Đang chuẩn bị liên kết để tải về tài liệu:
designing network security cisco press phần 7

giao diện điều khiển truy cập vật lý truy cập qua đăng nhập nhân viên và mật khẩu địa phương phù hợp - thời gian phiên ra sau khi! 2 phút và 30 giây của dòng thời gian nhàn rỗi còn 0 exec-timeout 2 30 nhân viên chứng thực đăng nhập! | Securing Internet Access Final deny all which logs all access list violations via syslog access-list 111 deny ip any any log no cdp run snmp-server community public RO 6 line con 0 exec-timeout 2 30 login authentication security_geeks line aux 0 no exec transport input none line vty 0 4 exec-timeout 2 30 login authentication security_geeks service timestamps log datetime localtime show-timezone logging on logging 144.254.5.5 logging console information http wwwin.cisco.com cpress cc td cpress internl dns ch09.htm 38 of 56 02 02 2001 17.33.08 Securing Internet Access PIX Firewall with Screening IOS Router In this scenario the Cisco IOS router is used as the screening router to provide basic filtering of traffic coming from the Internet. The PIX firewall provides the more robust firewall features see Figure 9-10 . Figure 9-10 Sample Cisco PIX Firewall with Cisco IOS Screening Router The sample configurations in Listings 9-2 and 9-3 depict the implementation of the following Internet access security policy Device screening router and firewall access is through TACACS authentication and authorization The screening router has simple anti-spoofing filters Two illegal networks 192.168.0.0 and 10.0.0.0 must make use of NAT to convert to the legal address given by the ISP of 192.150.50.0 Hosts on the 10.0.0.0 network can access everything Hosts on the 192.168.0.0 network can access the Internet but cannot access hosts on the 10.0.0.0 network Only Internet traffic from 144.254.0.0 can access the FTP server whose illegal 192.168.0.6 address must be assigned the legal address 192.150.50.6 The FTP traffic must be authenticated using TACACS All Internet Web HTTP traffic is directed to host 192.168.0.2 it must be assigned the legal address of 192.150.50.9 All outbound Web traffic is sent to do a URL check by way of the WebSense server All Internet mail SMTP traffic is directed to host 10.0.1.99 it must be assigned the legal address of 192.150.50.7 Listing 9-2 Configuration of .