You are on page 1of 21

NE7212 CASE STUDY

C.Namasivayam. DCT, B.E, M.E (Network Engineering).


Dhanalakshmi Srinivasan Engineering College namasivayam.cse@gmail.com https://www.facebook.com/namasivayam.cse

http://menetworkengineering.blogspot.in/.

What is Firewall
Firewall is a software or hardware-based network security system

Protect our inside network from outside world internet.


Controls the incoming and outgoing network traffic Analyzing the data packets and determining whether they should be allowed through or not.

Computer operating systems include software-based firewalls to protect against threats from the public Interne.
Many firewalls can perform basic routing functions

TYPES OF FIREWALL
Desktop Firewall

Protect internal host or node


Software Firewall Network Firewall Protect our entire network from outside internet Hardware and Software Firewall

Firewall Basics Functions


Add your first bullet point here
Add your second bullet point here Add your third bullet point here

Best Firewall in the Market


Checkpoint Software Technologies

Cisco Systems
Fortinet Juniper Networks Mcafee Watchguard

Cisco ASA Firewall


Adaptive Security Appliance (ASA).

The best firewall in the market.


Java Based Firewall. CLI and GUI Based Firewall. Combines firewall, antivirus, intrusion prevention, and virtual private network (VPN). Packet Filtering firewall.

CISCO ASA Firewall Features:


Antivirus

Anti spam
URL Filtering VPN device SSL device Content inspection

CISCO ASA 5520 model Firewall

System/Software Requirements
GNS3 (Graphical Network Simulator 3) http://www.gns3.net/

GNS3 is an open source software that simulate complex networks while being as close as possible to the way real networks perform
Without having dedicated network hardware such as routers and switches. Provides an intuitive graphical user interface to design and configure virtual networks.

Continue
Cisco asa842-initrd.gz

Cisco asa842-vmlinuz
Cisco asdm-715.bin Tftpd32 Server Web Server Microsoft Loopback Adapter

One Cisco Router Oracle Virtual Box

CISCO ASA Firewall Access Modes


Unprivileged Mode

This Mode provides restricted views of the security appliance.


Cannot configure anything from this mode. The enable command used in this mode. ciscoasa>enable Password: Unprivileged Mode Initially its Blank

ciscoasa#

Privileged Mode

Continue
Privileged Mode

Displays the # prompt.


Unprivileged commands also works in this mode. Cannot configure anything in this mode. Access the configuration mode using the #configure terminal command from the Privileged mode. ciscoasa#configure terminal ciscoasa(config)# Privileged Mode Configuration Mode

Continue
Configuration Mode

Displays the (config)# prompt


Change all system configuration in this mode. The mode some times called Global Configuration Mode. ciscoasa(config)#interface GigabitEthernet0/1 Configuration Mode ciscoasa(config-if) Configure interface specific parameters

Firewall Security Level Interfaces


Security Level 0 Outside Interface (INTERNET)

Security Level 1 to 99 Management Interface ( DMZ) Security Level 100 Inside Interface (LAN)

Firewall Interface security levels.

Rules For Traffic Flow Between Security Levels


1. Traffic from Higher Security Level to Lower Security Level

Allow all Traffic from higher security levels unless specifically restricted by an Access Control List(ACL).
nat/global Translation pair between High-to-Low Security Level

Interface.

Continue
2. Traffic from Lower Security Level to Higher Security Level.

Drop All Traffic unless specifically allowed by an ACL.


Static NAT between High-to-Low Security Level Interface

Continue
3. Traffic Between interface with same security Level

By default this is not allowed.


Unless you configure the same-security-traffic permit command.

NETWORK TOPOLOGY

Thank you
C.Namasivayam, DCT, B.E, M.E (Network Engineering).

Department of IT,
Dhanalakshmi Srinivasan Engineering College Perambalur, E.mail id : namasivayam.cse@gmail.com Cell No: +91-9626319896 Facebook : https://www.facebook.com/namasivayam.cse

Blogspot : http://menetworkengineering.blogspot.in/

Thank you
C.Namasivayam, DCT, B.E, M.E (Network Engineering).

Department of IT,
Dhanalakshmi Srinivasan Engineering College Perambalur, E.mail id : namasivayam.cse@gmail.com Cell No: +91-9626319896 Facebook : https://www.facebook.com/namasivayam.cse

Blogspot : http://menetworkengineering.blogspot.in/