Firewall devices can be broken up into the following three
basic types:
-
Packet filter
-
Stateful packet filter
-
Proxy server
Most commercial firewalls incorporate two or more of these
techniques. The Cisco PIX Firewall incorporates features from all three to
become the heart of the Cisco security strategy.
Because particular models change, and features, such as CPU size,
change frequently, using the Cisco web page to confirm or compare features is
always best. For the same reason, it’s important not simply to assume the
features of a unit in the field. Basically, with the 500 series PIX devices, the
larger the product number, the more powerful, the larger the throughput, and the
higher the cost.
Basic PIX configuration commands are quite similar to those of the
IOS-based devices. The PIX has four modes: Unprivileged, Privileged,
Configuration, and Monitor. Moving among the first three is much like working
with their counterparts on routers.
The six basic configuration commands you saw include the following
(each also has a show command to confirm the configuration was
successful).
-
The nameif command
-
The interface command
-
The ip address command
-
The nat command
-
The global command
-
The route command
Questions
|
1. |
True or False. A firewall is always a single device.
-
True
-
False |
|
|
2. |
True or False. PIX Firewalls rely exclusively on packet
filtering to provide security.
-
True
-
False |
|
|
3. |
Which of the following is not one of
the basic firewall types?
-
Intrusion detection
-
Proxy filter
-
Packet filter
-
Stateful packet filter |
|
|
4. |
True or False. Packet filtering uses Layers 3 through 5 for
filtering decisions.
-
True
-
False |
|
|
5. |
What does the acronym ASA stand for? _______________ |
|
|
6. |
True or False. PIX Firewalls are built on reliable UNIX
technology.
-
True
-
False |
|
|
7. |
What is the default security level for the outside
interface?
-
100
-
50
-
25
-
0 |
|
|
8. |
What is the default security level for the inside
interface?
-
0
-
50
-
100
-
200 |
|
|
9. |
If DMZ1 has a security level of 50 and DMZ2 has a level of
70, which is true?
-
Data will flow from DMZ1 to DMZ2.
-
Data will flow from DMZ2 to DMZ1.
-
Data will flow freely in both directions.
-
Data never flows between DMZs. |
|
|
10. |
Which is the more powerful PIX Firewall?
-
PIX 501
-
PIX 525
-
PIX 535
-
PIX 610 |
|
|
11. |
True or False. Data flows in both directions when two
interfaces have the same security level.
-
True
-
False |
|
|
12. |
Which command assigns the security level?
-
ip address
-
nat
-
global
-
nameif
|
|
|
13. |
True or False. The interface command sets
both bandwidth and duplex.
-
True
-
False |
|
|
14. |
What is the default IP address for PIX interfaces?
-
There is none.
-
0.0.0.0
-
127.0.0.1
-
192.168.0.1 |
|
|
15. |
Which creates a pool of real IP addresses to be used by
NAT?
-
NAT
-
Interface
-
global
-
route |
|
Answers
|
1. |
B. False. A firewall can be an entire
system of devices and services. |
|
2. |
B. False. PIX devices use packet
filtering, but they also use stateful filtering to incorporate application layer
information. |
|
3. |
A. Intrusion detection. |
|
4. |
B. False. Packet filtering can use only
Layers 3 and 4. |
|
5. |
A. Adaptive Security
Algorithm |
|
6. |
B. False. PIX Firewalls use a proprietary
OS. |
|
7. |
D. 0 |
|
8. |
C. 100 |
|
9. |
B. Data will flow from DMZ2 to
DMZ1. |
|
10. |
C. PIX 535 |
|
11. |
B. False. Data won’t flow without
help. |
|
12. |
D. nameif |
|
13. |
A. True |
|
14. |
C. 127.0.0.1 |
|
15. |
C. global |
Sections
Comments (0 posted)
Syndication
