Firewall Policies and VPN Configurations
- 1st Edition - September 21, 2006
- Imprint: Syngress
- Authors: Syngress, Dale Liu, Stephanie Miller, Mark Lucas, Abhishek Singh, Jennifer Davis
- Language: English
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 5 0 6 5 1 - 7
A firewall is as good as its policies and the security of its VPN connections. The latest generation of firewalls offers a dizzying array of powerful options; they key to success… Read more
Purchase options
A firewall is as good as its policies and the security of its VPN connections. The latest generation of firewalls offers a dizzying array of powerful options; they key to success is to write concise policies that provide the appropriate level of access while maximizing security.
This book covers the leading firewall products: Cisco PIX, Check Point NGX, Microsoft ISA Server, Juniper’s NetScreen Firewall, and SonicWall. It describes in plain English what features can be controlled by a policy, and walks the reader through the steps for writing the policy to fit the objective. Because of their vulnerability and their complexity, VPN policies are covered in more depth with numerous tips for troubleshooting remote connections.
This book covers the leading firewall products: Cisco PIX, Check Point NGX, Microsoft ISA Server, Juniper’s NetScreen Firewall, and SonicWall. It describes in plain English what features can be controlled by a policy, and walks the reader through the steps for writing the policy to fit the objective. Because of their vulnerability and their complexity, VPN policies are covered in more depth with numerous tips for troubleshooting remote connections.
· The only book that focuses on creating policies that apply to multiple products.
· Included is a bonus chapter on using Ethereal, the most popular protocol analyzer, to monitor and analyze network traffic.
· Shows what features can be controlled by a policy, and walks you through the steps for writing the policy to fit the objective at hand
· Included is a bonus chapter on using Ethereal, the most popular protocol analyzer, to monitor and analyze network traffic.
· Shows what features can be controlled by a policy, and walks you through the steps for writing the policy to fit the objective at hand
This book covers the top 5 market leading firewalls: Cisco PIX, Check Point NGX, Microsoft ISA Server, Juniper’s NetScreen Firewall, and SonicWall. System administrators and security professionals working with any of these five products are potential customers for this book.
- Acknowledgments
- Technical Editor
- Contributing Authors
- Part I: Security Policy
- Chapter 1: Network Security Policy
- Introduction
- Defining Your Organization
- Different Access for Different Organizations
- Untrusted Networks
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 2: Using Your Policies to Create Firewall and VPN Configurations
- Introduction
- What Is a Logical Security Configuration?
- Planning Your Logical Security Configuration
- Writing Logical Security Configurations
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 1: Network Security Policy
- Part II: Firewall Concepts
- Chapter 3: Defining a firewall
- Introduction
- Why Have Different Types of Firewalls?
- Back to Basics—Transmission Control Protocol/Internet Protocol
- Firewall Types
- Application Proxy
- Gateway
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 4: Deciding on a Firewall
- Introduction
- Appliance/Hardware Solution
- Software Solutions
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 3: Defining a firewall
- Part III: VPN Concepts
- Chapter 5: Defining a VPN
- Introduction
- What Is a VPN?
- Public Key Cryptography
- IPSec
- SSL VPNs
- Layer 2 Solutions
- SSH Tunnels
- Technical Description
- Others
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 6: Deciding on a VPN
- Introduction
- Appliance / Hardware Solution
- Software Solutions
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 5: Defining a VPN
- Part IV: Implementing Firewalls and VPNs (Case Studies)
- Chapter 7: IT Infrastructure Security Plan
- Introduction
- Infrastructure Security Assessment
- Project Parameters
- Project Team
- Project Organization
- Project Work Breakdown Structure
- Project Risks and Mitigation Strategies
- Project Constraints and Assumptions
- Project Schedule and Budget
- IT Infrastructure Security Project Outline
- Summary
- Solutions Fast Track
- Chapter 8: Case Study: SOHO (Five Computers, Printer, Servers, etc.)
- Introduction
- Determining More Information with lsof
- Employing a Firewall in a SOHO Environment
- Introducing the SOHO Firewall Case Study
- Designing the SOHO Firewall
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 9: Medium Business (< 2000 People)
- Introduction
- Mapping Your Systems
- Improving Accountability with Identity Management
- VPN Connectivity
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 7: IT Infrastructure Security Plan
- Index
- Edition: 1
- Published: September 21, 2006
- Imprint: Syngress
- Language: English
DL
Dale Liu
Dale Liu, (MCSE Security, CISSP, MCT, IAM/IEM, CCNA) has been working in the computer and networking field for over 20 years. Dale's experience ranges from programming to networking to information security and project management. He currently teaches networking, routing and security classes, while working in the field performing security audits and infrastructure design for medium to large companies.
Affiliations and expertise
Dale Liu, (MCSE Security, CISSP, MCT, IAM/IEM, CCNA) has been working in the computer and networking field for over 20 years. Dale's experience ranges from programming to networking to information security and project management. He currently teaches networking, routing and security classes, while working in the field performing security audits and infrastructure design for medium to large companies.AS
Abhishek Singh
Abhishek Singh is a Security Researcher on the Microsoft Malware Protection Center (MMPC) team, where he performs analysis of vulnerabilities to develop signatures. He was previously employed with Symantec as a Senior Software Engineer. He was also one of the initial technical members of the Third Brigade Security Center, now part of Trend Micro. He has also worked for SafeNet.
Abhishek was a leading inventor of various patent pending technologies in IDS/IPS and an algorithm for faster analysis of binaries and two-factor authentication. He served as Technical Editor for "Vulnerability Analysis and Defense for the Internet" and "Identifying Malicious Code Through Reverse Engineering." He has published Internet Drafts and security-related papers in primer journals and for various conferences.
Abhishek holds a Master of Science in Information Security and a Master of Science in Computer Science, both from the College of Computing, Georgia Institute of Technology and a B.Tech. in Electrical Engineering from Institute of Technology, BHU, India.
Affiliations and expertise
Security Researcher on the Microsoft Malware Protection Center (MMPC) teamRead Firewall Policies and VPN Configurations on ScienceDirect