Seminar Report 03

Cisco IOS Firewall

INTRODUCTION

The Cisco IOS Firewall, provides robust, integrated firewall and intrusion detection functionality for every perimeter of the network. Available for a wide range of Cisco IOS software-based routers, the Cisco IOS Firewall offers

sophisticated security and policy enforcement for connections within an organization (intranet) and between partner networks (extranets), as well as for securing Internet connectivity for remote and branch offices.

A security-specific, value-add option for Cisco IOS Software, the Cisco IOS Firewall enhances existing Cisco IOS security capabilities, such as authentication, encryption, and failover, with state-of-the-art security features, such as stateful, application-based filtering (context-based access control),

defense against network attacks, per user authentication and authorization, and real-time alerts.

The Cisco IOS Firewall is configurable via Cisco ConfigMaker software, an easy-to-use Microsoft Windows 95, 98, NT 4.0 based software tool.

Dept. of IT

-1-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

CHAPTER ONE

FIREWALL BASICS
Definition Of FireWall

A FireWall is a network security device that ensures that all communications attempting to cross it meet an organizations security policy.FireWalls track and control communications deciding whether to allow ,reject or encrypt communications. FireWalls are used to connect a corporates local network to the Internet and also within networks.In otherwords they stand in between the trusted network and the untrusted network.

Design and Implementation issues Basic Design Decisions in a FireWall The first and most important decision reflects the policy of how your company or organization wants to operate the system. Is the firewall in place to explicitly deny all services except those critical to the mission of connecting to the net, or is the firewall is in place to provide a metered and audited method of Queuing access in a non-threatening manner. The second is what level of monitoring, reducing and control do you want? Having established the acceptable risk level you can form a

Dept. of IT

-2-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

checklist of what should be monitored, permitted and denied. The third issue is financial.

Implementation methods

Two basic methods to implement a firewall are

1.As a Screening Router:

A screening router is a special computer or an electronic device that screens (filters out) specific packets based on the criteria that is defined. Almost all current screening routers operate in the following manner. a. Packet Filter criteria must be stored for the ports of the packet filter device. The packet filter criteria are called packet filter ruler. b. When the packets arrive at the port, the packet header is parsed. Most packet filters examine the fields in only the IP, TCP and UDP headers. c. The packet filter rules are stored in a specific order. Each rule is applied to the packet in the order in which the packet filter is stored. d. If the rule blocks the transmission or reception of a packet the packet is not allowed. e. If the rule allows the transmission or reception of a packet the packet is allowed. f. If a packet does not satisfy any rule it is blocked.

Dept. of IT

-3-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Dept. of IT

-4-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

2. As a Proxy Server:

A Proxy Server is an application that mediates traffic between a protected network and the Internet. Proxies are often used instead of router-based traffic controls, to prevent traffic from passing directly between networks. Proxy servers are application specific. In order to support a new protocol via a proxy, a proxy must be developed for it. Here there is no direct connection between the local network and the untrusted network. The Proxy Server transfers an isolated copy of each approved packet from one network to the other network. No information about the local network is available to untrusted networks.

Realization of FireWall

1. Buying an off-the shell firewall product: A commercial firewall product is brought and configured to meet an organizations security policy. Some products are available as free ,others may cost up to $100000.

2.Building a custom firewall: Organizations that have programming talent and financial resources often prefer to use a roll your own approach. This involves building custom firewall solution to protect the organizations network. If implemented properly this is the most effective approach.
Dept. of IT -5MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

CHAPTER TWO

CISCO IOS FIREWALL

As network security becomes increasingly critical to securing business transactions, businesses must integrate security into the network design and infrastructure itself. Security policy enforcement is most effective when it is an inherent component of the network.

The Cisco IOS Firewall is a security-specific option for Cisco IOS Software. It integrates robust firewall functionality and intrusion detection for every network perimeter. It adds greater depth and flexibility to existing Cisco IOS security solutions (i.e., authentication, encryption, and failover), by delivering state-of-the-art security features: stateful, applicationbased filtering; dynamic per-user authentication and

authorization; URL Filtering and others. When combined with Cisco IOS IPSec and Cisco IOS Technologies such as L2TP tunneling and Quality of Service (QoS), Cisco IOS Firewall provides a complete, integrated virtual private network (VPN) solution.

