book

Firewalls

by John R. Vacca, Scott Ellis

December 2004

Intermediate to advanced

448 pages

16h 40m

English

Digital Press

Read now

Unlock full access

Front Cover
Firewalls Jumpstart for Network and Systems Administrators
Copyright Page
Contents (1/2)
Contents (2/2)
Foreword
Introduction (1/2)
Introduction (2/2)
Acknowledgments
Section I: Overview of Firewall Technology

Chapter 1. Firewalls: What Are They?
1.1 Chapter objectives
1.2 Firewall defined
1.3 Why firewalls?
1.4 Benefits of firewalls
1.5 Enhanced privacy
1.6 Limitations of firewalls
1.7 Summary
1.8 References
Chapter 2. Type of Firewall Security Policy
2.1 Chapter objectives
2.2 Firewall protection
2.3 Firewall architectures
2.4 Types of firewalls
2.5 Issues
2.6 Intranet
2.7 Network trust relationships
2.8 Virtual private networks
2.9 Firewall administration
2.10 Revision/update of firewall policy
2.11 Examples of service-specific policies
2.12 Summary
2.13 References
Chapter 3. Firewall Types
3.1 Chapter objectives
3.2 Types of firewalls
3.3 Understanding firewall types
3.4 Firewall types drawbacks
3.5 Summary
3.6 References
Section II: Firewall Topologies
Chapter 4. Choosing the Right Firewall
4.1 Chapter objectives
4.2 Convergence (1/2)
4.2 Convergence (2/2)
4.3 About packet inspection (1/4)
4.3 About packet inspection (2/4)
4.3 About packet inspection (3/4)
4.3 About packet inspection (4/4)
4.4 Summary
Chapter 5. Defense in Depth: Firewall Topologies
5.1 Chapter objectives
5.2 Virtual private network
5.3 Firewall policies
5.4 Setting up a demilitarized zone:A VPN alternative? (1/2)
5.4 Setting up a demilitarized zone:A VPN alternative? (2/2)
5.5 Summary
Section III: Firewall Installation and Configuration
Chapter 6. Installation Preparation
6.1 Chapter objectives
6.2 Unbreakable walls
6.3 Selecting an operating system (1/2)
6.3 Selecting an operating system (2/2)
6.4 Scanning for vulnerabilities
6.5 Summary
Chapter 7. Firewall Configuration
7.1 Chapter objectives7.2 Defining firewall security objects
7.3 Scanning the firewall and fixing vulnerabilities (1/2)
7.3 Scanning the firewall and fixing vulnerabilities (2/2)
7.4 Identifying trusted and untrusted networks
7.5 Summary
Section IV: Supporting Outgoing Services Through Firewall Configuration
Chapter 8. Simple Policy Implementation
8.1 Chapter objectives
8.2 Policy configuration
8.3 Supporting HTTP
8.4 Dynamic content
8.5 Summary
Chapter 9. Complex Web Services Management
9.1 Chapter objectives
9.2 Telnet
9.3 FTP
9.4 Handling port numbers
9.5 Deploying Real Audio
9.6 Summary
Chapter 10. Content Filtering
10.1 Chapter objectives10.2 Filtering out dangerous content
10.3 Summary
Section V: Secure External Services Provision
Chapter 11. Publicly Accessible Servers Implementation
11.1 Chapter objectives11.2 Securing your organization’s Internet site
11.3 Separating your Internet site from your intranet
11.4 Supporting SMTP mail architectures
11.5 Summary
Chapter 12. Architecture Selection
12.1 Chapter objectives12.2 Types of screened subnet architectures
12.3 Single-box architecture
12.4 Summary
Chapter 13. External Servers Protection
13.1 Chapter objectives13.2 Siting external servers on a perimeter net
13.3 Deploying packet filtering to control access to your servers
13.4 Router packet filtering
13.5 Using router access control lists
13.6 Summary
Section VI: Internal IP Services Protection
Chapter 14. Internal IP Security Threats: Beyond the Firewall
14.1 Chapter objectives
14.2 Network threats
14.3 Organization risk assessment
14.4 Examining inside attacks
14.5 Handling new threats
14.6 Antivirus software technology: Beyond the firewall (1/2)
14.6 Antivirus software technology: Beyond the firewall (2/2)
14.7 Summary
14.8 References
Chapter 15. Network Address Translation Deployment
15.1 Chapter objectives15.2 Person-to-person communication
