Atnaujinkite slapukų nuostatas

Check Point Firewall-1 Administration and CCSA Study Guide [Kietas viršelis]

  • Formatas: Hardback, 384 pages, aukštis x plotis x storis: 241x242x31 mm, weight: 927 g
  • Išleidimo metai: 08-Jan-2002
  • Leidėjas: Prentice Hall
  • ISBN-10: 0130938637
  • ISBN-13: 9780130938633
Kitos knygos pagal šią temą:
Check Point Firewall-1 Administration and CCSA Study GuideDidesnis paveikslėlis
  • Formatas: Hardback, 384 pages, aukštis x plotis x storis: 241x242x31 mm, weight: 927 g
  • Išleidimo metai: 08-Jan-2002
  • Leidėjas: Prentice Hall
  • ISBN-10: 0130938637
  • ISBN-13: 9780130938633
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9780130938633.html
Raktažodžiai:
This guide reviews security fundamentals, gives advice on Check Point FireWall-1 administration, and offers a study guide for the Check Point Certified Security Administrator exam. It reviews challenges IT professionals face in securing their private networks and Internet presences, and introduces FireWall-1 security practices and countermeasures. Lab and operational exercises are included. A test preparation section covers every exam objective and provides realistic sample questions. Dangerfield is a consulting internetwork security analyst. He has been working with FireWall-1 since its introduction. Annotation c. Book News, Inc., Portland, OR (booknews.com)

Daugiau informacijos

With 41% market share, Check Point's Firewall-1 is the world's leading firewalland Firewall-1 skills are in unprecedented demand. For the first time, there's an expert guide to Firewall-1 administration that also offers authoritative preparation for Check Point's hot new CCSA certification exam. Long-time Firewall-1 netadmin Steven Dangerfield begins with a thorough review of the fundamentals of network security that's perfect for those who are new to security and firewalls. Dangerfield outlines the key challenges IT professionals face in security private networks and their Internet presences, shows how business applications can all too easily be compromised; identifies today's most serious forms of attack; and introduces the most effective security practices and countermeasures. Next, Dangerfield reviews Firewall-1's unique Stateful Inspection Architecture, walks step-by-step through installation in Windows and Solaris environments, and presents in-depth coverage of day-to-day firewall administration using Firewall-1's automated toolset. Coverage includes: where to deploy Firewall-1 for greatest effectiveness; how Firewall-1 modules interact to maximize security; creating optimal rule bases; authentication; Network Address Translation (NAT); and more. The book contains an extensive collection of lab and operational exercises, as well as a full section of test preparation, covering every exam objective and providing realistic sample questions. For all network managers, network/system administrators, and security professionals working with Check Point Firewall-1especially those who are preparing for Check Point's CCSA certification exam.
Acknowledgments xvii
Preface xix
Internetwork Security Overview
1(10)
Summary
10(1)
Security Threats
11(12)
No User Training
11(1)
Physical Security
12(1)
Hacker's Toolbox
13(9)
Backdoor
13(1)
Denial of Service
13(1)
Distributed DoS
14(2)
TCP SYN Flooding
16(1)
Ping of Death
17(1)
Smurf Attack
18(1)
Buffer Overflow
19(1)
Trojan Horse
19(1)
Eavesdropping
20(1)
Packet Replay
20(1)
Revealing Identity
21(1)
Open Ports
22(1)
Application Deficiencies
22(1)
Summary
22(1)
Policies and Procedures
23(12)
Security Balance
23(1)
Security Policy Development
24(5)
Assessment
24(2)
Security Policy
26(1)
Physical
26(1)
Desktop
27(1)
Network
27(1)
Intranet
27(1)
Internet
27(1)
Extranet
27(1)
SOHO
27(1)
Protocols
28(1)
Applications
28(1)
Testing
28(1)
Implementation
28(1)
Typical Security Policies
29(3)
ABC & Co.
