NE7212 CASE STUDY

C.Namasivayam. DCT, B.E, M.E (Network Engineering).

Dhanalakshmi Srinivasan Engineering College

namasivayam.cse@gmail.com

https://www.facebook.com/namasivayam.cse

http://menetworkengineering.blogspot.in/.

What is Firewall

• Firewall is a software or hardware-based network security system

• Protect our inside network from outside world internet.

• Controls the incoming and outgoing network traffic

• Analyzing the data packets and determining whether they should be allowed through or not.

• Computer operating systems include software-based firewalls to protect against threats from the public Interne.

• Many firewalls can perform basic routing functions

TYPES OF FIREWALL

Desktop Firewall

• Protect internal host or node

• Software Firewall

Network Firewall

• Protect our entire network from outside internet

• Hardware and Software Firewall

Firewall Basics Functions

• Add your first bullet point here

• Add your second bullet point here

• Add your third bullet point here

Best Firewall in the Market

• Checkpoint Software Technologies

• Cisco Systems

• Fortinet

• Juniper Networks

• Mcafee

• Watchguard

Cisco ASA Firewall

• Adaptive Security Appliance (ASA).

• The best firewall in the market.

• Java Based Firewall.

• CLI and GUI Based Firewall.

• Combines firewall, antivirus, intrusion prevention, and virtual private network (VPN).

• Packet Filtering firewall.

CISCO ASA Firewall Features:

• Antivirus

• Anti spam

• URL Filtering

• VPN device

• SSL device

• Content inspection

CISCO ASA 5520 model Firewall

System/Software Requirements

• GNS3 (Graphical Network Simulator 3) http://www.gns3.net/

• GNS3 is an open source software that simulate complex networks while being as close as possible to the way real networks perform

• Without having dedicated network hardware such as routers and switches.

• Provides an intuitive graphical user interface to design and configure virtual networks.

Continue

• Cisco asa842-initrd.gz

• Cisco asa842-vmlinuz

• Cisco asdm-715.bin

• Tftpd32 Server

• Web Server

• Microsoft Loopback Adapter

• One Cisco Router

• Oracle Virtual Box

CISCO ASA Firewall Access Modes

Unprivileged Mode

• This Mode provides restricted views of the security appliance.

• Cannot configure anything from this mode.

• The enable command used in this mode.

ciscoasa>enable Unprivileged Mode

Password: Initially its Blank

ciscoasa# Privileged Mode

Continue

Privileged Mode

• Displays the # prompt.

• Unprivileged commands also works in this mode.

• Cannot configure anything in this mode.

• Access the configuration mode using the #configure terminal command from the Privileged mode.

ciscoasa#configure terminal Privileged Mode

ciscoasa(config)# Configuration Mode

Continue

Configuration Mode

• Displays the (config)# prompt

• Change all system configuration in this mode.

• The mode some times called Global Configuration Mode.

ciscoasa(config)#interface GigabitEthernet0/1 Configuration Mode

ciscoasa(config-if) Configure interface specific parameters

Firewall Security Level Interfaces

• Security Level 0 Outside Interface (INTERNET)

• Security Level 1 to 99 Management Interface ( DMZ)

• Security Level 100 Inside Interface (LAN)

Firewall Interface security levels.

Rules For Traffic Flow Between Security Levels

1. Traffic from Higher Security Level to Lower Security Level

• Allow all Traffic from higher security levels unless specifically

restricted by an Access Control List(ACL).

• nat/global Translation pair between High-to-Low Security Level

Interface.

Continue

2. Traffic from Lower Security Level to Higher Security Level.

• Drop All Traffic unless specifically allowed by an ACL.

• Static NAT between High-to-Low Security Level Interface

Continue

3. Traffic Between interface with same security Level

• By default this is not allowed.

• Unless you configure the same-security-traffic permit command.

NETWORK TOPOLOGY

Thank you

• C.Namasivayam, DCT, B.E, M.E (Network Engineering).

• Department of IT,

• Dhanalakshmi Srinivasan Engineering College Perambalur,

• E.mail id : namasivayam.cse@gmail.com

• Cell No: +91-9626319896

• Facebook : https://www.facebook.com/namasivayam.cse

• Blogspot : http://menetworkengineering.blogspot.in/

Thank you

• C.Namasivayam, DCT, B.E, M.E (Network Engineering).

• Department of IT,

• Dhanalakshmi Srinivasan Engineering College Perambalur,

• E.mail id : namasivayam.cse@gmail.com

• Cell No: +91-9626319896

• Facebook : https://www.facebook.com/namasivayam.cse

• Blogspot : http://menetworkengineering.blogspot.in/