Muutke küpsiste eelistusi

E-raamat: CheckPoint NG VPN 1/Firewall 1: Advanced Configuration and Troubleshooting

3.67/5 (11 hinnangut Goodreads-ist)
  • Formaat: PDF+DRM
  • Ilmumisaeg: 11-May-2003
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9780080476469
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 39,51 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CheckPoint NG VPN 1/Firewall 1: Advanced Configuration and TroubleshootingSuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 11-May-2003
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9780080476469
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Check Point Software Technologies is the worldwide leader in securing the Internet. The company's Secure Virtual Network (SVN) architecture provides the infrastructure that enables secure and reliable Internet communications. Check Point recently announced a ground-breaking user interface that meets the industry's next generation Internet security requirements, including simplified security management for increasingly complex environments. Built upon Check Point's Secure Virtual Network (SVN) architecture, the Next Generation User Interface revolutionizes the way security administrators define and manage enterprise security by further integrating management functions into a security dashboard and creating a visual picture of security operations. The Next Generation User Interface delivers unparalleled ease-of-use, improved security and true end-to-end security management. Check Point's revenues have more than doubled in each of the last two years, while capturing over 50% of the VPN market and over 40% of the firewall market according to IDC Research. The explosive growth of the company is further evidenced by over 29,000 IT professionals becoming Check Point Certified so far. This book will be the complimentary to Syngress' best-selling Check Point Next Generation Security Administration, which was a foundation-level guide to installing and configuring Check Point NG. This book will assume that readers have already mastered the basic functions of the product and they now want to master the more advanced security and VPN features of the product. Written by a team of Check Point Certified Instructors (the most prestigious Check Point certification) this book will provide readers with a complete reference book to Check Point NG and advanced case studies that illustrate the most difficult to implement configurations. Although not a Study Guide, this book will cover all of the objectives on Check Point's CCSE Exam.

Muu info

The reader will learn to design and configure a Virtual Private Network (VPN). The reader will learn to configure Check Point NG for High Availability (HA), which is the ability of a system to perform its function continuously (without interruption) for a significantly longer period of time than the reliabilities of its individual components would suggest. The reader will learn to use SeucureUpdate, which allows them to perform simultaneous, secure, enterprise-wide software updates.
Foreword xxix
FW-1 NG Operational Changes
1(22)
Introduction
2(1)
Static NAT Changes from 4.x to NG
2(9)
Server-Side NAT
4(2)
Version 4.x Destination Static NAT
6(2)
How It Really Works
8(1)
Client-Side NAT
9(1)
How It Really Works
10(1)
Bidirectional NAT
11(1)
Automatic ARP
11(3)
When ARP Is Automatic
13(1)
When ARP Is Manual
13(1)
Upgrading 4.x to NG
14(4)
The 4.x Upgrade Process
16(1)
When to Rebuild
16(2)
Summary
18(1)
Solutions Fast Track
19(1)
Frequently Asked Questions
20(3)
Smart Clients
23(38)
Introduction
24(1)
SmartDashboard
24(15)
What's New in NG SmartDashboard?
25(1)
New Panes
25(3)
New Policy Tabs
28(1)
New Menu Items and Toolbars
29(2)
New Object Types
31(3)
The Extended Object Properties Screen
34(1)
Extended Administrator Access
34(1)
A GUI Overview of New FP3 Features
35(1)
The New Policy Installation Interface
36(2)
Using Sections in the Security Rule Base
38(1)
Version Control with Database Revision Control
38(1)
SmartView Status
39(4)
What's New in SmartView Status?
39(1)
The Panes
39(3)
Changes in the Menu and the Toolbar
42(1)
Highlights of SmartView Status
42(1)
Disconnecting a Client
42(1)
Other Fancy Features
43(1)
SmartView Tracker
43(5)
What's New in SmartView Tracker?
