Configuring Juniper Networks NetScreen & SSG firewalls /

Saved in:

Bibliographic Details
Imprint:	Rockland, Mass. : Syngress Pub., ©2007.
Description:	1 online resource (xiii, 743 pages) : illustrations
Language:	English
Subject:	Juniper Networks, Inc. Juniper Networks, Inc. Firewalls (Computer security) Computer networks -- Security measures. Computer networks -- Security measures. Firewalls (Computer security) Electronic books.
Format:	E-Resource Book
URL for this record:	http://pi.lib.uchicago.edu/1001/cat/bib/11157564

Hidden Bibliographic Details
Other title:	ITPro.
Other authors / contributors:	Cameron, Rob.
ISBN:	1597491187 9781597491181 9780080502847 0080502849
Notes:	Title from title screen. Includes index.
Summary:	Juniper Networks Secure Access SSL VPN appliances provide a complete range of remote access appliances for the smallest companies up to the largest service providers. This comprehensive configuration guide will allow system administrators and security professionals to configure these appliances to allow remote and mobile access for employees. If you manage and secure a larger enterprise, this book will help you to provide remote and/or extranet access for employees, partners, and customers from a single platform. .Configure Juniper's Instant Virtual Extran.
Other form:	Print version: Cameron, Rob. Configuring Juniper Networks NetScreen & SSG firewalls. Rockland, MA : Syngress, ©2007 1597491187 9781597491181

Table of Contents:

