Cisco_Pix_Exam_preparation.pdf
(
174 KB
)
Pobierz
Understanding PIX Firewall
Study guide by
ExamNotes.net
Cisco PIX Firewall Fundamentals
Test Information
Exam
PIX Firewall Fundamentals
Certification
If all prerequisites are met: Security Specialist
Abstract
“This Study Guide will begin to guide you in preparing for the Cisco PIX Firewall
Fundamentals exam. This exam is part of a series of exams you will need to take to achieve
the “
Security Specialist
” designation from Cisco.
What to Know
What you need to know to be successful in obtaining the Security Designation:
Go over the necessary steps to obtaining the certification and what your steps will be
through the entire process. This will make your studying easier
You need a basic understanding of TCP/IP and a Valid CCNA
Then to obtain the “Security Specialist” Designation take the following exams:
640-442 MCNS
Managing Cisco Network Security (MCNS)
9E0-571 CSPFA
Cisco Secure PIX Firewall Advanced (CSPFA)
(See also prerequisite course
Cisco Secure PIX Firewall Fundamentals CSPFF
)
9E0-558 CSIDS
Cisco Secure Intrusion Detection System (CSIDS)
9E0-570 CSVPN
Cisco Secure VPN (CSVPN)
Note: Please take note where the PIX Fundamentals Sits in the line-up
Visit
Examnotes.net
for all your certification needs.
Visit
Cert21.com
for the best online practice exams.
Visit
CertPortal.com
– most powerful IT certifications search engine.
Study Tips
DO not take this test lightly. The test covers a lot of information mainly on HOW TO
configure something. Use this study guide to get the main idea of the topic and then
use the online resources to go through all the configs to familiarize your self with
HOW TO set these configs up
You need to be a CCNA prior to starting this track. The track is for the Security
Specialist designation. The designation is passing 4 out of 5 different exams. This
guide is half of the PIX firewall track. You can take the first exam but the second
exam for the Advanced track counts for credit. All the information from the
Fundamentals track is a prerequisite for the advanced track. Use them both to pass
the last exam.
You no longer have to be a CCNP for this (The CCNP+Security track will be
discontinued this year) You MUST have your CCNA.
Make sure you use the links provided to aid your studies. Like most of Cisco’s tests, a
lot of your information to study from is free and available on their web site. Use this
as a supplement to aid your studies.
Do not solely rely on this or any study guide alone.
Links and Resources
Everything you need to know about this topic can be found online.
This is one of the few exams and courses that have most of the information at your
disposal online
Make sure you use all the online resources you can for this exam
o
About This Guide
o
Introduction
o
Configuring the PIX Firewall
o
Advanced Configurations
o
Configuration Examples
o
Command Reference
o
PIX 515 Configuration
o
Configuration Forms
o
Acronyms and Abbreviations
o
Configuring for MS-Exchange Use
o
Subnet Masking and Addressing
o
Index
Go through the above information and it should be all you need. Hands on
experience will make the above information stick harder and you will understand it
better
Visit
Examnotes.net
for all your certification needs.
Visit
Cert21.com
for the best online practice exams.
Visit
CertPortal.com
–
most powerful IT certifications search engine.
PIX Fundamentals
PIX Firewall
The PIX Firewall, when properly configured, helps prevent unauthorized
connections between two or more networks
The PIX Firewall can protect one or more networks from an outer,
unprotected network
The PIX Firewall optionally supports multiple outside or perimeter networks
also known as demilitarized zones or DMZs
Connections between the networks can all be controlled by the PIX Firewall
To effectively use a firewall in your organization, you need a security policy to
ensure that all traffic from the protected networks passes only through the
firewall to the unprotected network - You can then control who may access
the networks with which services, and how to implement your security policy
using the features PIX Firewall provides
Within this architecture, the PIX Firewall forms the boundary between the
protected networks and the unprotected networks
All traffic between the protected and unprotected networks must flow through
the firewall to maintain security
The unprotected network is typically accessible to the Internet
PIX Firewall lets you locate servers such as those for web access, SNMP,
electronic mail (SMTP) in the protected network and control who on the
outside can access these servers
The PIX Firewall also lets you implement your security policies for connection
to and from the inside network
Typically, the inside network is an organization's own internal network, or
intranet, and the outside network is the Internet, but the PIX Firewall can also
be used within an intranet to isolate or protect one group of internal
computing systems and users from another
Visit
Examnotes.net
for all your certification needs.
