Juniper(r) Networks Secure Access SSL VPN Configuration Guide
eBook - ePub

Juniper(r) Networks Secure Access SSL VPN Configuration Guide

  1. 656 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Juniper(r) Networks Secure Access SSL VPN Configuration Guide

About this book

Juniper Networks Secure Access SSL VPN appliances provide a complete range of remote access appliances for the smallest companies up to the largest service providers. As a system administrator or security professional, this comprehensive configuration guide will allow you to configure these appliances to allow remote and mobile access for employees. If you manage and secure a larger enterprise, this book will help you to provide remote and/or extranet access, for employees, partners, and customers from a single platform. - Complete coverage of the Juniper Networks Secure Access SSL VPN line including the 700, 2000, 4000, 6000, and 6000 SP. - Learn to scale your appliances to meet the demands of remote workers and offices. - Use the NEW coordinated threat control with Juniper Networks IDP to manage the security of your entire enterprise.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Juniper(r) Networks Secure Access SSL VPN Configuration Guide by Rob Cameron,Neil R. Wyler in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2011
Print ISBN
9781597492003
eBook ISBN
9780080556635
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science
Chapter 1 Defining a Firewall
Solutions in this chapter:
image
Why Have Different Types of Firewalls?
image
Back to Basics: Transmission Control Protocol/Internet Protocol
image
Firewall Types
image
Summary
image
Solutions Fast Track
image
Frequently Asked Questions

Introduction

When most people think about Internet security, the first thing that comes to mind is a firewall, which is a necessity for connecting online. In it’s simplest form, a firewall is a chokepoint from one network (usually an internal network) to another (usually the Internet). However, firewalls are also being used to create chokepoints between other networks in an enterprise environment. There are several different types of firewalls.

Why Have Different Types of Firewalls?

Before we delve into what types of firewalls there are, we must understand the present threats. While there are many types of threats, we only discuss a few of them in this chapter, paying the most attention to those that can be mitigated by firewalls.
Ensuring a physically secure network environment is the first step in controlling access to your network’s data and system files; however, it is only part of a good security plan. This is truer today than in the past, because there are more ways into a network than there used to be. A medium- or large-sized network can have multiple Internet Service Providers (ISP’s), virtual private network (VPN) servers, and various remote access avenues for mobile employees including Remote Desktop, browser-based file sharing and e-mail access, mobile phones, and Personal Digital Assistants (Pads).

Physical Security

One of the most important and overlooked aspects of a comprehensive network security plan is physical access control. This matter is usually left up to facilities managers and plant security departments, or outsourced to security guard companies. Some network administrators concern themselves with sophisticated software and hardware solutions to prevent intruders from accessing internal computers remotely, while at the same time not protecting the servers, routers, cable, and other physical components from direct access. To many “security-conscious” organization’s computers are locked all day, only to be left open at night for the janitorial staff. It is not uncommon for computer espionage experts to pose as members of cleaning crews to gain physical access to machines that hold sensitive data. This is a favorite ploy for several reasons:
image
Cleaning services are often contracted out and their workers are often transient, so your company’s employees might not know who is a legitimate member of the cleaning company staff.
image
Cleaning is usually done late at night when all or most company employees are gone, making it easier to surreptitiously steal data.
image
The cleaning crew members are paid little attention by company employees, who take their presence for granted and think nothing of them being in areas where the presence of others would normally be questioned.
Physically breaking into a server room and stealing a hard disk where sensitive data resides is a crude method of breaching security; nonetheless, it happens. In some organizations, it may be the easiest way to gain unauthorized access, especially for an intruder who has help “on the inside.”
It is beyond the scope of this book to go into detail about how to physically secure your network, but it is important for you to make physical access control the outer perimeter of your security plan, which means:
image
Controlling physical access to the servers
image
Controlling physical access to networked workstations
image
Controlling physical access to network devices
image
Controlling physical access to the cable
image
Being aware of security considerations with wireless media
image
Being aware of security considerations related to portable computers
image
Recognizing the security risk of allowing data to be printed
image
Recognizing the security risks involving floppy disks, CDs, tapes, and other removable media
There are also different types of external intruders who will physically break into your facility to gain access to your network. Although not a true “insider,” because he or she is not authorized to be there and do not have a valid account on the network, this person still has many of the advantages (refer to the “Internal Security Breaches” section.) Your security policy should take into account the threats posed by these “hybrid” intruders. Remember, someone with physical access to your servers has complete control over your data. Someone with physical access to your authentication servers owns everything.

Network Security

Virtual intruders can access your network from across the street or from halfway around the world. They can do as much damage as a thief that breaks into your company headquarters to steal or destroy data, and are much harder to catch. The following sections examine specific network security risks and ways to prevent them.
For a number of years, firewalls were used to divide an organization’s internal network from the Internet. There was usually a demilitarized zone (DMZ), which contained less valuable resources that had to be exposed to the Internet (e.g., Web servers, VPN gateways, and so forth), and a private network that contained all of the organization’s resources (e.g., user computers, servers, printers, and so forth). Perimeter defense is still vitally important, given the ever-increasing threat level from outside the network. However, it is no longer adequate by itself.
With the growth of the Internet, many organizations focused their security efforts on defending against outside attackers (i.e., those originating from an external network) who are not authorized to access the systems. Firewalls were the primary focus of these efforts. Money was spent building a strong perimeter defense, resulting in what Bill Cheswick from Bell Labs famously described years ago as, “A crunchy shell around a soft, chewy center.” Any attacker who succeeded in getting through (or around) the perimeter defenses, would have a relatively easy time compromising internal systems. This situation is analogous to the enemy parachuting into the castle keep instead of breaking through the walls. Perimeter defense is still vitally important, given the increased threat level from outside the network; however, it is simply no longer adequate by itself.
Various information security studies and surveys have found that the majority of attacks come from inside an organization. Given how lucrative the sale of information can be, people inside organizations can be a greater threat than people outside the organization. These internal threats can include authorized users attempting to exceed their permissions, or unauthorized users trying to go where they should not be. Therefore, an insider is more dangerous than an outsider, because he or she has a level of access to facilities and systems that the outsider does not. Many organizations lack the internal preventive controls and other countermeasures to adequately defend against this threat. Wide open networks and servers sitting in unsecured areas provide easy access to the internal hacker.
The greatest threat, however, arises when an insider colludes with a structured outside attacker. With few resources exposed to the outside world, it is easier for the bad guys to enlist internal people to do their dirty work. The outsider’s skills combined with the insider’s access could result in substantial damage or loss to the organization.

Attacks

Attacks can be divided into three main categories:
image
Reconnaissance Attacks Hackers attempt to dis...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Technical Editor and Contributing Author
  5. Contributors
  6. Table of Contents
  7. Chapter 1: Defining a Firewall
  8. Chapter 2: Setup
  9. Chapter 3: Realms, Roles, and Resources
  10. Chapter 4: Authentication Servers
  11. Chapter 5: Secure Application Manager
  12. Chapter 6: Terminal Services and Citrix
  13. Chapter 7: Network Connect
  14. Chapter 8: Endpoint Security
  15. Chapter 9: Web/File/Telnet/SSH
  16. Chapter 10: Maintenance Section
  17. Chapter 11: System Section
  18. Chapter 12: Sign-in Policies
  19. Chapter 13: Logging
  20. Chapter 14: Enterprise Features
  21. Index