Home Page Icon
Home Page
Table of Contents for
Title Page
Close
Title Page
by J. Michael Stewart, Denise Kinsey
Network Security, Firewalls, and VPNs, 3rd Edition
Cover
Title Page
Copyright Page
Dedication
Brief Contents
Contents
Preface
Acknowledgments
About the Authors
CHAPTER 1 Fundamentals of Network Security
What Is Network Security?
What Is Trust?
Who—or What—Is Trustworthy?
What Are Security Objectives?
What Are You Trying to Protect?
Seven Domains of a Typical IT Infrastructure
Goals of Network Security
How Can You Measure the Success of Network Security?
Why Are Written Network Security Policies Important?
Planning for the Worst
Who Is Responsible for Network Security?
Enhancing the Security of Wired Versus Wireless LAN Infrastructures
Internal and External Network Issues
Common Network Security Components Used to Mitigate Threats
Hosts and Nodes
Firewalls
Virtual Private Networks
Proxy Servers
Network Address Translation
The Domain Name System
Directory Services
Intrusion Detection Systems and Intrusion Prevention Systems
Network Access Control
TCP/IP Basics
OSI Reference Model
Sub-Protocols
Headers and Payloads
Filtering on Addresses
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 1 ASSESSMENT
CHAPTER 2 Network Security Threats
Hackers and Their Motivation
Favorite Targets of Hackers
Threats from Internal Personnel and External Entities
The Hacking Process
Reconnaissance
Scanning
Enumeration
Attacking
Post-Attack Activities
Common IT Infrastructure Threats
Hardware Failures and Other Physical Threats
Natural Disasters
Accidents
Malicious Code (Malware)
Advanced Persistent Threat
Fast Growth and Overuse
Wireless Versus Wired
Eavesdropping
Hijack and Replay Attacks
Insertion Attacks
Fragmentation Attacks
Buffer Overflows
Session Hijacking, Spoofing, and Man-in-the-Middle Attacks
Session Hijacking
Spoofing Attacks
Man-in-the-Middle Attacks
Covert Channels
Network and Resource Availability Threats
Denial of Service (DoS)
Distributed Denial of Service (DDoS)
Hacker Tools
Social Engineering
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 2 ASSESSMENT
CHAPTER 3 Common Network Topologies and Infrastructures
What Is a Network Topology?
Types of Network Devices
What Differentiates Logical and Physical Topologies?
Types of Physical Topologies
Logical Topology
Creating Logical Topologies
Differences Between Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6)
IPSec and IPv6
Examples of Network Infrastructures and Related Security Concerns
Workgroups
SOHO Networks
Client/Server Networks
LAN Versus WAN
Thin Clients and Terminal Services
Remote Control, Remote Access, and VPN
Boundary Networks
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 3 ASSESSMENT
CHAPTER 4 Network Design Considerations
Network Design and Defense in Depth
Achieving Defense in Depth through Layering
Planning for Scalability
Working with Senior Management
Protocols
Common Types of Addressing
IPv6
Controlling Communication Pathways
Router Configuration
Encrypted Protocols
Physical Access Management
Filtering
Intrusion Detection Systems and Intrusion Prevention Systems
Hardening Systems
Equipment Selection
Authentication, Authorization, and Accounting
Communication Encryption
Hosts: Local-Only or Remote and Mobile
Redundancy
Endpoint Security
Clients
Servers
Routers
Switches
Firewalls and Proxies
Risk Assessment and Management
What Are Zones of Risk?
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 4 ASSESSMENT
CHAPTER 5 Firewall Fundamentals
What Is a Firewall?
What Firewalls Cannot Do
Why Do You Need a Firewall?
How Firewalls Work and What Firewalls Do
Types of Firewalls
Individual and SOHO Firewall Options
Managing the Firewall on an ISP Connection Device
Converting a Home Router into a Firewall
Uses for Host Software Firewalls
Examples of Software Firewall Products
Using Windows 10’s Host Software Firewall
Using a Linux Host Software Firewall
Uses for Commercial Software Network Firewalls
Uses for Hardware/Appliance Firewalls
Next-Generation Firewalls
What Are Virtual Firewalls?
