Essential Checkpoint Firewall-1: An Installation, Configuration, and Troubleshoo
Dameon D. Welch-Abernathy
- 出版商: Addison Wesley
- 出版日期: 2002-01-15
- 售價: $1,830
- 貴賓價: 9.5 折 $1,739
- 語言: 英文
- 頁數: 544
- 裝訂: Paperback
- ISBN: 0201699508
- ISBN-13: 9780201699500
已絕版
買這商品的人也買了...
-
$1,045Developing Windows NT Device Drivers: A Programmer's Handbook -
Data Mining: Concepts and Techniques$2,450$2,328 -
Introduction to Automata Theory, Languages, and Computation, 2/e(精裝本)$1,300$1,274 -
Java 2 語言實務$400$340 -
Linux Device Drivers, 2/e$1,550$1,473 -
$970Introduction to Algorithms, 2/e -
Oracle 技術大全 (Oracle8i: The Complete Reference)$1,200$600 -
CISSP All-in-One Exam Guide$2,820$2,679 -
802.11 Wireless Networks: The Definitive Guide$1,700$1,615 -
$825Practical VoIP Using VOCAL (Paperback) -
$1,235Computer Architecture: A Quantitative Approach, 3/e(精裝本) -
Complete Java 2 Certification Study Guide, 3/e$2,200$2,090 -
JavaScript 範例活用辭典$450$351 -
Java 完美經典優質學習篇$750$638 -
JDBC 資料庫程式設計$580$493 -
Red Hat Linux 9 實務應用$650$553 -
Borland 傳奇$280$221 -
C/C++ 入門進階$650$514 -
Building Embedded Linux Systems$1,700$1,615 -
軟體設計與品質管理$490$387 -
Red Hat Linux 9 架站實務$620$527 -
Java Multithread Design Pattern-Java多執行緒與平行處理$560$437 -
Linux 關鍵指令大全$450$405 -
Dreamweaver MX 2004 for PHP 互動網站百寶箱 (全新修訂版)$580$458 -
ASP.NET 2.0 深度剖析範例集$650$507
商品描述
Table of Contents
Foreword.
Preface.
1. Introduction to FireWalls.
What is a Firewall?
What a Firewall Cannot Do.
Overview of Firewall Security Technologies.
What Kind of Firewall is FireWall-1?
Do You Really Need FireWall-1?
More Information.
What a Firewall Cannot Do.
Overview of Firewall Security Technologies.
Packet Filters.
Application Proxies.
Stateful Inspection.
Technology Comparison: Passive FTP.
Technology Comparison: Traceroute.
Application Proxies.
Stateful Inspection.
Technology Comparison: Passive FTP.
Technology Comparison: Traceroute.
What Kind of Firewall is FireWall-1?
Do You Really Need FireWall-1?
More Information.
2. Planning your FireWall Installation.
Network Topology.
Developing a Site-Wide Security Policy.
Fun with Check Point Licensing.
Summary.
A Word about Subnetting.
Developing a Site-Wide Security Policy.
The What, Who, and How.
Implementing Firewalls Without a Written Security Policy.
An Example Security Policy.
Implementing Firewalls Without a Written Security Policy.
An Example Security Policy.
Fun with Check Point Licensing.
Node-Limited Firewall Licenses.
Single Gateway Products.
Inspection Module.
FireWall-1 Host.
Management Console.
Motif GUI Licenses.
Small Office Products.
Getting Licenses.
Single Gateway Products.
Inspection Module.
FireWall-1 Host.
Management Console.
Motif GUI Licenses.
Small Office Products.
Getting Licenses.
Summary.
3. Installing FireWall-1.
Selecting an Operating System.
Installing the Operating System.
Installing FireWall-1.
Summary.
Windows NT.
Sparc Solaris.
x86 Solaris.
AIX and HPUX.
Nokia Security Platform (IPSO).
Linux.
Sparc Solaris.
x86 Solaris.
AIX and HPUX.
Nokia Security Platform (IPSO).
Linux.
Installing the Operating System.
Preparing for the OS Installation.
Guidelines for OS Installation.
Securing the Operating System.
Guidelines for OS Installation.
Securing the Operating System.
Installing FireWall-1.
Unix-Based Systems.
Windows NT/2000.
Windows NT/2000.
Summary.
4. Building Your Rulebase.
The Management GUIs.
Configuring a Management User.
Configuring IPs to run the GUIs from.
What Files the GUI Modifies.
Security Policy Editor Restrictions.
GUI Demonstration Mode.
Rulebase Components.@AHEADS = Objects.
Anti-Spoofing.
Policy Properties.
Rules.
Order of Operations.
Making Your First Rulebase.
Knowing Your Network.
Defining Your Objects.
Determining Your Policy.
Rules That Should Be In Every Rulebase.
Installing the Policy.
Frequently Asked Questions.
Configuring a Management User.
Configuring IPs to run the GUIs from.
What Files the GUI Modifies.
Security Policy Editor Restrictions.
GUI Demonstration Mode.
