Configuring Juniper Networks NetScreen and SSG Firewalls
eBook - ePub

Configuring Juniper Networks NetScreen and SSG Firewalls

  1. 512 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Configuring Juniper Networks NetScreen and SSG Firewalls

About this book

Juniper Networks Secure Access SSL VPN appliances provide a complete range of remote access appliances for the smallest companies up to the largest service providers. This comprehensive configuration guide will allow system administrators and security professionals to configure these appliances to allow remote and mobile access for employees. If you manage and secure a larger enterprise, this book will help you to provide remote and/or extranet access for employees, partners, and customers from a single platform.- Configure Juniper's Instant Virtual Extranet (IVE)- Install and set up IVE through either the command line interface (CLI) or Web-based console- Master the "3 Rs": Realms, Roles, and Resources- Realize the potential of the "3Rs" for endpoint security, sign-in policies, and authorization of servers- Get Inside both the Windows and Java Versions of Secure Application Manager (SAM)- Learn to implement SAM, manage the end-user experience, and troubleshoot SAM in the field- Integrate IVE with Terminal Services and Citrix- Enable terminal services proxy and configure role options, configure Citrix using a custom ICA, configure terminal services resource policies and profiles, and configure terminal services and Citrix using a hosted Java applet- Ensure Endpoint Security- Use Host Checker, Cache Cleaner, Secure Virtual Workspace, and IVE/IDP integration to secure your network- Manage the Remote Access Needs of Your Organization- Configure Web access, file access and telnet/SSH access for remote users and offices- Configure Core Networking Components through the System Menu- Create clusters, manage virtual systems, and monitor logs, reports, and alerts- Create Bullet-Proof Sign-in Policies- Create standard and custom sign-in pages for both user and administrator access and Secure Meeting pages- Use the IVE for Log-Related Tasks- Perform log filtering, log management, syslog exporting, SNMP management, and system resource monitoring and reporting.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Configuring Juniper Networks NetScreen and SSG Firewalls by Rob Cameron,Chris Cantrell,Anne Hemni,Lisa Lorenzin in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2006
Print ISBN
9781597491181
eBook ISBN
9780080502847
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science
Chapter 1 Networking, Security, and the Firewall
Solutions.in this chapter:
image
Understanding Networking
image
Understanding Security Basics
image
Understanding Firewall Basics
image
Summary
image
Solutions Fast Track
image
Frequently Asked Questions

Introduction

Every organization that connects to the Internet has business partners and other external entities, requiring them to use firewall technology. Firewalls are a required component of your data network, and provide a protective layer of security. Security risks have greatly increased in recent years, and so the call for a stronger breed of firewall has been made. In the past, simple packet filtering firewalls allowing access to your internal resources have helped to mitigate your network’s risk. The next development was stateful inspection, allowing you to monitor network sessions instead of single packets. Today’s risks are far greater, and require a new generation of devices to help secure our networks’ borders from the more sophisticated attacks. The industry calls these firewalls L4/L7 firewalls. L4/L7 stands for Layer 4 through Layer 7, which refers to layer 4 through layer 7 of the OSI security model. These firewalls are often equipped with IPS, and are generally known as firewalls with application layer support. Later in this chapter, we delve deeper into L4/L7 firewalls.
Firewalls police your network traffic. A firewall is a specialized device that allows or denies traffic based upon administratively defined policies. They contain technologies to inspect your network’s traffic. This technology is not something that is exclusive to firewalls, but firewalls are designed specifically for inspecting traffic, and therefore do it better than any other type of device. Many networks can have millions of packets transverse it in a short period of time. Some firewall models are built upon software, like firewalls from Cisco Systems, Checkpoint, and Secure Computing. Conversely, such as with the Juniper Networks NetScreen firewall, they can be constructed around a purpose-built operating system and hardware platform.
Juniper Networks (Juniper) NetScreen firewall appliances were originally designed to support 100-Mbps and 1-Gbps connection speeds of early secure Internet service providers such as Korea Telecom, as well as customers like NASA. Performance of the stateful packet inspection method of firewalling was crucial for these early deployments. Therefore, Juniper firewalls are engineered much like layer 3 switches rather than software only–based firewalls.
The Juniper NetScreen firewall product line has complete offerings from the home office to the carrier-class networks. In this chapter, we will review networking basics. Security requires a strong basic knowledge of networking protocols. In our first section, “Understanding Networking,” we will look at networking from a top-down approach. This section starts with the basic ideas of networking models and then works into full networking communications. We will also discuss the components and prerequisites of IP addresses and how they are divided up to make networks.
We will next look at networking in general by breaking it down to a layered approach. This will help you understand the flow of networking. Each specific layer in the networking model has a purpose. Working together, these layers allow for data to seamlessly pass over the network between systems. An example of browsing a Web site will be used. You will see all of the effort it takes just to fetch a Web page. We will then focus on the TCP/IP protocol suite. This is the most commonly used networking protocol, and is the protocol used for Internet communications. Finally, we will take a look at network security fundamentals. There are many important concepts to be aware of for information security. This will help you understand some network design considerations and the background behind them.
Layered security is now the tried-and-true method of protecting your organization. Many organizations choose to implement a variety of technology from a variety of manufacturers in a variety of locations. As an example, it is typical to see Internet-facing firewalls to be of brand A, while the internal, corporate-facing firewalls are brand B. At the same time, intrusion prevention technology from brand C is deployed in the DMZs (demilitarized zones), and antivirus and anti-spam technology is then deployed by brand D. By choosing the best-of-breed for each layer, you are insuring a higher degree of protection than you could if you chose to pick a single vendor for all layers. Juniper NetScreen firewalls are designed to fit specific layers, and they are created to provide protection and performance at these specific layers. It is possible, however, to deploy a Juniper NetScreen firewall in a layer that it was not designed for, making your protection and performance suffer.