Dual-Homed and Triple-Homed Firewalls
Ingress and Egress Filtering
Types of Filtering
Static Packet Filtering
Stateful Inspection and Dynamic Packet Filtering
Network Address Translation
Application Proxy
Circuit Proxy
Content Filtering
Selecting the Right Firewall for Your Needs
The Difference Between Buying and Building a Firewall
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 5 ASSESSMENT
CHAPTER 6 Firewall Implementation
Examining Your Network and Its Security Needs
What to Protect and Why
Preserving Privacy
Proper Firewall Implementation Procedure
Constructing, Configuring, and Managing a Firewall
pfSense
pfSense Requirements
Planning a Firewall Implementation with pfSense
Firewalling a Small Organization: Packet Filtering or Application-Level Firewall, a Proxy Implementation
Firewalling Medium and Large Organizations: Application-Level Firewall and Packet Filtering, a Hybrid System
Firewalling in a Subnet Architecture
Installing the pfSense Firewall
Configuring a Firewall with pfSense
Elements of Firewall Deployment
Testing and Troubleshooting
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 6 ASSESSMENT
CHAPTER 7 Firewall Deployment Considerations
Common Security Strategies for Firewall Deployments
Security Through Obscurity
Least Privilege
Simplicity
Defense in Depth
Diversity of Defense
Chokepoint
Weakest Link
Fail-Safe
Forced Universal Participation
Authentication, Authorization, and Accounting
Placement of Network Hardware Firewalls
Benefit and Purpose of Reverse Proxy
Use and Benefit of Port Forwarding
Considerations for Selecting a Bastion Host OS
Monitoring and Logging
Understanding and Interpreting Firewall Logs and Alerts
Intrusion Detection Systems and Intrusion Prevention Systems
Security Event and Information Management
Evaluating Needs and Solutions in Designing Security
What Happens When Security Gets in the Way of Doing Business?
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 7 ASSESSMENT
CHAPTER 8 Configuring Firewalls
Firewall Rules
Inbound and Outbound Communications
Access Control Lists
Composing Firewall Rules
Ordering Firewall Rules
What Should You Allow and What Should You Block?
Essential Elements of a Firewall Policy
Limitations of Firewalls
Improving Performance
The Downside of Encryption with Firewalls
Firewall Enhancements
Management Interfaces
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 8 ASSESSMENT
CHAPTER 9 VPN Fundamentals
What Is a Virtual Private Network?
What Are the Benefits of Deploying a VPN?
What Are the Limitations of a VPN?
What Are Effective VPN Policies?
VPN Deployment Models and Architecture
VPN Deployment Models
VPN Architectures
Tunnel Versus Transport Mode
The Relationship Between Encryption and VPNs
Symmetric Cryptography
Asymmetric Cryptography
Hashing
Establishing VPN Connections with Cryptography
Digital Certificates
What Is VPN Authentication?
What Is VPN Authorization?
