did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781597491181

Configuring Juniper Networks NetScreen and SSG Firewalls

by ; ; ;
  • ISBN13:

    9781597491181

  • ISBN10:

    1597491187

  • Format: Paperback
  • Copyright: 2007-01-25
  • Publisher: Elsevier Science
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $52.95 Save up to $36.09
  • Buy New
    $51.36
    Add to Cart Free Shipping Icon Free Shipping

    PRINT ON DEMAND: 2-4 WEEKS. THIS ITEM CANNOT BE CANCELLED OR RETURNED.

Supplemental Materials

What is included with this book?

Summary

Juniper Networks Secure Access SSL VPN appliances provide a complete range of remote access appliances for the smallest companies up to the largest service providers. This comprehensive configuration guide will allow system administrators and security professionals to configure these appliances to allow remote and mobile access for employees. If you manage and secure a larger enterprise, this book will help you to provide remote and/or extranet access for employees, partners, and customers from a single platform. . Configure Juniper's Instant Virtual Extranet (IVE) Install and set up IVE through either the command line interface (CLI) or Web-based console. . Master the "3 Rs": Realms, Roles, and Resources Realize the potential of the "3Rs" for endpoint security, sign-in policies, and authorization of servers. . Get Inside both the Windows and Java Versions of Secure Application Manager (SAM) Learn to implement SAM, manage the end-user experience, and troubleshoot SAM in the field. . Integrate IVE with Terminal Services and Citrix Enable terminal services proxy and configure role options, configure Citrix using a custom ICA, configure terminal services resource policies and profiles, and configure terminal services and Citrix using a hosted Java applet. . Ensure Endpoint Security Use Host Checker, Cache Cleaner, Secure Virtual Workspace, and IVE/IDP integration to secure your network. . Manage the Remote Access Needs of Your Organization Configure Web access, file access and telnet/SSH access for remote users and offices. . Configure Core Networking Components through the System Menu Create clusters, manage virtual systems, and monitor logs, reports, and alerts. . Create Bullet-Proof Sign-in Policies Create standard and custom sign-in pages for both user and administrator access and Secure Meeting pages. . Use the IVE for Log-Related Tasks Perform log filtering, log management, syslog exporting, SNMP management, and system resource monitoring and reporting.

