E-Book, Englisch, 448 Seiten, Web PDF
Vacca / Ellis Firewalls
1. Auflage 2004
ISBN: 978-0-08-049132-5
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
Jumpstart for Network and Systems Administrators
E-Book, Englisch, 448 Seiten, Web PDF
ISBN: 978-0-08-049132-5
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
"In this book, you will gain extensive hands-on experience installing and configuring a firewall. You will also learn how to allow access to key Web services while maintaining your organization's security, as well as how to implement firewall-to-firewall virtual private networks (VPNs). You will learn how to build a firewall to protect your network, provide access to HTTP and FTP services on the Internet, and implement publicly accessible servers without compromising security. Furthermore, throughout the book, extensive hands-on examples provide you with practical experience in establishing security with firewalls. Examples include, but are not limited to: Installing and configuring Check Point FireWall-1, scanning to validate configuration using ISS Internet Scanner, configuring the firewall to support simple and complex Web services, setting up a packet filtering router, enhancing firewall configurations to support split-DNS, authenticating remote users, and protecting browsers and servers with a proxy-based firewall.
?Install and configure proxy-based and stateful-filtering firewalls
?Protect internal IP addresses with NAT and deploy a secure DNS architecture
?Develop an Internet/intranet security policy to protect your organization's systems and data
?Reduce your susceptibility to an attack by deploying firewalls, data encryption and decryption and other countermeasures"
Zielgruppe
Academic/professional/technical: Undergraduate. Academic/professional/technical: Postgraduate. Academic/professional/technical: Research and professional
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Firewalls Jumpstart for Network and Systems Administrators;4
3;Copyright Page;5
4;Contents;8
5;Foreword;18
6;Introduction;20
7;Acknowledgments;30
8;Section I: Overview of Firewall Technology;32
8.1;Chapter 1. Firewalls: What Are They?;34
8.1.1;1.1 Chapter objectives;34
8.1.2;1.2 Firewall defined;38
8.1.3;1.3 Why firewalls?;39
8.1.4;1.4 Benefits of firewalls;43
8.1.5;1.5 Enhanced privacy;46
8.1.6;1.6 Limitations of firewalls;47
8.1.7;1.7 Summary;50
8.1.8;1.8 References;52
8.2;Chapter 2. Type of Firewall Security Policy;54
8.2.1;2.1 Chapter objectives;54
8.2.2;2.2 Firewall protection;55
8.2.3;2.3 Firewall architectures;56
8.2.4;2.4 Types of firewalls;57
8.2.5;2.5 Issues;60
8.2.6;2.6 Intranet;63
8.2.7;2.7 Network trust relationships;64
8.2.8;2.8 Virtual private networks;65
8.2.9;2.9 Firewall administration;65
8.2.10;2.10 Revision/update of firewall policy;72
8.2.11;2.11 Examples of service-specific policies;74
8.2.12;2.12 Summary;79
8.2.13;2.13 References;79
8.3;Chapter 3. Firewall Types;80
8.3.1;3.1 Chapter objectives;80
8.3.2;3.2 Types of firewalls;81
8.3.3;3.3 Understanding firewall types;86
8.3.4;3.4 Firewall types drawbacks;86
8.3.5;3.5 Summary;87
8.3.6;3.6 References;88
9;Section II: Firewall Topologies;90
9.1;Chapter 4. Choosing the Right Firewall;92
9.1.1;4.1 Chapter objectives;92
9.1.2;4.2 Convergence;94
9.1.3;4.3 About packet inspection;103
9.1.4;4.4 Summary;121
9.2;Chapter 5. Defense in Depth: Firewall Topologies;124
9.2.1;5.1 Chapter objectives;124
9.2.2;5.2 Virtual private network;125
9.2.3;5.3 Firewall policies;128
9.2.4;5.4 Setting up a demilitarized zone:A VPN alternative?;131
9.2.5;5.5 Summary;141
10;Section III: Firewall Installation and Configuration;142
10.1;Chapter 6. Installation Preparation;144
10.1.1;6.1 Chapter objectives;144
10.1.2;6.2 Unbreakable walls;145
10.1.3;6.3 Selecting an operating system;146
10.1.4;6.4 Scanning for vulnerabilities;155
10.1.5;6.5 Summary;160
10.2;Chapter 7. Firewall Configuration;162
10.2.1;7.1 Chapter objectives;162
10.2.2;7.2 Defining firewall security objects;162
10.2.3;7.3 Scanning the firewall and fixing vulnerabilities;166
10.2.4;7.4 Identifying trusted and untrusted networks;173
10.2.5;7.5 Summary;176
11;Section IV: Supporting Outgoing Services Through Firewall Configuration;178
11.1;Chapter 8. Simple Policy Implementation;180
11.1.1;8.1 Chapter objectives;180
11.1.2;8.2 Policy configuration;181
11.1.3;8.3 Supporting HTTP;184
11.1.4;8.4 Dynamic content;187
11.1.5;8.5 Summary;188
11.2;Chapter 9. Complex Web Services Management;190
11.2.1;9.1 Chapter objectives;190
11.2.2;9.2 Telnet;192
11.2.3;9.3 FTP;192
