The Best Damn Firewall Book Period
|
Introduction
Good security administration is labor-intensive, and therefore organizations often find it difficult to maintain the security of a large number of internal machines. Increasingly, firewalls provide additional security or performance services; since they sit at a point in the network that mediates all communication with the end host, various types of service extensions can naturally be integrated into them.
Even in high-security environments, where the resources to harden and provide ongoing security support for the end application are available, firewalls can play an important role. In addition to the features described previously, firewalls can support the concept of defense in depth: multiple protective technologies support higher levels of trust in case of error or omission at one layer. Having multiple controls also supports the concept of separation of duties: different groups can support application layer and network layer securities, ensuring that no single person or group can compromise the system.
Cisco's PIX firewalls are a series of appliances that offer world-class security and high levels of performance and reliability. They are a mature product, having been a part of enterprise and service provider networks since 1995. Cisco PIX firewalls fit into a wide range of environments, from small office/home office (SOHO) environments to large enterprises and service providers. With support for complex protocols, the latest VPN technologies, and intrusion detection features, the PIX is one of the leading firewalls in the market.
In this chapter, you will learn about some of the main features that Cisco PIX firewalls have to offer. We will look at the different models of PIX and the types of environment in which they fit. We will then perform basic configuration on a PIX firewall through the command-line interface.
|