Firewall devices can be broken up into the following three basic types:
Packet filter
Stateful packet filter
Proxy server
Most commercial firewalls incorporate two or more of these techniques. The Cisco PIX Firewall incorporates features from all three to become the heart of the Cisco security strategy.
Because particular models change, and features, such as CPU size, change frequently, using the Cisco web page to confirm or compare features is always best. For the same reason, it’s important not simply to assume the features of a unit in the field. Basically, with the 500 series PIX devices, the larger the product number, the more powerful, the larger the throughput, and the higher the cost.
Basic PIX configuration commands are quite similar to those of the IOS-based devices. The PIX has four modes: Unprivileged, Privileged, Configuration, and Monitor. Moving among the first three is much like working with their counterparts on routers.
The six basic configuration commands you saw include the following (each also has a show command to confirm the configuration was successful).
The nameif command
The interface command
The ip address command
The nat command
The global command
The route command
1.? |
True or False. A firewall is always a single device.
|
|
2.? |
True or False. PIX Firewalls rely exclusively on packet filtering to provide security.
|
|
3.? |
Which of the following is not one of the basic firewall types?
|
|
4.? |
True or False. Packet filtering uses Layers 3 through 5 for filtering decisions.
|
|
5.? |
What does the acronym ASA stand for? _______________ |
|
6.? |
True or False. PIX Firewalls are built on reliable UNIX technology.
|
|
7.? |
What is the default security level for the outside interface?
|
|
8.? |
What is the default security level for the inside interface?
|
|
9.? |
If DMZ1 has a security level of 50 and DMZ2 has a level of 70, which is true?
|
|
10.? |
Which is the more powerful PIX Firewall?
|
|
11.? |
True or False. Data flows in both directions when two interfaces have the same security level.
|
|
12.? |
Which command assigns the security level?
|
|
13.? |
True or False. The interface command sets both bandwidth and duplex.
|
|
14.? |
What is the default IP address for PIX interfaces?
|
|
15.? |
Which creates a pool of real IP addresses to be used by NAT?
|
|
Answers
1.? |
B. False. A firewall can be an entire system of devices and services. |
2.? |
B. False. PIX devices use packet filtering, but they also use stateful filtering to incorporate application layer information. |
3.? |
A. Intrusion detection. |
4.? |
B. False. Packet filtering can use only Layers 3 and 4. |
5.? |
A. Adaptive Security Algorithm |
6.? |
B. False. PIX Firewalls use a proprietary OS. |
7.? |
D. 0 |
8.? |
C. 100 |
9.? |
B. Data will flow from DMZ2 to DMZ1. |
10.? |
C. PIX 535 |
11.? |
B. False. Data won’t flow without help. |
12.? |
D. nameif |
13.? |
A. True |
14.? |
C. 127.0.0.1 |
15.? |
C. global |