15.3 Internet protocol telephony
15.4 Routers, firewalls, and NATs
15.5 Handling SIP
15.6 Firewall traversal/SIP NAT
15.7 Employing a Linux-based SOHO firewall solution with NAT technology (1/3)
15.7 Employing a Linux-based SOHO firewall solution with NAT technology (2/3)
15.7 Employing a Linux-based SOHO firewall solution with NAT technology (3/3)
15.8 Summary
15.9 References
Section VII: Firewall Remote Access Configuration
Chapter 16. Privacy and Authentication Technology
16.1 Chapter objectives
16.2 Selecting cryptographic algorithms through encryption
16.3 Key management
16.4 Auditing, authentication, and authorization
16.5 High availability and load balancing
16.6 Transport and network
16.7 Encryption of multiple columns: database considerations
16.8 Summary
16.9 References
Chapter 17. Tunneling: Firewall-to-Firewall
17.1 Chapter objectives
17.2 Increasing risk on extranets and intranets
17.3 Openness with protection of firewall tunneling and Internet security solutions
17.4 Firewall tunneling and Internet security architecture technologies
17.5 Firewall tunneling technologies
17.6 Demilitarized zone focus
17.7 Keeping the firewall tunneling security rules up-to-date through enterprise intranets
17.8 Summary
17.9 References
Section VIII: Firewall Management
Chapter 18. Auditing and Logging
18.1 Chapter objectives18.2 Auditing your firewall
18.3 Logging (1/2)
18.3 Logging (2/2)
18.4 Summary
18.5 References
Chapter 19. Firewall Administration
19.1 Chapter objectives
19.2 System administration
19.3 Managing your firewall remotely
19.4 Maintenance of a firewall
19.5 Managing firewall security
19.6 Summary
19.7 References
Chapter 20. Summary, Conclusions, and Recommendations
20.1 Chapter objectives
20.2 Summary
20.3 Conclusions
20.4 Recommendations (1/2)
20.4 Recommendations (2/2)
20.5 References
Section IX: Appendixes
A. Contributors of Firewall Software (1/2)
A. Contributors of Firewall Software (2/2)
B. Worldwide Survey of Firewall Products
C. Firewall Companies
D. Commercial Products or Consultants Who Sell or Service Firewalls (1/2)
D. Commercial Products or Consultants Who Sell or Service Firewalls (2/2)
E. Establishing Your Organization’s Security
F. Network Interconnections: A Major Point of Vulnerability
G. Deterring Masqueraders and Ensuring Authenticity (1/2)
G. Deterring Masqueraders and Ensuring Authenticity (2/2)
H. Preventing Eavesdropping to Protect Your Privacy
I. Thwarting Counterfeiters and Forgery to Retain Integrity Through a Reverse Firewall (1/2)
I. Thwarting Counterfeiters and Forgery to Retain Integrity Through a Reverse Firewall (2/2)
J. Avoiding Disruption of Service to Maintain Availability
K. Developing Your Firewall Security Policy
Glossary (1/2)
Glossary (2/2)
Index (1/3)
Index (2/3)
Index (3/3)

Content preview from Firewalls

dangerous as the Internet. A simple litmus test to distinguish a

trusted network from an untrusted one includes the following:

■ Sensitivity of data: segregate sensitive data

■ Promiscuity of user base: Multiple, potentially anonymous users

on a single machine in a single day would be a highly promiscuous

machine.

■ Uncontrolled access to machines: A reception computer may not

be a trusted network device.

■ Risky software development practices. Isolate!

■ Unsecured previously known compromised areas

Organize the network accordingly. From a chaotic mash of

trusted and untrusted computers, multiple networks can emerge.

Subsequent organization and policy mapping ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781555582975

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Firewalls

by John R. Vacca, Scott Ellis

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Firewall Fundamentals

Network Security, Firewalls, and VPNs

Web Application Firewalls

Network Security with pfSense

Publisher Resources