Cisco ASA, PIX, and FWSM Firewall Handbook (2nd Edition) [Paperback]

David Hucaby (Author)

Book Description

Publication Date: August 19, 2007 | ISBN-10: 1587054574 | ISBN-13: 978-1587054570 | Edition: 2

Cisco ASA, PIX, and FWSM Firewall Handbook, Second Edition, is a guide for the most commonly implemented features of the popular Cisco® firewall security solutions. Fully updated to cover the latest firewall releases, this book helps you to quickly and easily configure, integrate, and manage the entire suite of Cisco firewall products, including ASA, PIX®, and the Catalyst® Firewall Services Module (FWSM).

 

Organized by families of features, this book helps you get up to speed quickly and efficiently on topics such as file management, building connectivity, controlling access, firewall management, increasing availability with failover, load balancing, logging, and verifying operation.

 

Sections are marked by shaded tabs for quick reference, and information on each feature is presented in a concise format, with background, configuration, and example components.

 

Whether you are looking for an introduction to the latest ASA, PIX, and FWSM devices or a complete reference for making the most out of your Cisco firewall deployments, Cisco ASA, PIX, and FWSM Firewall Handbook, Second Edition, helps you achieve maximum protection of your network resources.

 

“Many books on network security and firewalls settle for a discussion focused primarily on concepts and theory. This book, however, goes well beyond these topics. It covers in tremendous detail the information every network and security administrator needs to know when configuring and managing market-leading firewall products from Cisco.”

–Jason Nolet, Vice President of Engineering, Security Technology Group, Cisco

 

David Hucaby, CCIE® No. 4594, is a lead network engineer for the University of Kentucky, where he works with health-care networks based on the Cisco Catalyst, ASA, FWSM, and VPN product lines. He was one of the beta reviewers of the ASA 8.0 operating system software.

 

• Learn about the various firewall models, user interfaces, feature sets, and configuration methods
• Understand how a Cisco firewall inspects traffic
• Configure firewall interfaces, routing, IP addressing services, and IP multicast support
• Maintain security contexts and flash and configuration files, manage users, and monitor firewalls with SNMP
• Authenticate, authorize, and maintain accounting records for firewall users
• Control access through the firewall by implementing transparent and routed firewall modes, address translation, and traffic shunning
• Define security policies that identify and act on various types of traffic with the Modular Policy Framework
• Increase firewall availability with firewall failover operation
• Understand how firewall load balancing works
• Generate firewall activity logs and learn how to analyze the contents of the log
• Verify firewall operation and connectivity and observe data passing through a firewall
• Configure Security Services Modules, such as the Content Security Control (CSC) module and the Advanced Inspection Processor (AIP) module

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Networking: Security

Covers: Cisco ASA 8.0, PIX 6.3, and FWSM 3.2 version firewalls

 

$60.00 USA / $69.00 CAN

Editorial Reviews

About the Author

David Hucaby, CCIE No. 4594, is a lead network engineer for the University of Kentucky, where he works with health-care networks based on the Cisco Catalyst, ASA, FWSM, and VPN product lines. He was one of the beta reviewers of the ASA 8.0 operating system software. He has a B.S. and M.S. in electrical engineering from the University of Kentucky. He is the author of three other books from Cisco Press: CCNP BCMSN Official Exam Certification Guide, Cisco Field Manual: Router Configuration, and Cisco Field Manual: Catalyst Switch Configuration.

 

He lives in Kentucky with his wife, Marci, and two daughters.

 

Excerpt. © Reprinted by permission. All rights reserved.

Cisco ASA, PIX, and FWSM Firewall Handbook

Introduction

This book focuses on the complete product line of Cisco firewall hardware: the PIX and ASA Security Appliance families and the Catalyst Firewall Services Module (FWSM). Of the many sources of information and documentation about Cisco firewalls, very few provide a quick and portable solution for networking professionals.

This book is designed to provide a quick and easy reference guide for all the features that can be configured on any Cisco firewall. In essence, an entire bookshelf of firewall documentation, along with other networking reference material, has been "squashed" into one handy volume.

This book covers only the features that can be used for stateful traffic inspection and overall network security. Although Cisco firewalls can also support VPN functions, those subjects are not covered here.

This book is based on the most current Cisco firewall software releases available at press time—ASA release 8.0(1) and FWSM release 3.2(1).

