Designing and building enterprise DMZs
This is the only book available on building network DMZs, which are the cornerstone of any good enterprise security configuration. It covers market-leading products from Microsoft, Cisco, and Check Point. One of the most complicated areas of network technology is designing, planning, implementing, and constantly maintaining a demilitarized zone (DMZ) segment. This book is divided into four logical parts. First the reader will learn the concepts and major design principles of all DMZs. Next the reader will learn how to configure the actual hardware that makes up DMZs for both newly constructed and existing networks. Next, the reader will learn how to securely populate the DMZs with systems and services. The last part of the book deals with troubleshooting, maintaining, testing, and implementing security on the DMZ. · The only book published on Network DMZs on the components of securing enterprise networks · This is the only book available on building network DMZs, which are the cornerstone of any good enterprise security configuration. It covers market-leading products from Microsoft, Cisco, and Check Point · Provides detailed examples for building Enterprise DMZs from the ground up and retro-fitting existing infrastructures
1 online resource (xxi, 714 pages)
9781597491006, 9781281071842, 9780080504001, 9786611071844, 1597491004, 1281071846, 0080504000, 6611071849
560260803
Front Cover
Designing and Building Enterprise DMZs
Copyright Page
Contents
Chapter 1. DMZ Concepts, Layout, and Conceptual Design
Introduction
Planning Network Security
DMZ Definitions and History
Traffic and Security Risks
Advaced Risks
Web and FTP Sites
E-Mail Services
Advanced Design Stratgies
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2. Windows DMZ Design
Introduction
Introducing Windows DMZ Security
Building a Windows DMZ
Windows DMZ Design Planning List
A Look Forward to Longhorn
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3. Sun Solaris DMZ Design
Introduction
New Features of Sun Solaris 10
Placement of Servers
The Firewall Ruleset
System Design
Implementation: The Quick and Dirty Details
Hardening Checklists for DMZ Servers and Solaris
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4. Wireless DMZs
Introduction
The Need for Wireless DMZs
Designing the Wireless DMZ
Wireless DMZ Components
Wireless DMZ Examples
Wireless LAN Security Best-Practices Checklist
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5. Implementing Wireless DMZs
Introduction
Implementing RADIUS With Cisco EAP
Installing and Configuring Juniper Steel-Belted RADIUS
Windows Active Directory Domain Authentication With LEAP and RADIUS
Implementing PEAP
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6. Firewall Design: Cisco PIX and ASA
Introduction
PIX and ASA Basics
Securing Your Network Perimeters
Cisco PIX/ASA Versions and Features
Making a DMZ and Controlling Traffic
PIX/ASA Configuration Basics
Configuring Advanced PIX/ASA Features
PIX/ASA Firewall Design and Configuration Checklist
Summary. Solutions Fast Track
Frequently Asked Questions
Chapter 7. Firewall and DMZ Design: Check Point
Introduction
Basics of Check Point Firewalls
Securing Your Network Perimeters
Configuring Your DMZ
Configuring the Firewall
Configuring the Security Rulebase
Configuring the Address Translation Rulebase
Configuring Networkand Application Protections
Check Point NG Secure DMZ Checklist
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8. Firewall and DMZ Design: SecurePlatform and Nokia Firewalls
Introduction
Basics of SecurePlatform Firewalls
Basics of Nokia Firewalls
Using cpconfig
Nokia Firewall and DMZ Design Checklist
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9. Firewall and DMZ Design: Juniper NetScreen
Introduction
NetScreen Basics
Securely Managing Juniper NetScreen Firewalls
NetScreen Configuration Basics
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10. Firewall and DMZ Design: ISA Server 2005
Introduction
Network Services Segment Configuration Options
Scenario 1 : A LAN Router between the ISA Firewall and Corporate Network
ISA Firewall Stateful Packet Inspection and Request/Response Paths
Multiple Departmental Networks/Security Zones Connected to a Backbone Network
Example Network and Perimeter Network Design
Creating the ISA Representing the Corporate Network on the Network Services Perimeter
Creating the Corpnet ISA Firewall Network
Creating the Rule on the Network Services Perimeter ISA, Setting a Route Relationship between the Corporate Network and Network Services Segment
Creating an Intradomain Communications Access Rule on the Network Services Perimeter ISA Firewall and a DNS Server Publishing Rule. Creating Access Rules Controlling Outbound Access from the Network Services Segment on the Perimeter ISA Firewall
Creating the Network Services Access Rules Enabling Corpnet Clients Access to Network Services
Configuring the Default Internal Network on the Edge ISA Firewall
Creating a Routing Table Entry on the Edge ISA Firewall
Joining the Edge ISA Firewall to the Domain
Creating Access Rules on the Edge ISA Firewall, Controlling Outbound Access from Corpnet Hosts and Hosts on the Network Services Segment
Creating Publishing Rules on the Edge ISA FirewaU to Allow Inbound Connections to the Exchange Server Mail Services
Creating a Routing Table Entry on Network Clients (Required Only If No LAN Routers Are Installed)
Joining the Network Clients to the Domain
Creating and Configuring DNS Entries in the Domain DNS, Including WPAD Entries
Configuring the Firewall and Web Proxy Client Settings on the Edge ISA Firewall, and Enabling Autodiscovery
Installing the Firewall Client Share on the Network Services Segment File Server
Installing the Firewall Client on the Network Clients
Connecting the Corporate Network Clients to Resources on the Network Services Segment and the Internet
Summary
Chapter 11. DMZ Router and Switch Security
Introduction
Securing the Router
Securing the Switch
IOS Bugs and Security Advisories
DMZ Router and Switch Security Best-Practice Checklists
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 12. DMZ-Based VPN Services
Introduction
VPN Services in the DMZ
Designing an IPSec Solution
Connecting B2B Sites
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 13. Windows Bastion Hosts
Introduction
Configuring Bastion Hosts
Testing Bastion Host Security
Configuration Fundamentals
Remote Administration. Bastion Host Configurations
Bastion Host Maintenance and Support
Windows Bastion Host Checklist
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 14. Linux Bastion Hosts
Introduction
System Installation
Removing Optional Components
Additional Steps
Controlling Access to Resources
Auditing Access to Resources
Remote Administration
Bastion Host Configurations
Bastion Host Maintenance and Support
Linux Bastion Host Checklist
Summary
Solutions Fast Track
Frequently Asked Questions
Index
English
proxy.library.carleton.ca Safari (Access restricted to 5 simultaneous users)
login.gbcprx01.georgebrown.ca Click to view