فایروال های سیسکو

Firewalls

Cisco Adaptive Security Appliance (ASA) Software

The Cisco ASA family of security devices protects corporate networks of all sizes. It provides users with highly secure access to data – anytime, anywhere, using any device. These devices represent more than 15 years of proven firewall and network security leadership, with more than 1 million security appliances deployed throughout the world.

Features and Capabilities

Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors – standalone appliances, blades, and virtual. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs.

Among its benefits, Cisco ASA Software:

Offers integrated IPS, VPN, and Unified Communications capabilities

Helps organizations increase capacity and improve performance through clustering

Delivers high availability for high resiliency applications

Provides context awareness with Cisco TrustSec security group tags andIdentity-Based Firewall

Facilitates dynamic routing and site-to-site VPN on a per-context basis

Cisco ASA software supports next-generation encryption standards, including the Suite B set of cryptographic algorithms. It also integrates with Cisco Cloud Web Security to provide web-based threat protection.

Cisco ASA 5500 Series Adaptive Security Appliances

In addition to a robust firewall, businesses of all sizes need a full complement of security services, including intrusion prevention, VPN, content security, unified communications, and remote access. The Cisco ASA Family of security devices was built to meet these needs.

A key component of the Cisco SecureX Framework, Cisco ASA protects networks of all sizes with MultiScale performance and a comprehensive suite of highly integrated, context-aware security services. With more than 15 years of proven firewall leadership and over 1 million security appliances deployed throughout the world, Cisco ASA protects corporate networks while providing users with more secure access to data – anytime, anywhere, using any device.

The Cisco ASA Family scales to meet a wide range of needs while providing highly secure, high-performance connectivity for maximum productivity.

Convenient Form Factors

Cisco ASA products are available in a wide range of form factors, including:

Standalone appliances that scale to meet the needs of branch offices, midsize businesses securing the Internet edge, and enterprise data centers

High-performance blades that integrate with the Cisco Catalyst 6500 Series network switch

Virtual instances to provide enterprise-class security for private and public clouds

Feature and Capabilities

Comprehensive, highly effective intrusion prevention system (IPS) with Cisco Global Correlation

High-performance VPN and remote access

Optional antivirus, antispam, antiphishing, URL blocking and filtering, and content control

Cisco ASA 1000V Cloud Firewall

Get consistent, enterprise-class security for private and public clouds with the Cisco ASA 1000V Cloud Firewall. The ASA 1000V employs mainstream, proven Adaptive Security Appliance (ASA) technology, optimized for highly secure multi-tenant virtual and cloud infrastructure at the edge. This helps to enable consistency across physical, virtual, and cloud infrastructures.

Comprehensive Security – Physical, Virtual, Cloud

The ASA 1000V complements the zone-based security capabilities of the Cisco Virtual Security Gateway (VSG) to extend Cisco’s virtual and cloud security portfolio. It provides multi-tenant edge security, default gateway functionality, and protection against network-based attacks.

Solution Flexibility and Operational Efficiency

Integration with the Cisco Nexus 1000V Series Switch provides simple yet crucial solution enhancements for virtual and cloud infrastructure security:

A single ASA 1000V instance can span across and help to secure multiple VMware ESX hosts for enhanced deployment flexibility and simplified management.

Multiple hypervisor capable solution provides unmatched deployment flexibility which eliminates vendor lock-in.

Multi-Tenant Management

The Cisco ASA 1000V Cloud Firewall also employs the Cisco Virtual Network Management Center for the following important benefits:

Helps to enable rapid and scalable deployment through dynamic, template-driven policy management based on security profiles

Enhances management flexibility through an XML API that helps enable programmatic integration with third-party management and orchestration tools

Helps to ensure collaborative governance with role-relevant management interfaces for network, server, and security administrators

Cisco ASA CX Context-Aware Security

In today’s complex networking environment, firewall administrators must often choose between enabling the access required for optimal employee productivity, and the degree of security needed to protect the business. Most firewalls fail to provide sufficient visibility to make intelligent security decisions. This makes organizations hesitant to adopt new devices, applications, and mobility use cases that could prove beneficial to business but may threaten network security.

Features and Capabilities

Cisco ASA CX Context-Aware Security solves these problems with context-aware capabilities for exceptional visibility and control so your enterprise can take advantage of new applications and devices without compromising security.