Router-Based Firewall Functionality

Cisco IOS Firewall is available on a wide range of Cisco IOS Software releases. It offers sophisticated security and
Dept. of IT -6MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

policy enforcement for connections within an organization (intranet) and between partner networks (extranets), as well as for securing Internet connectivity for remote and

branch offices.The Cisco IOS Firewall is the best choice for integrating multiprotocol routing with security policy enforcement and enabling managers to configure a Cisco router as a firewall. It scales to allow customers to choose a router platform based on bandwidth, LAN/WAN density, it and from multiservice advanced

requirements; security.

simultaneously,

benefits

Key Benefits

The Cisco IOS Firewall interoperates seamlessly with Cisco IOS Software, providing outstanding value and benefits:

FlexibilityInstalled on a Cisco router, Cisco IOS Firewall is an all-in-one, scalable solution that performs multiprotocol routing, perimeter security, intrusion detection, VPN functionality, and per-user authentication and authorization.

Investment protectionIntegrating firewall functionality into a multiprotocol router leverages an existing router investment, without the cost and learning curve associated with a new platform.

VPN supportDeploying Cisco IOS Firewall with Cisco IOS encryption and QoS VPN features enables secure, low-cost transmissions over public networks. It ensures that missioncritical application traffic receives high-priority delivery.

Dept. of IT

-7-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Scalable deployment Cisco IOS Firewall is available for a wide variety of router platforms. It scales to meet the bandwidth and performance requirements of any network.

Easier provisioningCombining the Cisco IE2100 and the Cisco IOS XML application enables a network administrator to drop ship any Cisco router with little or no preconfiguration to a given destination. The router pulls the most current Cisco IOS Software release router

configuration and its security policy configuration for the Firewall when it is connected to the Internet.

Cisco IOS Firewall is supported on a majority of Cisco routers platforms, thus delivering important benefits that include multiservice integration (data/voice/video/dial), advanced

security for dialup connections. On the Cisco 7100, 7200 and 7400 Series Routers, additional benefits include integrated routing and security at the Internet gateway for large enterprises and service provider customer premise equipment (CPE).

Cisco IOS Firewall Highlights

Stateful IOS Firewall inspection engineprovides internal users with secure, per-application-based access control for all traffic across perimeters, such as perimeters between private enterprise networks and the Internet. Also known as Context-Based Access Control (CBAC).

Intrusion DetectionInline deep packet inspection service that provides real-time monitoring,
-8-

interception,

and

Dept. of IT

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

response to network misuse with a broad set of the most common attack and information-gathering intrusion

detection signatures. Now supports 102 signatures!

Firewall Voice TraversalProvided by application-level intelligence of the protocol as to the call flow and associated channels that are opened. Voice protocols that are currently supported are H.323v2 and SIP (Q1CY03).

ICMP InspectionAllow responses to ICMP packets (i.e., ping and traceroute) originating from inside the Firewall, while still denying other ICMP traffic. Available in Q1 of 2003.

Authentication

ProxyEnables

dynamic,

per-user

authentication and authorization for LAN-based, http and dial-in communications; authenticates users against

industry-standard. Support of SSL secured userid and passwords for http (HTTPS) provides greater

confidentiality. TACACS+ and RADIUS authentication protocols enable network administrators to set individual, per-user security policies. HTTPS (SSL secured http) will be supported in Q1 of 2003.

Destination URL Policy ManagementSeveral mechanisms that support local caching of previous requests,

predetermined static URL permission and denial tables, as well as use of external server databases provided by Websense Inc. and N2H2 Inc. This is better known as URL Filtering. This will be available on all platforms after Q1 of 2003.

Dept. of IT

-9-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Per User FirewallsEnables Service Providers to provide a managed Firewall solution in the broadband market by downloading unique Firewall, ACLs, and other settings on a per user basis, using the AAA server profile storage after authentication.