43(1)
The Panes
43(2)
Menu Changes
45(1)
Highlights From the SmartView Tracker
45(1)
Remote File Management
45(1)
View in SmartDashboard
46(1)
Command-Line Options
46(2)
SmartView Monitor
48(5)
Installation
48(1)
The Interface
48(1)
Traffic Monitoring
49(1)
Monitor Using Check Point System Counters
49(1)
Monitor by Service
50(1)
Monitor Using Network Objects
51(1)
Monitor by QoS
51(1)
Monitor Using Top Firewall Rules
51(1)
Monitor Using Virtual Links
52(1)
Generating Reports
53(1)
Check Point Systems Counter Reports
53(1)
Traffic Reports
53(1)
User Monitor
53(3)
The Interface
54(1)
Managing Queries
55(1)
Summary
56(1)
Solutions Fast Track
57(1)
Frequently Asked Questions
58(3)
Advanced Authentication
61(64)
Introduction
62(1)
Active Directory
62(34)
Setting Up Active Directory for FireWall-1 Authentication
63(1)
Active Directory Installation and Basic Configuration
64(5)
Enabling LDAP Over SSL
69(3)
Delegation of Control
72(1)
Active Directory Schema Management
73(3)
Extending Your Schema
76(3)
Enabling SSL Communication Between VPN-1/FireWall-1 and Active Directory
79(2)
Setting Up the Firewall for AD Authentication
81(1)
Configuring Global Properties for Active Directory
82(1)
Defining the Active Directory Account Unit
83(6)
Configuring LDAP Administrators
89(1)
User Management on Active Directory
90(2)
Configuring the Rule Base
92(2)
Troubleshooting
94(1)
Suggested Uses of MS-AD Authentication
95(1)
Standard LDAP
96(9)
Setting Up the LDAP for FireWall-1 Authentication
97(2)
Setting Up the Firewall for LDAP Authentication
99(3)
Defining a New User
102(2)
Suggested Uses of LDAP Authentication
104(1)
RADIUS
105(5)
Setting Up the Firewall for RADIUS Authentication
106(2)
Setting Up RADIUS for FireWall-1 Authentication
108(1)
Suggested Uses of RADIUS Authentication
109(1)
TACACS+
110(4)
Setting Up the Firewall for TACACS+ Authentication
111(1)
Setting Up TACACS+ for FireWall-1 Authentication
112(2)
Suggested Uses of TACACS+ Authentication
114(1)
General User Management
114(7)
Self-Service User Management with ADSI
117(4)
Summary
121(1)
Solutions Fast Track
122(1)
Frequently Asked Questions
123(2)
Advanced VPN Concepts
125(32)
Introduction
126(1)
What Are SEP and MEP?
126(5)
Sample Scenario
128(1)
Exploring SEP
129(2)
Exploring MEP
131(1)
SEP Configuration Examples
131(4)
Scenario One
131(1)
Scenario Two
132(3)
MEP Configuration Examples
135(11)
Scenario One
135(5)
Setup of New York Firewall
140(2)
Setup of San Diego Firewall
142(4)
Combinations of MEP and SEP
146(1)
VPN Modes
146(4)
Transparent Mode
147(1)
Connect Mode
147(3)
Routing Between VPN Connections
150(1)
Dynamic IP Address VPN Connections
151(2)
Summary
153(1)
Solutions Fast Track
153(2)
Frequently Asked Questions
155(2)
Advanced VPN Client Installations
157(34)
Introduction
158(1)
The Difference Between SecuRemote and SecureClient
158(1)
Using DNSInfo Files
159(1)
Encrypting Internal Traffic
160(1)
Using SR/SC from Behind a CP-FW-1 System
161(2)
Using SecureClient
163(2)
Creating Rules for Internal Connections to Remote Clients
165(1)
Examples of Common Deployments
166(8)
L2TP Tunnels Terminating on a Check Point FP3 Box
174(7)
Office Mode SecureClient
181(1)
FP3 Clientless VPNs
182(3)
Summary
185(1)
Solutions Fast Track
185(3)
Frequently Asked Questions
188(3)
High Availability and Clustering
191(114)
Introduction
192(1)
Designing Your Cluster
192(9)
Why Do You Need a Cluster?
192(1)
Resilience
192(1)
Increased Capacity
193(1)
High Availability or Load Sharing?
193(1)
Load Sharing
193(1)
High Availability
193(1)
Clustering and Check Point
193(1)
Operating System Platform
193(1)
Clustering and Stateful Inspection
194(1)
Desire for Stickiness
194(1)
Location of Management Station
194(1)
A Management Station on a Cluster-Secured Network
195(1)
Management Station on Internal Network
196(2)
Connecting the Cluster to Your Network: Hubs or Switches?