Foreword
Chapter 1. Networking, Security, and the Firewall
Introduction
Understanding Networking
The OSI Model
Moving Data along with TCP/IP
Understanding Security Basics
Understanding Firewall Basics
Types of Firewalls
Firewall Ideologies
DMZ Concepts
Traffic Flow Concepts
Networks with and without DMZs
DMZ Design Fundamentals
Designing End-to-End Security for Data Transmission between Hosts on the Network
Traffic Flow and Protocol Fundamentals
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2. Dissecting the Juniper Firewall
Introduction
The Juniper Security Product Offerings
Juniper Firewalls
SSL VPN
Intrusion Detection and Prevention
Unified Access Control (UAC)
The Juniper Firewall Core Technologies
Zones
Virtual Routers
Interface Modes
Policies
VPN
Intrusion Prevention
Device Architecture
The NetScreen and SSG Firewall Product Line
Product Line
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3. Deploying Juniper Firewalls
Introduction
Managing Your Juniper Firewall
Juniper Management Options
Administrative Users
The Local File System and the Configuration File
Using the Command Line Interface
Using the Web User Interface
Securing the Management Interface
Updating ScreenOS
System Recovery
Configuring Your Firewall for the First Time
Types of Zones
Virtual Routers
Types of Interfaces
Configuring Security Zones
Configuring Your Firewall for the Network
Binding an Interface to a Zone
Setting Up IP Addressing
Configuring the DHCP Client
Using PPPoE
Interface Speed Modes
Port Mode Configuration
Bridge Groups
Configuring Basic Network Routing
Configuring System Services
Setting the Time
DHCP Server
DNS
SNMP
Syslog
Web Trends
Resources
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4. Policy Configuration
Introduction
Firewall Policies
Theory of Access Control
Types of Juniper Policies
Policy Checking
Getting Ready to Make a Policy
Policy Components
Zones
Address Book Entries
Services
Creating Policies
Creating a Policy
Summary
Solutions Fast Track
Frequendy Asked Questions
Chapter 5. Advanced Policy Configuration
Introduction
Traffic-Shaping Fundamentals
The Need for Traffic Shaping
How Traffic Shaping Works
Choosing the Traffic-Shaping Type
Deploying Traffic Shaping on Juniper Firewalls
Methods to Enforce Traffic Shaping
Traffic-Shaping Mechanics
Traffic-Shaping Examples
Advanced Policy Options
Counting
Scheduling
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6. User Authentication
Introduction
User Account Types
Authentication Users
Internal Authentication Server
Configuring the Local Authentication Server
External Authentication Servers
Policy-Based User Authentication
Explanation of Policy-Based Authentication
Configuring Policies with User Auth
802.1x Authentication
Components of 802.1x
Enhancing Authentication
Firewall Banner Messages
Group Expressions
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7. Routing
Introduction
Virtual Routers
Virtual Routers on Juniper Firewalls
Routing Selection Process
Equal Cost Multiple Path
Virtual Router Properties
Route Maps and Access Lists
Route Redistribution
Importing and Exporting Routes
Static Routing
Using Static Routes on Juniper Firewalls
Routing Information Protocol
RIP Overview
RIP Informational Commands
Open Shortest Path First
Concepts and Terminology
Configuring OSPF
OSPF Informational Commands
Border Gateway Protocol
Overview of BGP
Configuring BGP
BGP Informational Commands
Route Redistribution
Redistributing Routes in the Juniper Firewall
Redistributing Routes between Routing Protocols
Redistributing Routes into BGP
Policy-Based Routing
Components of PBR
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8. Address Translation
Introduction
Overview of Address Translation
Port Address Translation
Advantages of Address Translation
Disadvantages of Address Translation
Juniper NAT Overview
Juniper Packet Flow
Source NAT
Interface-Based Source Translation
MIP
Policy-Based Source NAT
Destination NAT
Policy-Based Destination NAT
Summary
Links to Sites
Solutions Fast Track
Frequently Asked Questions
Chapter 9. Transparent Mode
Introduction
Interface Modes
Understanding How Transport Mode Works
Configuring a Device to Use Transport Mode
Transparent Mode Deployment Options
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10. Attack Detection and Defense
Introduction
Understanding Attacks
Old Root Causes, New Attacks
Unified Threat Management
Vulnerability Databases
Bug Databases
Common Name Dictionary
The Juniper Security Research Team
Understanding the Anatomy of an Attack
The Three Phases of a Hack
Script Kiddies
Black Hat Hackers
Worms, Viruses, and Other Automated Malware
Configuring Screen Settings
UDP Data Rate Limiting
TCP/IP Protocol Anomaly Detection
Applying Deep Inspection
Deep Inspection Concepts
Deep Inspection Planning
Getting the Database
Using Attack Objects
Setting Up Content Filtering
Web Filtering
Antivirus
Antivirus Rules
Understanding Application Layer Gateways
Applying Best Practices
Defense-in-Depth
Zone Isolation
Egress Filtering
Explicit Permits, Implicit Denies
Retain Monitoring Data
Keeping Systems Updated
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11. VPN Theory and Usage
Introduction
Understanding IPSec
IPSec Modes
Protocols
Key Management
Security Associations
IPSec Tunnel Negotiations
Phase 1.
Phase 2.
Public Key Cryptography
PKI
Certificates
CRLs
How to Use VPNs in NetScreen Appliances
Site-to-Site VPNs
Policy-Based VPNs
Route-Based VPNs
Dial-Up VPNs
L2TP VPNs
Advanced VPN Configurations
VPN Monitoring
Gateway Redundancy
Back-to-Back VPNs
Hub and Spoke VPNs
Multitunnel Interfaces
Summary
Solutions Fast Track
Links to Sites
Mailing Lists
Frequently Asked Questions
Chapter 12. High Availability
Introduction
The Need for High Availability
High-Availability Options
Improving Availability Using NetScreen SOHO Appliances
Failing Over between Interfaces
Using Dual Untrust Interfaces to Provide Redundancy
Falling Back to Dial-Up
Restricting Policies to a Subset When Using the Serial Interface
Using IP Tracking to Determine Failover
Monitoring VPNs to Determine Failover
Introducing the NetScreen Redundancy Protocol
Virtualizing the Firewall
Understanding NSRP States
The Value of Dual HA Links
Building an NSRP Cluster
Connecting the Firewalls Directly to the Routers
Connecting the Firewalls to Routers via Switches
Cabling for a Full-Mesh Configuration
Using Directly Connected HA Links
Connecting HA Links via Switches
Adding a NetScreen to an NSRP Cluster
Synchronizing the Configuration
Determining When to Fail Oven: The NSRP Ways
Using NSRP Heartbeats
Using Optional NSRP Monitoring
Using NSRP Interface Monitoring
Using NSRP Zone Monitoring
Using NSRP IP Tracking
Reading the Output from get nsrp
Looking into an NSRP Cluster
Using NSRP-Lite on Midrange Appliances
Basic NSRP-Lite Usage
Working with Local Interfaces in an NSRP-Lite Setup
Creating Redundant Interfaces
Taking Advantage of the Full NSRP
Synchronizing State Using RTO Mirroring
Setting Up an Active/Active Cluster
Implementing a Full-Mesh Active/Active Setup
Failing Over
Failing Over Virtual Systems
Avoiding the Split-Brain Problem
Avoiding the No-Brain Problem
Configuring HA through NSM
Creating a Cluster
Adding Members to the Cluster
Configuring NSRP Parameters
Configuring VSD
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 13. Troubleshooting the Juniper Firewall
Introduction
Troubleshooting Methodology
Troubleshooting Tools
Network Troubleshooting
Debugging the Juniper Firewall
Debugging NAT
Debugging VPNs
Policy-Based VPNs
Route-Based VPNs
Debugging NSRP
Debugging Traffic Shaping
NetScreen Logging
Traffic
Self
Event
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 14. Virtual Systems
Introduction
What Is a Virtual System?
Virtual System Components
How Virtual Systems Work
Classifying Traffic
Virtual System Administration
Configuring Virtual Systems
Creating a Virtual System
Network Interfaces
Virtual System Profiles
Summary
Solutions Fast Track
Frequently Asked Questions
Index

Configuring Juniper Networks NetScreen & SSG firewalls /

Similar Items