book

Network Security, Firewalls, and VPNs, 3rd Edition

Name: Network Security, Firewalls, and VPNs, 3rd Edition
ISBN: 9781284183696

by J. Michael Stewart, Denise Kinsey

October 2020

Intermediate to advanced

481 pages

17h 35m

English

Jones & Bartlett Learning

Read now

Unlock full access

Cover
Title Page
Copyright Page
Dedication
Brief Contents
Contents
Preface
Acknowledgments
About the Authors
CHAPTER 1 Fundamentals of Network Security

What Is Network Security?
What Is Trust?Who—or What—Is Trustworthy?What Are Security Objectives?
What Are You Trying to Protect?
Seven Domains of a Typical IT Infrastructure
Goals of Network Security
How Can You Measure the Success of Network Security?
Why Are Written Network Security Policies Important?
Planning for the Worst
Who Is Responsible for Network Security?
Enhancing the Security of Wired Versus Wireless LAN Infrastructures
Internal and External Network Issues
Common Network Security Components Used to Mitigate Threats
Hosts and NodesFirewallsVirtual Private NetworksProxy ServersNetwork Address TranslationThe Domain Name SystemDirectory ServicesIntrusion Detection Systems and Intrusion Prevention SystemsNetwork Access Control
TCP/IP Basics
OSI Reference ModelSub-ProtocolsHeaders and PayloadsFiltering on Addresses
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 1 ASSESSMENT
CHAPTER 2 Network Security Threats
Hackers and Their Motivation
Favorite Targets of Hackers
Threats from Internal Personnel and External Entities
The Hacking Process
ReconnaissanceScanningEnumerationAttackingPost-Attack Activities
Common IT Infrastructure Threats
Hardware Failures and Other Physical ThreatsNatural DisastersAccidents
Malicious Code (Malware)
Advanced Persistent Threat
Fast Growth and Overuse
Wireless Versus Wired
Eavesdropping
Hijack and Replay Attacks
Insertion Attacks
Fragmentation Attacks
Buffer Overflows
Session Hijacking, Spoofing, and Man-in-the-Middle Attacks
Session HijackingSpoofing AttacksMan-in-the-Middle Attacks
Covert Channels
Network and Resource Availability Threats
Denial of Service (DoS)Distributed Denial of Service (DDoS)
Hacker Tools
Social Engineering
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 2 ASSESSMENT
CHAPTER 3 Common Network Topologies and Infrastructures
What Is a Network Topology?
Types of Network Devices
What Differentiates Logical and Physical Topologies?
Types of Physical TopologiesLogical TopologyCreating Logical Topologies
Differences Between Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6)
IPSec and IPv6
Examples of Network Infrastructures and Related Security Concerns
WorkgroupsSOHO NetworksClient/Server NetworksLAN Versus WANThin Clients and Terminal ServicesRemote Control, Remote Access, and VPNBoundary Networks
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 3 ASSESSMENT
CHAPTER 4 Network Design Considerations
Network Design and Defense in Depth
Achieving Defense in Depth through LayeringPlanning for ScalabilityWorking with Senior Management
Protocols
Common Types of Addressing
IPv6
Controlling Communication Pathways
Router ConfigurationEncrypted ProtocolsPhysical Access ManagementFiltering
Intrusion Detection Systems and Intrusion Prevention Systems
Hardening Systems
Equipment Selection
Authentication, Authorization, and Accounting
Communication Encryption
Hosts: Local-Only or Remote and Mobile
Redundancy
Endpoint Security
ClientsServersRoutersSwitchesFirewalls and Proxies
Risk Assessment and Management
What Are Zones of Risk?
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 4 ASSESSMENT
CHAPTER 5 Firewall Fundamentals
What Is a Firewall?
What Firewalls Cannot Do
Why Do You Need a Firewall?
How Firewalls Work and What Firewalls Do
Types of Firewalls
Individual and SOHO Firewall Options
Managing the Firewall on an ISP Connection DeviceConverting a Home Router into a Firewall
Uses for Host Software Firewalls
Examples of Software Firewall ProductsUsing Windows 10’s Host Software FirewallUsing a Linux Host Software Firewall
Uses for Commercial Software Network Firewalls
Uses for Hardware/Appliance Firewalls
Next-Generation Firewalls
What Are Virtual Firewalls?
Dual-Homed and Triple-Homed Firewalls
Ingress and Egress Filtering
Types of Filtering
Static Packet FilteringStateful Inspection and Dynamic Packet FilteringNetwork Address TranslationApplication ProxyCircuit ProxyContent Filtering
Selecting the Right Firewall for Your Needs
The Difference Between Buying and Building a Firewall
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 5 ASSESSMENT
CHAPTER 6 Firewall Implementation
Examining Your Network and Its Security Needs
What to Protect and WhyPreserving Privacy
Proper Firewall Implementation Procedure
Constructing, Configuring, and Managing a Firewall
pfSense
pfSense Requirements
Planning a Firewall Implementation with pfSense
Firewalling a Small Organization: Packet Filtering or Application-Level Firewall, a Proxy ImplementationFirewalling Medium and Large Organizations: Application-Level Firewall and Packet Filtering, a Hybrid SystemFirewalling in a Subnet Architecture
Installing the pfSense Firewall
Configuring a Firewall with pfSense
Elements of Firewall Deployment
Testing and Troubleshooting
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 6 ASSESSMENT
CHAPTER 7 Firewall Deployment Considerations
Common Security Strategies for Firewall Deployments
Security Through ObscurityLeast PrivilegeSimplicityDefense in DepthDiversity of DefenseChokepointWeakest LinkFail-SafeForced Universal Participation
Authentication, Authorization, and Accounting
Placement of Network Hardware Firewalls
Benefit and Purpose of Reverse Proxy
Use and Benefit of Port Forwarding
Considerations for Selecting a Bastion Host OS
Monitoring and Logging
Understanding and Interpreting Firewall Logs and Alerts
Intrusion Detection Systems and Intrusion Prevention Systems
Security Event and Information Management
