Firewall Policies and VPN Configurations

Dale Liu, (MCSE Security, CISSP, MCT, IAM/IEM, CCNA) has been working in the computer and networking field for over 20 years. Dale's experience ranges from programming to networking to information security and project management. He currently teaches networking, routing and security classes, while working in the field performing security audits and infrastructure design for medium to large companies. Abhishek Singh is a Security Researcher on the Microsoft Malware Protection Center (MMPC) team, where he performs analysis of vulnerabilities to develop signatures. He was previously employed with Symantec as a Senior Software Engineer. He was also one of the initial technical members of the Third Brigade Security Center, now part of Trend Micro. He has also worked for SafeNet. Abhishek was a leading inventor of various patent pending technologies in IDS/IPS and an algorithm for faster analysis of binaries and two-factor authentication. He served as Technical Editor for "Vulnerability Analysis and Defense for the Internet" and "Identifying Malicious Code Through Reverse Engineering." He has published Internet Drafts and security-related papers in primer journals and for various conferences. Abhishek holds a Master of Science in Information Security and a Master of Science in Computer Science, both from the College of Computing, Georgia Institute of Technology and a B.Tech. in Electrical Engineering from Institute of Technology, BHU, India.

Acknowledgments
Technical Editor
Contributing Authors
Part I: Security Policy

Chapter 1: Network Security Policy

Introduction
Defining Your Organization
Different Access for Different Organizations
Untrusted Networks
Summary
Solutions Fast Track
Frequently Asked Questions


Chapter 2: Using Your Policies to Create Firewall and VPN Configurations

Introduction
What Is a Logical Security Configuration?
Planning Your Logical Security Configuration
Writing Logical Security Configurations
Summary
Solutions Fast Track
Frequently Asked Questions




Part II: Firewall Concepts

Chapter 3: Defining a firewall

Introduction
Why Have Different Types of Firewalls?
Back to Basics—Transmission Control Protocol/Internet Protocol
Firewall Types
Application Proxy
Gateway
Summary
Solutions Fast Track
Frequently Asked Questions


Chapter 4: Deciding on a Firewall

Introduction
Appliance/Hardware Solution
Software Solutions
Summary
Solutions Fast Track
Frequently Asked Questions




Part III: VPN Concepts

Chapter 5: Defining a VPN

Introduction
What Is a VPN?
Public Key Cryptography
IPSec
SSL VPNs
Layer 2 Solutions
SSH Tunnels
Technical Description
Others
Summary
Solutions Fast Track
Frequently Asked Questions


Chapter 6: Deciding on a VPN

Introduction
Appliance / Hardware Solution
Software Solutions
Summary
Solutions Fast Track
Frequently Asked Questions




Part IV: Implementing Firewalls and VPNs (Case Studies)

Chapter 7: IT Infrastructure Security Plan

Introduction
Infrastructure Security Assessment
Project Parameters
Project Team
Project Organization
Project Work Breakdown Structure
Project Risks and Mitigation Strategies
Project Constraints and Assumptions
Project Schedule and Budget
IT Infrastructure Security Project Outline
Summary
Solutions Fast Track


Chapter 8: Case Study: SOHO (Five Computers, Printer, Servers, etc.)

Introduction
Determining More Information with lsof
Employing a Firewall in a SOHO Environment
Introducing the SOHO Firewall Case Study
Designing the SOHO Firewall
Summary
Solutions Fast Track
Frequently Asked Questions


Chapter 9: Medium Business (< 2000 People)

Introduction
Mapping Your Systems
Improving Accountability with Identity Management
VPN Connectivity
Summary
Solutions Fast Track
Frequently Asked Questions




Index