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 9 ASSESSMENT
CHAPTER 10 VPN Management
VPN Management Best Practices
Build in Redundancy
Choose the Right VPN Product for Your Environment
Develop a VPN Policy
Prohibit Split Tunneling
Ensure Client Security
Practice Vulnerability Management
Use Multifactor Authentication
Document Your Implementation Plan
Monitor VPN Availability
Perform Regular Reviews, Backups, and Updates
Developing a VPN Policy
Developing a VPN Deployment Plan
Bypass Deployment
Internally Connected Deployment
DMZ-Based Implementation
VPN Threats and Exploits
Commercial Versus Open-Source VPNs
Differences Between Personal and Enterprise VPNs
Balancing Anonymity and Privacy
Protecting VPN Security to Support Availability
The Importance of User Training
VPN Troubleshooting
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 10 ASSESSMENT
CHAPTER 11 VPN Technologies
Differences Between Software and Hardware Solutions
Software VPNs
Hardware VPNs
Differences Between Layer 2 and Layer 3 VPNs
Internet Protocol Security (IPSec)
Layer 2 Tunneling Protocol (L2TP)
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
SSL/TLS and VPNs
Secure Shell (SSH) Protocol
Establishing Performance and Stability for VPNs
Performance
Stability
Using VPNs with Network Address Translation (NAT)
Types of Virtualization
Desktop Virtualization
SSL VPN Virtualization
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 11 ASSESSMENT
CHAPTER 12 VPN Implementation
Operating System–Based VPNs
VPN Appliances
Configuring a Typical VPN Appliance
Client-Side Configuration
Remote Desktop Protocol
Using Remote Control Tools
Using Remote Access
The Technology for Remote Use
Choosing Between IPSec and SSL/TLS Remote Access VPNs
Remote Desktop Services
RD RemoteApp
RD Web Access
RDS and Hosted Services
Microsoft DirectAccess
DMZ, Extranet, and Intranet VPN Solutions
Intranet VPNs
Extranet VPNs
Internet Café VPNs
Online Remote VPN Options
Security
Wake-on-LAN Support
File Sharing
Remote Printing
Mac and Mobile Device Support
The Tor Application
Planning a VPN Implementation
Download and Verify Installation Files
Installation Tips
Configuring OpenVPN
Running OpenVPN
Testing and Troubleshooting
OpenVPN Private Tunnel
VPN Implementation Best Practices
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 12 ASSESSMENT
CHAPTER 13 Firewall Security Management
Best Practices for Firewall Management
Security Measures in Addition to a Firewall
Mitigating Firewall Threats and Exploits
Concerns Related to Tunneling Through or Across a Firewall
Testing Firewall Security
Important Tools for Managing and Monitoring a Firewall
Troubleshooting Firewalls
Detecting Firewall Threats and Responding to Incidents
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 13 ASSESSMENT
CHAPTER 14 Best Practices for Network Security Management
Essentials of Network Security Management
Network Security Management Tools
Security Plan and Security Policy
Security Checklist
Limiting Network Access and Implementing Encryption
Physical Security
Techniques for Preventing and Deterring Incidents
Imposing Compartmentalization
Using Honeypots, Honeynets, and Padded Cells
Antivirus, Monitoring, and Other Host Security Controls
Backup and Recovery
User Training, Security Awareness, and Ongoing Education
Incident Response
Preparation
Detection and Analysis
Containment
Eradication
Recovery
Post-Incident Follow-Up
Fail-Secure, Fail-Open, and Fail-Close Options
Network Security Assessments and Testing
Security Assessment
Configuration Scans
Vulnerability Scanning
Penetration Testing
Post-Mortem Assessment Review
Change Management
Compliance Auditing
Network Security Troubleshooting
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 14 ASSESSMENT
CHAPTER 15 Emerging Technology and Regulatory Considerations
What the Future Holds for Network Security, Firewalls, and VPNs
Threats
Firewall Capabilities
Encryption
Authentication
Metrics
Focus
Securing the Cloud
Securing Mobile Devices
Internet of Things
Mobile IP
Bring Your Own Device (BYOD)
Resource Sites for Network Security, Firewalls, and VPNs
Firewall Vendors
Virtual Private Network Vendors
Network Security Websites
Network Security Magazine Websites
Tools for Network Security, Firewalls, and VPNs
Commercial Off-the-Shelf (COTS) Software
Open-Source Applications and Tools
The Vanishing Network Perimeter
The Impact of Ubiquitous Wireless and Mobile Connectivity
Making Wireless and Mobile Connectivity More Secure
Potential Uses of Security Technologies
Regulations and Compliance
Specialized Firewalls Available
Emerging Network Security Technologies
Data Leakage Prevention
Biometrics
Virtualization Security
IP Version 6
VPNs, Firewalls, and Virtualization
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 15 ASSESSMENT
APPENDIX A Answer Key
APPENDIX B Standard Acronyms
Glossary of Key Terms
References
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Copyright Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset