How to secure your small business with a PIX firewallWritten by Ron Jones
Continued from page 1
pixfirewall(config)# interface ethernet0 100full pixfirewall(config)# lnterface ethernet1 100full
Now to assign an address to inside and outside interfaces; ip address command sets ip address of an interface. The syntax is as follows: Ip address
An example might be as follows: Ip address outside pixfirewall(config)# ip address outside 126.96.36.199 255.255.255.252 (this IP address, netmask combination should not be used, it is shown here for example only. Use IP address/mask given to you by your ISP).
Then inside IP address ip address inside pixfirewall(config)# Ip address inside 192.168.0.1 255.255.255.0
A brief word about IP addressing is in order here.
One way that is used to conserve public IP addresses is through use of non-routable IP addressing blocks specified in RFC 1597. You may sometimes hear them referred to as “private” IP addresses, which is fine, but not quite technically accurate. There are three different blocks to choose from: 10.0.0.0 – 10.255.255.255 with a netmask of 255.0.0.0 172.16.0.0 – 172.31.255.255 with a netmask of 255.255.0.0 192.168.0.0 – 192.168.255.255 with a netmask of 255.255.255.0
as long as your internal network's IP addresses are all within one of those blocks of address space, you will not need to introduce complexity of routing within your LAN. An example scheme for those who are not familiar is shown below: PIX – 192.168.0.1 netmask 255.255.255.0 File/DHCP server – 192.168.0.2 netmask 255.255.255.0 Workstations – 192.168.0.10 – 192.168.0.254 netmask (each) 255.255.255.0 * I intentionally skipped over 192.168.0.3-9 addresses to plan for future expansion and possible need for additional servers, you don't have to do this. * Configure your DHCP server to hand out addresses in specified block using your ISP-provided DNS servers for name resolution. Make sure to change this should you ever decide to install a name server within your own network. * If you don't want to set up a DHCP server, just configure each PC with IP address, default gateway, netmask & DNS servers
It is very important now to add a default route to PIX configuration. Another term for default route is “default gateway.” You need to tell PIX that if it receives traffic destined for a network that isn’t directly connected, it should send it to connected ISP router. Your ISP should have given you IP address of your default gateway when you received your setup information.
Here is syntax: Route The English translation is “if packets destined for interface on network specified by network address are bounded by mask then route it via a next hop at optional command is used to give an indication of distance.
For example pixfirewall(config)# Route outside 0 0 <188.8.131.52> 1 (if packets are destined outside network to any ip address with any netmask, send them through ISPs default gateway, which is one hop away, meaning it is device to which PIX is connected on outside interface).
To password protect your PIX in order to prevent unauthorized access, use something that is secure and hard to guess. Try to stay away from names of spouses, children, pets, birthdays or other easily guessed variable. Whenever possible, use a combination of letters and numbers. The syntax is as follows (but please don’t use cisco as your actual password) pixfirewall(config)# Passwd cisco (note abbreviated spelling of word password) this will set a password for basic access (rembember pixfirewall> prompt?) pixfirewall(config)# Enable password cisco this will set password for administrative access
Now that your PIX has been given a basic configuration, you should be able to access internet, while preventing unauthorized access to your resources.
Ron Jones is the Founder and President of The Fulcrum Technology Group, Inc. Located just North of Atlanta, this consulting firm specializes in business technology solutions that will enable you to maintain a competitive advantage by increasing productivity, improving reliability and reducing expenses.
Coping with a Serious Data Loss from your Computer Hard DriveWritten by Darryl Peddle
Continued from page 1
Data recovery specialists are innovative problem solvers. Often, application of basic common sense, when no-one else is in any condition to apply it, is beginning of journey towards data recovery. The data recovery specialist draws on a wealth of experience, married to a "never say die" attitude, and a comprehensive tool kit of problem-solving procedures. Successful recovery outcomes hinge on a combination of innovative logistics, applied problem-solving, and "technology triage," process of stabilizing an affected system quickly, analyzing and treating its wounds, and preparing it for surgery. The triage process sets priorities, such as targeting which files are needed first or which are absolutely vital to functioning of business, and establishes whether files might be recovered in less structured formats (such as text-only), which may be desirable when time is crucial.
The art and science of professional data recovery can spell difference between a business' success or its failure. Before that level of intervention is required, though, users can take steps to ensure that probability of a data loss disaster is minimized.
Basic to any business technology plan is a regular fire-drill procedure. Back-up routines may be in place, staff may assigned to specific roles, hardware and software may be configured - but, if user isn't completely sure that everything works way it should, a data loss event is inevitable. Having adequate, tested, and current backups in place is critical. A hardware breakdown should not be compounded by human error - if malfunctioning drive is critical, task of dealing with it should go to a data recovery professional.
Just as data loss disasters are rooted in a combination of mechanical failure and human error, so, too, data recovery solution lies in a creative marriage of technological and human. The underlying philosophy of successful data recovery is that technology is something to be used by human beings, not something that uses us.
Name: Darryl Peddle Company: CBL Technologies, Canada Author description: Darryl Peddle is an Internet Marketing Specialist with CBL Technologies, one of the largest data recovery specialists in the world. Website: http://www.cbltech.com