Cisco IOS Router and Firewall ProvisioningZero (0) touch provisioning of the router, versioning and security policies such as Firewall rules.

Denial of Service Detection and PreventionDefends and protects router resources against common attacks, checks packet headers, and drops suspicious packets.

Dynamic

Port

MappingAllows

Firewall-supported

applications on nonstandard ports.

Java

Applet

BlockingDefends

against

unidentified,

malicious Java applets.

o

VPNs, IPSec Encryption, and QoS Support Operates with Cisco IOS Software encryption, tunneling, and QoS features to secure VPNs
o

Provide scalable encrypted tunnels on the router while integrating strong perimeter security, advanced bandwidth management, intrusion detection, and service-level validation

Standards based for interoperability Real-Time AlertsLog alerts for denial-of-service attacks or other pre-configured conditions. This is now configurable on a per-application, per-feature basis.

Audit TrailDetails transactions, and records time stamp, source host, destination host, ports, duration and total

Dept. of IT

-10-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

number of bytes transmitted for detailed reporting. This is now configurable on a per-application, per-feature basis.

Integration with Cisco IOS SoftwareInteroperates with Cisco IOS Software features, integrating security policy enforcement into the network.

Basic and Advanced Traffic Filtering Standard and extended access control lists (ACLs)apply access controls to specific network segments and define which traffic passes through a network segment.

Lock and Keydynamic ACLs grant temporary access through firewalls upon user identification

(username/password).

Policy-Based Multi-Interface SupportProvides ability to control user access by IP address and interface, as determined by the security policy.

Network Address Translation (NAT)Hides internal network from the outside for enhanced security.

Time-Based Access ListsDefines security policy based on the time of day and day of week.

Peer Router AuthenticationEnsures that routers receive reliable routing information from trusted sources.

Dept. of IT

-11-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

CHAPTER THREE

CISCO IOS FIREWALL FEATURE SET

New Firewall Features and Benefits New Feature Context-based access control (CBAC) Description Provides internal users secure, perapplication-based access control for all traffic across perimeters, e.g. between private enterprise networks and the Internet Protects against unidentified, malicious Java applets Defends and protects router resources against common attacks; checks packet headers and drops suspicious packets Details transactions; records time stamp, source host, destination host, ports, duration and total number of bytes transmitted Logs alerts in case of denial-ofservice attacks or other preconfigured conditions. A Win95/WinNTWizard based network configuration tool that offers step-by-step guidance through network design, addressing and Firewall feature set implementation.
-12MESCE, Kuttippuram

Java blocking

Denial of Service detection/prevention

Audit trail

RealTime alerts

ConfigMaker support

Dept. of IT

Seminar Report 03

Cisco IOS Firewall

Previously released Cisco IOS firewall features are:

Basic and Advanced Traffic Filtering Standard and Extended Access Control Lists (ACLs): apply controls over access to specific network segments, and defines which traffic passes through a network segment

Lock and KeyDynamic ACLs: grant temporary access through firewalls upon user identification

(username/password)

Policy-based Multi-interface Support: provides ability to control user access by IP address and interface as determined by the security policy

Network Address Translation (NAT): enhances network privacy by hiding internal addresses from public view; also reduces cost of Internet access by enabling conservation of registered IP addresses

Peer Router Authentication: ensures that routers receive reliable routing information from trusted sources

Event Logging: allows administrators to track potential security breaches or other nonstandard activities on a realtime basis by logging output from system error messages to a console terminal or syslog server, setting severity levels, and recording other parameters

Virtual Private Networks (VPNs): provide secure data transfer over public lines (such as the Internet); reduce implementation and management costs for remote branch offices and extranets; enhance quality of service and

Dept. of IT

-13-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

reliability; standards-based for interoperability, using any of the following protocols:

o o o

Generic Routing Encapsulation (GRE) Tunneling Layer 2 Forwarding (L2F) Layer 2 Tunneling Protocol (L2TP): when it becomes available

Quality of Service (QoS) controls: prioritize applications and allocate network resources to ensure delivery of missioncritical application traffic