In the book, you will find ASA, PIX, and FWSM commands presented side-by-side for any specific task. The command syntax is shown with a label indicating the type of software that is running, according to the following convention:

• ASA—Refers to any platform that can run ASA release 7.0(1) or later. This can include the ASA 5500 family, as well as the PIX 500 family. For example, even though a PIX 535 can run a specific build of the ASA 8.0(1) code, the commands are still labeled "ASA" to follow the operating system being used.

• PIX—Refers to a PIX release 6.3.

• FWSM—Refers to FWSM release 3.1(1) or later.

If you are using an earlier version of software, you might find that the configuration commands differ slightly.

With the advent of the ASA platform, Cisco began using different terminology: firewalls became known as security appliances because of the rich security features within the software and because of the modular nature of the ASA chassis. This new terminology has been incorporated in this book where appropriate. However, the term firewall is still most applicable here because this book deals with both security appliances and firewalls embedded within Catalyst switch chassis. As you read this book, keep in mind that the terms firewall and security appliance are used interchangeably.

How This Book Is Organized

This book is meant to be used as a tool in your day-to-day tasks as a network or security administrator, engineer, consultant, or student. I have attempted to provide a thorough explanation of many of the more complex firewall features. When you better understand how a firewall works, you will find it much easier to configure and troubleshoot.

This book is divided into chapters that present quick facts, configuration steps, and explanations of configuration options for each Cisco firewall feature. The chapters and appendixes are as follows:

• Chapter 1, "Firewall Overview"—Describes how a Cisco firewall inspects traffic. It also offers concise information about the various firewall models and their performance.

• Chapter 2, "Configuration Fundamentals"—Discusses the Cisco firewall user interfaces, feature sets, and configuration methods.

• Chapter 3, "Building Connectivity"—Explains how to configure firewall interfaces, routing, IP addressing services, and IP multicast support.

• Chapter 4, "Firewall Management"—Explains how to configure and maintain security contexts, flash files, and configuration files; how to manage users; and how to monitor firewalls with SNMP.

• Chapter 5, "Managing Firewall Users"—Covers the methods you can use to authenticate, authorize, and maintain accounting records for a firewall's administrative and end users.

• Chapter 6, "Controlling Access Through the Firewall"—Describes the operation and configuration of the transparent and routed firewall modes, as well as address translation. Other topics include traffic shunning and threat detection.

• Chapter 7, "Inspecting Traffic"—Covers the Modular Policy Framework, which is used to define security policies that identify and act on various types of traffic. The chapter also discusses the application layer inspection engines that are used within security policies, as well as content filtering.

• Chapter 8, "Increasing Firewall Availability with Failover"—Explains firewall failover operation and configuration, offering high availability with a pair of firewalls operating in tandem.

• Chapter 9, "Firewall Load Balancing"—Discusses how firewall load balancing works and how it can be implemented in a production network to distribute traffic across many firewalls in a firewall farm.

• Chapter 10, "Firewall Logging"—Explains how to configure a firewall to generate an activity log, as well as how to analyze the log's contents.

• Chapter 11, "Verifying Firewall Operation"—Covers how to check a firewall's vital signs to determine its health, how to verify its connectivity, and how to observe data that is passing through it.

• Chapter 12, "ASA Modules"—Discusses the Security Services Modules (SSMs) that can be added into an ASA chassis, along with their basic configuration and use.

• Appendix A, "Well-Known Protocol and Port Numbers"—Presents lists of well-known IP protocol numbers, ICMP message types, and IP port numbers that are supported in firewall configuration commands.

• Appendix B, "Security Appliance Logging Messages"—Provides a quick reference to the many logging messages that can be generated from an ASA, PIX, or FWSM firewall.

How to Use This Book

The information in this book follows a quick-reference format. If you know what firewall feature or technology you want to use, you can turn right to the section that deals with it. The main sections are numbered with a quick-reference index that shows both the chapter and the section (for example, 3-3 is Chapter 3, section 3). You'll also find shaded index tabs on each page, listing the section number.

Feature Description

Each major section begins with a detailed explanation of or a bulleted list of quick facts about the feature. Refer to this information to quickly learn or review how the feature works.

Configuration Steps

Each feature that is covered in a section includes the required and optional commands used for common configuration. The difference is that the configuration steps are presented in an outline format. If you follow the outline, you can configure a complex feature or technology. If you find that you do not need a certain feature option, skip over that level in the outline.

In some sections, you will also find that each step in a configuration outline presents the commands from multiple firewall platforms side-by-side in a concise manner. You can stay in the same configuration section no matter what type or model of firewall you are dealing with.