198(1)
FireWall-1 Features, Single Gateways vs. Clusters: The Same, But Different
198(1)
Network Address Translation
199(1)
Security Servers
199(1)
Remote Authentication Servers
200(1)
External VPN Partner Configuration
200(1)
Installing FireWall-1 NG FP3
201(6)
Checking the Installation Prerequisites
201(1)
Installation Options
202(1)
Installation Procedure
202(5)
Check Point ClusterXL
207(44)
Configuring ClusterXL in HA New Mode
208(1)
Prerequisites for Installing ClusterXL in HA New Mode
208(1)
Configuration of ClusterXL HA New Mode
209(15)
Testing ClusterXL in HA New Mode
224(1)
Test 1: Pinging the Virtual IP Address of Each Interface
224(1)
Test 2: Using SmartView Status to Examine the Status of the Cluster Members
224(1)
Test 3: FTP Session Through the Cluster When an Interface Fails
225(1)
Command-Line Diagnostics on ClusterXL
226(3)
How Does ClusterXL HA New Mode Work?
229(2)
ClusterXL HA New Mode Failover
231(3)
ClusterXL Failover Conditions
234(3)
Special Considerations for ClusterXL in HA New Mode
237(1)
Network Address Translation
237(2)
Configuring ClusterXL in HA Legacy Mode
239(2)
Configuring ClusterXL in Load-Sharing Mode
241(1)
Prerequisites for Configuring ClusterXL in Load-Sharing Mode
241(1)
Configuration of ClusterXL in Load-Sharing Mode
242(1)
Testing ClusterXL in Load-Sharing Mode
242(1)
Test 1: Pinging the Virtual IP Address for Each Interface
242(1)
Test 2: Using SmartView Status to Examine the Status of the Cluster Members
242(1)
Test 3: FTPing Through ClusterXL Load Sharing During Failover
243(1)
Command-Line Diagnostics for ClusterXL
244(3)
How ClusterXL Works in Load-Sharing Mode
247(2)
ClusterXL Load-Sharing Mode Failover
249(2)
Special Considerations for ClusterXL in Load-Sharing Mode
251(1)
Network Address Translation
251(1)
User Authentication and One-Time Passcodes
251(1)
Nokia IPSO Clustering
251(24)
Nokia Configuration
251(2)
A Few Points About Installing an Initial Configuration of NG FP3 on Nokia IPSO
253(1)
Check Point FireWall-1 Configuration for a Nokia Cluster
254(1)
Configuring the Gateway Cluster Object
254(4)
Nokia Cluster Configuration on Voyager
258(1)
Voyager Configuration
258(5)
Testing the Nokia Cluster
263(1)
Test 1: Pinging the Virtual IP Address of Each Interface
263(1)
Test 2: Determining the Status of Each Member in the Cluster
264(1)
Test 3: FTPing Through a Load-Sharing Nokia Cluster During Interface Failure
265(2)
Command-Line Stats
267(2)
How Nokia Clustering Works
269(3)
Nokia Cluster Failover
272(1)
Nokia Failover Conditions
273(1)
Special Considerations for Nokia Clusters
273(1)
Network Address Translation
274(1)
Defining the Cluster Object Topology
274(1)
Nokia IPSO VRRP Clusters
275(12)
Nokia Configuration
275(2)
Nokia VRRP Configuration on Voyager
277(1)
Voyager Configuration
277(4)
Testing the Nokia VRRP Cluster
281(1)
Test 1: Pinging the Virtual IP Address for Interface
281(1)
Test 2: Finding Which Member Responds to Administrative Connections to the VIPs
282(1)
Test 3: Determining the Status of Each Member in the Cluster
282(1)
Test 4: FTPing Through a VRRP Cluster During Interface Failure
282(1)
Command-Line Stats
283(1)
How VRRP Works
284(2)
Special Considerations for Nokia VRRP Clusters
286(1)
Network Address Translation
286(1)
Connections Originating from a Single Member in the Cluster
287(1)
Third-Party Clustering Solutions
287(1)
Clustering and HA Performance Tuning
287(10)
Data Throughput or Large Number of Connections
288(1)
Improving Data Throughput
288(2)
Improving for Large Number of Connections
290(6)
Final Tweaks to Get the Last Drop of Performance
296(1)
Summary
297(1)
Solutions Fast Track
298(3)
Frequently Asked Questions
301(4)
SecurePlatform
305(44)