Cisco encryption technology: a network-layer encryption capability that prevents eavesdropping or tampering with data across the network during transmission

Dept. of IT

-14-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

CHAPTER FOUR

APPLICATION OVERVIEWS
1. Corporate Internet Perimeter Corporations deploy Cisco IOS Firewall-enabled routers at the perimeter of their networks. The firewall is configured to protect against unauthorized access from the untrusted Internet to the corporation's private network, and to prevent

unauthorized access from the internal private network to untrusted sites. As part of their business, many corporations need to administer their own Web, file transfer, mail, and DNS services, and to make those services available over the Internet. Because of the dangers of running servers inside private networks, a Demilitarized Zone (DMZ) network is deployed as part of the corporate network infrastructure to provide a safe, relatively neutral "drop area" for communication between inside and outside systems. A firewall policy is created to deny connections from the untrusted Internet to the private network. Internet users can connect to servers on the DMZ network to access public corporate information and all other services that the corporation wishes to offer to outside users. Outgoing connections from the DMZ network into the private network and the Internet are also prohibited by the firewall policy. This restriction prevents attackers from penetrating the DMZ server and using it as a tool to cause damage to internal services and to attack other public sites.
Dept. of IT -15MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Authentication, Authorization, and Accounting With the Cisco IOS Firewall authentication proxy feature, connections can be made based on the security policies configured for each user. A per-user policy is downloaded dynamically to the router from an authentication, authorization, and accounting (AAA) server when the user attempts to make a connection to the Internet, DMZ network, or the internal network. Access will be granted only when the user has the appropriate access privilege based on his or her individual security profile. Besides using the authentication proxy, the administrator of the corporate network can use the accounting capability of the AAA server for security, billing, resource allocation, and management of any users who use the authentication proxy service. See Figure 1 for an illustration of a corporate Internet perimeter deployment scenario.

Figure 1 Corporate Internet Perimeter Deployment Scenario

Dept. of IT

-16-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Destination URL Policy Management Corporations can also manage resources and avoid productivity drains with Destination URL Policy Management, a key feature of the Cisco IOS Firewall. With Destination URL Policy Management, system administrators of the corporate network decide the allowable URL categories, users that have access to content, as well as when that content can be accessed. The Cisco IOS Firewall-enabled router maintains a local list of URL policies to be managed, granting or denying permission to URL connection requests. For additional policies not available on the router, it forwards HTTP requests for a URL destination to the external policy management server in order to get permission. Currently, Cisco supports two URL Policy Management server implementations, WebSense Inc. and N2H2 Inc.

Event Monitoring and Logging

When suspicious activity is detected on the corporate network, real-time alerts send syslog error messages to the central management console, allowing administrators to track and respond to potential security breaches or other undesirable events in real time.

Dept. of IT

-17-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

2.Corporate Intranet

A corporation typically has many departments that are each responsible for different pieces of mission-critical

information. Employees working for various organizations within a corporation do not have equal access privileges to all corporate information and services. The corporate intranet deployment scenario offers protection of mission-critical servers such as human resource (HR), enterprise resource planning (ERP), customer relationship management (CRM), and

accounting systems against security breaches from within the organization. It also effectively manages internal resources to help increase productivity.

The firewall policy for the corporate intranet is designed to restrict traffic and access to information between various departments within the corporation. Employees are subject to authentication and authorization before they are granted access to servers and services on the corporate network. Destination URL Policy Management also controls access to internal Web site and Web applications. In addition, suspicious activities are monitored by administrators with real-time alerts and log messages. See Figure 2 for an illustration.

