Cisco IOS Firewall, multi-functional security product

A firewall is a set of hardware and software that is implemented at a specific point on the network infrastructure to enhance enterprise security policies.

Cisco IOS Firewall adds advanced and effective firewall technologies to Cisco IOS software-based routers. As an integrated solution, it can take full advantage of what customers already possess (such as peripheral routers) and what they understand (such as Cisco IOS software, it also simplifies ownership and management of problems. As a software, it features low price, simple configuration, and easy upgrade. The Cisco IOS Firewall feature set is an optional additional software license for a Cisco router that provides firewall functionality integrated into a Cisco IOS router.

Cisco IOS Firewall software integrates a variety of powerful security features, including:
Context-based access control (CBAC)-provides secure and application-based access control for all data streams across peripheral networks (such as network segments between enterprise-specific networks and the Internet; CBAC can block most "Port Scan" attempts.
Intrusion Detection-monitors, intercepts, and responds to network misuse in real time. It is a set of the most common attacks and information collection and intrusion detection signatures.
Authentication Proxy-used for dynamic identity authentication and authorization for specific users based on LAN and dial-up Internet communication.
Denial of Service detection and prevention-defends and protects vro resources from threats and damages caused by common attacks (you can check the packet header and delete and discard suspicious packets ).
Dynamic port ing-the network administrator can run applications supported by CBAC on non-standard ports.
Java small application blocking-protects the system from UNKNOWN identities or malicious attacks on small Java applications.
VPN, IPSec Encryption, and QoS support:
• Works with Cisco IOS software for encryption, encapsulation, and QoS to ensure VPN security.
• A Scalable encrypted tunnel can be provided on a vro, and powerful Peripheral Security, advanced bandwidth management, intrusion detection, and service-level verification can be integrated.
• Provides interoperability between heterogeneous machines based on various standards.
Real-Time alerts-you can record alerts for denial-of-service attacks or other pre-configured conditions. You can configure alerts based on specific applications or functions.
Network Transaction Tracking record-detailed information of network transactions can be tracked and recorded: time stamp, source host, destination host, port, duration, and the total number of transmitted bytes, A detailed report can be prepared. You can configure the report based on the specific application or function.
Event record-you can output system error information to the console terminal or system log server. You can set severity levels and record other parameters, this allows administrators to track potential security risks or other non-standard activities in real time.
Firewall management-the wizard-Based Network Configuration tool provides a complete set of step-by-step guidance from network design to addressing and then to Cisco IOS Firewall security policy configuration; you can also configure network address translation (NAT) and IPSec.
Integration with Cisco IOS software-interworking with Cisco IOS functions and integrating security policy enforcement functions into the network.
Basic and advanced data stream Filtering:
• Standard and extended ACLs allow access control to be applied on specific network segments and determine which data streams are allowed to pass through a specific network segment.
• The lock and key dynamic ACL can be used to grant temporary access through the firewall based on the user identity (User Name/password.
Policy-based multi-interface support-provides the ability to control user access based on IP addresses and interfaces specified by security policies.
Network Address Translation-hides internal networks from external attacks to improve security.
Time-based access list-security policies can be defined based on the time of one day or the date of one week.
Peer-to-Peer router Authentication-ensures that the router can receive reliable routing information from trusted sources.

Cisco IOS Firewall feature set and Cisco PIX Firewall

In many stages of network design, we need to make such a choice: we should use integrated functions (such as the Cisco IOS Firewall feature set) in network devices) we should also adopt specialized functional devices (such as the PIX™Firewall? Integrated functions are usually attractive because they can be implemented on existing devices, or because they can be interconnected with other parts of the device, then, a set of better functional solutions can be provided. When the required features are very advanced, or when performance requirements force us to adopt specialized hardware, we usually need to use these devices. Each time we make a choice: either by taking advantage of the device's capacity and functionality, or by taking advantage of the device's integration advantages.