How to secure your small business with a PIX firewallLearn MPS Technology on mps-technology.net. How to secure your small business with a PIX firewall article will help answer your questions on MPS Technology.We at mps-technology.net specialize in MPS Technology. MPS Technology at mps-technology.net provides the most up to date news and articles. If you have questions please do not hesitate to contact us.
While the PIX can easily handle a dynamic IP address (that is the default configuration), you won't be able to easily configure remote access, VPNs, Mail, or web servers without a static IP address. Your PIX should have come with an AC adapter, a yellow CAT 5 cable, an orange CAT5 cable and a flat, (typically) baby blue cable with a 9-pin serial connector on one end and an RJ-45 plug on the other. The syntax is as follows: Ip address An example might be as follows: Ip address outside pixfirewall(config)# ip address outside 12.25.241.2 255.255.255.252 (this IP address, netmask combination should not be used, it is shown here for example only. Use the IP address/mask given to you by your ISP). Then the inside IP address ip address inside pixfirewall(config)# Ip address inside 192.168.0.1 255.255.255.0 A brief word about IP addressing is in order here. Your ISP should have given you the IP address of your default gateway when you received your setup information. Here is the syntax: Route The English translation is 'if packets destined for interface Article: One of the more popular firewall products for the small number market is the Cisco PIX 501. Out of the box it requires just a few configuration entries and you are up and running. In this guide, we will walk through the steps for configuring your coke new pix at the network edge. This guide is written for the user who has no knowledge of the PIX firewall. As such, it is not a treatise on network security, but a quick, by-the numbers guide to configuring a PIX firewall with as little jargon as possible. We are presumptuous that you have an internet connection with at least one static IP address. While the PIX can easily handle a dynamic IP pitch (that is the default configuration), you won’t be able to easily configure remote access, VPNs, Mail, or web servers without a static IP address. Your PIX should have come with an AC adapter, a yellow CAT 5 cable, an orange CAT5 ligature and a flat, (typically) baby blue sign off with a 9-pin serial connector on one end and an RJ-45 plug on the other. The yellow CAT5 telegraph line is a standard Ethernet flash and is used to connect your pc or server to the 4-port Ethernet switch mined into the PIX. The Orange CAT5 telegraph is a cross-over telex and may be required to connect the outside interface of the PIX to your ISP’s router (if your PC’s or workstations are plugged into a Cisco switch inside the network, you will also require a cross-over flash for connecting to one of the switch ports on the PIX). What we are going to use for our configuration is the baby blue rollover cable. Insert the serial jack into one of the serial ports on the back of the PC or laptop you will be using to configure the PIX. Then, insert the RJ-45 plug into the port on the back of the PIX labeled “console.” Windows has a bonny in tenaciousness that is used for (among other things) configuring serial devices. Using the start menu, go to Start > Programs > appurtenances > communications industry > Hyper Terminal. Choose the Hyper Terminal application. You may get a dialog box challenge if you’d like to make Hyper Terminal your default telnet application. Unless you have a preference, go ahead of time and adopt yes. Then you will be asked for the area code from which you are dialing, in any event it isn’t applying here, the program still wants to know, so fill it in and thump ‘next’ or ‘ok.’ You can call the connection somewhat you’d like; in this example we’ll use PIX. succeed ‘ok’ to move on. Next, we’ll be asked to enter the details for the phone number we’d like to dial. Since we aren't dialing a phone number, use the drop-down selector at the salt marsh of the box to will COM1 or COM2 (whichever is applicable). If you have no idea which one is which, you may need to try it both ways. Now, you will be expected to tell the relentlessness some specifics only a step the port settings so that it can effectively with the PIX. Luckily, it isn’t too complex, just remember 9600, 8, none, and 1. Enter these settings into the drop down selectors of the box on your screen. Now we are ready to set up the PIX. Insert the power chain and you will be greeted with the startup monologue (it’s not a dialog in this case, it’s just informing you of what is occurring). Then, you will be greeted with a screen that asks if you’d like to program the PIX using interactive prompts. For the purpose of this exercise, type no and make a hit ‘enter’. You will now get a prompt that looks like this: pixfirewall> Type the word ‘enable’ (no quotes), when prompted for the password, just patter ‘enter’ as the default is no password. The prompt has improved to a hash mark: Pixfirewall# Type the phrase ‘configure terminal’ (no quotes); you are telling the PIX that you want to enter the global configuration mode and you will be doing your configuration via the terminal window. Your prompt will now look like this: pixfirewall(config)# The first thing we want to do is give your pix a host name. The PIX chair syntax is: Variable name Thus, to set the hostname we will enter: pixfirewall(config)# hostname mypix Now, the domain name; it’s certainly if you don’t have a domain set up on your network, you can call it whatever you like. However, give some thought to whether a domain might be a possibility at some point and plan your naming scheme appropriately. pixfirewall(config)# domain-name mydomain.com As you can see from the configuration above, the ethernet0 interface is the outside interface, with a security setting of 0, while ethernet1 is the inside interface with a security setting of 100. Additionally, you can see that the interfaces are shutdown. All we need do to mount