29(1)
Assumptions
29(1)
Physical
30(1)
Desktop
30(1)
Intranet
30(1)
Internet
30(1)
SOHO
30(1)
Hardware Distribution Ltd.
30(1)
Assumptions
31(1)
Physical
31(1)
Desktop
31(1)
Network
31(1)
Intranet
31(1)
Internet
32(1)
Extranet
32(1)
SOHO
32(1)
Protocols
32(1)
Applications
32(1)
Procedures
32(2)
Premises Access Procedure
32(1)
Clear Desk Policy
33(1)
Random Policy Adherence Testing
33(1)
Addition of New Devices to the Internetwork
33(1)
New Employee Security Induction
33(1)
Employee Departing Company
33(1)
Auditing of Protocols in Use
33(1)
Nondisclosure Agreement
33(1)
Physical Security Breach
34(1)
Demand for Access
34(1)
Computer/Information Theft
34(1)
Internetworking Security Breach
34(1)
Summary
34(1)
Policing the Security Domain
35(8)
Knowing Your Security Domain
35(2)
Interesting Packets
37(1)
Detecting Intrusion
37(3)
Response
40(1)
Summary
41(2)
FireWall-1 Overview
43(10)
Definition
43(1)
Types of Firewall
44(3)
Packet-Level Filtering
44(2)
Application Layer Gateways
46(1)
A Compromise?
47(1)
FireWall-1 Overview
47(4)
FireWall-1 Next Generation
50(1)
Summary
51(2)
Architecture
53(12)
Graphical User Interface
53(3)
Distributed Enterprise Management
56(1)
Firewall Module
56(2)
Third-Party Integration---OPSEC
58(1)
Virtual Private Network---VPN
59(1)
Open Security Extension
59(1)
Intrusion Detection
60(1)
Load Balancing
60(1)
High Availability
61(1)
Reporting Module
62(1)
Check Point Products
63(1)
Summary
63(2)
Installation and Setup
65(22)
Windows NT
65(2)
Hardening the Windows NT OS
65(2)
FireWall-1 Installation
67(9)
System Requirements
67(7)
FireWall-1 GUI Installation
74(2)
Uninstall Procedure
76(1)
Solaris
76(4)
Hardening the Solaris OS
79(1)
Solaris FireWall-1 Installation
80(4)
Adding Packages
80(1)
FireWall-1 Installation Configuration
81(1)
Adding Licenses
81(1)
Adding Administrators
81(1)
Adding GUI Clients
82(1)
Configuring Remote Modules
82(1)
SMTP, SNMP Extension, and Group Configuration
82(1)
IP Forwarding and Default Filtering
82(1)
Certificate Key Generation
83(1)
Solaris GUI Client Installation
83(1)
Solaris Uninstall Procedure
83(1)
Nokia
84(2)
FireWall-1 Installation
84(1)
Addition of Packages
84(1)
Local Filesystem New Package Addition
84(1)
FireWall-1 Installation
85(1)
Summary
86(1)
Graphical User Interface
87(28)
The Policy Editor GUI
88(8)
Toolbar
89(4)
Drop-Down Menus
93(1)
File
94(1)
Edit
94(1)
View
95(1)
Manage
95(1)
Policy
96(1)
Window
96(1)
Help
96(1)
Status Bar
96(1)
The Log Viewer GUI
96(11)
Toolbar
98(2)
Log Mode
100(1)
Purge
100(1)
Export
101(1)
Find
101(2)
View
103(1)
Select
103(2)
Window and Help
105(1)
Account Mode
106(1)
Active Mode
106(1)
The System Status GUI
107(6)
Toolbar
107(2)
Select Objects
109(1)
Alert Options
109(1)
