The Cisco PIX Firewall is a very versatile security device. From the PIX 506 SOHO model to the Enterprise class PIX 520 model, the PIX can fulfill the security needs of any size network.

In this chapter we covered numerous topics including the design of a security policy and then implementing that security policy on the PIX. It is extremely important to design a policy thoroughly before implementing it. Identifying the resources to protect, the services you wish to allow (HTTP, FTP etc), and requiring users to authenticate in order to access a resource ahead of time will permit an organization to implement the security policy in a quick and efficient manner. By creating a security policy on the fly, your resources can be compromised and data can be corrupted. Instead of being reactive to attacks and other security holes, creating a detailed security policy is a proactive measure in protecting your network.

Remember the key security features of the PIX: URL, ActiveX, and Java filtering; access control lists; DMZs; AAA authentication and authorization; DNSGuard, IP FragGuard, MailGuard, Flood Defender, and Flood Guard; IPSec; stateful filtering; securing access to the PIX; and syslog. These features will aid you in creating and implementing your security policy. NAT and NAPT should not be relied on as a security measure. Using a syslog server will allow you to archive all of the traffic that passes through your firewall. By using syslog, you will always have a record of anyone attempting to attack...