Introduction
306(1)
The Basics
306(20)
Installation
306(1)
Configuration
307(1)
Web User Interface Configuration
308(6)
Command-Line Configuration
314(7)
CPShell
321(2)
Backup and Restore
323(1)
Applying OS and Application Updates
324(2)
Adding Hardware to SecurePlatform
326(12)
Adding Memory
326(1)
Adding NICs
327(1)
Adding a Second Processor
328(1)
Configuring SecurePlatform for a Second Processor
329(3)
Adding Hard Drives
332(6)
FireWall-1 Performance Counters
338(6)
Firewall Commands
338(1)
cpstat
338(2)
fw ctl pstat
340(2)
vpn tu
342(1)
fwaccel
342(2)
Summary
344(1)
Solutions Fast Track
344(1)
Frequently Asked Questions
345(4)
SmartCenter Management Server, High Availability and Failover, and SMART Clients
349(30)
Introduction
350(1)
SmartCenter Server: The Roles of a Management Server
350(2)
Internal Certificate Authority
352(1)
VPN Certificates
352(1)
Management Server Backup Options
352(2)
Protecting the Configuration
353(1)
Enforcement Point Functions
353(1)
Logging
354(1)
Installing a Secondary Management Server
354(4)
SMART Clients
358(16)
SMART Client Functions
359(1)
SMART Client Login
359(3)
SmartDashboard
362(1)
SmartDefense
363(2)
SmartView Status
365(1)
SmartView Tracker
366(1)
SmartView Monitor
366(1)
User Monitor
367(1)
SmartUpdate
367(7)
Summary
374(1)
Solutions Fast Track
374(2)
Frequently Asked Questions
376(3)
Integration and Configuration of CVP / UFP
379(22)
Introduction
380(1)
Using CVP for Virus Scanning E-Mail
380(8)
Configuring CVP
380(1)
A Generic CVP Solution
381(6)
Troubleshooting CVP
387(1)
URL Filtering for HTTP Content Screening
388(7)
Setting Up URL Filtering with UFP
389(6)
Using Screening without CVP
395(2)
Summary
397(1)
Solutions Fast Track
397(1)
Frequently Asked Questions
398(3)
SecureClient Packaging Tool
401(24)
Introduction
402(2)
Installing the SecureClient Packaging Tool
403(1)
Installing by Default
403(1)
Installing Explicitly
403(1)
Starting the SecureClient Packaging Tool
403(1)
Creating a Profile
404(12)
The Welcome Window
404(1)
The General Window
405(1)
The Connect Mode Window
406(1)
Transparent Mode
407(1)
Connect Mode
407(1)
Mode Transition
408(1)
The SecureClient Window
408(1)
The Additional Options Window
409(1)
The Topology Window
410(2)
The Certificates Window
412(1)
The Silent Installation Window
413(1)
The Installation Options Window
414(1)
The Operating System Logon Window
414(2)
The Finish Window
416(1)
Managing SecureClient Profiles
416(2)
Creating a New Profile From an Existing Profile
416(1)
Deleting a Profile
417(1)
Editing a Profile
418(1)
Creating SecureClient Installation Packages
418(2)
The Welcome Window
418(1)
The Package Generation Window
419(1)
Deploying SecuRemote Packages
420(1)
Summary
421(1)
Solutions Fast Track
421(2)
Frequently Asked Questions
423(2)
SmartDefense
425(42)
Introduction
426(1)
Understanding and Configuring SmartDefense
427(36)
General
427(2)
Anti-Spoofing Configuration Status
429(2)
Denial of Service
431(2)
Teardrop
433(1)
Ping of Death
434(1)
LAND
434(1)
IP and ICMP
434(1)
Fragment Sanity Check
435(1)
Packet Sanity
435(1)
Max Ping Size
436(1)
TCP
437(1)
SYN Attack
437(8)
Small PMTU
445(1)
Sequence Verifier
445(1)
DNS
446(1)
FTP
447(1)
FTP Bounce Attack
448(1)
FTP Security Servers
448(3)
HTTP
451(1)
Worm Catcher
451(3)
HTTP Security Servers
454(1)
SMTP Security Server
455(1)
SMTP Content
456(1)
Mail and Recipient Content
456(3)
Successive Events
459(1)
Address Spoofing
460(1)
Local Interface Spoofing
461(1)
Port Scanning
461(1)
Successive Alerts
462(1)
Successive Multiple Connections
462(1)
Summary
463(1)
Solutions Fast Track
463(1)
Frequently Asked Questions
464(3)
SmartUpdate
467(10)
Introduction
468(1)
Licensing Your Products
468(5)
Management Server
