Академический Документы
Профессиональный Документы
Культура Документы
FW Services Module
Attack Prevention DNS Guard
FWSM DNS Server Pool
DNS Reply
DNS Reply
DNS Request
DNS Request
DNS Reply
Identifies an outbound DNS resolve request, and only allows a single DNS response. A host may query several servers for a response (in the case that the first server is slow in responding), but only the first answer to the specific question will be allowed. All the additional answers from other servers will be dropped - NO CONFIGURATION NECESSARY
FW Services Module
Attack Prevention Flood Defender
Reduced SYN Request rate TCP SYN Flood Server Pool S Y N F L O O D
Protects inside systems from TCP SYN flood attacks. Enable by setting the maximum connections option to the NAT and static commands. Allows servers within the inside network to be protected from one style of denial of service attack
FW Services Module
Flood Defender Configuration
Reduced SYN Request rate TCP SYN Flood S Y N F L O O D
FW Services Module
Attack Prevention TCP Intercept
Limit reached Server Pool
When the optional embryonic connection limit is reached, and until the embryonic connection count falls below this threshold, every SYN bound for the affected server is intercepted.
FW Services Module
TCP Intercept Configuration
Limit reached Server Pool
nat [(if_name)] nat_id local_ip [netmask [max_conns [em_limit]]] [norandomseq] TCP Intercept kicks in when embryonic session limit reached An embryonic connection is a connection that someone attempted but has not completed and has not yet seen data Every connection is embryonic until it sets up Embryonic limit specified as part of NAT configuration
FW Services Module
Attack Prevention Unicast RPF
Also known as "reverse route lookups" prevents IP spoofing in the IP protocol. Provides ingress and egress filtering. Checks inbound packets for IP source address integrity, and verifies that packets destined for hosts outside the managed domain have IP source addresses verifiable by routes in the enforcing entities local routing table.
FW Services Module
Attack Prevention Unicast RPF
FW Services Module
Attack Prevention FRAG Guard
1. Receive fragmented packets
Frag4 Frag3 Frag2 Frag1
2. Reassemble packet
Frag4
Frag3
Frag2
Frag1
IP fragment protection that performs full-reassembly of all ICMP error messages and virtual-reassembly of the remaining IP fragments that are routed through the FWSM
FW Services Module
Attack Prevention Mail Guard
SMTP Attacker SMTP Servers
Allows mail servers to be deployed within the internal network without them being exposed to known security problems with some SMTP server implementations.
FW Services Module
Mail Guard Configuration
SMTP Attacker
FW Services Module
Address Translation NAT
Data
Data
Outside World
Source=A
Dest=X
Data
Source=B
Dest=X
Data
Provides a way to translate an inside secure address to a public domain address hiding the source address from outside users and allowing the inside network to utilise private addresses
FW Services Module
Address Translation PAT
Note Source address is the same port number uniquely identifies flow
Data
Data
Data
Data
Port re-mapping allows a single valid IP address to be translated to 64,000 active XLATE objects. PAT minimizes the number of globally valid IP addresses required to support private or invalid internal addressing schemes.
FW Services Module
NAT/PAT Configuration
Source=A Dest=X Data Source=B Dest=X Data
FW Services Module
Protocol Support NETBIOS over IP
Problem: NETBIOS incorporates the IP address in its datagram,..so when NAT is applied to a NETBIOS packet that has to be routed, NAT will translate the IP Header but not the IP Address in the datagram,..BZZZZ!!! This causes issue for destination host
No Configuration Necessary
IP HDR
IP HDR
NETBIOS IP
NETBIOS over IP support in the FWSM recognises NETBIOS packet and translates both IP Header and IP Address in datagram
FW Services Module
Syslog
Provides means to view network events and assist with troubleshooting Syslog Message Types 0 1 Emergencies Alerts System Unusable Messages Take immediate action
2
3 4 5
Critical
Errors Warnings Notifications
Critical condition
Error messages Warning message Normal but significant condition
6
7
Informational
Debugging
Informational message
Debug and log messages
FW Services Module
Syslog sending messages to a server
SYSLOG messages can be sent to a syslog server
%FWSM-5-304001: user 192.168.69.71 Accessed URL 10.133.219.25 : www.example.com Identify the syslog host
FWSM(config)# logging host dmz_1 192.168.1.1 FWSM(config)# logging trap debugging FWSM(config)# logging on