ebook img

Cisco Pix firewalls : configure, manage, & troubleshoot PDF

658 Pages·10.774 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cisco Pix firewalls : configure, manage, & troubleshoot

235_PIX_FM.qxd 11/8/02 3:56 PM Page i s o l u t i o n s @ s y n g r e s s . c o m With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we continue to look for ways we can better serve the information needs of our readers. One way we do that is by listening. Readers like yourself have been telling us they want an Internet-based ser- vice that would extend and enhance the value of our books. Based on reader feedback and our own strategic plan, we have created a Web site that we hope will exceed your expectations. [email protected] is an interactive treasure trove of useful infor- mation focusing on our book topics and related technologies. The site offers the following features: (cid:2) One-year warranty against content obsolescence due to vendor product upgrades. You can access online updates for any affected chapters. (cid:2) “Ask the Author” customer query forms that enable you to post questions to our authors and editors. (cid:2) Exclusive monthly mailings in which our experts provide answers to reader queries and clear explanations of complex material. (cid:2) Regularly updated links to sites specially selected by our editors for readers desiring additional reliable information on key topics. Best of all, the book you’re now holding is your key to this amazing site. Just go to www.syngress.com/solutions, and keep this book handy when you register to verify your purchase. Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there’s anything else we can do to help you get the maximum value from your investment. We’re listening. www.syngress.com/solutions 235_PIX_FM.qxd 11/8/02 3:56 PM Page ii 235_PIX_FM.qxd 11/8/02 3:56 PM Page iii 1 YEAR UPGRADE BUYER PROTECTION PLAN Cisco Security ® Specialist’s G u i d e t o P IX Firewall ® Foreword by Ralph Troupe, President and CEO, Callisma Vitaly Osipov Mike Sweeney Woody Weaver Charles E. Riley Technical Reviewer Umer Khan Technical Editor 235_PIX_FM.qxd 11/8/02 3:56 PM Page iv Syngress Publishing,Inc.,the author(s),and any person or firm involved in the writing,editing,or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind,expressed or implied,regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights,which vary from state to state. In no event will Makers be liable to you for damages,including any loss of profits,lost savings,or other incidental or consequential damages arising out from the Work or its contents.Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages,the above limitation may not apply to you. You should always use reasonable care,including backup and other appropriate precautions,when working with computers,networks,data,and files. Syngress Media®,Syngress®,“Career Advancement Through Skill Enhancement®,”and “Ask the Author UPDATE®,”are registered trademarks of Syngress Publishing,Inc.“Mission Critical™,”“Hack Proofing®,”and “The Only Way to Stop a Hacker is to Think Like One™”are trademarks of Syngress Publishing,Inc.Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 27GYW9HV43 002 Q26UUN7TJM 003 STX3AD4HF5 004 Z6KB6Y2B7Y 005 T5RZU8MPD6 006 AQ8NC4E8S6 007 PH7PQ2A7EK 008 9RD7BK43HG 009 SX7V6CVPFH 010 5M39ZBVBR2 PUBLISHED BY Syngress Publishing,Inc. 800 Hingham Street Rockland,MA 02370 Cisco Security Specialist’s Guide to PIX Firewall Copyright © 2002 by Syngress Publishing,Inc.All rights reserved.Printed in the United States of America.Except as permitted under the Copyright Act of 1976,no part of this publication may be reproduced or distributed in any form or by any means,or stored in a database or retrieval system, without the prior written permission of the publisher,with the exception that the program listings may be entered,stored,and executed in a computer system,but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN: 1-931836-63-9 Technical Editor:Umer Khan Cover Designer:Michael Kavish Technical Reviewer:Charles E.Riley Page Layout and Art by:Personal Editions Acquisitions Editor:Catherine B.Nolan Copy Editor:Darlene Bordwell Developmental Editor:Jonathan Babcock Indexer:Brenda Miller Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada. 235_PIX_FM.qxd 11/8/02 3:56 PM Page v Acknowledgments We would like to acknowledge the following people for their kindness and support in making this book possible. Ralph Troupe,Rhonda St.John,Emlyn Rhodes,and the team at Callisma for their invaluable insight into the challenges of designing,deploying and supporting world- class enterprise networks. Karen Cross,Lance Tilford,Meaghan Cunningham,Kim Wylie,Harry Kirchner, Kevin Votel,Kent Anderson,Frida Yara,Jon Mayes,John Mesjak,Peg O’Donnell, Sandra Patterson,Betty Redmond,Roy Remer,Ron Shapiro,Patricia Kelly,Andrea Tetrick,Jennifer Pascal,Doug Reil,David Dahl,Janis Carpenter,and Susan Fryer of Publishers Group West for sharing their incredible marketing experience and expertise. Duncan Enright,AnnHelen Lindeholm,David Burton,Febea Marinetti,and Rosie Moss of Elsevier Science for making certain that our vision remains worldwide in scope. David Buckland,Wendi Wong,Daniel Loh,Marie Chieng,Lucy Chong,Leslie Lim, Audrey Gan,and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. Jackie Gross,Gayle Voycey,Alexia Penny,Anik Robitaille,Craig Siddall,Darlene Morrow,Iolanda Miller,Jane Mackay,and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product in Canada. Lois Fraser,Connie McMenemy,Shannon Russell,and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada. David Scott,Annette Scott,Geoff Ebbs,Hedley Partis,Bec Lowe,and Tricia Herbert of Woodslane for distributing our books throughout Australia,New Zealand,Papua New Guinea,Fiji Tonga,Solomon Islands,and the Cook Islands. Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines. v 235_PIX_FM.qxd 11/8/02 3:56 PM Page vi Contributors C.Tate Baumrucker (CISSP,CCNP,Sun Enterprise Engineer,MCSE) is a Senior Consultant with Callisma,where he is responsible for leading engineering teams in the design and implementation of secure and highly available systems infrastructures and networks.Tate is an industry recog- nized subject matter expert in security and LAN/WAN support systems such as HTTP,SMTP,DNS,and DHCP.Tate has spent eight years pro- viding technical consulting services for the Department of Defense,and other enterprise and service provider industries for companies including: American Home Products,Blue Cross and Blue Shield of Alabama, Amtrak,Iridium,National Geographic,Geico,GTSI,Adelphia Communications,Digex,Cambrian Communications,and BroadBand Office.Tate has also contributed to the book Managing Cisco Network Security,Second Edition (Syngress Publishing,ISBN:1-931836-56-6). Brian Browne (CISSP) is a Senior Consultant with Callisma.He pro- vides senior-level strategic and technical security consulting to Callisma clients,has 12 years of experience in the field of information systems security,and is skilled in all phases of the security lifecycle.A former independent consultant,Brian has provided security consulting for mul- tiple Fortune 500 clients,has been published in Business Communications Review,and was also a contributor to the book Managing Cisco Network Security,Second Edition (Syngress Publishing,ISBN:1-931836-56-6).His security experience includes network security,firewall architectures,vir- tual private networks (VPNs),intrusion detection systems (IDSs),UNIX security,Windows NT security,and public key infrastructure (PKI).Brian resides in Willow Grove,PA with his wife,Lisa,and daughter,Marisa. Vitaly Osipov (CISSP,CCSE,CCNA) is co-author for Syngress Publishing’s Check Point Next Generation Security Administration (ISBN: 1-928994-74-1) and Managing Cisco Network Security,Second Edition (ISBN:1-931836-56-6).Vitaly has spent the last six years working as a consultant for companies in Eastern,Central,and Western Europe.His vi 235_PIX_FM.qxd 11/8/02 3:56 PM Page vii specialty is designing and implementing information security solutions. Currently Vitaly is the team leader for the consulting department of a large information security company.In his spare time,he also lends his consulting skills to the anti-spam company,CruelMail.com.Vitaly would like to extend his thanks to his many friends in the British Isles,especially the one he left in Ireland. Derek Schatz (CISSP) is a Senior Consultant with Callisma,and is the lead Callisma resource for security in the western region of the United States.He specializes in information security strategy and the alignment of security efforts with business objectives.Derek has a broad technical back- ground;previous positions have included stints with a Big Five consulting firm,where he managed a team in the technology risk consulting practice, and as a Systems Engineer at Applied Materials,where he was responsible for their Internet and Extranet infrastructure.Derek holds a bachelor’s degree from the University of California,Irvine,and is a member of the Information Systems Security Association.He received his CISSP certifica- tion in 1999.Derek resides in Southern California with his family. Timothy “TJ” Schuler (CCIE #8800) works as a Senior Network Engineer for Coleman Technologies in Denver,CO.TJ has over seven years of experience with network implementation and design including security,large routing and switching networks,ATM,wireless,IP Telephony and IP based video technologies.TJ is currently pursuing the Security CCIE certification,which would be his second CCIE.He would like to dedicate this work to his family. Michael Sweeney (CCNA,CCDA,CCNP,MCSE) is the owner of the IT consulting firm,Packetattack.com.His specialties are network design, network troubleshooting,wireless network design,security,network anal- ysis using Sniffer Pro,and wireless network analysis using AirMagnet. Michael is a graduate of the extension program at the University of California,Irvine with a certificate in Communications and Network Engineering.Michael currently resides in Orange,CA with his wife, Jeanne,and daughter,Amanda. vii 235_PIX_FM.qxd 11/8/02 3:56 PM Page viii Robert “Woody”Weaver (CISSP) is the Field Practice Lead for Security at Callisma.As an information systems security professional, Woody’s responsibilities include field delivery and professional services product development.Woody’s background includes a decade as a tenured professor,teaching mathematics and computer science.Woody also spent time as the most senior Network Engineer for Williams Communications in the San Jose/San Francisco Bay area,providing client services for their network integration arm,and as Vice President of Technology for Fullspeed Network Services,a regional systems integrator.He is also a contributiong author to Managing Cisco Network Security,Second Edition (Syngress Publishing,ISBN:1-931836-56-6).Woody holds a bachelor’s of Science degree from the California Institute of Technology,and a Ph.D.from Ohio State.He currently works out of the Washington,D.C. metro area. viii 235_PIX_FM.qxd 11/8/02 3:56 PM Page ix Technical Reviewer and Contributor Charles Riley (CCNP,CSS1,CISSP,CCSA,MCSE,CNE-3) is a Network Engineer with a long tenure in the networking security field. Charles has co-authored several books including Configuring Cisco Voice Over IP,Second Edition (Syngress Publishing ISBN:1-931836-64-7).He has designed and implemented robust networking solutions for large Fortune 500 and privately held companies.He started with the U.S.Army at Fort Huachuca,AZ,eventually finishing his Army stretch as the Network Manager of the Seventh Army Training Command in Grafenwoehr, Germany.Currently Charles is employed as a Network Security Engineer for HyperVine (www.hypervine.net) in Kansas,where he audits and hardens the existing security of customers,as well as deploying new security architectures and solutions.Charles holds a bachelor’s degree from the University of Central Florida.He is grateful to his wife,René,and daughter,Tess,for their support of his writing: My world is better with y ou in it. ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.