Download - E gov security_tut_session_8_lab
1PalGov © 2011
أكاديمية الحكومة اإللكترونية الفلسطينية
The Palestinian eGovernment Academy
www.egovacademy.ps
Security Tutorial
Session 8
LAB
2PalGov © 2011
About
This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the
Commission of the European Communities, grant agreement 511159-TEMPUS-1-
2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps
University of Trento, Italy
University of Namur, Belgium
Vrije Universiteit Brussel, Belgium
TrueTrust, UK
Birzeit University, Palestine
(Coordinator )
Palestine Polytechnic University, Palestine
Palestine Technical University, PalestineUniversité de Savoie, France
Ministry of Local Government, Palestine
Ministry of Telecom and IT, Palestine
Ministry of Interior, Palestine
Project Consortium:
Coordinator:
Dr. Mustafa Jarrar
Birzeit University, P.O.Box 14- Birzeit, Palestine
Telfax:+972 2 2982935 [email protected]
3PalGov © 2011
© Copyright Notes
Everyone is encouraged to use this material, or part of it, but should properly
cite the project (logo and website), and the author of that part.
No part of this tutorial may be reproduced or modified in any form or by any
means, without prior written permission from the project, who have the full
copyrights on the material.
Attribution-NonCommercial-ShareAlike
CC-BY-NC-SA
This license lets others remix, tweak, and build upon your work non-
commercially, as long as they credit you and license their new creations
under the identical terms.
Tutorial 5:
Information Security
Session 8: Firewalls Lab
Session 8 Outline:•Firewall installations.
Tutorial 5:
Session 8: Firewalls LAB
This session will contribute to the following
ILOs:
• C: Professional and Practical Skills:• c2: Configure an end-to-end secure and available systems.
• c4: Configure user authentication and authorization services using
Firewalls.
• D: General and Transferable Skills• d1: Communication and team work.
• d2: Systems configurations.
Cisco ASA Firewall
• In this lab, we will go through the steps necessary to
create a Cisco ASA firewall object in Firewall
Builder, and then install rules created in Firewall
Builder onto the firewall.
• Firewall Builder is a GUI application that can be
used to configure and manage firewall rules for
multiple types of firewalls such as Linux iptables,
Cisco ASA and PIX, Cisco router ACL, and HP
ProCurve ACL. For Cisco ASA and Cisco PIX
firewalls, after the firewall object rules creation
Firewall Builder generates a configuration file
containing all the Cisco CLI commands required to
implement the defined security policy.
Configuring ASA Firewall with Firewall
Builder
Installing Firewall Builder
• To access Ubuntu repository of stable Firewall Builder packages, add the following line to the file /etc/apt/sources.list:
• deb http://packages.fwbuilder.org/deb/stable/ natty contrib
• Next, retrieve the updated package lists by issuing the following command:
• sudo apt-get update
• Packages in all repositories are signed with GPG key. To add the key on Ubuntu, use the following commands:
• wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
• apt-key add PACKAGE-GPG-KEY-fwbuilder.asc
• To install Firewall Builder run the following command:• sudo apt-get install fwbuilder
Configuring Cisco ASA
• To configure the Cisco ASA firewall using the Firewall Builder
as shown in the diagram below, start the Firewall Builder
application and choose New Firewall from the menu that
appears:
• In the first page of New Firewall wizard, enter a name for
the firewall object:
• Next, select interface configuration method:
• In the next pages of the wizard, you can create the
network objects and define network zones:
• After creating the firewall object and network objects
you can configure the firewall's rules:
• After configuring the basic firewall rules, we need to
define NAT policy:
• To convert the rules from the Firewall Builder GUI
syntax to the target device commands, click compile
icon. To view the output of the compile, click on the
button that says Inspect Generated Files.
Installing Cisco ASA configuration
• Firewall Builder can install the generated
configuration file for you using SSH and SCP.
• By default Firewall Builder uses SCP to copy the
generated config file to the firewall.
Summary
• In this session we discussed the
following:• Firewall installations.
Thanks
Eng. Ghannam Aljabary