hosts

on a private network and hosts on a publicon a private network and hosts on a public

network.network.e.g. web server having port no 80 and wee.g. web server having port no 80 and we

have to block web server.have to block web server.


17/27

ContinueContinue

3)3) Content FilteringContent Filtering: PIXFIREWALL is: PIXFIREWALL is

used to filter the content either to block orused to filter the content either to block or

forward it.forward it.e.g. Protects against unidentified, maliciouse.g. Protects against unidentified, malicious

Java applets.Java applets.

4)4) URL filteringURL filtering: It is used to filter out the: It is used to filter out theURL.URL.

e.g. blocking the site of orkut.e.g. blocking the site of orkut.


18/27


5)5) Peer Router AuthenticationPeer Router Authentication ::

It ensures that routers receive reliableIt ensures that routers receive reliable

routing information from trusted sources.routing information from trusted sources.

e.g. the authentication providede.g. the authentication provided

in the internet of the college.in the internet of the college.


19/27

Advantages of the PIXFIREWALLAdvantages of the PIXFIREWALL

FlexibilityFlexibility ::--performs multiprotocolperforms multiprotocol

routing, perimeter security and perrouting, perimeter security and per--useruser

authentication and authorization.authentication and authorization. Strongest SecurityStrongest Security ::-- The heart of the PIXThe heart of the PIX

Firewall series is a protection scheme basedFirewall series is a protection scheme based

on ASA, which offers stateful connectionon ASA, which offers stateful connection--oriented security.oriented security.


20/27

Continue.Continue.

Platform Extensibility:Platform Extensibility:-- The strongThe strong

security provided by its platformsecurity provided by its platform

extensibility features.extensibility features.

It provides multiple network interfacesIt provides multiple network interfaces

allows publicly accessible Web, mail, andallows publicly accessible Web, mail, and

Domain Name System (DNS)Domain Name System (DNS)


21/27


Lowest Cost of OwnershipLowest Cost of Ownership ::--

The Cisco Secure PIXFirewall series offersThe Cisco Secure PIXFirewall series offers

the lowest cost of ownership of anythe lowest cost of ownership of anysecurity device, including proxy servers.security device, including proxy servers.

It is simple to install and configure using theIt is simple to install and configure using the

Setup Wizard and Firewall ManagerSetup Wizard and Firewall Managersoftware toolssoftware tools


22/27

Future Scope of the PIXFIREWALLFuture Scope of the PIXFIREWALL

Sharing the loadSharing the load ::--

. Transmissions have to negotiate their way. Transmissions have to negotiate their way

through all relevant components of thisthrough all relevant components of thisedge network before being allowed intoedge network before being allowed into

the corporate network.the corporate network.

e.g. checking or verifying the files from thee.g. checking or verifying the files from the

viruses.viruses.


23/27


PIXFIREWALL must be used to access inPIXFIREWALL must be used to access in

the APPLICATION layer.the APPLICATION layer.

It should overcome from the problem ofIt should overcome from the problem of

the mangle.the mangle.


24/27

Application of PIXFIREWALL Application of PIXFIREWALL

1. Corporate Internet Perimeter:1. Corporate Internet Perimeter:--

The firewall is configured to protect againstThe firewall is configured to protect against

unauthorized access from the untrustedunauthorized access from the untrustedInternet to the corporation's privateInternet to the corporation's private

network, and to prevent unauthorizednetwork, and to prevent unauthorized

access from the internal private network toaccess from the internal private network tountrusted sites.untrusted sites.


25/27

Continue.Continue.

2.Corporate Intranet2.Corporate Intranet::--

The firewall policy for the corporate intranetThe firewall policy for the corporate intranet

is designed to restrict traffic and access tois designed to restrict traffic and access toinformation between various departmentsinformation between various departments

within the corporation.within the corporation.

Destination URL Policy Management alsoDestination URL Policy Management alsocontrols access to internal Web site andcontrols access to internal Web site and

Web applications.Web applications.


26/27

ContinueContinue

Telecommuter/Home OfficeTelecommuter/Home Office ::--

Corporate telecommuters and home officeCorporate telecommuters and home office

workers similarly maintain a LAN networkworkers similarly maintain a LAN networkin the home with several computersin the home with several computers

connected to it.connected to it.


27/27

Any QuestionsAny Questions

or Comments?or Comments?

THANKYOU

Documents

1 Ppt on Pix Firewall