Firewall Policies and VPN Configurations
eBook - ePub

Firewall Policies and VPN Configurations

  1. 550 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Firewall Policies and VPN Configurations

About this book

A firewall is as good as its policies and the security of its VPN connections. The latest generation of firewalls offers a dizzying array of powerful options; they key to success is to write concise policies that provide the appropriate level of access while maximizing security. This book covers the leading firewall products: Cisco PIX, Check Point NGX, Microsoft ISA Server, Juniper's NetScreen Firewall, and SonicWall. It describes in plain English what features can be controlled by a policy, and walks the reader through the steps for writing the policy to fit the objective. Because of their vulnerability and their complexity, VPN policies are covered in more depth with numerous tips for troubleshooting remote connections.· The only book that focuses on creating policies that apply to multiple products.· Included is a bonus chapter on using Ethereal, the most popular protocol analyzer, to monitor and analyze network traffic.· Shows what features can be controlled by a policy, and walks you through the steps for writing the policy to fit the objective at hand

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Firewall Policies and VPN Configurations by Syngress,Dale Liu,Stephanie Miller,Mark Lucas,Abhishek Singh,Jennifer Davis in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Ciencias computacionales general. We have over one million books available in our catalogue for you to explore.
Part I
Security Policy
Chapter 1

Network Security Policy

Introduction

Deploying a network security policy is a significant and serious undertaking. Making good decisions in this matter will save a great deal of money and prevent many future security issues on your network, while making incorrect or hasty decisions will lay the foundation for an insecure network infrastructure. Creating a network security policy will affect your organization in a number of ways, including (but not limited to):
Financial A new network security policy may require you to purchase new equipment and software, such as firewalls, IPS (intrusion protection/prevention system), anti-virus software, new routers, and more. You’ll likely also incur additional salary costs for security personnel trained to manage the new hardware and software.
Network availability You may have to install new hardware and software on your network to comply with a new network security policy, which may impact your overall network availability as you install and configure this infrastructure. Therefore, the process needs to be well planned to reduce risks, costs, and downtime for your clients and internal users.
Usability In almost every case, the security of a computer system is inversely related to its usability. As a result of your network security policy, you may reach a state where the usability of the network is drastically reduced. Your network security policy needs to balance security against usability, so that your security policy does not become so rigid that your users cannot perform their job functions.
Legal Depending on your country and the activity of your business, you may be required to comply with legislative measures such as HIPPAA or Graham-Leach-Bliley. You need to consider these regulations when designing your network security policy.
Before you can begin to implement a new network security policy, you need to perform extensive planning and preparation before writing documents and configuring new hardware or software. It is important to know your network, to understand the reasons for every network device, to know the vulnerabilities of every technology in use, the strength of each device, and the way devices are connected to each other.
It’s also crucial to understand how your network is going to be used, to know the requirements of your business, how many and what kind of users will have access to the network. You should also understand why the network was installed (or is going to be installed) and whether you have sufficiently trained staff and budget to manage the network. In any case, every network has its own requirements and objectives. Every network is different, and not many countermeasures applied in one network to reduce the risks to it will be directly applicable to another network.
It is easy to find the differences between a campus network in a large university and the network of a small office, the network of a big enterprise or that of a small home network. They are all networks, and they will perform the same basic operations; however, the security requirements may vary greatly.
As with most matters relating to Information Technology, the budget available to you to enforce network security is a real issue when designing and implementing your policies and procedures. Your requirements need to be sufficiently affordable for your company or client. Sometimes, it is better to generate a procedure that every user will need to know and follow, rather than try to implement a complex and expensive technical control.
Many organizations now realize the need to have an articulated information security policy, to be more effective in their preventative, detective, and responsive security measures. Moreover, because of government regulations, organizations in certain vertical industries are required to have formally documented information security policies.
In addition, an information security policy is also extremely beneficial to the security manager because it provides, at an executive level, a mandated framework for ensuring the confidentiality, integrity, and availability of an organization’s information assets. What this means is that the security manager has some weight in his or her corner for budget requests when he or she has an approved information security policy.
Finally, for the security administrator, having a written and approved policy can ensure that you are able to deploy different technologies in a way that minimizes disruption to business. Think of the written policy as a recipe to ensure you configure everything correctly. Moreover, a policy is the best way to ensure you will keep your job, should something happen.
Note
Whatever type of network you are deploying, you need to keep your feet on the ground; a company’s network needs to allow the company to produce more earnings than costs. In other words, you shouldn’t spend more money protecting an asset than the asset is actually worth.
When tackling this issue, it’s also critical to keep in mind the differences between a security policy and a security procedure. Your network security policy needs to be a high-level and fairly stable document that can withstand a certain amount of change to the operating systems your clients and servers are running, so you are not issuing changes to the policy every time Microsoft releases a new service pack. You can implement network security procedures to support the security policy; these procedures will discuss specific operational or procedural details that will allow you to comply with the high-level security policy. “All Internet-connected computers must be secured against malicious intrusion” is an example of an edict you might find in a network security policy, whereas “all Windows XP computers must have Service Pack 2 installed and the Windows Firewall enabled” is an example of a specific procedure you might put in place.

Defining Your Organization

You just received the task to define a network security policy for your network. As mentioned in the introduction of this chapter, you need to think about several topics before defining your new network security policy.
A good way to start is to think about your organization. How well do you know your organization’s business processes, both as an individual company and the needs and requirements of its industry as a whole? Sometimes, when an information security engineer or a consultant is asked to design a network security policy, he or she realizes that it is imperative to develop a better understanding of the organization before beginning.
To be able to design a useful network security policy, you need to know what the network is designed for. You need to design and deploy a network security policy that secures a company’s resources, while still allowing people to do their jobs. Therefore, think about the department, the business, what the company produces or sells, whether the business is seasonal or cyclical, or if its activity remains roughly the same year round. Does the company have any business with foreign customers, vendors, or business partners? Are any governments involved in the operations of the business, and does the business require any kind of government s...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright page
  5. Acknowledgments
  6. Technical Editor
  7. Contributing Authors
  8. Part I: Security Policy
  9. Part II: Firewall Concepts
  10. Part III: VPN Concepts
  11. Part IV: Implementing Firewalls and VPNs (Case Studies)
  12. Index