Cisco Security Appliance software for firewalls delivers the latest firewall and VPN capabilities, enhanced performance, and security improvements, as well as a list of new features. Version 7.0 and the latest release, version 8.0, introduce significant enhancements to all major functional areas. These areas include firewalling and inspection services such as transparent (Layer 2) firewall or routed (Layer 3) firewall operation and multiple security contexts (virtualized firewalls), Enhanced Interior Gateway Routing Protocol (EIGRP) support, Application-Aware Inspection Services, enhanced VPN services, Dynamic Access Policies (DAP), browser-based SSL VPN, network integration, high availability (Active/Active) and enhanced management and monitoring services.
Some of the advanced features include TCP stream reassembly, which assists in detecting attacks that are spread across multiple packets (fragmented) by reassembling packets into a full packet stream and performing analysis on the entire stream.
Another feature, TCP normalization, provides improved techniques to detect TCP-based attacks and is designed to drop packets that do not appear normal. A strict inspection is performed to confirm RFC compliance on the TCP header (advanced header examination for flags and checking option, window variation, checksum verification and detection of data tampering in retransmitted packets). Several other advanced features and enhancements are available in the more recent software version releases.
The Security Appliance combines in one device advanced stateful firewall, VPN concentrator functionality, and advanced protection features to intercept and respond to network attacks.
The Security Appliance software supports an intuitive, easy-to-use GUI-based application called Adaptive Security Device Manager (ASDM). ASDM is a browser-based Java applet used to configure, monitor, and manage the Security Appliances. ASDM is covered in Chapter 24, "Security and Policy Management."
With the brief introduction and product overviews, sections to follow will discuss the features and the configuration details.