Friday, 26 December 2008

Choosing the best firewall..??

Firewall is the most critical part of any network and it plays an important role in the security of network. Before selecting any firewall you should have to check and get the appropriate answers of these critical questions, which will help a lot in selecting an appropriate firewall defending your network as a perimeter line of defense against the attacks.but the most important thing is that your business need and your organizations security policy which drives you to purchase the firewall and then finally is your part selecting best firewall in the world

1) Any type of application awareness does your firewall support?
2) Is your firewall really a state full and it can watch UDP Sessions as well?
3) Dose this firewall watch application level traffic? As it can see an FTP, TFTP, HTTP session and limit FTP commands can be used?
4) Dose that firewall have capability to stop or defend against web attacks like cross site scripting?
5) Dose your firewall provides Intrusion prevention?
6) Reporting options available in the firewall?
7) Can this firewall capable to detect and block P2P (peer to peer) applications?
8) Firewall product protect from VPN attacks?
9) Protection against TCP based traffic?
10) Protecting against rapid scanning events i.e. spoofing, scanning , brute force?
11) DOS and DDOS protection?
12) Any protection at application level for HTTP, SMTP, POP3, HTTPS applications?
13) Any type of protection for DNS, Microsoft Network System, instant messaging and VOIP?
14) any protection at web application level, in which your product run scripts in a safe environment to determine if the code is malicious before allowing the user to execute it?
15) Dose this product offer contact filtering based upon URL's?
16) VPN options supported by the device like site to site, remote access, SSL?
17) How fast the patches are updated in the case of identification of vulnerability?
18) Check the performance data from the data sheets, and any test reports?
19) I/O interfaces option (that depends upon your requirement?

CISCO Firewall (PIX and ASA)

A firewall is the guarantee of a secure network. In order to provide reliable security firewall security itself is a primary concern in this regard there are multiple solutions being offered by Cisco , However Firewall security becomes a transparent, scalable, and manageable aspect of the business infrastructure.
The new product introduces by cisco a couple of years back replacing PIX and is ASA. Adaptive Security Algorithm is used by the PIX/ASA security appliances for stateful application inspection and facilitates to secure use of applications and services. Some applications require special handling by the security appliance and specific application inspection engines are provided for this purpose.

Some of protocols supported by CISCO ASA application inspection is as under however it keeps on increasing day by day (I have tried my level best to identify every protocol):
FTP, SUN RPC, SQL*NET, SCCP, MGCP, Exchange, NetShow, VDOLive, GTP (3G Wireless), CTIQBE, PPTP, RSH, SIP, H.323,NAT/PAT of DNS, FTP, ICMP, ESP-IKE, ILS, SIP, X Display, SCCP (Skinny), RTSP, TAPI/JAPI.

Cisco Firewall watches application-level traffic. In the case of FTP it will inspects the FTP sessions and performs preparation of dynamic secondary data connection than Tracks FTP command-response sequence , produces audit trail and finally NAT embedded IP address

PIX/ASA is truly stateful firewall with rich application and protocol inspection including UDP. In order to monitor the state of UDP conversations, the PIX /ASA supports the stateful failover protocols: IPSec, IKE , All TCP, All UDP

Intrusion prevention module in the ASA is both signature and pattern based, this IPS module can also use the Meta Event Generator to determine if certain behaviors are undesired and make an inline permit/deny action and can be integrated with different reporting and management systems .

PIX/ASA 7.0 provides visibility and control of Instant Messaging, Peer-to-Peer, and other tunneling applications (As in order to protect against the successive attacks like continous scan cisco ASA have a great command # ip verify reverse path , beside this you can limit embryonic connections both TCP and UDP to avoid DOS attack

HTTP inspection provides some additional facilities

  • Validate that the content-type passed in the response message is one of those listed in the request message’s accept-type field.
  • Allow or disallow non-http traffic on port-80 (all or none).
  • Allow or disallow peer-to-peer networks: emule, limewire Kazaa
  • Allow or disallow Instant Messengers : Yahoo, MSN, AOL
  • Configure the minimum and maximum size of an http message body.
  • Configure maximum URL length
  • Configure permissible transfer encoding methods
  • Verify that the content-type specified in the header is the same as that being passed in the body of the http message.

DNS attacks are more command now a days so DNS query inspection in cisco PIX /ASA which tears down the DNS session associated with a DNS query as soon as the DNS reply is forwarded by the security appliance. DNS guard also monitors the message exchange to verify that the ID of the DNS reply matches the ID of the DNS query

Cisco Firewall supports main features that provides protection

1. Firewall (application awareness , Statefull inspection)
2. Unified communication Security
4. Intrusion prevention
5. Content Security

Summarized Data Sheet of Cisco ASA appliance is as under:--

Reference: -

No comments:

Post a Comment