Acknowledgments | p. xvii |
Introduction | p. xix |
The Internet and the Need for Security | p. 1 |
History of the Internet | p. 2 |
TCP/IP | p. 4 |
Internet Security | p. 15 |
Checklist: Key Points in the Internet and the Need for Security | p. 25 |
What's New in VPN-1/FireWall-1 NG | p. 27 |
What's Changed Since 4.1 | p. 28 |
Feature Packs | p. 32 |
Checklist: Key Points in What's New in VPN-1/FireWall-1 NG | p. 43 |
VPN-1/FireWall-1 NG Architecture | p. 45 |
Fundamentals of Extranet Security | p. 46 |
Using Firewalls for Extranet Protection | p. 47 |
Securing Networks, Systems, Applications and Users | p. 49 |
Firewalls: from Packet Filters to Stateful Inspection | p. 52 |
Selecting a Firewall for Today's Networks | p. 57 |
How VPN-1/FireWall-1 NG Works | p. 61 |
The Virtual Private Network | p. 67 |
Checklist: Key Points in VPN-1/FireWall-1 NG Architecture | p. 71 |
Solaris VPN-1/FireWall-1 NG Installation and Setup | p. 73 |
Installing a VPN-1/FireWall-1 NG on Solaris | p. 74 |
Installing VPN-1/FireWall-1 NG | p. 86 |
Locating the Installation Directories | p. 95 |
Checklist: Key Points in Solaris VPN-1/FireWall-1 NG Installation and Setup | p. 97 |
Windows NT/2000 VPN-1/FireWall-1 NG Installation and Setup | p. 99 |
Installing VPN-1/FireWall-1 NG on Windows | p. 101 |
Installing VPN-1/FireWall-1 NG | p. 107 |
Locating the Installation Directories | p. 115 |
Checklist: Key Points in Windows NT/2000 VPN-1/FireWall-1 NG Installation and Setup | p. 116 |
Red Hat Linux VPN-1/FireWall-1 NG Installation and Setup | p. 117 |
Background | p. 118 |
Installing VPN-1/FireWall-1 on Linux | p. 120 |
Installing VPN-1/FireWall-1 NG | p. 127 |
Checklist: Key Points in Red Hat Linux VPN-1/FireWall-1 NG Installation and Setup | p. 135 |
Nokia Appllance VPN-1/FireWall-1 NG Installation and Setup | p. 137 |
Background | p. 138 |
Installing VPN-1/FireWall-1 NG on Nokia | p. 139 |
Locating the Installation Directories | p. 154 |
Checklist: Key Points in Nokia Appliance VPN-1/FireWall-1 NG Installation and Setup | p. 154 |
Setting Up Security Policy Rule Base and Properties | p. 157 |
Security Policy Defined | p. 158 |
Checklist: Key Points in Setting Up a Security Policy Rule Base and Properties | p. 185 |
Working with the Security Policy | p. 187 |
Assessing Fiction Corporation's Security | p. 189 |
Masking Rules | p. 194 |
Querying the Rule Base | p. 196 |
Naming Sections | p. 200 |
Tracking and Revision Control | p. 200 |
Disabling Rules and Negating Objects | p. 202 |
Uninstalling the Security Policy | p. 205 |
Improving Performance with the Security Policy | p. 205 |
A Word about Visual Policy Editor | p. 206 |
Checklist: Key Points in Working with the Security Policy | p. 208 |
Log Viewer and System Status Viewer | p. 209 |
Log Viewer | p. 210 |
Reducing the Noise in Logs | p. 219 |
Activity Logged as Rule 0 | p. 222 |
SmartView Tracker (FP3) | p. 222 |
System Status Viewer | p. 225 |
SmartView Status | p. 227 |
Integration with Enterprise Network Management | p. 229 |
Checklist: Key Points in Log Viewer and System Status Viewer | p. 229 |
Tracking and Alerts | p. 231 |
Tracking | p. 232 |
Checklist: Key Points in Tracking and Alerts | p. 238 |
VPN-1/FireWall-1 NG Authentication | p. 239 |
Supported Authentication Schemes | p. 240 |
Creating Users and Groups | p. 240 |
External Authentication Servers | p. 241 |
Stealth Authentication | p. 242 |
User Authentication | p. 242 |
Client Authentication | p. 244 |
Session Authentication | p. 246 |
Fiction Corporation Example | p. 246 |
UserAuthority | p. 248 |
Checklist: Key Points in VPN-1/FireWall-1 NG Authentication | p. 249 |
Network Address Translation (NAT) | p. 251 |
IP Address Issues | p. 254 |
Efficient Use of Registered IP Addresses | p. 256 |
Address Translation and Routing | p. 258 |
Network Address Translation (NAT) Rules | p. 259 |
Address Translation and Anti-Spoofing | p. 262 |
Automatic versus Manual Translation | p. 264 |
Overlapping NAT | p. 266 |
Checklist: Key Points in Network Address Translation (NAT) | p. 267 |
Load Balancing | p. 269 |
