Scribd Logo
Upload

Welcome to Scribd!

  • CSC344-Lecture 12

    Uploaded by

    abdulhakimatsh1234
    2 views16 pages
    Pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Pdf

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    2 views16 pages

    CSC344-Lecture 12

    Uploaded by

    abdulhakimatsh1234
    Pdf

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 16

    Jahan University

    BCS Faculty

    Subject: Advanced Network Security


    Lecture: 12
    Lecturer: Sikandar xulcurnain

    1
    Course Objectives
    • After successfully completing this lesson, students will be able to understand:
    • Cisco ASA
    • ASA firewall services
    • Managing Cisco ASA
    • ASA security levels
    • ASA interface configuration

    2
    Course Outlines
    • Introduction to Cisco ASA
    • ASA firewall services
    • Managing Cisco ASA
    • ASA security levels
    • ASA interface configuration

    3
    Text Book to Follow

    Tim Boyles

    Network Administration (Jahan University) 4


    Chapter 7
    Introduction to asa firewall

    Network Administration (Jahan University) 5


    Introduction to Cisco ASA
    • ASA stands for Adaptive Security Appliance, a dedicated Cisco device used as a
    Firewalls having multiple security features. ASA firewall comes as a next
    generation firewall & performs different functions for the network security. These
    features are:

    Stateful Packet Inspection

    URL Filtering

    Next Generation IPS

    Advanced Malware Protection

    Application and visibility controls

    Identity based access controls 6

    Deep-packet inspection
    What services does ASA provide?
    • Proprietary Operating system - Uses an OS used specifically for the purpose of
    security.
    • Stateful Packet Inspection - Has the state table and recognizes the type of traffic
    based on the session table.
    • Application Aware Inspection - ASA has the ability to perform inspection at the
    layer 7 of the OSI model. It can inspect the traffic regardless of the default ports.
    What services does ASA provide?
    • Network Address Translation - ASA supports NAT functions.
    • DHCP Server – ASA can acts as DHCP server for IPA assignment.
    • Support for Routing - Supports the configuration of IGP such as RIP, EIGRP
    and OSPF.
    • High Availability - Multiple firewalls are deployed in network to provide high
    availability and reliability & works in modes like active/standby or active/active.
    Multiple firewalls can be clustered or grouped together in a logical one.
    What services does ASA provide?
    • Support for AAA – ASA can work as Authentication, Authorization and
    Accounting Server.
    • Virtual Private Network - Supports the configuration of the VPN for connecting
    the sites or provide access to user for access the corporate network.
    • Security Context - Also called as Virtual Firewall. A single ASA firewall acts as
    a separate dedicated virtual firewall. The creation of context depends on license
    and is used in service provider companies.
    Managing Cisco ASA
    • We can manage ASA Firewall thru
    CLI or GUI.
    • For accessing the ASA in CLI we use
    the console port of the ASA.
    • For accessing the ASA in GUI, we use
    the management port with an IP
    address being assigned. This port is
    usually used for advanced
    configuration.
    ASA security levels
    • Each interface of the ASA uses a security level which is a number between 0 to 100.
    This number defines the trustworthiness of the network that the interface is connected
    to. The bigger the number, the more trust you have in the network.
    • For example, security level for internal network is 100, outside network has the level
    of 0 while DMZ has security level set to somewhere between 1 and 99 (usually 50).
    • By default, the higher level security interfaces can initiate traffic to a lower level. The
    state-full inspection determines whether the reply traffic is allowed to make it back
    through
    ASA security levels
    • By default, ASA stops all initial traffic from
    lower security levels to higher security levels.
    We can say that:
    – Outside to LAN (Not Allowed)
    – Outside to DMZ (Not Allowed)
    – LAN to Outside (Allowed)
    – LAN to DMZ (Allowed)
    – DMZ to Outside (Allowed)
    – DMZ to Inside (Not Allowed)
    ASA Interface Configuration
    • We can perform the following configuration
    on an ASA interface,
    • IP Address Assignment
    • Giving a name to an interface using the
    name-if command.
    • Defining a security level for the interface
    using the security-level command.
    ASA Interface Configuration
    We can perform the following configuration
    on an ASA interface,
    ASA(config)# interface Ethernet 0/1
    ASA(config-if)# ip address 10.0.0.1
    255.0.0.0
    ASA(config-if)# no shutdown
    ASA(config-if)# nameif inside
    ASA(config-if)# security-level 100
    Summary
    • Introduction to Cisco ASA
    • ASA firewall services
    • Managing Cisco ASA
    • ASA security levels
    • ASA interface configuration

    15
    Thank You
    Any question?

    You might also like