Signatures
Figure shows what the
Signatures form looks like after you edit a group of
signatures. Notice how the entries in the Enabled column show
that the signatures are no longer active. After you deliver
the configuration to the Cisco IOS router, you can verify the
current settings by viewing the signatures in the respective
category. In the example, you see that all UNIX-related
signatures have been disabled.
Content 6.6
Threat Defense Lab Exercises 6.6.1 Lab 6.1
Configuring a Cisco IOS Firewall Using SDM Lab
Activity Lab Exercise: Lab 6.1 Configuring a Cisco IOS
Firewall Using SDM In this lab, you will configure a perimeter
router for International Travel Agency (ITA) using Security
Device Manager (SDM). The SDM firewall wizard allows you to
create a relatively strong firewall configuration in a few
simple configuration steps. Each router represents a router in
a large corporate network scenario. The ISP router is an ISP
edge router connected to the ITA corporate firewall, and the
ISP’s loopback is a remote internet network. FW is a corporate
firewall router, and its loopback interface is a demilitarized
zone (DMZ) where Internet-facing servers reside. INSIDE is an
internal corporate router, and its loopback is a subnet within
the internal corporate domain.
Content 6.6
Threat Defense Lab Exercises 6.6.2 Lab 6.2
Configuring CBAC Lab Activity Lab Exercise: Lab 6.2
Configuring CBAC Context-based access control (CBAC) is a
powerful tool in the Cisco IOS Firewall feature set. It allows
stateful packet inspection of certain types of attacks. In this
lab, INSIDE represents an inside corporate router, OUTSIDE
represents an outside Internet or ISP router, and FW represents
the corporate firewall. CBAC alone is not enough to make a
router into a secure Internet firewall, but in addition to
other security features it can be a very powerful defense.
Content 6.6 Threat Defense Lab Exercises
6.6.3 Lab 6.3 Configuring IPS with SDM Lab
Activity Lab Exercise: Lab 6.3 Configuring IPS with SDM In
this lab, you will configure the Cisco IOS Intrusion Prevention
System (IPS), which is part of the Cisco IOS Firewall feature
set. IPS examines certain attack patterns and will alert and/or
mitigate when those patterns occur. In this scenario, TRUSTED
represents a trusted inside router, FW represents a router
serving as an intrusion prevention router, and UNTRUSTED
represents an untrusted outside router. Since UNTRUSTED is
outside, FW will examine packets inbound from it. IPS alone is
not enough to make a router into a secure Internet firewall,
but in addition to other security features, it can be a
powerful defense.
Content 6.6 Threat Defense
Lab Exercises 6.6.4 Lab 6.4 Configuring IPS
with CLI Lab Activity Lab Exercise: Lab 6.4
Configuring IPS with CLI In this lab, you will configure the
Cisco IOS Intrusion Prevention System (IPS), which is part of
the Cisco IOS Firewall feature set. IPS examines certain attack
patterns and will alert and/or mitigate when those patterns
occur. In this scenario, TRUSTED represents a trusted inside
router, FW represents a router serving as an intrusion
prevention router, and UNTRUSTED represents an untrusted
outside router. Since UNTRUSTED is outside, FW will examine
packets inbound from it. IPS alone is not enough to make a
router into a secure Internet firewall, but in addition to
other security features it can be a powerful defense.
Content Summary This module covered the design and
implementation of the Cisco IOS Firewall and Cisco IOS
intrusion prevention system (IPS). It described the most common
firewall technologies, such as packet filtering, stateful
firewalls, and application-layer filtering. It also introduced
various firewall topologies, showing that a Demilitarized Zone
(DMZ)-based approach offers the best defense and scalability
options.
The concept of stateful firewalls was
explained, along with an explanation of how this firewall is
implemented Cisco IOS routers, called the Cisco IOS Firewall.
The module described the two Cisco IOS Firewall configuration
methods: command-line interface (CLI) and the Security Device
Manager (SDM). The discussion of SDM included the Basic and
Advanced Firewall Configuration wizards. Further, intrusion
detection system (IDS) and IPS were described as complementary
technologies. These technologies differ in the actions they
take when an attack is detected, in their placement in the
network, and in the signature coverage scope. The module
described the two Cisco IOS IPS configuration methods using use
the CLI and the SDM wizard for deployment simplicity.