Dept. of IT

-18-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Figure 2 Corporate Intranet Scenario

3. Regional/Branch Office Perimeter

Regional or branch offices can also deploy a Cisco IOS Firewall-enabled router at the perimeter of their network. Data and voice traffic between the regional or branch office and the corporate headquarters is transported via the virtual private network (VPN) connection. A separate, direct connection to the Internet from the regional or branch location is also available for access to public servers and information available on the Web. With this firewall deployment scenario, the firewall policy created for the corporate internet perimeter deployment scenario works in conjunction with the firewall policy at the regional or branch office perimeter. No connections are permitted from the untrusted Internet to the regional or branch office network; instead, Internet users connect to servers on the corporate DMZ network to access public corporate information. The DMZ network provides all the services that the corporation wishes to offer to outside users.
Dept. of IT -19MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

To better manage individual access from the regional office location to the Internet and internal resources, AAA and URL Policy Management servers are deployed at the regional location. Access to services and resources will be granted to employees only when they have the appropriate access privilege based on their individual security profiles. A syslog server is also made available for the regional office

administrator to track and respond to potential attacks and nonstandard activities. For smaller branch office locations without system administration resources, centralized firewall policy management can be provided remotely by the resources on the main corporate network.

Figure 3 Regional/Branch Office Perimeter

Dept. of IT

-20-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

4. Telecommuter/Home Office

Corporate telecommuters and home office workers similarly maintain a LAN network in the home with several computers connected to it (Figure 4). Both worker types subscribe to an ISP service that provides connectivity to the Internet. The home office worker, typically an independent contractor or an individual who runs a business out of a home, is always connected to an ISP. The home office worker relies on the ISP for services such as Web hosting, domain service, email, and DNS. In a slightly different scenario, the telecommuter network is an extension of the corporate network. A telecommuter's access to work resources and shared

information is subject to the corporate firewall security profile created for the individual. Similar to the branch office deployment scenario, a telecommuter is connected to the corporate network via a VPN tunnel for data and voice communication. The telecommuter can also directly access the Internet via an ISP. Business resources for the telecommuter such as e-mail, confidential information, server access, and more, reside on the corporate network.

Because business resources reside on a network external to home, the telecommuter and home office worker need not accept any incoming connections from the Internet to the home office LAN. The Cisco IOS Firewall enabled router at the perimeter of a telecommuter/home office permits only
Dept. of IT -21MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

outgoing connections. The computers on the home LAN can connect to the Internet via the ISP network, but the firewall policy does not allow outside initiated sessions to the private LAN. The work-at-home individual can view Web pages, send e-mail, pick up incoming e-mail from a corporate network or ISP, retrieve software via FTP, connect remotely using Telnet, and join in multimedia conferences, all without exposing any services on his or her own LAN network.

Authentication

proxy

service

and

URL

Policy

management with the Cisco IOS Firewall are not necessary for a telecommuter or home office. Once again, the telecommuter, when on the corporate network, is subject to the firewall policy created for the individual. A syslog server can be deployed if the work-at-home individual is willing to act as the system administrator and be notified immediately when there is a potential intrusion of the private network.

Dept. of IT

-22-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Figure 4 Telecommuter/Home Office Scenario

5. Corporate Extranet

As corporations establish tighter relationships with their business partners, the need to share resources among companies increases. Sometimes, access to the partner's internal networks is necessary to improve productivity and efficiency. A Cisco IOS Firewall deployed at the perimeter of the corporate network and partner network can help to restrict confidential information access to the few privileged individuals.

Dept. of IT

-23-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

With authentication proxy, a user entering the corporate network and the partner network from the expected source network is authenticated before access is granted. A security policy for the individual is dynamically downloaded from the AAA server, allowing the user only the services permitted by the security profile. Syslog servers are maintained at both ends of the network to track alarming activities. (See Figure 5.)

Dept. of IT

-24-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Figure 5 Corporate extranet

Dept. of IT

-25-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

CHAPTER FIVE

CISCO FIREWALL FAMILY

The Cisco PIX Firewall and Cisco IOS Firewall The Cisco PIX Firewall is the worlds leading dedicated firewall appliance. It has received the highest level of security certification granted to any firewall product. The Cisco PIX Firewall is a turnkey appliance with unmatched performance and unparalleled features. Integration of third-party content solutions, such as NetPartners WebSENSE URL management software, further enhances the industry-leading capabilities of the Cisco PIX Firewall. For IP-based network security, the Cisco PIX Firewall is the clear choice for those requiring dedicated firewall appliances. When combined with IP Security (IPsec), Cisco PIX Firewall provides an integrated virtual private network (VPN) solution.The Cisco IOS Firewall integrates robust firewall and intrusion detection technology into the Cisco IOS Software. The Cisco IOS Firewall enhances existing Cisco IOS Software by including stateful, application-based filtering, dynamic peruser authentication and authorization, and real-time alerts. When combined with Cisco IOS IPsec software, the Cisco IOS Firewall provides an integrated VPN solution.