Sample Configurations

Each section includes an example of how to implement the commands and their options. Examples occur within the configuration steps, as well as at the end of a main section. I have tried to present the examples with the commands listed in the order you would actually enter them to follow the outline.

Many times, it is more difficult to study and understand a configuration example from an actual firewall because the commands are displayed in a predefined order—not in the order you entered them. Where possible, the examples have also been trimmed to show only the commands presented in ...

Product Details

• Paperback: 912 pages
• Publisher: Cisco Press; 2 edition (August 19, 2007)
• Language: English
• ISBN-10: 1587054574
• ISBN-13: 978-1587054570
• Product Dimensions: 9.1 x 7.4 x 1.8 inches
• Shipping Weight: 3.3 pounds (View shipping rates and policies)
• Average Customer Review: 3.9 out of 5 stars  See all reviews (7 customer reviews)
• Amazon Best Sellers Rank: #340,358 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

9 of 9 people found the following review helpful:

4.0 out of 5 stars surveys Cisco's offerings, February 10, 2008

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Cisco ASA, PIX, and FWSM Firewall Handbook (2nd Edition) (Paperback)

For the sysadmin of a Cisco firewall product, this book is an up to date survey of what Cisco offers in this arena. The book has a quick going over of the theory behind most firewalls. But the bulk of the text looks at the various product lines and how you can install and, more importantly, easily manage them on an ongoing basis.

The screen captures are helpful. Showing that Cisco has put some thought into the usability of their boxes.

I won't say the book makes for enthralling reading. It is perhaps best suited as a reference manual. Where the only sections you need are for your firewall model.

7 of 8 people found the following review helpful:

4.0 out of 5 stars Excellent reference manual covering most day to day admin tasks for the PIX and ASA, April 24, 2008

By 

Michael L. Cooter "Netwerkdude" - See all my reviews
(REAL NAME)   

This review is from: Cisco ASA, PIX, and FWSM Firewall Handbook (2nd Edition) (Paperback)

Cisco ASA, PIX, and FWSM Firewall Handbook
Second Edition
Author : David Hucaby
Publisher: Cisco Press
Reviewed by: Michael Cooter

Pros: Thorough, comprehensive, and in-depth
Cons: Not for ASA/PIX Novices, more suited for Firewall admins with solid experience. More of a reference than a book you would read cover to cover.

Chapter List: Chapter 1, "Firewall Overview", Chapter 2 "Configuration Fundamentals" Chapter 3 "Building Connectivity", Chapter 4 "Firewall Management", Chapter 5 "Managing Firewall Users", Chapter 6 "Controlling Access Through the Firewall", Chapter 7 "Inspecting Traffic", Chapter 8 "Increasing Firewall Availability with Failover, Chapter 9 "Firewall Load Balancing", Chapter 10 "Firewall Logging", Chapter 11 "Verifying Firewall Operation", Chapter 12 "ASA Modules", Appendix A, "Well-Known Protocol and Port Numbers, Appendix B "Security Applicance Logging Messages"

Book Review:

Cisco ASA, PIX and FWSM Firewall Handbook is a comprehensive and up-to-date reference manual that belongs on the shelf of anybody who manages a Cisco Firewall device. At nearly 870 pages, this is not a small book that you would want read cover to cover, but instead an excellent reference that you would use to learn more about a specific topic of ASA and PIX administration.

I am familiar with the author, David Hucaby from reading his CCNP Switching book, written in 2000. Hucaby has a very clear and insightful writing style and has the ability to take complex topics and break them down to a more understandable level for novices.

Chapters of interest to me were on Firewall Load Balancing , Traffic Inspection, also the on Failover.


Summary:

I highly recommend this book for any administrator who is responsible for an ASA or PIX. This book is not an great introduction to the topic, but would be better suited as a companion to "Securing Your Business with Cisco ASA and PIX Firewalls" by Greg Alebar.

4 of 4 people found the following review helpful:

4.0 out of 5 stars Great book but doesn't cover VPN, April 9, 2009

By 

Edward Huang - See all my reviews
(REAL NAME)   

This review is from: Cisco ASA, PIX, and FWSM Firewall Handbook (2nd Edition) (Paperback)

Great ASA book, updated for version 8, covers PIX too and helped for exam study. Does not cover anything on VPN! (IPsec or Web) which is one of the major purposes for the ASA - users travelling, work at home, vendor access. Omar Santos' book covers VPN although it is for older version 7. Would have given 5 stars if not for the VPN omission. Edward Huang CCSP/CCDA