Visit
Cert21.com
for the best online practice exams.
Visit
CertPortal.com
– most powerful IT certifications search engine.
Basic Firewall setup
INTERNET
1
2
3
In this diagram we can see the 3 major portions of a DMZ setup:
1. The Outside Filtering router with the Firewall feature set on it. This is generally
used to connect your company to the Internet and has major filtering going on at
this portion.
2. As you come into the DMZ, we see the first segment and that’s where you DNS,
FTP and web servers sit. This is an Isolated segment. After this segment, we now
go through a set of PIX firewalls setup in a Failover situation with a Failover cable
in between them.
3. This is your internal network and anything can be here. You could put another
Firewall or nothing at all. This is where you protected network lies and all your
clients should be located here.
Note: This is very flexible and every setup will be different based on what you
need to implement. This is just a common setup.
Visit
Examnotes.net
for all your certification needs.
Visit
Cert21.com
for the best online practice exams.
Visit
CertPortal.com
– most powerful IT certifications search engine.
How Data Moves Through the Firewall
When an outbound packet arrives at a PIX Firewall higher security level
interface (security levels are set with the
nameif
command), the PIX Firewall
checks to see if the packet is valid based on the ASA or Adaptive Security
Algorithm, and then whether or not previous packets have come from that
host
If not, then the packet is for a new connection, and PIX Firewall creates a
translation slot in its state table for the connection
The information that PIX Firewall stores in the translation slot includes the
inside IP address and a globally unique IP address assigned by Network
Address Translation (NAT), Port Address Translation (PAT), or Identity (which
uses the inside address as the outside address)
The PIX Firewall then changes the packet's source IP address to the globally
unique address, modifies the checksum and other fields as required, and
forwards the packet to the lower security level interface
When an inbound packet arrives at an unprotected interface, it must first pass
the PIX Firewall Adaptive Security criteria
If the packet passes the security tests, the PIX Firewall removes the
destination IP address, and the internal IP address is inserted in its place. The
packet is forwarded to the protected interface
The PIX Firewall permits all outbound connections from the protected
networks to the unprotected networks, and rejects any connections inbound
from the unprotected network
PIX Firewall Connections
Maximum number of connections you can have on your PIX Firewall
Installed RAM
Maximum Number of Connections
16 MB
32,768 connections
32 MB
65,536 connections
128 MB
Approx 260,000 connections with the optional memory upgrade
Access Lists
•
Can control which inside systems can establish connections to the outside
network
The default security policy can be modified to be consistent with the site
security policy by limiting outgoing connections based on inside source
address, outside destination address, or protocol
Configure access lists carefully if your security policy limits outgoing
connections
Visit
Examnotes.net
for all your certification needs.
Visit
Cert21.com
for the best online practice exams.
Visit
CertPortal.com
– most powerful IT certifications search engine.
Plik z chomika:
bohem
Inne pliki z tego folderu:
html_biblia.rar
(27981 KB)
access_2000_ksiega_eksperta.rar
(16770 KB)
borlandc++przyklady.rar
(13386 KB)
3d_studio_max.rar
(2542 KB)
abc_systemu_windows_xp.rar
(4587 KB)
Inne foldery tego chomika:
- Euro 2012
Pliki dostępne do 01.06.2025
Pliki dostępne do 08.07.2024
Pliki dostępne do 19.01.2025
Pliki dostępne do 21.01.2024
Zgłoś jeśli
naruszono regulamin