End-to-End Network Intelligence

Unlike other next-generation firewalls, Cisco ASA CX keeps pace with rapidly evolving security needs by offering end-to-end network intelligence. It uses the Cisco SecureX framework to combine context from local traffic with in-depth global network context through:

Cisco TrustSec Technology

Cisco AnyConnect Secure Mobility Solution for unique mobile client insight

Cisco Security Intelligence Operations (SIO) for near-real-time threat information and proactive protection

Safely Enable Devices

While existing next-generation firewalls provide application and user identification capabilities, they lack the full context awareness to safely enable devices and applications, without compromising network security. In contrast, Cisco ASA CX allows administrators to add devices and applications while ensuring protection and control. It provides deep insights and the ability to develop security policies based on:

Specific users, applications, and sites visited, rather than just IP addresses

Detailed information on the type, location, and security posture of mobile devices, before they can access the network

Enhanced, specific visibility into who and what is connecting to the network, as well as their location

Granular Control

Organizations can also use Cisco ASA CX to enforce individual- and group-based policies that enable access to specific components of an application, while disabling others. Cisco ASA CX recognizes over 1000 applications and more than 75,000 micro-applications to provide granular control. It can also block port- and protocol-hopping applications such as Skype and other peer-to-peer applications for more effective security, while writing fewer policies.

Cisco PIX Firewall Software

The industry-leading Cisco PIX 500 Series Firewall provides today’s networking customers with superior security, reliability, and performance. Integrated Cisco PIX firewall hardware and software delivers full stateful firewall protection and IP Security (IPSec) VPN capabilities, allowing you to rigorously protect your internal network from outside intrusions.

Unlike typical CPU-intensive full-time proxy servers, the Cisco PIX firewall uses a non-UNIX secure, real-time, embedded system. Its tradition of flexibility and scalability, combined with a wide selection of platforms and features, allows the Cisco PIX Firewall to meet the entire range of customer requirements.

Cisco PIX Firewall Software Version 6.0 is the latest version of the dedicated OS. It delivers the latest Cisco PIX firewall capabilities, performance, and security improvements, as well as a host of new features.

Cisco Catalyst 6500 Series Firewall Services Module

Cisco Firewall Services Module (FWSM)—a high-speed, integrated firewall module for Cisco Catalyst 6500 switches and Cisco 7600 Series routers—provides the fastest firewall data rates in the industry: 5-Gbps throughput, 100,000 CPS, and 1M concurrent connections. Up to four FWSMs can be installed in a single chassis, providing scalability to 20 Gbps per chassis. Based on Cisco PIX Firewall technology, the Cisco FWSM offers large enterprises and service providers unmatched security, reliability, and performance.

The Cisco FWSM includes a number of advanced features that help reduce costs and operational complexity while enabling organizations to manage multiple firewalls from the same management platform. Features such as resource manager helps organizations limit the resources allocated to any security context at any time thus ensuring that one security context does not interfere with another. The transparent firewall feature configures the FWSM to act as a Layer 2 bridging firewall resulting in minimal changes to network topology.

The Cisco FWSM also offers:

An integrated module: Installed inside a Cisco Catalyst 6500 Series Switch or Cisco 7600 Internet Router, the FWSM allows any port on the device to operate as a firewall port and integrates firewall security inside the network infrastructure.

Compatibility with future versions: The FWSM can handle up to 5 Gbps of traffic, providing unsurpassed performance to meet future requirements without requiring a system overhaul. Up to three additional FWSMs can be added to the Catalyst 6500 to achieve 10 Gigabit plus scalability.

Enhanced reliability: The FWSM is based on Cisco PIX technology and uses the same time-tested Cisco PIX Operating System, a secure, real-time operating system.

Lower cost of ownership: The FWSM offers among the best price to performance ratios of any firewall. Since FWSM is based on the Cisco PIX Firewall, the cost of training and management is lower, and because it is integrated in the chassis, there are fewer boxes to manage.

Ease of use: The PIX Device Manager’s (PDM) intuitive graphical user interface (GUI) can be used to manage and configure the features within the FWSM. The FWSM can now be managed using the Adaptive Security Device Manager (ASDM) V5.2F as well.

Efficiency and productivity gains: Virtualized FWSM delivers multiple firewalls on one physical hardware platform. Network administrators can configure, deploy, and manage these functions as if they were separate devices. Using virtualization to reduce the number of physical devices in a network significantly reduces the cost and complexity of managing network infrastructure.