11.2.4;9.4 Handling port numbers;196
11.2.5;9.5 Deploying Real Audio;201
11.2.6;9.6 Summary;203
11.3;Chapter 10. Content Filtering;206
11.3.1;10.1 Chapter objectives;206
11.3.2;10.2 Filtering out dangerous content;206
11.3.3;10.3 Summary;215
12;Section V: Secure External Services Provision;216
12.1;Chapter 11. Publicly Accessible Servers Implementation;218
12.1.1;11.1 Chapter objectives;218
12.1.2;11.2 Securing your organization’s Internet site;218
12.1.3;11.3 Separating your Internet site from your intranet;228
12.1.4;11.4 Supporting SMTP mail architectures;230
12.1.5;11.5 Summary;232
12.2;Chapter 12. Architecture Selection;234
12.2.1;12.1 Chapter objectives;234
12.2.2;12.2 Types of screened subnet architectures;234
12.2.3;12.3 Single-box architecture;244
12.2.4;12.4 Summary;246
12.3;Chapter 13. External Servers Protection;248
12.3.1;13.1 Chapter objectives;248
12.3.2;13.2 Siting external servers on a perimeter net;248
12.3.3;13.3 Deploying packet filtering to control access to your servers;256
12.3.4;13.4 Router packet filtering;257
12.3.5;13.5 Using router access control lists;258
12.3.6;13.6 Summary;258
13;Section VI: Internal IP Services Protection;260
13.1;Chapter 14. Internal IP Security Threats: Beyond the Firewall;262
13.1.1;14.1 Chapter objectives;262
13.1.2;14.2 Network threats;263
13.1.3;14.3 Organization risk assessment;267
13.1.4;14.4 Examining inside attacks;269
13.1.5;14.5 Handling new threats;270
13.1.6;14.6 Antivirus software technology: Beyond the firewall;271
13.1.7;14.7 Summary;278
13.1.8;14.8 References;278
13.2;Chapter 15. Network Address Translation Deployment;280
13.2.1;15.1 Chapter objectives;280
13.2.2;15.2 Person-to-person communication;280
13.2.3;15.3 Internet protocol telephony;281
13.2.4;15.4 Routers, firewalls, and NATs;282
13.2.5;15.5 Handling SIP;282
13.2.6;15.6 Firewall traversal/SIP NAT;283
13.2.7;15.7 Employing a Linux-based SOHO firewall solution with NAT technology;284
13.2.8;15.8 Summary;298
13.2.9;15.9 References;299
14;Section VII: Firewall Remote Access Configuration;300
14.1;Chapter 16. Privacy and Authentication Technology;302
14.1.1;16.1 Chapter objectives;302
14.1.2;16.2 Selecting cryptographic algorithms through encryption;304
14.1.3;16.3 Key management;306
14.1.4;16.4 Auditing, authentication, and authorization;307
14.1.5;16.5 High availability and load balancing;309
14.1.6;16.6 Transport and network;309
14.1.7;16.7 Encryption of multiple columns: database considerations;310
14.1.8;16.8 Summary;313
14.1.9;16.9 References;314
14.2;Chapter 17. Tunneling: Firewall-to-Firewall;316
14.2.1;17.1 Chapter objectives;316
14.2.2;17.2 Increasing risk on extranets and intranets;317
14.2.3;17.3 Openness with protection of firewall tunneling and Internet security solutions;317
14.2.4;17.4 Firewall tunneling and Internet security architecture technologies;318
14.2.5;17.5 Firewall tunneling technologies;320
14.2.6;17.6 Demilitarized zone focus;322
14.2.7;17.7 Keeping the firewall tunneling security rules up-to-date through enterprise intranets;323
14.2.8;17.8 Summary;324
14.2.9;17.9 References;326
15;Section VIII: Firewall Management;328
15.1;Chapter 18. Auditing and Logging;330
15.1.1;18.1 Chapter objectives;330
15.1.2;18.2 Auditing your firewall;330
15.1.3;18.3 Logging;333
15.1.4;18.4 Summary;339
15.1.5;18.5 References;340
15.2;Chapter 19. Firewall Administration;342
15.2.1;19.1 Chapter objectives;342
15.2.2;19.2 System administration;343
15.2.3;19.3 Managing your firewall remotely;343
15.2.4;19.4 Maintenance of a firewall;348
15.2.5;19.5 Managing firewall security;352
15.2.6;19.6 Summary;357
15.2.7;19.7 References;358
15.3;Chapter 20. Summary, Conclusions, and Recommendations;360
15.3.1;20.1 Chapter objectives;360
15.3.2;20.2 Summary;361
15.3.3;20.3 Conclusions;362
15.3.4;20.4 Recommendations;363
15.3.5;20.5 References;370
16;Section IX: Appendixes;372
16.1;A. Contributors of Firewall Software;374
16.2;B. Worldwide Survey of Firewall Products;380
16.3;C. Firewall Companies;384
16.4;D. Commercial Products or Consultants Who Sell or Service Firewalls;388
16.5;E. Establishing Your Organization’s Security;394
16.6;F. Network Interconnections: A Major Point of Vulnerability;398
16.7;G. Deterring Masqueraders and Ensuring Authenticity;402
16.8;H. Preventing Eavesdropping to Protect Your Privacy;412
16.9;I. Thwarting Counterfeiters and Forgery to Retain Integrity Through a Reverse Firewall;416
16.10;J. Avoiding Disruption of Service to Maintain Availability;422
16.11;K. Developing Your Firewall Security Policy;424
17;Glossary;428
18;Index;438
