Cisco Cisco IPS 4360 Sensor Libro bianco
34
Firewall
August 2012 Series
34
Procedure 5
Configure security policy
The security policy is typically configured so that internal network traffic to
the DMZs or Internet is blocked only for high-risk services; all other access
is allowed.
the DMZs or Internet is blocked only for high-risk services; all other access
is allowed.
Telnet is an example of a network service that is high-risk, because it carries
all of its data unencrypted. This poses a risk because hosts that can inter-
cept the data can potentially view sensitive data.
all of its data unencrypted. This poses a risk because hosts that can inter-
cept the data can potentially view sensitive data.
Step 1:
Navigate to
Configuration > Firewall > Access Rules
.
First, you will add a rule to deny the internal network from sending outbound
Telnet requests.
Telnet requests.
Step 2:
Click
Add > Add Access Rule
.
Step 3:
In the Add Access Rule dialog box, in the
Interface
list, select
—Any—
.
Step 4:
For
Action
, select
Deny
.
Step 5:
In the
Source
list, select the network object that summarizes the
internal networks. (Example: internal-network)
Step 6:
In the
Service
list, enter
tcp/telnet
, and then click
OK
.
Next, you will add a rule to permit all remaining traffic from the internal
network.
network.
Step 7:
Click
Add > Add Access Rule
.
Step 8:
In the Add Access Rule dialog box, in the
Interface
list, select
—Any—
.
Step 9:
For
Action
, select
Permit
.
Step 10:
In the
Source
list, select the network object that summarizes the
internal networks. (Example: internal-network)
Step 11:
Clear
Enable Logging
, and then click
OK.
Step 12:
On the Access Rules pane, click
Apply.