Read more
Cisco Firewalls thoroughly explains Cisco's full spectrum of network and application firewall products, features, and solutions, and shows how they can add value to network security designs and operations. In this book, a leading Cisco security expert shows how to optimize the placement of Cisco firewalls, grouping and structuring them to build highly-secure self-defending networks. The book begins with a discussion of Cisco's classic stateful firewall solutions, including PIX/ASA, FWSM, and the IOS Firewall. Next, it covers application-oriented Cisco firewall offerings such as the ACE XML Gateway with web application firewall, and the Ironport Web Security Appliance. For each product, the author also explores tools for verifying correct operation, and for troubleshooting and resolving problems. This is the first book to show how to protect Unified Communications systems using Cisco firewalls. It also presents unprecedented coverage of firewall integration with other security elements such as IPS, VPNs, and load balancers; as well as two full chapters on IPv6 firewalls.
List of contents
PART I: GETTING STARTED 1. The Role of Firewalls on Network Security 2. Basic Security Concepts 3. Cisco Firewall Families Overview PART II: CLASSIC CISCO FIREWALLS: THE FUNDAMENTALS 4. Configuration Fundamentals for Classic Cisco Firewalls 5. Inserting the Firewall in the Network Topology 6. Virtualization on the Firewall World 7: Toolbox for understanding operation of Cisco Firewalls PART III: CONTROLLING TRAFFIC THROUGH THE CLASSIC FIREWALLS 8. Understanding Security Levels and NAT 9. Detailed Analysis of Protection without NAT 10. Detailed Analysis of Protection using NAT 11. Detailed Analysis of "Same Security Access" operation 12. Additional Protection Mechanisms (up to Layer 4) 13. Application Protocol Inspection in Action 14. Firewalls and Unified Communications 15. AAA on Cisco Firewalls PART IV: CISCO APPLICATION-ORIENTED FIREWALLS 16. Web Application Firewall 17. ACE XML Gateway 18. Proxy Services on the Ironport Web Security Appliance PART V: IPv6 SUPPORT ON CISCO FIREWALLS 19. Introduction to IPv6 20. Configuring IPv6 PART VI: SPECIAL DESIGN SCENARIOS AND CASE STUDIES 21. Special Design Scenarios 22. High Availability and Load Balancing Failover
About the author
Alexandre Matos da Silva Pires de Moraes, CCIE No. 6063, has worked as a Systems Engineer for Cisco Brazil since 1998 in projects that involve not only security and VPN technologies, but also routing protocol and campus design, IP multicast routing, and MPLS networks design. He coordinated a team of security engineers in Brazil and holds the CISSP, CCSP, and 03 CCIE certifications (Routing/Switching, Security, and Service Provider). Alexandre, a frequent speaker at Cisco Networkers, graduated in electronic engineering from the Instituto Tecnologico de Aeronautica (ITA -- Brazil) and has never hidden his sincere passion for mathematics (mainly the fields of synthetic geometry and trigonometry).
