Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS580 Special Project: IOS Firewall Setup using CISCO 1600 router

Similar presentations


Presentation on theme: "CS580 Special Project: IOS Firewall Setup using CISCO 1600 router"— Presentation transcript:

1 CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
Prof. Edmund Gean By Geetha Akula and Robert Ritchey 12/28/2018 Summer 2005

2 Firewall A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All messages entering or leaving the Internal network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. 12/28/2018 Summer 2005

3 Out network 1900 catalyst Switch 130.182.159.11 e0 : 130.182.159.108
Cisco 1600 router S0 : S0 : COM port (Crossover cable) e0 : Console machine Syslog server 12/28/2018 Summer 2005

4 CISCO 1600 router Getting started:
Plug the serial cable into the serial (COM) port of the PC (which is a windows machine) and the other end to the console port of the CISCO router. Turn the router ON Start Hyperterminal , tell it which COM port to use. Set the speed of the connection to 9600 baud It gives the prompt as ‘Router>’ when it is not configured already. We will see how we configured it…… 12/28/2018 Summer 2005

5 Configuring the CISCO router
Enter into the privileged mode by using the ‘enable’ command to configure the router. Global configuration Enable secret : to password protect the privileged mode Hostname : setting the hostname ip name-server : to designate the DNS server 12/28/2018 Summer 2005

6 Configuring the CISCO router (contd)
Configuring the interfaces Interface Serial0 ip address < x.x.x.x> <subnetmask> no shutdown Interface ethernet0 ip address <x.x.x.x> <subnetmask> No shutdown 12/28/2018 Summer 2005

7 Configuring the CISCO router (contd)
Routing Static Routing We can tell the router operating system that any network traffic destined for a specific network layer address should be forwarded to a similarly specified network layer address. This can be done by the command ‘ip route’ Dynamic Routing Dynamic routing protocols running on connected routers enable those routers to share routing information. 12/28/2018 Summer 2005

8 Configuring the CISCO router (contd)
Network Address Translation - NAT is a technique used in computer networking, which relies on rewriting IP addresses of network packets passing through a router or firewall. Source NAT : source address translation where the IP address of the computer which initiated the connection is rewritten. We did NAT overloading which is also known as Port Address Translation PAT. Router does the inside-to-outside translations after routing The outside-to-inside translations before routing 12/28/2018 Summer 2005

9 Configuring the CISCO router (contd)
CBAC : Context Based Access Control intelligently filters TCP and UDP packets based on application-layer protocol session information. We can configure CBAC to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network you want to protect. CBAC examines the network layer, transport layer and also the application layer protocol information such as FTP connection information to learn about the state of the TCP and UDP session. CBAC inspects traffic that travels through the firewall to discover and manage state information for TCP and UDP sessions. This state information is used to create temporary openings in the firewall’s access lists to allow return traffic and additional data connections for permissible sessions (sessions that originated from within the protected internal network). 12/28/2018 Summer 2005

10 Configuring the CISCO router (contd)
CBAC… Configure CBAC at firewalls protecting internal networks. Use CBAC when the firewall will be passing traffic such as: Standard TCP and UDP internet applications Multimedia applications Use CBAC for these applications if you want the application’s traffic to be permitted through the firewall only when the traffic session is initiated from a particular side of the firewall (usually from the protected internal network) 12/28/2018 Summer 2005

11 Configuring the CISCO router (contd)
Configuring the CBAC Pick an interface Configure IP access lists at the Interface Define an inspection rule Apply the inspection rule to that interface 12/28/2018 Summer 2005

12 Syslog server setup Downloaded the syslog server from Kiwi’s website ( )and configured to get the log from the CISCO router. Set up of this syslog in the router : logging <ipaddress> Logging facility local6 Access-list 100 deny ip any any log This automatically logs output from the system to the syslog server. 12/28/2018 Summer 2005

13 Running configuration of S0
12/28/2018 Summer 2005

14 Running configuration of e0
12/28/2018 Summer 2005

15 Running configuration of access lists
12/28/2018 Summer 2005

16 Running configuration of CBAC lists
12/28/2018 Summer 2005

17 NAT translations 12/28/2018 Summer 2005

18 Screen shot of syslog server
12/28/2018 Summer 2005

19 Screen shot of nmap report for tcp scan
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES D:\gg\nmap-3.81>nmap -sT -v -P0 -O Starting nmap 3.81 ( ) at :00 Pacific Daylight Time Initiating Connect() Scan against [1663 ports] at 18:00 Connect() Scan Timing: About 4.51% done; ETC: 18:11 (0:10:36 remaining) The Connect() Scan took s to scan 1663 total ports. Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port Host appears to be up ... good. All 1663 scanned ports on are: filtered Too many fingerprints match this host to give specific OS details TCP/IP fingerprint: SInfo(V=3.81%P=i686-pc-windows-windows%D=8/22%Tm=430A7800%O=-1%C=-1) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Nmap finished: 1 IP address (1 host up) scanned in seconds Raw packets sent: 18 (1080B) | Rcvd: 6 (336B) D:\gg\nmap-3.81> 12/28/2018 Summer 2005

20 The screen shot of the nmap output For tcp and udp scan
12/28/2018 Summer 2005

21 Nmap output For tcp scan
12/28/2018 Summer 2005


Download ppt "CS580 Special Project: IOS Firewall Setup using CISCO 1600 router"

Similar presentations


Ads by Google