Title:
Check point VPN-1/firewall-1 NG : administration
Personal Author:
Publication Information:
New York : McGraw-Hill/Osborne, 2003
ISBN:
9780072223422
Added Author:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010025469 | TK5105.59 S52 2003 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Shows network administrators and engineers the essentials of installing, running, and troubleshooting the Nokia VPN-1/FireWall-1 enterprise system. This work includes case studies and ready-to-use applications, and a CD-ROM with sample software and solutions.
Table of Contents
| Acknowledgments | p. xvii |
| Introduction | p. xix |
| 1 The Internet and the Need for Security | p. 1 |
| History of the Internet | p. 2 |
| TCP/IP | p. 4 |
| Internet Security | p. 15 |
| Checklist: Key Points in the Internet and the Need for Security | p. 25 |
| 2 What's New in VPN-1/FireWall-1 NG | p. 27 |
| What's Changed Since 4.1 | p. 28 |
| Feature Packs | p. 32 |
| Checklist: Key Points in What's New in VPN-1/FireWall-1 NG | p. 43 |
| 3 VPN-1/FireWall-1 NG Architecture | p. 45 |
| Fundamentals of Extranet Security | p. 46 |
| Using Firewalls for Extranet Protection | p. 47 |
| Securing Networks, Systems, Applications and Users | p. 49 |
| Firewalls: from Packet Filters to Stateful Inspection | p. 52 |
| Selecting a Firewall for Today's Networks | p. 57 |
| How VPN-1/FireWall-1 NG Works | p. 61 |
| The Virtual Private Network | p. 67 |
| Checklist: Key Points in VPN-1/FireWall-1 NG Architecture | p. 71 |
| 4 Solaris VPN-1/FireWall-1 NG Installation and Setup | p. 73 |
| Installing a VPN-1/FireWall-1 NG on Solaris | p. 74 |
| Installing VPN-1/FireWall-1 NG | p. 86 |
| Locating the Installation Directories | p. 95 |
| Checklist: Key Points in Solaris VPN-1/FireWall-1 NG Installation and Setup | p. 97 |
| 5 Windows NT/2000 VPN-1/FireWall-1 NG Installation and Setup | p. 99 |
| Installing VPN-1/FireWall-1 NG on Windows | p. 101 |
| Installing VPN-1/FireWall-1 NG | p. 107 |
| Locating the Installation Directories | p. 115 |
| Checklist: Key Points in Windows NT/2000 VPN-1/FireWall-1 NG Installation and Setup | p. 116 |
| 6 Red Hat Linux VPN-1/FireWall-1 NG Installation and Setup | p. 117 |
| Background | p. 118 |
| Installing VPN-1/FireWall-1 on Linux | p. 120 |
| Installing VPN-1/FireWall-1 NG | p. 127 |
| Checklist: Key Points in Red Hat Linux VPN-1/FireWall-1 NG Installation and Setup | p. 135 |
| 7 Nokia Appllance VPN-1/FireWall-1 NG Installation and Setup | p. 137 |
| Background | p. 138 |
| Installing VPN-1/FireWall-1 NG on Nokia | p. 139 |
| Locating the Installation Directories | p. 154 |
| Checklist: Key Points in Nokia Appliance VPN-1/FireWall-1 NG Installation and Setup | p. 154 |
| 8 Setting Up Security Policy Rule Base and Properties | p. 157 |
| Security Policy Defined | p. 158 |
| Checklist: Key Points in Setting Up a Security Policy Rule Base and Properties | p. 185 |
| 9 Working with the Security Policy | p. 187 |
| Assessing Fiction Corporation's Security | p. 189 |
| Masking Rules | p. 194 |
| Querying the Rule Base | p. 196 |
| Naming Sections | p. 200 |
| Tracking and Revision Control | p. 200 |
| Disabling Rules and Negating Objects | p. 202 |
| Uninstalling the Security Policy | p. 205 |
| Improving Performance with the Security Policy | p. 205 |
| A Word about Visual Policy Editor | p. 206 |
| Checklist: Key Points in Working with the Security Policy | p. 208 |
| 10 Log Viewer and System Status Viewer | p. 209 |
| Log Viewer | p. 210 |
| Reducing the Noise in Logs | p. 219 |
| Activity Logged as Rule 0 | p. 222 |
| SmartView Tracker (FP3) | p. 222 |
| System Status Viewer | p. 225 |
| SmartView Status | p. 227 |
| Integration with Enterprise Network Management | p. 229 |
| Checklist: Key Points in Log Viewer and System Status Viewer | p. 229 |
| 11 Tracking and Alerts | p. 231 |
| Tracking | p. 232 |
| Checklist: Key Points in Tracking and Alerts | p. 238 |
| 12 VPN-1/FireWall-1 NG Authentication | p. 239 |
| Supported Authentication Schemes | p. 240 |
| Creating Users and Groups | p. 240 |
| External Authentication Servers | p. 241 |
| Stealth Authentication | p. 242 |
| User Authentication | p. 242 |
| Client Authentication | p. 244 |
| Session Authentication | p. 246 |
| Fiction Corporation Example | p. 246 |
| UserAuthority | p. 248 |
| Checklist: Key Points in VPN-1/FireWall-1 NG Authentication | p. 249 |
| 13 Network Address Translation (NAT) | p. 251 |
| IP Address Issues | p. 254 |
| Efficient Use of Registered IP Addresses | p. 256 |
| Address Translation and Routing | p. 258 |