up to them up is enter the speed at which they should operate. As they are Ethernet interfaces, any software version out for 6.3(3) will take 100full, prior to that, use 10full. pixfirewall(config)# interface ethernet0 100full pixfirewall(config)# lnterface ethernet1 100full Now to tab an squire to the inside and outside interfaces; the ip demeanour mandate sets the ip phrase of an interface. The syntax is as follows: Ip level An example might be as follows: Ip practice outside pixfirewall(config)# ip remit outside 12.25.241.2 255.255.255.252 (this IP address, netmask parasitism should not be used, it is shown here for example only. Use the IP address/mask given to you by your ISP). Then the inside IP address ip remit inside pixfirewall(config)# Ip salutation inside 192.168.0.1 255.255.255.0 A shorten word circa IP addressing is in order here. One way that is used to conserve public IP wooing is through the use of non-routable IP addressing plaything specified in RFC 1597. You may sometimes hear them referred to as “private” IP addresses, which is fine, but not quite technically accurate. There are three different to please from: 10.0.0.0 – 10.255.255.255 with a netmask of 255.0.0.0 172.16.0.0 – 172.31.255.255 with a netmask of 255.255.0.0 192.168.0.0 – 192.168.255.255 with a netmask of 255.255.255.0 as long as your internal network's IP serenade are all within one of those toy of give a talk space, you will not need to introduce the complexity of routing within your LAN. An example scheme for those who are not familiar is shown below: PIX – 192.168.0.1 netmask 255.255.255.0 File/DHCP server – 192.168.0.2 netmask 255.255.255.0 Workstations – 192.168.0.10 – 192.168.0.254 netmask (each) 255.255.255.0 * I intentionally skipped over the 192.168.0.3-9 canvass to plan for future expansion and the possible need for supplementary servers, you don't have to do this. * Configure your DHCP server to hand out serenade in the specified loaf using your ISP-provided DNS servers for name resolution. Make sure to modulate this should you ever decide to install a name server within your own network. * If you don't want to set up a DHCP server, just configure each PC with the IP address, default gateway, netmask & DNS servers It is very important now to add a default route to the PIX configuration. second term for default route is the “default gateway.” You need to tell the PIX that if it receives traffic destined for a network that isn’t directly connected, it should send it to the connected ISP router. Your ISP should have given you the IP remark of your default gateway when you received your setup information. Here is the syntax: Route The transliterate translation is “if packets destined for interface For example pixfirewall(config)# Route outside 0 0 <12.25.241.1> 1 (if packets are destined outside the network to any ip converse with any netmask, send them through the ISPs default gateway, which is one hop away, meaning it is the device to which the PIX is connected on the outside interface). To password protect your PIX in order to prevent unauthorized access, use something that is secure and hard to guess. Try to stay away from the names of spouses, children, pets, birthdays or other easily guessed variable. Whenever possible, use a marriage of letters and numbers. The syntax is as follows (but please don’t use cisco as your corroborated password) pixfirewall(config)# Passwd cisco (note the snub spelling of the word password) this will set a password for chemical seizure (rembember the pixfirewall> prompt?) pixfirewall(config)# Enable password cisco this will set the password for managing access Now that your PIX has been given a stark configuration, you should be able to intersection the internet, while preventing unauthorized advent to your resources.
|
Advice Home Business Technology Online Advertising Motivational Internet Marketing SEO Help Online Games Science Articles Happiness More Articles:1. Dish Network Digital Video Recorder Summary:Dish Network is the number-one digital satellite TV service provider in the nation, bringing customers the best in digital satellite television, including the widest range of channels - more than 250 -- the most advanced equipment for home theater, and great special offers for new and existing subscribers. Thanks to Dishnetwork's progressive, entrepreneurial spirit, there's always something new in the works for TV fans. Now, television lovers have another reason to choose Dish Network Sa… 2. DVD Backup Software Advantages Summary: If you have experienced this problem, then you're probably ready to learn how to back up your DVDs onto an environment guaranteed to run it! Fortunately, you can use DVD backup software to burn your favorite movies onto another workable CD (DVD disk). 'Burning' is the process of copying data from a DVD (or audio CD) onto your hard drive, and then making another copy from your computer onto a readable and writeable DVD (DVD-R). Article:Depending upon the player that you own, you may expe… 3. The News Show Vlog Turns Viewers into Producers Summary:Video blogging is becoming a standard tool for both news creation and viewer interaction, even vlog viewers are coming up with their own ideas for online news videos. The News Show is awarding 10 of the best viewer contributed story ideas for The News Show with webcams and the opportunity to submit their videos to the online news program. Article:Video blogging is buxom a standard tool for both news creation and viewer interaction, even vlog viewers are coming toward up with their own… 4. The Godcasting Phenomenon Summary: Podcasting has only become very popular in 2005, and with one year of podcasting growth behind us, we can already see the exponential boom in this new 'industry', as people are really beginning to catch on to the pros of broadcasting their messages via this medium. One church in Concord, North Carolina podcasts their sermons every week. Article:The Godcasting Phenomena By Demetria Zinga Godcasting is an incredible phenomena that of course springs from its parent, podcasting. Many churc… |
||||
