Translate

Thursday, 28 January 2016

What is Firewall?

WHAT IS FIREWALL ?
If you have more than one computer connected in the home, or if you have a small-office network, it is important to protect every computer. You should have a hardware firewall (such as a router) to protect your network, but you should also use a software firewall on each computer to help prevent the spread of a virus in your network if one of the computers becomes infected.

But when we deal with Networking, the Definition of Firewall changes as below

  • Firewall is a product which creates segments in the network based on Security requirements.
  • In Simple words it divides the network into different Spaces.
  • Segments can either be L2 or L3 depending upon the requirement.
Firewall divides the network into multiple Security Segment and then creates policies to allow Traffic from one Segment to another.
  • Switch creates Segments on L2 Network, While Router on L3 and Firewall creates Segmentation on L2 & L3 both.
  • It creates 2 Segments (Private Network & Public Network)
  • Private Network is the inside Network which is trusted Network, protected from outside World.
  • Public Network is the outside Network which is treated as Untrusted Network.

   
Inside Network (Trusted Network)------>>>>Firewall----->>>Outside Network (UnTrusted Network)
                     

Sunday, 24 January 2016

ASA Firewall and its Types

ASA Firewalls are divided into following types depending on its functionality


  • ASA 5505 (simplest and earliest version)
  • ASA 5510
  • ASA 5520
  • ASA 5550
ASA 5505
  • ASA 5505 has limitation in terms of users. IT can have 10, 50 or unlimited users.
  • It has maximum throughput of 150Mbps.
  • It has 3DES/AES/VPN throughput upto 100Mbps.
  • It can have around 10-20 VPN Peers.
  • It can have around 10k-25k concurrent connections, with 4k new connections.
  • It supports 8-port Fast Ethernet Switch (including 2POE ports)
  • It supports 3 VLAN Interfaces.
ASA 5510

  • ASA 5510 has unlimited users support.
  • It has maximum throughput of around 300Mbps.
  • It has 3DES/AES/VPN throughput upto 170Mbps.
  • It can have around 250 VPN Peers.
  • It can have around 50k-130k concurrent connections, with 9k new connections.
  • It supports 5-port  Switch (including 2-Gigabit Ethernet port and 3-Fast Ethernet Ports)
  • It supports 50 VLAN Interfaces.
ASA 5520
  • ASA 5520 has unlimited users support.
  • t has maximum throughput of around 450Mbps.
  • It has 3DES/AES/VPN throughput upto 225Mbps.
  • It can have around 750 VPN Peers.
  • It can have around 280k concurrent connections, with 12k new connections.
  • It supports 5-port  Switch (including 4-Gigabit Ethernet port and 1-Fast Ethernet Ports).
  • It supports 150 VLAN Interfaces.

ASA 5540
  • ASA 5540 has unlimited users support.
  • It has maximum throughput of around 650 Mbps.
  • It has 3DES/AES/VPN throughput upto 325 Mbps.
  • It can have around 5K VPN Peers.
  • It can have around 400k concurrent connections, with 25k new connections.
  • It supports 5-port  Switch (including 4-Gigabit Ethernet port and 1-Fast Ethernet Ports).
  • It supports 200 VLAN Interfaces.
ASA 5550
  • ASA 5550 has unlimited users support.
  • It has maximum throughput of around 1.2 Gbps.
  • It has 3DES/AES/VPN throughput upto 425 Mbps.
  • It can have around 5K VPN Peers.
  • It can have around 650k concurrent connections, with 33k new connections.
  • It supports  8-Gigabit Ethernet port, 4-SFP Fiber and 1-Fast Ethernet Ports).
  • It supports 400 VLAN Interfaces.

Tuesday, 19 January 2016

ASA Firewall History

What is ASA?


ASA stands for Adaptive Security Appliance.
ASA is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It provides proactive threat defense that stops attacks before they spread through the network.

ASA is valuable and flexible in that it can be used as a security solution for both small and large networks


History of Firewall



  • Cisco First Introduced PIX Firewall in year 1999.
  • Later ASA Firewall was introduced as an Advanced version of PIX in the year 2005/06.
  • Cisco further added ASA-X Series in the year 2012, which brought about more advanced features in Firewall.

ASA Firewall are of different types depending on its features and capabilities
 ASA Firewall and its Types

Saturday, 16 January 2016

Need for NAT & Its Pros and Cons

NAT is Network Address Translation, For basic details about it refer the link NAT Overview
NEED for NAT

The major need for introducing NAT was exhausting IP Address, though it also got the Identity of Securing the Internal Private Network. The Private IP Address was hidden inside Th outside Public Address.

It Also Served the purpose of Private IP Address not routable into Internet, so they are translated to Public IP through NATing 

Advantages of NAT
  •  Securing the Internal Private IP from outside world. So that Attacker wont be able to track Internal IP.
  • Reusing Private IPs again and again at different local networks can be possible because of NAT. Hence Preserving depletion of IPv4 Addresses
  • NAT helps in preventing internal Address Change if you change the Service Provider.



Disadvantages Of  NAT


  • NAT  is a processor and memory resource consuming technology, since NAT need to translate IPv4 addresses for all incoming and outgoing IPv4 datagrams and to keep the translation details in memory.
  • NAT  may cause delay in IPv4 communication.
  • NAT cause loss of end-device to end-device IP traceability.
  • Also Some Applications and Technologies will not function as expected in NAT.

Host A-----Inside IP Address----NAT----Outside IP Address-----Internet

Host A----Private (Local IP)-----NAT-----Public (Global IP)--------Internet

NAT- Network Address Translation and Types of IP Address

In Todays Growing Networking World, there are increasing number of devices in a network. Each device is recognized by its Identical IP Address. Also the IP address division as Public and Private IP exhausting the future IP limit.

This placed the need for NAT (Network Address Translation) 
Network Address Translation What it does is, it translates the Private IP address to single Public IP.

Now the question arises what great it does by converting Private IP to Public IP???
For that you must know what is Private IP and Public IP First....

What is private IP address?

A private IP address is the address space allocated by user to allow organizations to create their own private network. There are three IP blocks (1 class A, 1 class B and 1 class C) reserved for a private use. The computers, tablets and smartphones sitting behind your home, and the personal computers within an organizations are usually assigned private IP addresses. A network printer residing in your home is assigned a private address so that only your family can print to your local printer.
When a computer is assigned a private IP address, the local devices sees this computer via it's private IP address. However, the devices residing outside of your local network cannot directly communicate via the private IP address, but uses your router's public IP address to communicate. To allow direct access to a local device which is assigned a private IP address, a Network Address Translator (NAT) should be used.

What is public IP address?

A public IP address is the address that is assigned to a computing device to allow direct access over the Internet. A web server, email server and any server device directly accessible from the Internet are candidate for a public IP address. A public IP address is globally unique, and can only be assigned to an unique device.