Inside Network Perimeter Security : The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems,9780735712324

Inside Network Perimeter Security : The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems

by ; ; ; ;
Edition: 1st
ISBN13: 9780735712324
ISBN10: 0735712328
Format: Paperback
Pub. Date: 2002-01-01
Publisher(s): Sams
Upgraded Edition: Click here!
List Price: $53.49

Rent Textbook

Select for Price
Add to Cart
There was a problem. Please try again later.

New Textbook

We're Sorry
Sold Out

Used Textbook

We're Sorry
Sold Out

eTextbook

We're Sorry
Not Available

Buy from our Marketplace starting at $5.50

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

This book is the authoritative guide for designing, deploying, and managing sound perimeter defense solutions. It covers a wide range of network security technologies and explains how they relate to each other. The reader is walked through real-world scenarios that incorporate popular commercial and freely available products to better explain when one type of a solution is preferred over another.

Author Biography

Karen Kent Frederick is a senior security engineer for the Rapid Response Team at NFR Security.

Table of Contents

I Perimeter Fundamentals 1(124)
Perimeter Security Fundamentals
3(20)
Terms of the Trade
4(3)
Defense in Depth
7(12)
Case Study: Defense in Depth in Action
19(1)
Summary
20(3)
Packet Filtering
23(32)
TCP/IP Primer: How Packet Filtering Works
24(2)
The Cisco Router as a Packet Filter
26(3)
Effective Uses of Packet-Filtering Devices
29(13)
Problems with Packet Filters
42(7)
Dynamic Packet Filtering and the Reflexive Access List
49(5)
Summary
54(1)
References
54(1)
Stateful Firewalls
55(30)
How a Stateful Firewall Works
55(2)
The Concept of State
57(12)
Stateful Filtering and Stateful Inspection
69(14)
Summary
83(1)
Reference
84(1)
Proxy Firewalls
85(18)
Fundamentals
85(4)
Types of Proxies
89(1)
Proxy or Application Gateway Firewalls
90(3)
Protocol Issues for Proxies
93(3)
Tools for Proxying
96(4)
Summary
100(1)
References
101(2)
Security Policy
103(22)
Firewalls Are Policy
104(8)
How to Develop Policy
112(8)
Perimeter Considerations
120(3)
Summary
123(1)
References
124(1)
II Extending the Perimeter 125(170)
The Role of a Router
127(34)
The Router as a Perimeter Device
128(5)
The Router as a Security Device
133(10)
Router Hardening
143(15)
Summary
158(3)
Network Intrusion Detection
161(24)
Network Intrusion Detection Basics
161(9)
The Roles of Network IDS in a Perimeter Defense
170(4)
IDS Sensor Placement
174(5)
Case Studies
179(5)
Summary
184(1)
Virtual Private Networks
185(46)
VPN Basics
186(4)
Advantages and Disadvantages of VPNs
190(6)
IPSec Basics
196(25)
Other VPN Protocols: PPTP and L2TP
221(7)
Summary
228(1)
References
229(2)
Host Hardening
231(22)
Levels of Hardening
231(2)
Hardening Against Local Attacks
233(7)
Hardening Against Network Attacks
240(7)
Hardening Against Application Attacks
247(3)
Additional Hardening Guidelines
250(2)
Summary
252(1)
Host Defense Components
253(42)
Hosts and the Perimeter
254(4)
Anti-Virus Software
258(5)
Host-Centric Firewalls
263(17)
Host-Based Intrusion Detection
280(10)
Challenges of Host Defense Components
290(2)
Summary
292(1)
References
293(2)
III Perimeter Design 295(164)
Design Fundamentals
297(26)
Gathering Design Requirements
298(14)
Design Elements
312(9)
Summary
321(1)
References
322(1)
Separating Resources
323(32)
Security Zones
324(9)
Common Design Elements
333(15)
VLAN-Based Separation
348(4)
Summary
352(1)
References
353(2)
Software Architecture
355(24)
Software Architecture and Network Defense
356(2)
How Software Architecture Affects Network Defense
358(5)
Software Component Placemen
363(3)
Identifying Potential Software Architecture Issues
366(2)
Software Testing
368(2)
Network Defense Design Recommendations
370(1)
Case Study: Customer Feedback System
371(3)
Case Study: Web-Based Online Billing Application
374(2)
Summary
376(1)
References
377(2)
VPN integration
379(26)
Secure Shell
380(5)
Secure Sockets Layer
385(5)
Remote Desktop Solutions
390(4)
IPSec
394(4)
Other VPN Considerations
398(1)
VPN Design Case Study
399(5)
Summary
404(1)
Tuning the Design for Performance
405(28)
Performance and Security
405(4)
Network Security Design Elements that Impact performance
409(12)
Impact of Encryption
421(7)
Using Load Balancing to Improve Performance
428(3)
Summary
431(1)
References
432(1)
Sample Designs
433(26)
Review of Security Design Criteria
434(2)
Case Studies
436(20)
Summary
456(3)
IV Perimeter Assessment 459(174)
Maintaining a Security Perimeter
461(32)
System and Network Monitoring
462(16)
Incident Response
478(5)
Accommodating Change
483(7)
Summary
490(1)
References
491(2)
Network Log Analysis
493(24)
The Importance of Network Log Files
494(5)
Log Analysis Basics
499(7)
Analyzing Router Logs
506(2)
Analyzing Network Firewall Logs
508(3)
Analyzing Host-Centric Firewall and IDS Logs
511(4)
Summary
515(2)
Troubleshooting Defense Components
517(32)
The Process of Troubleshooting
518(3)
Troubleshooting Rules of Thumb
521(2)
The Troubleshooter's Toolbox
523(23)
Summary
546(1)
References
547(2)
Assessment Techniques
549(30)
External Assessment
550(18)
Internal Assessment
568(7)
Summary
575(2)
References
577(2)
Design Under Fire
579(34)
The Hacker Approach to Attacking Networks
580(1)
Adversarial Review
580(3)
GIAC GCFW Student Practical Designs
583(27)
Summary
610(1)
References
611(2)
Importance of Defense in Depth
613(20)
Castles: An Example of Defense-in-Depth Architecture
614(10)
Absorbent Perimeters
624(4)
Defense in Depth with Information
628(3)
Summary
631(2)
V Appendixes 633(23)
A Cisco Access List Sample Configurations
635(10)
Complete Access List for a Private ONLY Network
635(4)
Complete Access List for a Screened Subnet Network that Allows Public Server Internet Access
639(6)
B Crypto 101
645(6)
Encryption Algorithms
646(4)
Summary
650(1)
References
650(1)
C Network Air Gaps
651(5)
A Case for Air Gaps
651(2)
Defining NAGs
653(2)
Using Air Gaps in Conjunction with Firewalls
655(1)
Implementing NAGs
656(1)
Summary
656

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.