Table of Contents

Foreword xiii
Networking, Security, and the Firewall
1(48)
Introduction
2(1)
Understanding Networking
3(14)
The OSI Model
3(3)
Moving Data along with TCP/IP
6(11)
Understanding Security Basics
17(9)
Understanding Firewall Basics
26(18)
Types of Firewalls
26(5)
Firewall Ideologies
31(1)
DMZ Concepts
31(4)
Traffic Flow Concepts
35(3)
Networks with and without DMZs
38(3)
DMZ Design Fundamentals
41(1)
Designing End-to-End Security for Data Transmission between Hosts on the Network
42(1)
Traffic Flow and Protocol Fundamentals
43(1)
Summary
44(1)
Solutions Fast Track
45(1)
Frequently Asked Questions
46(3)
Dissecting the Juniper Firewall
49(40)
Introduction
50(1)
The Juniper Security Product Offerings
51(6)
Juniper Firewalls
52(1)
SSL VPN
53(1)
Intrusion Detection and Prevention
54(2)
Unified Access Control (UAC)
56(1)
The Juniper Firewall Core Technologies
57(6)
Zones
57(1)
Virtual Routers
57(1)
Interface Modes
58(1)
Policies
58(1)
VPN
59(1)
Intrusion Prevention
59(2)
Device Architecture
61(2)
The NetScreen and SSG Firewall Product Line
63(22)
Product Line
63(22)
Summary
85(1)
Solutions Fast Track
86(1)
Frequently Asked Questions
87(2)
Deploying Juniper Firewalls
89(68)
Introduction
90(1)
Managing Your Juniper Firewall
90(41)
Juniper Management Options
91(2)
Administrative Users
93(2)
The Local File System and the Configuration File
95(4)
Using the Command Line Interface
99(4)
Using the Web User Interface
103(1)
Securing the Management Interface
104(14)
Updating ScreenOS
118(1)
System Recovery
119(2)
Configuring Your Firewall for the First Time
121(1)
Types of Zones
122(1)
Virtual Routers
123(1)
Types of Interfaces
123(3)
Configuring Security Zones
126(5)
Configuring Your Firewall for the Network
131(11)
Binding an Interface to a Zone
132(1)
Setting Up IP Addressing
133(1)
Configuring the DHCP Client
133(1)
Using PPPoE
133(2)
Interface Speed Modes
135(1)
Port Mode Configuration
136(1)
Bridge Groups
137(3)
Configuring Basic Network Routing
140(2)
Configuring System Services
142(11)
Setting the Time
143(2)
DHCP Server
145(2)
DNS
147(2)
SNMP
149(2)
Syslog
151(1)
Web Trends
152(1)
Resources
153(1)
Summary
154(1)
Solutions Fast Track
154(2)
Frequently Asked Questions
156(1)
Policy Configuration
157(34)
Introduction
158(1)
Firewall Policies
158(9)
Theory of Access Control
160(2)
Types of Juniper Policies
162(2)
Policy Checking
164(2)
Getting Ready to Make a Policy
166(1)
Policy Components
167(9)
Zones
167(1)
Address Book Entries
168(4)
Services
172(4)
Creating Policies
176(11)
Creating a Policy
177(10)
Summary
187(1)
Solutions Fast Track
187(1)
Frequently Asked Questions
188(3)
Advanced Policy Configuration
191(42)
Introduction
192(1)
Traffic-Shaping Fundamentals
192(5)
The Need for Traffic Shaping
192(3)
How Traffic Shaping Works
195(1)
Choosing the Traffic-Shaping Type
196(1)
Deploying Traffic Shaping on Juniper Firewalls
197(18)
Methods to Enforce Traffic Shaping
197(5)
Traffic-Shaping Mechanics
202(3)
Traffic-Shaping Examples
205(10)
Advanced Policy Options
215(13)
Counting
216(6)
Scheduling
222(6)
Summary
228(1)
Solutions Fast Track
228(2)
Frequently Asked Questions
230(3)
User Authentication
233(60)
Introduction
234(1)
User Account Types
234(35)
Authentication Users
239(13)
Internal Authentication Server
252(1)
Configuring the Local Authentication Server
253(1)
External Authentication Servers
254(15)
Policy-Based User Authentication
269(8)
Explanation of Policy-Based Authentication
269(1)
Configuring Policies with User Auth
270(7)
802.1x Authentication
277(7)
Components of 802.1x
278(6)
Enhancing Authentication
284(5)
Firewall Banner Messages
284(3)
Group Expressions
287(2)
Summary
289(1)
Solutions Fast Track
289(2)
Frequently Asked Questions
291(2)
Routing
293(106)
Introduction
294(1)
Virtual Routers
294(19)
Virtual Routers on Juniper Firewalls
295(3)
Routing Selection Process
298(1)
Equal Cost Multiple Path
299(1)
Virtual Router Properties
300(6)
Route Maps and Access Lists
306(5)
Route Redistribution
311(1)
Importing and Exporting Routes
311(2)
Static Routing
313(8)
Using Static Routes on Juniper Firewalls
314(7)
Routing Information Protocol
321(14)
RIP Overview
322(10)
RIP Informational Commands
332(3)
Open Shortest Path First
335(19)
Concepts and Terminology
336(5)
Configuring OSPF
341(9)
OSPF Informational Commands
350(4)
Border Gateway Protocol
354(21)
Overview of BGP
354(4)
Configuring BGP
358(14)
BGP Informational Commands
372(3)
Route Redistribution
375(8)
Redistributing Routes in the Juniper Firewall
375(1)
Redistributing Routes between Routing Protocols
376(4)
Redistributing Routes into BGP
380(3)
Policy-Based Routing
383(10)
Components of PBR
383(10)
Summary
393(1)
Solutions Fast Track
393(3)
Frequently Asked Questions
396(3)
Address Translation
399(58)
Introduction
400(1)
Overview of Address Translation
400(4)
Port Address Translation
401(1)
Advantages of Address Translation
402(1)
Disadvantages of Address Translation
403(1)
Juniper NAT Overview
404(1)
Juniper Packet Flow
405(1)
Source NAT
406(22)
Interface-Based Source Translation
407(2)
MIP
409(8)
Policy-Based Source NAT
417(11)
Destination NAT
428(18)
Policy-Based Destination NAT
433(13)
Summary
446(1)
Links to Sites
446(1)
