E gov security_tut_session_8_lab


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

E gov security_tut_session_8_lab

  1. 1. ‫أكاديمية الحكومة اإللكترونية الفلسطينية‬The Palestinian eGovernment Academy www.egovacademy.psSecurity Tutorial Session 8 LAB PalGov © 2011 1
  2. 2. AboutThis tutorial is part of the PalGov project, funded by the TEMPUS IV program of theCommission of the European Communities, grant agreement 511159-TEMPUS-1-2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.psProject Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, PalestineCoordinator:Dr. Mustafa JarrarBirzeit University, P.O.Box 14- Birzeit, PalestineTelfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
  3. 3. © Copyright NotesEveryone is encouraged to use this material, or part of it, but should properlycite the project (logo and website), and the author of that part.No part of this tutorial may be reproduced or modified in any form or by anymeans, without prior written permission from the project, who have the fullcopyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SAThis license lets others remix, tweak, and build upon your work non-commercially, as long as they credit you and license their new creationsunder the identical terms. PalGov © 2011 3
  4. 4. Tutorial 5:Information Security Session 8: Firewalls Lab Session 8 Outline: •Firewall installations.
  5. 5. Tutorial 5: Session 8: Firewalls LABThis session will contribute to the followingILOs:• C: Professional and Practical Skills: • c2: Configure an end-to-end secure and available systems. • c4: Configure user authentication and authorization services using Firewalls.• D: General and Transferable Skills • d1: Communication and team work. • d2: Systems configurations.
  6. 6. Cisco ASA Firewall• In this lab, we will go through the steps necessary to create a Cisco ASA firewall object in Firewall Builder, and then install rules created in Firewall Builder onto the firewall.• Firewall Builder is a GUI application that can be used to configure and manage firewall rules for multiple types of firewalls such as Linux iptables, Cisco ASA and PIX, Cisco router ACL, and HP ProCurve ACL. For Cisco ASA and Cisco PIX firewalls, after the firewall object rules creation Firewall Builder generates a configuration file containing all the Cisco CLI commands required to implement the defined security policy.
  7. 7. Configuring ASA Firewall with FirewallBuilder
  8. 8. Installing Firewall Builder• To access Ubuntu repository of stable Firewall Builder packages, add the following line to the file /etc/apt/sources.list:• deb http://packages.fwbuilder.org/deb/stable/ natty contrib• Next, retrieve the updated package lists by issuing the following command:• sudo apt-get update• Packages in all repositories are signed with GPG key. To add the key on Ubuntu, use the following commands:• wget http://www.fwbuilder.org/PACKAGE-GPG-KEY- fwbuilder.asc• apt-key add PACKAGE-GPG-KEY-fwbuilder.asc• To install Firewall Builder run the following command:• sudo apt-get install fwbuilder
  9. 9. Configuring Cisco ASA• To configure the Cisco ASA firewall using the Firewall Builder as shown in the diagram below, start the Firewall Builder application and choose New Firewall from the menu that appears:
  10. 10. • In the first page of New Firewall wizard, enter a name for the firewall object:• Next, select interface configuration method:
  11. 11. • In the next pages of the wizard, you can create the network objects and define network zones:• After creating the firewall object and network objects you can configure the firewalls rules:
  12. 12. • After configuring the basic firewall rules, we need to define NAT policy:• To convert the rules from the Firewall Builder GUI syntax to the target device commands, click compile icon. To view the output of the compile, click on the button that says Inspect Generated Files.
  13. 13. Installing Cisco ASA configuration• Firewall Builder can install the generated configuration file for you using SSH and SCP.• By default Firewall Builder uses SCP to copy the generated config file to the firewall.
  14. 14. Summary• In this session we discussed the following: • Firewall installations.
  15. 15. Thanks Eng. Ghannam Aljabary