Book description
The Second Edition of the Best Damn Firewall Book Period is completely revised and updated to include all of the most recent releases from Microsoft, Cisco, Juniper Network, and Check Point.Compiled from the best of the Syngress firewall library and authored by product experts such as Dr. Tom Shinder on ISA Server, this volume is an indispensable addition to a serious networking professionals toolkit.
Coverage includes migrating to ISA Server 2006, integrating Windows Firewall and Vista security into your enterprise, successfully integrating Voice over IP applications around firewalls, and analyzing security log files.
Sections are organized by major vendor, and include hardware, software and VPN configurations for each product line.
New to this Edition:
- Microsoft firewall protection, from Windows Firewall to ISA Server 2006
- Cisco PIX Version 7, including VPN configuration and IDS
- Analyzing Firewall Logs and Reports
- VoIP and Firewall Bypassing
Table of contents
- Copyright
- Contributing Authors
- 1. Installing Check Point NGX
-
2. SmartDashboard and SmartPortal
- Introduction
- A Tour of the Dashboard
- New in SmartDashboard NGX
- Your First Security Policy
- Other Useful Controls on the Dashboard
- Managing Connectra and Interspect Gateways
- SmartPortal
- Summary
- 3. Smart View Tracker
-
4. SmartDefense and Web Intelligence
- Introduction
- Network Security
- Application Intelligence
- Malicious Code
- Protocol Inspection
- DShield Storm Center
- Summary
- 5. Network Address Translation
-
6. Authentication
- Introduction
- Authentication Overview
- Users and Administrators
- User Authentication
-
Session Authentication
-
Configuring Session Authentication in the Rulebase
- SessionAuth | Edit Properties | General | Source
- SessionAuth | Edit Properties | General | Destination
- SessionAuth | Edit Properties | General | Contact Agent At
- SessionAuth | Edit Properties | General | Accept only SecuRemote/SecureClient Encrypted Connections
- SessionAuth | Edit Properties | General | Single Sign-On
- Configuring Session Authentication Encryption
- The Session Authentication Agent
- Interacting with Session Authentication
-
Configuring Session Authentication in the Rulebase
-
Client Authentication
-
Configuring Client Authentication in the Rulebase
- ClientAuth | Edit Properties | General | Source
- ClientAuth | Edit Properties | General | Destination
- ClientAuth | Edit Properties | General | Apply Rule Only if Desktop Configuration Options Are Verified
- ClientAuth | Edit Properties | General | Required Sign-In
- ClientAuth | Edit Properties | General | Sign-On Method
- General | Successful Authentication Tracking
- Limits | Authorization Timeout
- Limits | Number of Sessions Allowed
- Advanced Topics
- Installing the User Database
-
Configuring Client Authentication in the Rulebase
- Summary
- 7. Content Security and OPSEC
- 8. VPN
- 9. SecuRemote, SecureClient, and Integrity
-
10. Adaptive Security Device Manager
- Introduction
- Features, Limitations, and Requirements
- Installing, Configuring, and Launching ASDM
-
Configuring the PIX Firewall Using ASDM
- Using the Startup Wizard
-
Configuring System Properties
- The AAA Menu
- The Advanced Menu
- The ARP Static Table Menu
- The Auto Update Menu
- The DHCP Services Menu
- The DNS Client Menu
- The Failover Menu
- The History Metrics Category
- The IP Audit Menu
- The Logging Menu
- The Priority Queue Category
- The SSL Category
- The SunRPC Server Category
- The URL Filtering Category
- Configuring VPNs Using ASDM
- Summary
-
11. Application Inspection
- New Features in PIX 7.0
- Supporting and Securing Protocols
- Application Layer Protocol Inspection
- Summary
- 12. Filtering, Intrusion Detection, and Attack Management
- 13. Services
-
14. Configuring Authentication, Authorization, and Accounting
- Introduction
- Introducing AAA Concepts
- AAA Servers
- Configuring Console Authentication
- Configuring Command Authorization
- Configuring TACACS+ and RADIUS Console Authentication
- Configuring Authentication for Traffic through the Firewall
- Configuring Authorization for Traffic through the Firewall