Solutions Fast Track
446(3)
Frequently Asked Questions
449(8)
Transparent Mode
457(22)
Introduction
458(1)
Interface Modes
458(1)
Understanding How Transport Mode Works
459(3)
Configuring a Device to Use Transport Mode
462(4)
Transparent Mode Deployment Options
466(10)
Summary
476(1)
Solutions Fast Track
477(1)
Frequently Asked Questions
478(1)
Attack Detection and Defense
479(72)
Introduction
480(1)
Understanding Attacks
480(3)
Old Root Causes, New Attacks
482(1)
Unified Threat Management
482(1)
Vulnerability Databases
482(1)
Bug Databases
483(1)
Common Name Dictionary
483(1)
The Juniper Security Research Team
483(4)
Understanding the Anatomy of an Attack
484(1)
The Three Phases of a Hack
484(1)
Script Kiddies
484(1)
Black Hat Hackers
485(2)
Worms, Viruses, and Other Automated Malware
487(11)
Configuring Screen Settings
490(7)
UDP Data Rate Limiting
497(1)
TCP/IP Protocol Anomaly Detection
498(12)
Applying Deep Inspection
501(2)
Deep Inspection Concepts
503(2)
Deep Inspection Planning
505(2)
Getting the Database
507(3)
Using Attack Objects
510(28)
Setting Up Content Filtering
524(1)
Web Filtering
524(8)
Antivirus
532(6)
Antivirus Rules
538(2)
Understanding Application Layer Gateways
540(3)
Applying Best Practices
542(1)
Defense-in-Depth
542(1)
Zone Isolation
542(1)
Egress Filtering
543(1)
Explicit Permits, Implicit Denies
543(1)
Retain Monitoring Data
543(1)
Keeping Systems Updated
543(1)
Summary
544(1)
Solutions Fast Track
545(6)
Frequently Asked Questions
548(3)
VPN Theory and Usage
551(36)
Introduction
552(4)
Understanding IPSec
552(1)
IPSec Modes
553(1)
Protocols
553(2)
Key Management
555(1)
Security Associations
556(1)
IPSec Tunnel Negotiations
556(3)
Phase 1
557(1)
Phase 2
558(1)
Public Key Cryptography
559(2)
PKI
560(1)
Certificates
560(1)
CRLs
561(1)
How to Use VPNs in NetScreen Appliances
561(15)
Site-to-Site VPNs
561(2)
Policy-Based VPNs
563(6)
Route-Based VPNs
569(1)
Dial-Up VPNs
569(6)
L2TP VPNs
575(1)
Advanced VPN Configurations
576(4)
VPN Monitoring
577(1)
Gateway Redundancy
578(1)
Back-to-Back VPNs
579(1)
Hub and Spoke VPNs
579(1)
Multitunnel Interfaces
580(1)
Summary
580(1)
Solutions Fast Track
581(3)
Links to Sites
584(1)
Mailing Lists
584(1)
Frequently Asked Questions
584(3)
High Availability
587(102)
Introduction
588(1)
The Need for High Availability
588(1)
High-Availability Options
589(2)
Improving Availability Using NetScreen SOHO Appliances
591(17)
Failing Over between Interfaces
592(1)
Using Dual Untrust Interfaces to Provide Redundancy
592(5)
Falling Back to Dial-Up
597(4)
Restricting Policies to a Subset When Using the Serial Interface
601(1)
Using IP Tracking to Determine Failover
601(3)
Monitoring VPNs to Determine Failover
604(4)
Introducing the NetScreen Redundancy Protocol
608(5)
Virtualizing the Firewall
608(2)
Understanding NSRP States
610(2)
The Value of Dual HA Links
612(1)
Building an NSRP Cluster
613(11)
Connecting the Firewalls Directly to the Routers
613(2)
Connecting the Firewalls to Routers via Switches
615(1)
Cabling for a Full-Mesh Configuration
616(1)
Using Directly Connected HA Links
617(1)
Connecting HA Links via Switches
618(1)
Adding a NetScreen to an NSRP Cluster
619(2)
Synchronizing the Configuration
621(3)
Determining When to Fail Over: The NSRP Ways
624(14)
Using NSRP Heartbeats
624(2)
Using Optional NSRP Monitoring
626(1)
Using NSRP Interface Monitoring
627(2)
Using NSRP Zone Monitoring
629(1)
Using NSRP IP Tracking
630(8)
Reading the Output from get nsrp
638(3)
Looking into an NSRP Cluster
638(3)
Using NSRP-Lite on Midrange Appliances
641(11)
Basic NSRP-Lite Usage
642(4)
Working with Local Interfaces in an NSRP-Lite Setup
646(6)
Creating Redundant Interfaces
652(2)
Taking Advantage of the Full NSRP
654(16)
Synchronizing State Using RTO Mirroring
655(2)
Setting Up an Active / Active Cluster
657(7)
Implementing a Full-Mesh Active/Active Setup
664(6)
Failing Over
670(3)
Failing Over Virtual Systems
671(2)
Avoiding the Split-Brain Problem
673(1)
Avoiding the No-Brain Problem
674(2)
Configuring HA through NSM
676(6)
Creating a Cluster
676(1)
Adding Members to the Cluster
677(3)
Configuring NSRP Parameters
680(2)
Configuring VSD
682(1)
Summary
682(1)
Solutions Fast Track
683(4)
Frequently Asked Questions
687(2)
Troubleshooting the Juniper Firewall
689(36)
Introduction
690(1)
Troubleshooting Methodology
690(2)
Troubleshooting Tools
692(14)
Network Troubleshooting
706(1)
Debugging the Juniper Firewall
706(6)
Debugging NAT
712(1)
Debugging VPNs
713(2)
Policy-Based VPNs
714(1)
Route-Based VPNs
714(1)
Debugging NSRP
715(1)
Debugging Traffic Shaping
715(2)
NetScreen Logging
717(3)
Traffic
717(1)
Self
718(1)
Event
718(2)
Summary
720(1)
Solutions Fast Track
720(3)
Frequently Asked Questions
723(2)
Virtual Systems
725(20)
Introduction
726(1)
What Is a Virtual System?
726(2)
Virtual System Components
726(2)
How Virtual Systems Work
728(1)
Classifying Traffic
728(1)
Virtual System Administration
729(1)
Configuring Virtual Systems
729(10)
Creating a Virtual System
729(2)
Network Interfaces
731(8)
Virtual System Profiles
739(2)
Summary
741(1)
Solutions Fast Track
742(1)
Frequently Asked Questions
743(2)
Index 745

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program