Chapter 15 - PIX Firewall Management

Abstract

System management is an important part of configuring and maintaining firewall. Without proper management, security policies cannot be enforced or monitored and a device might be compromised. This chapter focuses on managing Cisco PIX firewalls. It discusses how to enable and customize local and remote logging or syslog. Remote administration is another important component of system management. The chapter explains how to configure a variety of in-band management protocols, such as SSH, SNMP, Telnet, and HTTP, to remotely configure and monitor the PIX firewall. The security implications of each protocol and situations in which one protocol might be more appropriate than another are also discussed. Furthermore, the chapter also discusses configuring the system date and time and why it plays a vital role in system management. Along with system date and time, how to use NTP to make easier the job of managing the time and data on the Cisco PIX accurate and consistent across multiple devices is explained. The Cisco PIX firewall has a wealth of system time and date functionality. This functionality goes from the basic time and date stamp to automatically adjusting for daylight savings time. The Cisco PIX clock can be set locally or NTP can be used to set the time from a central timeserver. The PIX uses the UTC time format but can be configured to display the time in a time-zone format such as PST. The PIX can use NTP authentication to keep the link to the timeserver secure from unauthorized adjustment of the system time. This provides a level of security for using digital certificates.