|
Definition
The Cisco IOS Firewall,
provides robust, integrated firewall and intrusion detection functionality for
every perimeter of the network. Available for a wide range of Cisco IOS software-based
routers, the Cisco IOS Firewall offers sophisticated security and policy enforcement
for connections within an organization (intranet) and between partner networks
(extranets), as well as for securing Internet connectivity for remote and branch
offices.
A security-specific,
value-add option for Cisco IOS Software, the Cisco IOS Firewall enhances existing
Cisco IOS security capabilities, such as authentication, encryption, and failover,
with state-of-the-art security features, such as stateful, application-based filtering
(context-based access control), defense against network attacks, per user authentication
and authorization, and real-time alerts.
The
Cisco IOS Firewall is configurable via Cisco ConfigMaker software, an easy-to-use
Microsoft Windows 95, 98, NT 4.0 based software tool.
A Firewall is a
network security device that ensures that all communications attempting to cross
it meet an organization's security policy. Firewalls track and control communications
deciding whether to allow ,reject or encrypt communications.Firewalls are used
to connect a corporate local network to the Internet and also within networks.
In other words they stand in between the trusted network and the untrusted network. The
first and most important decision reflects the policy of how your company or organization
wants to operate the system. Is the firewall in place to explicitly deny all services
except those critical to the mission of connecting to the net, or is the firewall
is in place to provide a metered and audited method of 'Queuing' access in a non-threatening
manner. The second is what level of monitoring, reducing and control do you want?
Having established the acceptable risk level you can form a checklist of what
should be monitored, permitted and denied. The third issue is financial.
Implementation
methods
Two basic methods to implement
a firewall are
1.As a Screening Router:
A screening router is a special
computer or an electronic device that screens (filters out) specific packets based
on the criteria that is defined. Almost all current screening routers operate
in the following manner.
a. Packet Filter criteria must be stored for the
ports of the packet filter device. The packet filter criteria are called packet
filter ruler.
b. When the packets arrive at the port, the packet header is
parsed. Most packet filters examine the fields in only the IP, TCP and UDP headers.
c. The packet filter rules are stored in a specific order. Each rule is applied
to the packet in the order in which the packet filter is stored.
d. If the
rule blocks the transmission or reception of a packet the packet is not allowed.
e. If the rule allows the transmission or reception of a packet the packet is
allowed.
f. If a packet does not satisfy any rule it is blocked.
You may also like this : Sniffer for detecting lost mobiles, Mobile Phone Cloning, Nano Cars Into The Robotics , Mind-Reading Computer, Intelligent Speed Adaptation , Global Wireless E-Voting , E-Cash Payment System , Cyborgs, Brain Fingerprinting , Biometrics in SECURE e-transaction , X- Internet , Surface Computer, Green Cloud , Digital Jewelry , Brain Gate , Palm Vein Technology , 5 Pen PC Technology , iDEN , Hi-Fi, Packet Sniffers, Brain Chips , Phishing , Pill Camera, Blue Brain , Biometric Voting System , 3D Television , 3D password, Gi-Fi , Graphical Password Authentication, 4G Broadband , Finger Tracking , Eye Movement-Based Human Computer Interaction Techniques , Ethical Hacking, Secure ATM by Image Processing , Dynamic Languages ,In-Vehicle Networking , Plastic Memory , Protein Memory , Setting up a LAN using Linux , UMTS , Money Pad, The Future Wallet , Low Power UART Design , SPECT , Buffer overflow attack , Hurd , Intel Centrino Mobile Technology , MPEG Video Compression , Survivable Networks Systems , Self Organizing Maps , Mobile IP,IT Seminar Reports, PPT and PDF.
|
<<back |