Evaluating Needs and Solutions in Designing Security
What Happens When Security Gets in the Way of Doing Business?
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 7 ASSESSMENT
CHAPTER 8 Configuring Firewalls
Firewall Rules
Inbound and Outbound CommunicationsAccess Control Lists
Composing Firewall Rules
Ordering Firewall Rules
What Should You Allow and What Should You Block?
Essential Elements of a Firewall Policy
Limitations of Firewalls
Improving Performance
The Downside of Encryption with Firewalls
Firewall Enhancements
Management Interfaces
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 8 ASSESSMENT
CHAPTER 9 VPN Fundamentals
What Is a Virtual Private Network?
What Are the Benefits of Deploying a VPN?
What Are the Limitations of a VPN?
What Are Effective VPN Policies?
VPN Deployment Models and Architecture
VPN Deployment ModelsVPN Architectures
Tunnel Versus Transport Mode
The Relationship Between Encryption and VPNs
Symmetric CryptographyAsymmetric CryptographyHashingEstablishing VPN Connections with CryptographyDigital Certificates
What Is VPN Authentication?
What Is VPN Authorization?
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 9 ASSESSMENT
CHAPTER 10 VPN Management
VPN Management Best Practices
Build in RedundancyChoose the Right VPN Product for Your EnvironmentDevelop a VPN PolicyProhibit Split TunnelingEnsure Client SecurityPractice Vulnerability ManagementUse Multifactor AuthenticationDocument Your Implementation PlanMonitor VPN AvailabilityPerform Regular Reviews, Backups, and Updates
Developing a VPN Policy
Developing a VPN Deployment Plan
Bypass DeploymentInternally Connected DeploymentDMZ-Based Implementation
VPN Threats and Exploits
Commercial Versus Open-Source VPNs
Differences Between Personal and Enterprise VPNs
Balancing Anonymity and Privacy
Protecting VPN Security to Support Availability
The Importance of User Training
VPN Troubleshooting
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 10 ASSESSMENT
CHAPTER 11 VPN Technologies
Differences Between Software and Hardware Solutions
Software VPNsHardware VPNs
Differences Between Layer 2 and Layer 3 VPNs
Internet Protocol Security (IPSec)
Layer 2 Tunneling Protocol (L2TP)
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
SSL/TLS and VPNs
Secure Shell (SSH) Protocol
Establishing Performance and Stability for VPNs
PerformanceStability
Using VPNs with Network Address Translation (NAT)
Types of Virtualization
Desktop VirtualizationSSL VPN Virtualization
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 11 ASSESSMENT
CHAPTER 12 VPN Implementation
Operating System–Based VPNs
VPN Appliances
Configuring a Typical VPN ApplianceClient-Side Configuration
Remote Desktop Protocol
Using Remote Control Tools
Using Remote Access
The Technology for Remote UseChoosing Between IPSec and SSL/TLS Remote Access VPNs
Remote Desktop Services
RD RemoteAppRD Web AccessRDS and Hosted Services
Microsoft DirectAccess
DMZ, Intranet, and Extranet VPN Solutions
Intranet VPNsExtranet VPNs
Internet Café VPNs
Online Remote VPN Options
SecurityWake-on-LAN SupportFile SharingRemote PrintingMac and Mobile Device Support
The Tor Application
Planning a VPN Implementation
Download and Verify Installation FilesInstallation TipsConfiguring OpenVPNRunning OpenVPNTesting and TroubleshootingOpenVPN Private Tunnel
VPN Implementation Best Practices
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 12 ASSESSMENT
CHAPTER 13 Firewall Security Management
Best Practices for Firewall Management
Security Measures in Addition to a Firewall
Mitigating Firewall Threats and Exploits
Concerns Related to Tunneling Through or Across a Firewall
Testing Firewall Security
Important Tools for Managing and Monitoring a Firewall
Troubleshooting Firewalls
Detecting Firewall Threats and Responding to Incidents
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 13 ASSESSMENT
CHAPTER 14 Best Practices for Network Security Management
Essentials of Network Security Management
Network Security Management Tools
Security Plan and Security PolicySecurity Checklist
Limiting Network Access and Implementing Encryption
Physical Security
Techniques for Preventing and Deterring Incidents
Imposing CompartmentalizationUsing Honeypots, Honeynets, and Padded CellsAntivirus, Monitoring, and Other Host Security ControlsBackup and RecoveryUser Training, Security Awareness, and Ongoing Education
Incident Response
PreparationDetection and AnalysisContainmentEradicationRecoveryPost-Incident Follow-Up
Fail-Secure, Fail-Open, and Fail-Close Options
Network Security Assessments and Testing
Security AssessmentConfiguration ScansVulnerability ScanningPenetration TestingPost-Mortem Assessment Review
Change Management
Compliance Auditing
Network Security Troubleshooting
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 14 ASSESSMENT
CHAPTER 15 Emerging Technology and Regulatory Considerations
What the Future Holds for Network Security, Firewalls, and VPNs
ThreatsFirewall CapabilitiesEncryptionAuthenticationMetricsFocusSecuring the CloudSecuring Mobile DevicesInternet of ThingsMobile IPBring Your Own Device (BYOD)
Resource Sites for Network Security, Firewalls, and VPNs
Firewall VendorsVirtual Private Network VendorsNetwork Security WebsitesNetwork Security Magazine Websites
Tools for Network Security, Firewalls, and VPNs
Commercial Off-the-Shelf (COTS) SoftwareOpen-Source Applications and Tools
The Vanishing Network Perimeter
The Impact of Ubiquitous Wireless and Mobile ConnectivityMaking Wireless and Mobile Connectivity More Secure
Potential Uses of Security Technologies
Regulations and Compliance
Specialized Firewalls
Emerging Network Security Technologies
Data Leakage PreventionBiometricsVirtualization SecurityIP Version 6VPNs, Firewalls, and Virtualization
CHAPTER SUMMARY
KEY CONCEPTS AND TERMSCHAPTER 15 ASSESSMENT
APPENDIX A Answer Key
APPENDIX B Standard Acronyms
Glossary of Key Terms
References
Index