Cisco IOS Firewall

Cisco IOS Firewall helps ensure your network’s availability and the security of your company’s resources by protecting the network infrastructure against network- and application-layer attacks, viruses, and worms. It protects unified communications by guarding Session Initiation Protocol (SIP) endpoints and call-control resources. Cisco IOS Firewall is a stateful firewall solution, certified by Common Criteria (EAL4).

Suitable for branch offices, small to medium business environments, or managed services, Cisco IOS Firewall effectively controls application traffic on the network. A fundamental part of the Cisco Integrated Threat Control framework, it works with other Cisco IOS security features, including Cisco IOS Intrusion Prevention System (IPS), IOS Content Filtering, and IOS Network Address Translation (NAT), to create a completely integrated branch-office perimeter security solution.

Cisco IOS Firewall:

Protects network resources — Uses existing routing capabilities to offer distributed threat mitigation of worms, viruses, and other network and application-layer threats and exploits

Helps lower total cost of ownership — Reduces equipment footprint and minimizes power consumption

Increases deployment flexibility — Offers options for transparent and virtual firewall policies on wide variety of WAN, WLAN, LAN and VLAN interfaces

Helps achieve regulatory compliance — Provides policy-based access control to help meet Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and other regulations

Improves the integrity of Cisco Unified Communications — Helps ensure that critical unified communications services, such as gateways and other UC network resources, remain available and resistant to potential exploits

Cisco Adaptive Security Device Manager

Quickly configure, monitor, and troubleshoot Cisco firewall appliances and firewall service modules with this user-friendly application. Ideal for small or simple deployments, the Cisco Adaptive Security Device Manager provides the following:

Setup wizards that help you configure and manage Cisco firewall devices, including the Cisco ASA Adaptive Security Appliances, Cisco PIX appliances, and Cisco Catalyst 6500 Series Firewall Services Modules without cumbersome command-line scripts

Powerful real-time log viewer and monitoring dashboards that provide an at-a-glance view of firewall appliance status and health

Handy troubleshooting features and powerful debugging tools such as packet trace and packet capture

To learn about Cisco solutions for managing IPS and email/web security deployments, visit the Network Security Management page.

Cisco Security Manager

Cisco Security Manager (CSM) helps to enable consistent policy enforcement and rapid troubleshooting of security events, offering summarized reports across the security deployment. Using its centralized interface, organizations can scale efficiently and manage a wide range of Cisco security devices with improved visibility.

Intrusion Prevention System – IPS

Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Module

With the increased complexity of security threats, such as malicious Internet worms, denial of service (DoS) attacks, and e-business application attacks, achieving efficient network intrusion security is critical to maintaining a high level of protection. The Cisco® Catalyst® ۶۵۰۰ Series Intrusion Detection System Services Module (IDSM-2) is an important intrusion prevention system (IPS) solution for safeguarding organizations from costly and debilitating network breaches and for helping to ensure business continuity.

The second-generation Cisco IDSM-2 protects switched environments by integrating full-featured IPS functions directly into the network infrastructure through the widely deployed Cisco Catalyst chassis. This integration allows the user to monitor traffic directly off the switch backplane—a logical platform for additional services such as firewall, VPN, and IPS.

The Cisco IDSM-2 with Cisco IPS Sensor Software v6.0 helps users stop more threats with greater confidence, through the use of the following elements:

Multivector threat identification—Detailed inspection of Layer 2–۷ traffic protects your network from policy violations, vulnerability exploitations, and anomalous activity.

Accurate prevention technologies—Cisco Systems’ innovative Risk Rating feature and Meta Event Generator provide the confidence to take preventive actions on a broader range of threats without the risk of dropping legitimate traffic.

When combined, these elements provide a comprehensive inline prevention solution, giving you the confidence to detect and stop the broadest range of malicious traffic before it affects business continuity.

Cisco Integrated Services Routers Intrusion Prevention System Module

Extend security to the farthest point of your network in a cost-effective manner with the Cisco Intrusion Prevention System Advanced Integration Module (IPS AIM) and Network Module (IPS NME). These security service modules for Cisco 1841, 2800 Series, and 3800 Series Integrated Services Routers offer:

Enterprise-class intrusion prevention system solutions for small and medium-sized businesses and enterprise branch offices

Performance that scales to meet current and future needs

Implement a Multilayer Approach

Enterprise networks are subject to ever-increasing numbers and varieties of attacks at every point. You can protect your network most effectively from worms, viruses, and other malicious traffic by using an in-depth, multilayer approach. As part of the Cisco Self-Defending Network, the Cisco IPS modules provide:

Tight integration with your network infrastructure and all the services deployed, including unified communications and unified security

Collaboration with other Cisco security devices through common security management platforms

Scalability to meet your current and future WAN needs

IPS Module Compatibility IPS AIM IPS NME

Cisco 1841 X

Cisco 2801 X

Cisco 2811, 2821, 2851 X X

Cisco 3825, 3845 X X

Cisco IPS 4500 Series Sensors

The modern enterprise runs on a dizzying array of large- to medium-scale commercial and customized applications. The data within those applications is exactly what attackers are targeting. The Cisco IPS 4500 Series has the most advanced network awareness in the industry, providing critical application and infrastructure protection for the data center or network core.