Firewall Properties
110(1)
Window and Help
110(3)
Summary
113(2)
Object Creation and Management
115(66)
Standards
115(1)
Lab Network
116(1)
Network Objects Manager
117(27)
Workstation Object
118(1)
General Tab
118(2)
Interfaces Tab
120(3)
SNMP Tab
123(2)
NAT Tab
125(1)
Certificates and VPN
125(1)
Authentication Tab
125(1)
Network Object
126(1)
General Tab
126(2)
Domain Object
128(1)
Router Object
128(1)
Cisco Router Setup Tab
129(2)
Bay Networks Router Setup Tab
131(1)
3Com Router Setup Tab
132(1)
Steelhead Router Setup Tab
132(1)
Switch Object
133(1)
General Tab
133(1)
Setup Tab
133(1)
VLANs Tab
134(2)
Integrated Firewall Object
136(1)
Cisco Integrated Firewall
137(2)
Other Integrated Firewall
139(1)
Group Object
139(1)
Logical Server Object
140(2)
Address Range Object
142(1)
Navigating the Network Objects Window
143(1)
Services Objects Manager
144(6)
TCP Service
145(1)
UDP Service
146(1)
RPC Service
146(1)
ICMP Service
147(1)
User-Defined Service
147(1)
Group Service
148(1)
Port Range Service
148(1)
Navigating the Service Objects Window
148(2)
Resources Objects Manager
150(10)
URI Resource
151(1)
Wild Cards Match Tab
152(1)
File Match Tab
153(1)
UFP Match Tab
154(1)
Action Tab
154(1)
SMTP Resource
155(1)
Match Tab
156(1)
Action 1 Tab
156(1)
Action 2 Tab
157(1)
FTP Resource
158(1)
Group Resource
159(1)
Navigating the Resources Objects Window
159(1)
Server Objects Manager
160(10)
UFP Server
160(2)
CVP Server
162(1)
Radius Server
162(1)
Radius Group
163(1)
TACACS Server
164(1)
Defender Server
164(1)
LDAP Account Unit
165(2)
CA Server
167(1)
Policy Server
168(1)
Navigating the Server Objects Window
168(2)
User Manager
170(7)
Authentication Tab
172(1)
Location Tab
172(1)
Time Tab
173(1)
Encryption Tab
173(1)
User Group
173(2)
External LDAP User Group
175(1)
User Template
175(1)
Navigating the User Objects Window
175(2)
Time Objects Manager
177(2)
Navigating the Time Objects Window
179(1)
Summary
179(2)
Policy Properties
181(18)
Security Policy Tab
181(2)
Services Tab
183(1)
Log and Alert Tab
184(2)
Security Servers Tab
186(1)
Authentication Tab
186(1)
High Availability Tab
187(1)
IP Pool NAT Tab
188(1)
Access List
189(1)
Desktop Security
189(2)
Syn Defender
191(1)
LDAP
192(3)
Encryption
195(1)
Connect Control
195(1)
Summary
196(3)
Rulebase
199(32)
Rulebase Operation
199(1)
Rulebase Development
200(2)
Creating a New Rulebase
202(10)
Rulebase Wizard
204(1)
Starter Network
204(1)
The Firewall Gateway Definition
205(1)
Local Network and Outgoing Traffic
205(4)
Mail Traffic
209(1)
Rulebase Template
210(2)
Navigating the Rulebase and Creating Rules
212(12)
An Example Rule
213(1)
Source
213(1)
Destination
214(1)
Service
215(1)
Action
216(1)
Track
216(1)
Rulebase Column Menus
217(1)
No.