469(1)
Installing Licenses via the Management Server
470(1)
Removing Licenses via the Management Server
470(1)
Resetting SIC
471(1)
Enforcement Points
471(1)
Installing Licenses via SmartUpdate
471(1)
Removing Licenses via SmartUpdate
472(1)
Other License Types
472(1)
SecuRemote
472(1)
SecureClient
473(1)
FloodGate
473(1)
Connect Control
473(1)
Updating Your Products
473(2)
Adding a New Product
474(1)
Installing a Product
474(1)
Summary
475(1)
Solutions Fast Track
475(1)
Frequently Asked Questions
476(1)
Performance Pack
477(16)
Introduction
478(1)
How Performance Pack works
478(2)
Working on Interfaces While Using Performance Pack
479(1)
Installing Performance Pack
480(6)
Hardware Requirements
480(1)
Performance Considerations
481(1)
Installing Performance Pack on Solaris 8
482(1)
Prerequisites
482(1)
Installation Using the Solaris Comprehensive Install Package
482(2)
Installation as a Separate Package
484(1)
Uninstalling Performance Pack
485(1)
Installing Performance Pack on SecurePlatform
485(1)
Prerequisites
486(1)
Installing the rpm Package
486(1)
Command-Line Options for Performance Pack
486(2)
Stopping and Starting SecureXL
486(1)
Checking the Status of SecureXL
486(1)
Configuring SecureXL
487(1)
Troubleshooting Performance Pack
488(1)
Summary
489(1)
Solutions Fast Track
489(2)
Frequently Asked Questions
491(2)
UserAuthority
493(54)
Introduction
494(1)
Defining UserAuthority
494(4)
WAM in Detail
496(1)
Supported Platforms
497(1)
Installing UserAuthority
498(13)
Installing the UserAuthority Server
498(1)
UserAuthority Server on a FireWall-1 Enforcement Module
498(1)
UserAuthority Server on a Windows Domain Controller
499(3)
Installing UserAuthority SecureAgent
502(1)
Manual Installation on Desktop
502(1)
Automatic Installation on Login to the Domain
503(1)
Installing the UserAuthority WebAccess Plug-In
504(1)
Prerequisites for the WebAccess Plug-In
504(1)
Installing the WebAccess Plug-In
505(6)
Implementing UserAuthority Chaining
511(2)
Utilizing UserAuthority Logging
513(2)
FireWall-1 SSO Policy Rules
514(1)
WAM Web Access Logging
514(1)
UAS Event Logging
515(1)
Understanding Credentials Management and Domain Equality
515(2)
Domain Equality
516(1)
Configuring Domain Equality
517(1)
Deploying UserAuthority
517(25)
Authenticated Internet Access
518(1)
Configuring Objects in the SmartDashboard GUI
519(1)
Configuring Domain Equivalence Between the Firewall UAS and the Domain Controller UAS
519(1)
Creating Users on the Firewall
520(2)
Creating the Rule Base
522(1)
Testing the Configuration
522(1)
Authenticated Web Server
523(1)
Creating a Simple WebAccess Policy
523(10)
SSO Internet Access and Web Server
533(1)
Configuration
533(5)
Testing the Configuration
538(4)
Summary
542(1)
Solutions Fast Track
543(2)
Frequently Asked Questions
545(2)
Firewall Troubleshooting
547(30)
Introduction
548(1)
SmartView Tracker
548(3)
Filtering Traffic
548(2)
Active and Audit Logs
550(1)
SmartView Monitor
551(5)
Monitoring Check Point System Counters
552(1)
Monitoring Traffic
553(1)
Monitoring a Virtual Link
554(1)
Running History Reports
555(1)
Using fw monitor
556(6)
How It Works
557(1)
Writing INSPECT Filters for fw monitor
558(2)
Reviewing the Output
560(2)
Other Tools
562(9)
Check Point Tools
562(1)
Log Files
563(1)
fw stat
564(1)
fw ctl pstat
564(2)
fw tab
566(1)
fw lichosts
567(1)
cpinfo
568(1)
Operating System and Third-Party Tools
568(1)
Platform-Friendly Commands
568(1)
Unix Commands
569(1)
Third-Party Tools
570(1)
Summary
571(1)
Solutions Fast Track
572(1)
Frequently Asked Questions
573(4)
Index 577
Senior Professional Security Engineer for Integralis
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97800804764692e.html
Märksõnad: