Product Description

The complete guide to the most popular Cisco PIX®, ASA, FWSM, and IOS® firewall security features

• Learn about the various firewall models, user interfaces, feature sets, and configuration methods
• Understand how a Cisco firewall inspects traffic
• Configure firewall interfaces, routing, IP addressing services, and IP multicast support
• Maintain security contexts and Flash and configuration files, manage users, and monitor firewalls with SNMP
• Authenticate, authorize, and maintain accounting records for firewall users
• Control access through the firewall by implementing transparent and routed firewall modes, address translation, traffic filtering, user authentication, content filtering, application inspection, and traffic shunning
• Increase firewall availability with firewall failover operation
• Understand how firewall load balancing works
• Generate firewall activity logs and learn how to analyze the contents of the log
• Verify firewall operation and connectivity and observe data passing through a firewall
• Control access and manage activity on the Cisco IOS firewall
• Configure a Cisco firewall to act as an IDS sensor

Every organization has data, facilities, and workflow processes that are critical to their success. As more organizations make greater use of the Internet, defending against network attacks becomes crucial for businesses. Productivity gains and returns on company investments are at risk if the network is not properly defended. Firewalls have emerged as the essential foundation component in any network security architecture.

Cisco ASA and PIX Firewall Handbook is a guide for the most commonly implemented features of the popular Cisco Systems® firewall security solutions. This is the first book to cover the revolutionary Cisco ASA and PIX® version 7 security appliances. This book will help you quickly and easily configure, integrate, and manage the entire suite of Cisco® firewall products, including Cisco ASA, PIX version 7 and 6.3, the Cisco IOS router firewall, and the Catalyst Firewall Services Module (FWSM). Organized by families of features, this book helps you get up to speed quickly and efficiently on topics such as file management, building connectivity, controlling access, firewall management, increasing availability with failover, load balancing, logging, and verifying operation. Shaded thumbtabs mark each section for quick reference and each section provides information in a concise format, with background, configuration, and example components. Each section also has a quick reference table of commands that you can use to troubleshoot or display information about the features presented. Appendixes present lists of well-known IP protocol numbers, ICMP message types, and IP port numbers that are supported in firewall configuration commands and provide a quick reference to the many logging messages that can be generated from a Cisco PIX, ASA, FWSM, or IOS firewall.

Whether you are looking for an introduction to the firewall features of the new ASA security appliance, a guide to configuring firewalls with the new Cisco PIX version 7 operating system, or a complete reference for making the most out of your Cisco ASA, PIX, IOS, and FWSM firewall deployments, Cisco ASA and PIX Firewall Handbook helps you achieve maximum protection of your network resources.

“Many books on network security and firewalls settle for a discussion focused primarily on concepts and theory. This book, however, goes well beyond these topics. It covers in tremendous detail the information every network and security administrator needs to know when configuring and managing market-leading firewall products from Cisco.”

—Jason Nolet, Sr. Director of Engineering, Security Technology Group, Cisco Systems 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Product Details

• Amazon Sales Rank: #459818 in Books
• Published on: 2005-06-07
• Format: Illustrated
• Original language: English
• Number of items: 1
• Binding: Paperback
• 840 pages

About the Author

David Hucaby, CCIE® No. 4594, is a lead network engineer for the University of Kentucky, where he works with healthcare networks based on the Cisco Catalyst, IP Telephony, PIX, and VPN product lines. David was one of the beta reviewers of the PIX version 7 Firewall operating system software.

Customer Reviews

Very little on ASA
This book is very helpful for PIX firewalls, but is mislabeled for ASA. There is very little on the ASA product. Usually just a mention of command differences between ASA and PIX. If you are looking for a book on ASA do not buy this book.

Best-of-class book at configuring Cisco PIXs!
CiscoPress's "Cisco ASA and PIX Firewall Handbook" by David Hucaby is a great resource at configuring and supporting Cisco Firewalls (PIXs). I have read through many book on securing Cisco firewalls (see my reviews for earlier books), and I believe this book does the best job at demonstrating the abilities of Cisco's stateful firewall. I did not read the book page-for-page, as the book starts out with three detailed chapters to bring rookie admins up to speed, quickly (chapters 1-3).

I have been administering Cisco PIXs since around 2001 and have plenty of experience with configuring and administering Cisco's earlier PIX OSs (5.x & 6.x). This book does a superb job at bringing me up to speed on the latest commands for the 7.x while still providing the full body of commands for earlier OSs. When in the field and administering a PIX and, probably in a situation where the Internet is not up to check Cisco's website, this is the only book I need to bring along.

In particular:
* Chapter 6 provides the most up-to-date description of the different types of NAT employed (Static, Policy, Identity, Exception, & PAT) and configuration examples of each.
* Chapter 7 - Failover - this chapter was really the first chapter I referenced on a regular basis. When Cisco updated the OS to 7.0, the functionality of failover was greatly improved. This chapter does a great job at documenting the new options as well as including material on the older failover options. Couple with Chapter 8 on load balancing.
* Chapter 10 - Monitoring the Firewall - the book demonstrates the power and flexibility of the updated packet capture features.

I did find some minor typos/editorial mistakes but nothing too grave. One topic this book is sorely lacking is VPN coverage (the author readily acknowledges this). Overall, I believe this book is a superb resource for a firewall admin or a candidate for the CCSP or CCIE Security. I'm usually not too fond of CiscoPress's Firewall books, but this book is definitely a welcome addition.

I give this book 5 pings out of 5:
!!!!!

Best PIX book ever, must have if you are interested in 7.0.
This book is exactly what I was looking for. It gives a detailed breakdown of the original technologies as well as the ins and outs of the new features of 7.0. I like this book more than the others that I have read in the past. From the first page of the first chapter you are reading worthwhile material. Not the definition of a firewall, or the layers of the OSI model, or even the layout of Cisco's certification trail. This is good detailed information, in an easy to read format with excellent examples from start to finish. The comparisons of "how it's done on 6.3 and now on 7.0" are great as well.

Awesome book!