| Network Address Translation (NAT) Rules | p. 259 |
| Address Translation and Anti-Spoofing | p. 262 |
| Automatic versus Manual Translation | p. 264 |
| Overlapping NAT | p. 266 |
| Checklist: Key Points in Network Address Translation (NAT) | p. 267 |
| 14 Load Balancing | p. 269 |
| The Need for Load Balancing | p. 270 |
| How Load Balancing Works | p. 271 |
| Load Balancing Algorithms | p. 271 |
| Logical Server Types | p. 272 |
| Setting Up Load Balancing Algorithms | p. 276 |
| Real World Load Balancing Configuration | p. 276 |
| Checklist: Key Points in Load Balancing | p. 280 |
| 15 Content Security and Content Vectoring Protocol | p. 283 |
| Role of the Security Server | p. 284 |
| Extending Data Inspection with Content Security | p. 284 |
| Content Security Changes for Feature Pack 3 | p. 315 |
| CVP Load Sharing and Chaining | p. 316 |
| Upgrading from VPN-1/FireWall-1 4.x | p. 316 |
| Checklist: Key Points in Content Security and Content Vectoring Protocol | p. 316 |
| 16 SYNDefender | p. 319 |
| TCP Three-Way Handshake | p. 320 |
| SYN Flood Attack | p. 321 |
| Denial of Service Attacks | p. 323 |
| Using SYNDefender | p. 325 |
| Feature Pack 3 Changes | p. 331 |
| Checklist: Key Points in SYNDefender | p. 333 |
| 17 Encryption and Virtual Private Networks | p. 335 |
| How Encryption Works | p. 336 |
| Privacy | p. 337 |
| Symmetric Encryption (Shared Key) | p. 338 |
| Asymmetric Encryption | p. 340 |
| Public Keys | p. 344 |
| Creating Certificates | p. 345 |
| VPN-1/FireWall-1 NG Encryption Schemes | p. 347 |
| Internet Key Exchange (IKE) | p. 348 |
| FWZ VPN-1/FireWall-1 NG Encryption Scheme | p. 351 |
| Encryption Scheme Comparison | p. 351 |
| Certificate Authorities (CA) | p. 352 |
| Implementing Two-Gateway IKE Encryption Configuration | p. 357 |
| VPN Community | p. 361 |
| Extranet Manager | p. 372 |
| VPN Routing | p. 374 |
| NAT and VPN | p. 375 |
| Checklist: Key Points in Encryption and Virtual Private Networks | p. 376 |
| 18 SecuRemote and SecureClient | p. 377 |
| SecuRemote/SecureClient | p. 378 |
| Secure Connections for Fiction Corporation Finance Gateway | p. 380 |
| IKE or FWZ | p. 383 |
| Routing Considerations | p. 384 |
| Secure Domain Login | p. 385 |
| Simplified Mode (FP2 and Above) | p. 385 |
| Checklist: Key Points in SecuRemote and SecureClient | p. 389 |
| 19 Policy Server | p. 391 |
| Policy Server Defined | p. 392 |
| Client Encryption Rules | p. 400 |
| Desktop Security Rule Base | p. 400 |
| The SecureClient GUI | p. 402 |
| Fiction Corporation | p. 405 |
| Security Configuration Verification | p. 406 |
| SecureClient for Mobile Devices | p. 407 |
| Checklist: Key Points in Policy Server | p. 407 |
| 20 High Availability Module | p. 409 |
| The Need for High Availability | p. 410 |
| How High Availability Works | p. 410 |
| Configuring High Availability | p. 412 |
| Automatic MAC Address Configuration | p. 416 |
| Using High Availability in Virtual Private Networks | p. 416 |
| Nokia Firewall Appliance | p. 417 |
| High Availability Enhancements | p. 417 |
| Checklist: Key Points in High Availability Module | p. 418 |
| 21 Troubleshooting | p. 419 |
| VPN-1/FireWall-1 NG Debugging Tools | p. 420 |
| Using the Policy Editor in local Mode | p. 427 |
| VPN Debugging | p. 427 |
| The Methodology for Troubleshooting | p. 428 |
| Make Sure the Server Is Up and Running | p. 429 |
| IP Routing | p. 429 |
| Secure Internal Communications | p. 431 |
| Network Address Translation | p. 436 |
| Content Vectoring Protocol Troubleshooting | p. 438 |
| Too Many Hosts | p. 438 |
| Application Related Issues | p. 440 |
| DBEDIT | p. 441 |
| Management Console Lockout | p. 443 |
| And Finally ... It's NOT a Firewall Issue! | p. 443 |
| Checklist: Key Points in Troubleshooting | p. 444 |
| 22 Malicious Activity Detection (MAD) and SmartDefense | p. 445 |
| Malicious Activity Detection (MAD) | p. 446 |
| Enabling MAD | p. 453 |
| SmartDefense | p. 455 |
| Checklist: Key Points in Malicious Activity Detection (MAD) | p. 469 |
| A Fiction Corporation's Initial Proposal | p. 471 |
| B Upgrading VPN-1/FireWall-1 NG from Previous Versions | p. 485 |
| Nokia Upgrades | p. 487 |
| Upgrade Verifier Utility | p. 491 |
| C Backing Up and Restoring VPN-1/FireWall-1 NG | p. 493 |
| Backup and Restore on Nokia | p. 494 |
| Backup and Restore VPN-1/ FireWall-1 NG Management Server | p. 495 |
| D Using the Check Point Wizard to Create a Security Policy | p. 497 |
| Preparing to Use the Wizard | p. 498 |
| Using the Rule Base Wizard | p. 498 |
| Index | p. 509 |