Understanding Networking

To understand networking is to understand the language of firewalls. A firewall is used to segment resources and limit access between networks. Before we can really focus on what a firewall does for us, we need to understand how networking works. Today in most environments and on the Internet, the protocol suite TCP/IP (Transmission Control Protocol/Internet Protocol) is used to transport data from here to there. We will begin this chapter by looking at networking as a whole with a focus on the Open System Interconnection (OSI) model.

The OSI Model

The OSI model was originally developed as a framework to build networking protocols on. During the time when the Internet was being developed, a protocol suite named TCP/IP was also developed. TCP/IP was found to meet the requirements of the Internet’s precursor, ARPANET. At this point, TCP/IP was already integrated into UNIX, and was quickly adopted by the academic community as well. With the advent of the Internet and its widespread usage, TCP/IP has become the de facto standard protocol suite of internetworking today.
The OSI model consists of seven distinct layers. These layers each contain the fundamental ideas of networking. In Figure 1.1, we can see the way that the seven layers stack on top of each other. The idea is that each upper layer is encapsulated inside of each lower layer. So ultimately, any data communications are transformed into the electrical impulses that pass over the cables or through the air that surrounds us. Understanding the OSI model gives you knowledge of the core of networking. In many places throughout this book, the OSI model is used to create a visual representation of networking.
image
Figure 1.1 The Seven-Layer OSI Model
The reality, however, is that the OSI model is just a reference model that protocols are based upon. The next section, called “Moving Data Along with TCP/IP,” demonstrates how some of the layers blur together. All in all, the OSI model is a great tool to help anyone understand networking and perform troubleshooting. Over the years, the OSI model has served as a reference for all protocols that have been developed. Almost every book, manual, white paper, or Web site that talks about networking protocols references the OSI model. It is important to have a baseline when discussing every topic.
For example, let’s compare cars and trucks. They are effectively the same device. Both are used to get from here to there, but they ...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Lead Author and Technical Editor
  6. Contributing Authors
  7. Foreword
  8. Chapter 1: Networking, Security, and the Firewall
  9. Chapter 2: Dissecting the Juniper Firewall
  10. Chapter 3: Deploying Juniper Firewalls
  11. Chapter 4: Policy Configuration
  12. Chapter 5: Advanced Policy Configuration
  13. Chapter 6: User Authentication
  14. Chapter 7: Routing
  15. Chapter 8: Address Translation
  16. Chapter 9: Transparent Mode
  17. Chapter 10: Attack Detection and Defense
  18. Chapter 11: VPN Theory and Usage
  19. Chapter 12: High Availability
  20. Chapter 13: Troubleshooting the Juniper Firewall
  21. Chapter 14: Virtual Systems
  22. Index