Available with a wide range of Cisco routers, the Cisco IOS Firewall is the best choice for integrating multiprotocol routing with security policy enforcement.
Dept. of IT -26MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

The figure below shows an application that employs both types of firewall.

Dept. of IT

-27-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

Leading-Edge Capabilities of Cisco PIX Firewalls and Cisco IOS Firewalls Both the Cisco PIX Firewall Series and the Cisco IOS Firewall incorporate leading-edge firewall technology. Table 1 outlines advanced features common to both firewalls.

Although

both

firewalls

provide

excellent

security

solutions, each excels in different environments and at sites with distinct requirements. Table 2 describes when to choose the Cisco PIX Firewall and Table 3 describes when to choose

Dept. of IT

-28-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

the Cisco IOS Firewall. In many instances, the best security solution is a combination of both.

Dept. of IT

-29-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

SUMMARY
The Cisco IOS Firewall offers integrated network security through Cisco IOS software. A robust security policy entails more than perimeter control or firewall setup and

managementsecurity policy enforcement must be an inherent component of the network. Cisco IOS Software, with many advanced security features such as a firewall, firewall-IDS, IPSec/VPN, and quality of service (QoS) is an ideal vehicle for implementing a global security policy. Building an end-to-end Cisco solution allows managers to enforce security policies throughput the network as they grow.

Dept. of IT

-30-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

REFERENCES
a. Internet Firewalls and network security by Karanjit siyan,Chris Hare b. Building Internet Firewalls by D.Brent Chapman and Elizabeth D

Dept. of IT

-31-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

ACKNOWLEDGMENT

I express my sincere gratitude to Prof. M.N Agnisarman Namboothiri ( Head Of Department ,Information Technology ) and Mr. Zaheer P.C, Ms. Deepa ( Staff in charge ) for their kind cooperation for the seminar presentation.

I am also grateful

to all other

faculty members of

Information Technology Department and my colleagues for their guidance and encouragement .

Dept. of IT

-32-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

ABSTRACT

The Cisco IOS (Internet Operating System) FireWall is a commercial FireWall Product that comes as a security specific option with the Cisco IOS Software. Unlike other FireWalls a dedicated appliance is not needed for this FireWall. It could be installed on the router itself. Since most of the routers in the Web employ Cisco IOS software for security purposes(such as authentication ,encryption etc)addition of Cisco IOS FireWall to the set yields better results.

It integrates robust firewall functionality and intrusion detection for every network perimeter and enriches existing Cisco IOS security capabilities. It adds greater depth and flexibility to existing Cisco IOS security solutionssuch as authentication, encryption, and failoverby delivering state-of-the-art security features such as stateful, application-based filtering; dynamic peruser authentication and authorization; defense against network attacks; Java blocking; and real-time alerts.

Dept. of IT

-33-

MESCE, Kuttippuram

Seminar Report 03

Cisco IOS Firewall

CONTENTS
I. Introduction II. FireWall Basics Definition of FireWall. Design and Implementation issues. Realization of FireWall. III. Cisco IOS FireWall Router based FireWall Functionality Key Benefits HighLights IV. Feature set New FireWall Features Previously released features V. Application Overviews Corporate Internet Perimeter Corporate Intranet Regional/Branch office Perimeter Telecommuter/Home Office Corporate Extranet VI. Cisco FireWall Family Cisco PIX FireWall Comparisons between PIX and IOS VII. Summary VIII. References 28 29 24 14 11 05 01 02

Dept. of IT

-34-

MESCE, Kuttippuram