List of Exhibits

Chapter 2: Managing Network Security

Exhibit 1: The Security Policy Model

Chapter 3: The Network Stack and Security

Exhibit 1: LAN Topologies

Exhibit 2: Learning Bridge Operation

Exhibit 3: Common Data-Link Layer MTUs in Octets

Exhibit 4: A Sample Routing Table

Exhibit 5: The TCP/IP Suite and Common Protocols

Exhibit 6: The Internet Protocol Header

Exhibit 7: Fragmentation Example

Exhibit 8: Sample Traceroute

Exhibit 9: Common IP Packet Types

Exhibit 10: ICMP Redirect Example

Exhibit 11: NAT Example

Exhibit 12: Distance Vector Routing

Exhibit 13: Transmission Control Protocol Header Format

Exhibit 14: TCP Three-Way Handshake

Exhibit 15: User Datagram Protocol Header Format

Exhibit 16: The Demilitarized Zone

Chapter 4: Cryptography and VPN Terminology

Exhibit 1: A "Simple" Diffie-Hellman Example

Exhibit 2: Split Tunneling

Chapter 5: Application Security Needs

Exhibit 1: The Logical Structure of the DNS Name Space

Exhibit 2: Sample DNS .zone and in.addr Files

Exhibit 3: Split DNS Example

Chapter 6: Access Control

Exhibit 1: Sample RADIUS Implementation

Chapter 7: The Public Key Infrastructure

Exhibit 1: Logical PKI Implementation

Exhibit 2: PKI Hierarchical Trust Model

Exhibit 3: PKI Distributed Trust Model

Exhibit 4: PKI Web-Based Trust Model

Exhibit 5: PKI User-Centric Trust Model

Exhibit 6: X.509v3 Certificate Format

Chapter 8: Firewalls

Exhibit 1: TCP Proxy Example

Exhibit 2: Proxy Implementation Considerations

Exhibit 3: Firewalls Cannot Check Encrypted Traffic

Exhibit 4: Together, These Devices Operate as a "Firewall"

Exhibit 5: Simple Network Diagram and Firewall Placement

Exhibit 6: Initial Notes for Firewall Rules

Exhibit 7: Return Traffic and Essential Protocols Added to Firewall Notes

Exhibit 8: Allowing Return Traffic Looking for ACK Bits

Exhibit 9: Normal Mode FTP Operation

Exhibit 10: Source Routing Operation

Exhibit 11: Where to Place Firewall Filters?

Exhibit 12: Check Point Policy Editor

Exhibit 13: NAT and the Firewall: Setting the Scene

Exhibit 14: Using NAT on the Screening Router

Exhibit 15: Using NAT on the Firewall

Chapter 9: Intrusion Detection Systems

Exhibit 1: Using an IDS with Switch Port Mirroring

Exhibit 2: Using an IDS with a TAP

Exhibit 3: Create a Separate LAN between the IDS Sensors and Management Station

Chapter 10: Virtual Private Networks

Exhibit 1: Host-to-Gateway VPN

Exhibit 2: Gateway-to-Gateway VPN

Exhibit 3: Frame Relay VPN versus MPLS VPN

Exhibit 4: Generic Routing Encapsulation Header

Exhibit 5: Each Header Needs to Define What the Next Protocol Header Is

Exhibit 6: PPTP Network

Exhibit 7: PPTP Operation Example

Exhibit 8: L2TP Network

Exhibit 9: L2TP Header Format

Exhibit 10: ESP and AH Transport Mode

Exhibit 11: ESP Tunnel Mode

Exhibit 12: Gateway-to-Gateway ESP Tunnel Mode

Exhibit 13: AH Format

Exhibit 14: ESP Header Format

Exhibit 15: Main Mode IKE Operation

Exhibit 16: IKE Aggressive Mode

Exhibit 17: Phase Two IKE Exchange

Exhibit 18: NAT Cannot Operate Correctly When Port Information Is Encrypted

Exhibit 19: UDP Wrapping Adds Extra Port Information for Proper NAT Operation

Exhibit 20: NAT before Encrypting for Best Results

Exhibit 21: Possible Firewall/VPN Gateway Configuration

Chapter 11: Wireless Network Security

Exhibit 1: Treat All Wireless Communications as Untrusted and Plan the Network Design Accordingly