Rulebase Components.@AHEADS = Objects.
Anti-Spoofing.
Policy Properties.
Rules.
Order of Operations.
Making Your First Rulebase.
Knowing Your Network.
Defining Your Objects.
Determining Your Policy.
Rules That Should Be In Every Rulebase.
Installing the Policy.
Frequently Asked Questions.
5. Logging and Alerting.
The System Status Viewer.
The Log Viewer.
Viewing Logs from the Command Line.
Active Mode and Blocking Connections.
Alerts.
Messages in the Log.
Log Maintenance.
The Log Viewer.
Viewing Logs from the Command Line.
Active Mode and Blocking Connections.
Alerts.
Messages in the Log.
Log Maintenance.
6. Remote Management.
The Components.
The Management GUIS.
Configuring a User.
Configuring IPs to run from.
What Files the GUIs Modify.
Security Policy Editor Restrictions.
GUI Demonstration Mode.
The Management Console to Firewall Module Connection.
control.map file.
How Do the Different Authentication Schemes Work?
The fw putkey Command.
Establishing an Authenticated Control Connection.
Special Remote Management Conditions.
What Can You DO With Remote Management.
Control Policy on Firewall Module.
View State Tables of Firewall Modules.
Suspicious Activity Monitoring.
Updating Licenses.
Moving Management Consoles.
Moving a Firewall Module off the Management Console.
Moving the Management Console off a Firewall Module.
Troubleshooting Remote Management Issues.
GUI Issues.
Firewall/Management Module Issues.
Labs.
The Management GUIS.
Configuring a User.
Configuring IPs to run from.
What Files the GUIs Modify.
Security Policy Editor Restrictions.
GUI Demonstration Mode.
The Management Console to Firewall Module Connection.
control.map file.
How Do the Different Authentication Schemes Work?
The fw putkey Command.
Establishing an Authenticated Control Connection.
Special Remote Management Conditions.
What Can You DO With Remote Management.
Control Policy on Firewall Module.
View State Tables of Firewall Modules.
Suspicious Activity Monitoring.
Updating Licenses.
Moving Management Consoles.
Moving a Firewall Module off the Management Console.
Moving the Management Console off a Firewall Module.
Troubleshooting Remote Management Issues.
GUI Issues.
Firewall/Management Module Issues.
Labs.
7. Authentication.
Passwords.
FireWall-1 Password.
OS Password.
S/Key.
SecurID.
Axent Pathways Defender.
RADIUS.
TACACS / TACACS+.
LDAP.
How Users Authenticate.
User Authentication.
Session Authentication.
Client Authentication.
Which Type Should You Choose?
Setting Up Authentication.
Creating Users.
Setting Supported Authentication Schemes.
User Authentication.
Session Authentication.
Client Authentication.
Integrating External Authentication Servers.
FAQs.
Troubleshooting Authentication Issues.
FireWall-1 Password.
OS Password.
S/Key.
SecurID.
Axent Pathways Defender.
RADIUS.
TACACS / TACACS+.
LDAP.
How Users Authenticate.
User Authentication.
Session Authentication.
Client Authentication.
Which Type Should You Choose?
Setting Up Authentication.
Creating Users.
Setting Supported Authentication Schemes.
User Authentication.
Session Authentication.
Client Authentication.
Integrating External Authentication Servers.
FAQs.
Troubleshooting Authentication Issues.
8. Content Security.
The Security Servers.@AHEADS = A Word About
Licensing.
CVP and UFP.
Resources and Wildcards.
HTTP Security Server.
Filtering HTTP Without a UFP or CVP Server.
UFP with the HTTP Security Server.
CVP with the HTTP Security Server.
FTP Security Server.
SMTP Security Server.@AHEADS = $FWDIR/conf/smtp.conf.
SMTP Resources.
TCP Security Server.
Frequently Asked Questions.
General Security ServerQuestions.
FTP Security Server.
SMTP Security Server.
HTTP Security Server.
Performance Tuning for the Security Servers.
Troubleshooting Content Security Issues.
CVP and UFP.
Resources and Wildcards.
HTTP Security Server.
Filtering HTTP Without a UFP or CVP Server.
UFP with the HTTP Security Server.
CVP with the HTTP Security Server.
FTP Security Server.
SMTP Security Server.@AHEADS = $FWDIR/conf/smtp.conf.
SMTP Resources.
TCP Security Server.
Frequently Asked Questions.
General Security ServerQuestions.
FTP Security Server.
SMTP Security Server.
HTTP Security Server.
Performance Tuning for the Security Servers.
Troubleshooting Content Security Issues.
9. Network Address Translation.
Introduction.
RFC-1918.
How NAT Works in FireWall-1.
Order of Operations.
Implementing NAT: A Step-by-Step Example.
Determine which IP addresses will be used.
Proxy ARPs.
Static Host Routes.
Network Objects.
Anti-Spoofing.
Security Policy Rules.
Address Translation Rules.
Limitations of NAT.
Dual NAT.
Binding the NATted IP Address to the Loopback Interface.
Troubleshooting.
