Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS580 Special Project: IOS Firewall Setup using CISCO 1600 router

Published byJane Edwards Modified over 6 years ago

Similar presentations

Presentation on theme: "CS580 Special Project: IOS Firewall Setup using CISCO 1600 router"— Presentation transcript:

1 CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
Prof. Edmund Gean By Geetha Akula and Robert Ritchey 12/28/2018 Summer 2005

2 Firewall A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All messages entering or leaving the Internal network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. 12/28/2018 Summer 2005

3 Out network 1900 catalyst Switch 130.182.159.11 e0 : 130.182.159.108
Cisco 1600 router S0 : S0 : COM port (Crossover cable) e0 : Console machine Syslog server 12/28/2018 Summer 2005

4 CISCO 1600 router Getting started:
Plug the serial cable into the serial (COM) port of the PC (which is a windows machine) and the other end to the console port of the CISCO router. Turn the router ON Start Hyperterminal , tell it which COM port to use. Set the speed of the connection to 9600 baud It gives the prompt as ‘Router>’ when it is not configured already. We will see how we configured it…… 12/28/2018 Summer 2005

5 Configuring the CISCO router
Enter into the privileged mode by using the ‘enable’ command to configure the router. Global configuration Enable secret : to password protect the privileged mode Hostname : setting the hostname ip name-server : to designate the DNS server 12/28/2018 Summer 2005

6 Configuring the CISCO router (contd)
Configuring the interfaces Interface Serial0 ip address < x.x.x.x> <subnetmask> no shutdown Interface ethernet0 ip address <x.x.x.x> <subnetmask> No shutdown 12/28/2018 Summer 2005

7 Configuring the CISCO router (contd)
Routing Static Routing We can tell the router operating system that any network traffic destined for a specific network layer address should be forwarded to a similarly specified network layer address. This can be done by the command ‘ip route’ Dynamic Routing Dynamic routing protocols running on connected routers enable those routers to share routing information. 12/28/2018 Summer 2005

8 Configuring the CISCO router (contd)
Network Address Translation - NAT is a technique used in computer networking, which relies on rewriting IP addresses of network packets passing through a router or firewall. Source NAT : source address translation where the IP address of the computer which initiated the connection is rewritten. We did NAT overloading which is also known as Port Address Translation PAT. Router does the inside-to-outside translations after routing The outside-to-inside translations before routing 12/28/2018 Summer 2005

9 Configuring the CISCO router (contd)
CBAC : Context Based Access Control intelligently filters TCP and UDP packets based on application-layer protocol session information. We can configure CBAC to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network you want to protect. CBAC examines the network layer, transport layer and also the application layer protocol information such as FTP connection information to learn about the state of the TCP and UDP session. CBAC inspects traffic that travels through the firewall to discover and manage state information for TCP and UDP sessions. This state information is used to create temporary openings in the firewall’s access lists to allow return traffic and additional data connections for permissible sessions (sessions that originated from within the protected internal network). 12/28/2018 Summer 2005

10 Configuring the CISCO router (contd)
CBAC… Configure CBAC at firewalls protecting internal networks. Use CBAC when the firewall will be passing traffic such as: Standard TCP and UDP internet applications Multimedia applications Use CBAC for these applications if you want the application’s traffic to be permitted through the firewall only when the traffic session is initiated from a particular side of the firewall (usually from the protected internal network) 12/28/2018 Summer 2005

11 Configuring the CISCO router (contd)
Configuring the CBAC Pick an interface Configure IP access lists at the Interface Define an inspection rule Apply the inspection rule to that interface 12/28/2018 Summer 2005

12 Syslog server setup Downloaded the syslog server from Kiwi’s website ( )and configured to get the log from the CISCO router. Set up of this syslog in the router : logging <ipaddress> Logging facility local6 Access-list 100 deny ip any any log This automatically logs output from the system to the syslog server. 12/28/2018 Summer 2005

13 Running configuration of S0
12/28/2018 Summer 2005

14 Running configuration of e0
12/28/2018 Summer 2005

15 Running configuration of access lists
12/28/2018 Summer 2005

16 Running configuration of CBAC lists
12/28/2018 Summer 2005

17 NAT translations 12/28/2018 Summer 2005

18 Screen shot of syslog server
12/28/2018 Summer 2005

19 Screen shot of nmap report for tcp scan
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES D:\gg\nmap-3.81>nmap -sT -v -P0 -O Starting nmap 3.81 ( ) at :00 Pacific Daylight Time Initiating Connect() Scan against [1663 ports] at 18:00 Connect() Scan Timing: About 4.51% done; ETC: 18:11 (0:10:36 remaining) The Connect() Scan took s to scan 1663 total ports. Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port Host appears to be up ... good. All 1663 scanned ports on are: filtered Too many fingerprints match this host to give specific OS details TCP/IP fingerprint: SInfo(V=3.81%P=i686-pc-windows-windows%D=8/22%Tm=430A7800%O=-1%C=-1) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) Nmap finished: 1 IP address (1 host up) scanned in seconds Raw packets sent: 18 (1080B) | Rcvd: 6 (336B) D:\gg\nmap-3.81> 12/28/2018 Summer 2005

20 The screen shot of the nmap output For tcp and udp scan
12/28/2018 Summer 2005

21 Nmap output For tcp scan
12/28/2018 Summer 2005

Download ppt "CS580 Special Project: IOS Firewall Setup using CISCO 1600 router"

Similar presentations

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.

 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.


FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Firewalls. What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization.

Firewalls. What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization.
Configuring Routing and Remote Access(RRAS) and Wireless Networking

Configuring Routing and Remote Access(RRAS) and Wireless Networking
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Similar presentations

Ads by Google