This module expanded upon the idea that network security is a constant cycle
of securing, monitoring, testing, and improving, centered on a security policy.
This module discussed a number of methods that administrators can use to secure
a network. The initialization and configuration of a Firewall IPS router was
discussed and the student gained hands-on experience by configuring an IPS
router through lab activities.
A series of attack guards for the PIX
Security Appliance were presented next. These are special techniques that can
prevent many problems that surround popular services such as e-mail and DNS.
The methods of intrusion detection available to the PIX Security Appliance were
also discussed, and the configuration steps were explained. When a packet must
be rejected, the process is called shunning. Shunning was discussed, along with
configuration examples.