Transcript The WAN

Network Topology
Cisco 2921 Integrated Services Router
•Security Embedded hardware-accelerated VPN
encryption
•Secure collaborative communications with Group
Encrypted Transport VPN, Dynamic Multipoint
VPN, or Enhanced Easy VPN
•Integrated threat control using Cisco IOS Firewall
Cisco IOS Zone-Based Firewall, Cisco IOS IPS, and
Cisco IOS Content Filtering
•Identity management: Intelligently protecting
endpoints using authentication, authorization,
and accounting (AAA), and public key
infrastructure
Beyond Our Network
With Private IP Enhanced Traffic Management, our Private IP Layer 3 MPLS-based VPN puts all your traffic on a
reliable, private network with Quality of Service (QoS) routing. And with Private IP Layer 3, you can build a
hybrid solution between your public and private networks while enabling automated business processes, including ecommerce, VoIP, converged solutions, shared intranets, and extranets.
Advanced Technology
Whether you outsource service to us or manage it yourself, our Cisco-powered, private, MPLS network meets your
enterprise's rigorous demands, including:
Global availability - over 121 countries/territories
QoS routing
Enhanced Visibility & Network Management Solutions
Multicasting for improved bandwidth conservation
Seamless Frame Relay/ATM integration
Stringent SLAs
Remote access (via Secure Gateway)
Multiple access options including DSL, satellite, and Ethernet
Any-to-any connectivity
Streamlines network management, planning, and expansion.
Six IP Classes of Service (CoS)
Six Classes of Service (CoS) let you prioritize traffic (voice, video, data) while consolidating your traffic on a single
network. This offers you additional flexibility that lets you dictate how traffic is handled across the network, giving
priority to mission critical traffic.
Using the PIX 501 Firewall to provide
traffic filtering entering or leaving
the network.
Reducing the processing load on the
Cisco Router.
Providing another layer of security
defense for your network.
The following traffic will be allow on
the network and all other traffic will
be denied:
HTTP
SMTP
FTP
SQL
Hardening the Windows host
Windows Firewall
 Microsoft Windows operating systems and related applications
such as Internet Explorer contain thousands of security-related
software flaws that can be exploited by malicious programs.
 A fraction of those errors have been discovered, fewer have
been repaired by Microsoft (in the form of “patches”).
 Average loss to Fortune 500 companies is $2M per worm
Windows Firewall
 Windows Firewall is installed and enabled by default for all
dial-up, network, IEEE 1394 (FireWire), and wireless
connections on a computer
 Windows Firewall does not control outgoing connections
unless Advanced Security controls are used. Because of this,
Windows Firewall allows any program running on your
computer to connect to the network.
Windows Firewall
 General Configures general firewall settings, including
whether the firewall is turned on and whether all programs are
blocked when connected to public networks in less.
 Advanced Configures protected connections, security logging,
and allowed types of control messages.
 Configuring Security Logging When logging is enabled, the
security log is created as a standard text file and stored in the
%System-Root%\ folder as pfirewall.log.
• What is it and why is a
DMZ used?
• Benefits vs Drawbacks
• How is it implemented?
Accessing the DMZ Servers
Internal User Accessing Web Server in DMZ
•Internal client requests web page
•Packet is routed out firewall to ISP DNS
•Packet enters back through firewall to DMZ
External User Accessing Web Server in DMZ
•External user requests web page
•Firewall checks packet for source and destination
•Packet is sent to the Web Server in the DMZ
Intrusion Prevention System