217(2)
Source
219(1)
Destination
219(1)
Service
220(1)
Action
220(2)
Track
222(1)
Install-On
223(1)
Time
223(1)
Comment
224(1)
Installing and Uninstalling the Security Policy
224(3)
Installation
224(1)
Save the Rulebase
225(1)
Check the Rulebase for Consistency
225(1)
Install the Security Policy
226(1)
Uninstall
227(1)
Summary
227(4)
Authentication
231(14)
Authentication Schemes
231(2)
Authentication Types
233(5)
User Authentication
233(1)
Client Authentication
234(2)
Session Authentication
236(2)
Authentication Implementation
238(6)
Summary
244(1)
Network Address Translation
245(10)
Static Mode NAT
246(3)
Static Mode Implementation
247(2)
Hide Mode NAT
249(3)
Hide Mode Implementation
249(3)
Issues with Network Address Translation
252(1)
Summary
253(2)
Practical Lab Exercises
255(24)
LAB Network Configuration
255(2)
Security Definitions
257(1)
Exercise 1
257(1)
Solution
257(1)
Firewall Object Definitions
258(8)
Exercise 2
258(1)
Solution
259(7)
Rulebase Definitions
266(4)
Exercise 3
266(1)
Solution
266(4)
Install the Rulebase
270(1)
Test the Rulebase
270(2)
Exercise 4
270(1)
Solution
271(1)
Authentication
272(4)
Exercise 5
273(1)
Solution
273(2)
Exercise 6
275(1)
Solution
275(1)
Network Address Translation
276(2)
Exercise 7
276(1)
Solution
276(1)
Exercise 8
277(1)
Solution
278(1)
Summary
278(1)
Penetration Testing
279(12)
Technique
282(2)
Internetwork Architecture
282(1)
Hosts and Services
283(1)
Scanning
283(1)
Vulnerability Assessment
283(1)
Vulnerability Exploitation
284(1)
Penetration of the Lab Network
284(5)
Exercise 9
284(1)
Exercise 10
285(1)
Exercise 11
285(1)
Exercise 12
286(1)
Exercise 13
287(1)
Exercise 14
288(1)
Summary
289(2)
Exam Preparation
291(6)
Certification Plan
291(2)
Objectives
291(1)
Concepts
292(1)
In-Depth Understanding
292(1)
Practical Exercise
292(1)
Summarize Your Knowledge
293(1)
Practice Tests
293(1)
Answering Questions
293(1)
What to Do If You Fail
294(1)
Summary
295(2)
CCSA Objective Essentials
297(14)
FireWall-1 Architecture
298(2)
GUI
298(1)
Firewall Module
298(1)
Stateful Inspection
299(1)
Distributed Enterprise Management
299(1)
Third-Party Integration
299(1)
Open Security Extension
299(1)
VPN
300(1)
Server Load Balancing
300(1)
Intrusion Detection
300(1)
Reporting Module
300(1)
High Availability
300(1)
System Requirements
300(1)
Installation Process
301(1)
GUI
302(2)
Security Policy Editor
302(1)
Log Viewer
303(1)
System Status
303(1)
Rulebase Construction
304(1)
Rulebase Efficiency
305(1)
Authentication
305(1)
Authentication Scheme
305(1)
Authentication Types
306(1)
NAT
306(1)
Static Mode NAT
306(1)
Hide Mode NAT
307(1)
Policy Properties
307(2)
TCP Session Timeout
308(1)
UDP Virtual Session Timeout
308(1)
Accept UDP Replies
308(1)
Enable Decryption on Accept
308(1)
Accept VPN-1 and FireWall-1 Control Connections
308(1)
Accept RIP
308(1)
Accept Domain Name over UDP
308(1)
Accept ICMP
308(1)
Accept Outgoing Packets Originating from Gateway
308(1)
Log Implied Rules
308(1)
Summary
309(2)
APPENDIX Sample Questions 311
Exam 1
311(9)
Exam 2
320(9)
Exam 3
329(9)
Correct Answers---Exam 1
338(1)
Correct Answers---Exam 2
339(1)
Correct Answers---Exam 3
340
STEVEN DANGERFIELD is a consulting internetwork security analyst currently working with a major U.K. telecommunications and Internet Service Provider. He has been working with FireWall-1 since its introduction and holds a number of industry certifications including Check Point's CCSA.