Overview

PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Network Security, Firewalls, and VPNs, Third Edition provides a unique, in-depth look at the major business challenges and threats that are introduced when an organization’s network is connected to the public Internet. Written by industry experts, this book provides a comprehensive explanation of network security basics, including how hackers access online networks and the use of Firewalls and VPNs to provide security countermeasures. Using examples and exercises, this book incorporates hands-on activities to prepare the reader to disarm threats and prepare for emerging technologies and future attacks. Key Features: -Introduces the basics of network security—exploring the details of firewall security and how VPNs operate -Illustrates how to plan proper network security to combat hackers and outside threats -Discusses firewall configuration and deployment and managing firewall security -Identifies how to secure local and internet communications with a VPN Instructor Materials for Network Security, Firewalls, VPNs include: PowerPoint Lecture Slides Exam Questions Case Scenarios/Handouts About the Series This book is part of the Information Systems Security and Assurance Series from Jones and Bartlett Learning. Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinking—putting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow, as well.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide

Publisher Resources

ISBN: 9781284183696

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Network Security, Firewalls, and VPNs, 3rd Edition

by J. Michael Stewart, Denise Kinsey

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide

VPNs Illustrated: Tunnels, VPNs, and IPsec

CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide, 2nd Edition

Mastering Linux Security and Hardening - Third Edition

Publisher Resources