- Configuring Accounting for Traffic through the Firewall
- Summary
- 15. PIX Firewall Management
-
16. Configuring Virtual Private Networking
- Introduction
- What’s New in PIX 7.0
- Configuring a Site-to-Site VPN
-
Remote Access—Configuring Support for the Cisco Software VPN Client
- Enabling IKE and Creating an ISAKMP Protection Suite
- Defining a Transform Set
- Crypto Maps
- Tunnel Groups and Group Policies
- Address Pool Configuration
- Split Tunneling
- NAT Issues
- Authentication against Radius, TACACS+, SecurID, or Active Directory
- Automatic Client Update
- Configuring Client Firewall Requirements
- Sample Configurations of PIX and VPN Clients
- Summary
-
17. ISA Server 2006 Client Types and Automating Client Provisioning
- Introduction
-
Understanding ISA Server 2006 Client Types
- Understanding the ISA Server 2006 SecureNAT Client
-
Understanding the ISA Server 2006 Firewall Client
- Allows Strong User/Group-Based Authentication for All Winsock Applications Using TCP and UDP Protocols
- Allows User and Application Information to be Recorded in the ISA Server 2006 Firewall’s Log Files
- Provides Enhanced Support for Network Applications, Including Complex Protocols That Require Secondary Connections
- Provides “Proxy” DNS Support for Firewall Client Machines
- The Network Routing Infrastructure Is Transparent to the Firewall Client
- How the Firewall Client Works
- Installing the Firewall Client Share
- Installing the Firewall Client
- Firewall Client Configuration
- Client Side Firewall Client Settings
- Firewall Client Configuration Files
- Firewall Client Configuration at the ISA Server 2006 Firewall
-
ISA Server 2006 Web Proxy Client
- Improved Performance for the Firewall Client and SecureNAT Client Configuration for Web Access
- Ability to Use the Autoconfiguration Script to Bypass Sites Using Direct Access
- Allows You to Provide Web Access (HTTP/HTTPS/FTP Download) without Enabling Users Access to Other Protocols
- Allows You to Enforce User/Group-based Access Controls Over Web Access
- Allows you to Limit the Number of Outbound Web Proxy Client Connections
- Supports Web Proxy Chaining, Which Can Further Speed Up Internet Access
- ISA Server 2006 Multiple Client Type Configuration
- Deciding on an ISA Server 2006 Client Type
- Automating ISA Server 2006 Client Provisioning
- Automating Installation of the Firewall Client
- Summary
-
18. Installing and Configuring the ISA Firewall Software
- Pre-installation Tasks and Considerations
- Performing a Clean Installation on a Multihomed Machine
- Default Post-installation ISA Firewall Configuration
- The Post-installation System Policy
- Performing a Single NIC Installation (Unihomed ISA Firewall)
- Quick Start Configuration for ISA Firewalls
- Hardening the Base ISA Firewall Configuration and Operating System
- Summary
-
19. Creating and Using ISA 2006 Firewall Access Policy
- ISA Firewall Access Rule Elements
-
Configuring Access Rules for Outbound Access through the ISA Firewall
- The Rule Action Page
- The Protocols Page
- The Access Rule Sources Page
- The Access Rule Destinations Page
- The User Sets Page
- Access Rule Properties
- The Access Rule Context Menu Options
- Configuring RPC Policy
- Configuring FTP Policy
- Configuring HTTP Policy
- Ordering and Organizing Access Rules
- How to Block Logging for Selected Protocols
- Disabling Automatic Web Proxy Connections for SecureNAT Clients
-
Using Scripts to Populate Domain Name Sets
- Using the Import Scripts
- Extending the SSL Tunnel Port Range for Web Access to Alternate SSL Ports
- Avoiding Looping Back through the ISA Firewall for Internal Resources
- Anonymous Requests Appear in Log File Even When Authentication is Enforced For Web (HTTP Connections)
- Blocking MSN Messenger using an Access Rule
- Allowing Outbound Access to MSN Messenger via Web Proxy
- Changes to ISA Firewall Policy Only Affects New Connections
- Allowing Intradomain Communications through the ISA Firewall
- Summary
-
20. Creating Remote Access and Site-to-Site VPNs with ISA Firewalls
-
Overview of ISA Firewall VPN Networking
- Firewall Policy Applied to VPN Client Connections
- Firewall Policy Applied to VPN Site-to-Site Connections