ARPs.
SYN Packets with No Response.
SYN Followed by RST.
Summary.
RFC-1918.
How NAT Works in FireWall-1.
Order of Operations.
Implementing NAT: A Step-by-Step Example.
Determine which IP addresses will be used.
Proxy ARPs.
Static Host Routes.
Network Objects.
Anti-Spoofing.
Security Policy Rules.
Address Translation Rules.
Limitations of NAT.
Dual NAT.
Binding the NATted IP Address to the Loopback Interface.
Troubleshooting.
ARPs.
SYN Packets with No Response.
SYN Followed by RST.
Summary.
10. Encryption (Site-to-Site VPNs).
Introduction to VPNs.
Concepts.
Encryption.
Encryption Key.
Symmetric Encryption.
Asymmetric Encryption.
Certificate Authority.
Diffe-Hellman.
Encryption Domain..
A Word About Licensing.
Supported Key Management and Encryption Schemes.@AHEADS = FWZ.
IPSec.
Manual IPSec.
SKIP.
IKE (ISAKMP/OAKLEY).
How to Configure Encryption.@AHEADS = Planning Your Deployment.
IKE.
Manual IPSEC.
SKIP and FWZ.
Gateway Clusters and High Availability VPNs.
FAQs.
Troubleshooting VPN Problems.
Summary.
Labs.
Q and A.
Concepts.
Encryption.
Encryption Key.
Symmetric Encryption.
Asymmetric Encryption.
Certificate Authority.
Diffe-Hellman.
Encryption Domain..
A Word About Licensing.
Supported Key Management and Encryption Schemes.@AHEADS = FWZ.
IPSec.
Manual IPSec.
SKIP.
IKE (ISAKMP/OAKLEY).
How to Configure Encryption.@AHEADS = Planning Your Deployment.
IKE.
Manual IPSEC.
SKIP and FWZ.
Gateway Clusters and High Availability VPNs.
FAQs.
Troubleshooting VPN Problems.
Summary.
Labs.
Q and A.
11. SecuRemote and Secure Client (Client to FireWall-1 VPNs).
Introduction.
A Word About Licensing.
Steps to Configure SecuRemote on FireWall-1.
Choosing an Encryption Scheme.
Configuring Firewall Object for SecuRemote.
Creating Users for use with SecuRemote.
Client Encryption Rules.
Desktop Security Options.
Installing Secure Client.
High Availability and Multiple-Entry Point Configurations.
Hybrid Authentication Mode for IKE.
FAQs.
Troubleshooting.
A Word About Licensing.
Steps to Configure SecuRemote on FireWall-1.
Choosing an Encryption Scheme.
Configuring Firewall Object for SecuRemote.
Creating Users for use with SecuRemote.
Client Encryption Rules.
Desktop Security Options.
Installing Secure Client.
High Availability and Multiple-Entry Point Configurations.
Hybrid Authentication Mode for IKE.
FAQs.
Troubleshooting.
12. High Availability.
What is High Availability.
State Synchronization.
HA Solutions.
Stonebeat.
Rainfinity.
Nokia.
Check Point's HA Module.
Issues with High Availability.
Licensing.
Managing Multiple Firewalls.
Load Balancing.
Asymmetric Routing.
State Synchronization.
HA Solutions.
Stonebeat.
Rainfinity.
Nokia.
Check Point's HA Module.
Issues with High Availability.
Licensing.
Managing Multiple Firewalls.
Load Balancing.
Asymmetric Routing.
13. Inspect.
What is INSPECT?
Basic INSPECT Syntax.
Conditions.
Constants.
Registers.
Manipulating Table Entries.
Creating Your Own Tables.
How Your Rulebase is Turned into INSPECT.
Services of Type Other.
Sample INSPECT Code.
Allowing Outbound Connections to a SecuRemote Client.
PPTP.
Allowing a Connection Based on a Previous Connection.
HTTP.
Ping and Traceroute.
Default filter.
fw monitor.
Basic INSPECT Syntax.
Conditions.
Constants.
Registers.
Manipulating Table Entries.
Creating Your Own Tables.
How Your Rulebase is Turned into INSPECT.
Services of Type Other.
Sample INSPECT Code.
Allowing Outbound Connections to a SecuRemote Client.
PPTP.
Allowing a Connection Based on a Previous Connection.
HTTP.
Ping and Traceroute.
Default filter.
fw monitor.
Appendix A: Securing Your Bastion Host.
Appendix B:
firewall-1.conf File for Use with OpenLDAP v1.
Appendix C:
firewall1.schema File for Use with OpenLDAP v2.
Appendix D: Complete
Program for Stateful Inspection of HTTP.
Appendix E: Complete Program
for Stateful Inspection of Ping and Traceroute.
Appendix F: NSPECT
Script for Different Policies on Different Interfaces.
Appendix G:
Sample defaultfilter.pf file.
Appendix H: Sample Internet Usage
Policy.
Appendix I: Performance Tuning.
Appendix J: Other
Resources.
Appendix K: Further Reading.