The Need for Load Balancing | p. 270 |
How Load Balancing Works | p. 271 |
Load Balancing Algorithms | p. 271 |
Logical Server Types | p. 272 |
Setting Up Load Balancing Algorithms | p. 276 |
Real World Load Balancing Configuration | p. 276 |
Checklist: Key Points in Load Balancing | p. 280 |
Content Security and Content Vectoring Protocol | p. 283 |
Role of the Security Server | p. 284 |
Extending Data Inspection with Content Security | p. 284 |
Content Security Changes for Feature Pack 3 | p. 315 |
CVP Load Sharing and Chaining | p. 316 |
Upgrading from VPN-1/FireWall-1 4.x | p. 316 |
Checklist: Key Points in Content Security and Content Vectoring Protocol | p. 316 |
SYNDefender | p. 319 |
TCP Three-Way Handshake | p. 320 |
SYN Flood Attack | p. 321 |
Denial of Service Attacks | p. 323 |
Using SYNDefender | p. 325 |
Feature Pack 3 Changes | p. 331 |
Checklist: Key Points in SYNDefender | p. 333 |
Encryption and Virtual Private Networks | p. 335 |
How Encryption Works | p. 336 |
Privacy | p. 337 |
Symmetric Encryption (Shared Key) | p. 338 |
Asymmetric Encryption | p. 340 |
Public Keys | p. 344 |
Creating Certificates | p. 345 |
VPN-1/FireWall-1 NG Encryption Schemes | p. 347 |
Internet Key Exchange (IKE) | p. 348 |
FWZ VPN-1/FireWall-1 NG Encryption Scheme | p. 351 |
Encryption Scheme Comparison | p. 351 |
Certificate Authorities (CA) | p. 352 |
Implementing Two-Gateway IKE Encryption Configuration | p. 357 |
VPN Community | p. 361 |
Extranet Manager | p. 372 |
VPN Routing | p. 374 |
NAT and VPN | p. 375 |
Checklist: Key Points in Encryption and Virtual Private Networks | p. 376 |
SecuRemote and SecureClient | p. 377 |
SecuRemote/SecureClient | p. 378 |
Secure Connections for Fiction Corporation Finance Gateway | p. 380 |
IKE or FWZ | p. 383 |
Routing Considerations | p. 384 |
Secure Domain Login | p. 385 |
Simplified Mode (FP2 and Above) | p. 385 |
Checklist: Key Points in SecuRemote and SecureClient | p. 389 |
Policy Server | p. 391 |
Policy Server Defined | p. 392 |
Client Encryption Rules | p. 400 |
Desktop Security Rule Base | p. 400 |
The SecureClient GUI | p. 402 |
Fiction Corporation | p. 405 |
Security Configuration Verification | p. 406 |
SecureClient for Mobile Devices | p. 407 |
Checklist: Key Points in Policy Server | p. 407 |
High Availability Module | p. 409 |
The Need for High Availability | p. 410 |
How High Availability Works | p. 410 |
Configuring High Availability | p. 412 |
Automatic MAC Address Configuration | p. 416 |
Using High Availability in Virtual Private Networks | p. 416 |
Nokia Firewall Appliance | p. 417 |
High Availability Enhancements | p. 417 |
Checklist: Key Points in High Availability Module | p. 418 |
Troubleshooting | p. 419 |
VPN-1/FireWall-1 NG Debugging Tools | p. 420 |
Using the Policy Editor in local Mode | p. 427 |
VPN Debugging | p. 427 |
The Methodology for Troubleshooting | p. 428 |
Make Sure the Server Is Up and Running | p. 429 |
IP Routing | p. 429 |
Secure Internal Communications | p. 431 |
Network Address Translation | p. 436 |
Content Vectoring Protocol Troubleshooting | p. 438 |
Too Many Hosts | p. 438 |
Application Related Issues | p. 440 |
DBEDIT | p. 441 |
Management Console Lockout | p. 443 |
And Finally ... It's NOT a Firewall Issue! | p. 443 |
Checklist: Key Points in Troubleshooting | p. 444 |
Malicious Activity Detection (MAD) and SmartDefense | p. 445 |
Malicious Activity Detection (MAD) | p. 446 |
Enabling MAD | p. 453 |
SmartDefense | p. 455 |
Checklist: Key Points in Malicious Activity Detection (MAD) | p. 469 |
Fiction Corporation's Initial Proposal | p. 471 |
Upgrading VPN-1/FireWall-1 NG from Previous Versions | p. 485 |
Nokia Upgrades | p. 487 |
Upgrade Verifier Utility | p. 491 |
Backing Up and Restoring VPN-1/FireWall-1 NG | p. 493 |
Backup and Restore on Nokia | p. 494 |
Backup and Restore VPN-1/ FireWall-1 NG Management Server | p. 495 |
Using the Check Point Wizard to Create a Security Policy | p. 497 |
Preparing to Use the Wizard | p. 498 |
Using the Rule Base Wizard | p. 498 |
Index | p. 509 |
Table of Contents provided by Ingram. All Rights Reserved. |