- VPN Quarantine
- User Mapping of VPN Clients
- SecureNAT Client Support for VPN Connections
- Site-to-Site VPN Using Tunnel Mode IPSec
- Publishing PPTP VPN Servers
- Pre-shared Key Support for IPSec VPN Connections
- Advanced Name Server Assignment for VPN Clients
- Monitoring of VPN Client Connections
- An Improved Site-to-Site Wizard (New ISA 2006 feature)
- The Create Answer File Wizard (New ISA 2006 feature)
- The Branch Office Connectivity Wizard (New ISA 2006 feature)
- The Site-to-Site Summary (New ISA 2006 feature)
- Creating a Remote Access PPTP VPN Server
- Creating a Remote Access L2TP/IPSec Server
-
Creating a PPTP Site-to-Site VPN
- Create the Remote Site Network at the Main Office
- The Network Rule at the Main Office
- The Access Rules at the Main Office
- Create the VPN Gateway Dial-in Account at the Main Office
- Create the Remote Site Network at the Branch Office
- The Network Rule at the Branch Office
- The Access Rules at the Branch Office
- Create the VPN Gateway Dial-in Account at the Branch Office
- Activate the Site-to-Site Links
-
Creating an L2TP/IPSec Site-to-Site VPN
- Enable the System Policy Rule on the Main Office Firewall to Access the Enterprise CA
- Request and Install a Certificate for the Main Office Firewall
- Configure the Main Office ISA Firewall to use L2TP/IPSec for the Site-to-Site Link
- Enable the System Policy Rule on the Branch Office Firewall to Access the Enterprise CA
- Request and Install a Certificate for the Branch Office Firewall
- Configure the Branch Office ISA Firewall to use L2TP/IPSec for the Site-to-Site Link
- Activate the L2TP/IPSec Site-to-Site VPN Connection
- Configuring Pre-shared Keys for Site-to-Site L2TP/IPSec VPN Links
- IPSec Tunnel Mode Site-to-Site VPNs with Downlevel VPN Gateways
-
Using RADIUS for VPN Authentication and Remote Access Policy
- Configure the Internet Authentication Services (RADIUS) Server
- Create a VPN Clients Remote Access Policy
- Remote Access Permissions and Domain Functional Level
- Changing the User Account Dial-in Permissions
- Changing the Domain Functional Level
- Controlling Remote Access Permission via Remote Access Policy
- Enable the VPN Server on the ISA Firewall and Configure RADIUS Support
- Create an Access Rule Allowing VPN Clients Access to Approved Resources
- Make the Connection from a PPTP VPN Client
- Using EAP User Certificate Authentication for Remote Access VPNs
- Supporting Outbound VPN Connections through the ISA Firewall
- Installing and Configuring the DHCP Server and DHCP Relay Agent on the ISA Firewall
- Summary
-
Overview of ISA Firewall VPN Networking
-
21. ISA 2006 Stateful Inspection and Application Layer Filtering
- Introduction
- Application Filters
-
Web Filters
- The HTTP Security Filter (HTTP Filter)
- The ISA Server Link Translator
- The Web Proxy Filter
- The OWA Forms-Based Authentication Filter
- The RADIUS Authentication Filter
- IP Filtering and Intrusion Detection/Intrusion Prevention
- Summary
-
22. Deploying NetScreen Firewalls
- Introduction
- Managing the NetScreen Firewall
- Configuring NetScreen
- Configuring Your NetScreen for the Network
- Configuring System Services
- Resources
- Summary
- 23. Policy Configuration
- 24. User Authentication
- 25. Routing
- 26. Address Translation
Product information
- Title: The Best Damn Firewall Book Period, 2nd Edition
- Author(s):
- Release date: April 2011
- Publisher(s): Syngress
- ISBN: 9780080556871
You might also like
book
Ethernet Networking for the Small Office and Professional Home Office
In a local area network (LAN) or intranet, there are many pieces of hardare trying to …
book
CCNA Cloud CLDADM 210-455 Official Cert Guide
Learn, prepare, and practice for CCNA Cloud CLDADM 210-455 exam success with this Official Cert Guide …
book
802.11 Wireless Network Site Surveying and Installation
The definitive guide to performing wireless network site surveys, selecting the right wireless equipment, and installing …
book
SOHO Networking: A Guide to Installing a Small-Office/Home-Office Network
Choose the right network-wired or wireless Set up your hardware and Windows networking—step by step! Share …