Features and Capabilities

The Cisco IPS 4500 Series, a critical component of the Cisco SecureX architecture, delivers hardware-accelerated inspection, real-world performance, high port density, and energy efficiency in an expansion-ready chassis. With our highly effective, out-of-the-box protection and automated threat management, your critical assets are protected in minutes.

The Cisco IPS 4500 Series offers:

Data center specific protection for web servers, databases, and storage; Oracle, SAP enterprise class applications, and custom software

Continuously defends critical servers due to OS and application vulnerabilities, reducing emergency patch fire drills and IT expenses

Ease of Deployment and management: Wizard driven deployment setup includes data center focused signature template; efficient management from Cisco IPS Manager Express or Cisco Security Manager spans the entire IPS product line

Cisco IPS 4300 Series Sensors

Cisco IPS 4300 Series Sensors deliver over 1 Gbps of enterprise-class intrusion prevention protection in an easy-to-use and deploy one rack-unit (1 RU) form factor. With hardware-accelerated threat inspection, the industry’s first context-aware IPS provides accuracy, confidence, and reliability in an economical package.

Features and Capabilities

The context aware Cisco IPS 4300 Series Sensors gain the following advantages from the Cisco SecureX framework and Cisco Security Intelligence Operations:

Detailed attack information delivered using signature updates twice a week

Attacker visibility updated every 15 minutes through Global Correlation reputation feeds

Victim information using OS fingerprinting and internal reputation

Top-line effectiveness and bottom-line total cost of ownership (TCO) are outstanding strengths of the 4300 Series. Others include:

Rapid and scalable deployment through dynamic, default-driven policy management and setup

Hardware-accelerated intrusion prevention in a one-rack-unit form factor, for high throughput in a small footprin

Efficient and common management across the entire IPS product line with IPS Manager Express or Cisco Security Manager

Support for innovative protection, such as advanced evasion detection and industrial controls security

Specifications at a Glance

Model Cisco IPS 4345 Sensor Cisco IPS 4360 Sensor

Average Inspection Throughput 750 Mbps 1.25 Gbps

Maximum Inspection

Throughput 1.8 Gbps 2.4 Gbps

Latency (microseconds) <150 microseconds <150 microseconds

1 GE density 14* 14*

Redundant power supplies No Yes

Hardware Accelerated Yes Yes

IDS and IPS modes Yes Yes

Management tool Cisco Security Manager, Cisco IPS Device Manager, Cisco IPS Manager Express, CLI

Cisco IPS 4200 Series Sensors

Accurately identify, classify, and stop malicious activity. Cisco IPS 4200 Series Sensors:

Detect threats to intellectual property and customer data, with modular inspection throughout the network stack

Stop sophisticated attackers by detecting behavioral anomalies, evasion, and attacks against vulnerabilities

Prevent threats with confidence using the industry’s most comprehensive set of threat prevention actions

Focus response with dynamic threat ratings and detailed logging

Provide protection from the latest threats and vulnerabilities

Performance and Flexibility

Select the right performance for your needs:

Design your IPS for your network, with full inspection at up to 4Gbps, and a variety of high-density copper and fiber interface options

Deploy IPS to fit your policy, whether you deploy inline, promiscuous, both at the same time, or even inline-on-a-stick

Minimize the cost and complexity of protection, using your current virtual LAN configuration, and industry-leading virtualization capabilities

Policy-Based Management

Reduce the time and effort required to implement and update security measures. Cisco IPS 4200 Series Sensors:

Achieve a unified, end-to-end approach to security incident management withCisco Security Monitoring, Analysis, and Response System

Reduce the cost of change and configuration management activities, using theCisco Security Manager to update policies on thousands of devices in a few simple steps

Simplify management with IPS Manager Express

Cisco IPS 4200 Series Sensors are a core component of the Cisco Intrusion Prevention System (IPS) solution.