Chapter 7. Software Client Firewall Features

Terms you'll need to understand:

  • Are You There (AYT)

  • Central Protection Policy (CPP)

  • Cisco Integrated Client (CIC)

  • Zone Labs Integrity Server (IS)

  • Stateful inspection

Techniques you'll need to master:

  • Understanding the requirements for a firewall client

  • Determining the difference between optional and required firewall policies

  • Knowing the aspects of the Stateful Firewall (Always On) policy

  • Identifying the policies that are supported by various firewall vendors

  • Understanding the different policy features supported by the VPN 3000 Concentrator

With all this talk about VPN security, it is hard to imagine that any additional security is necessary. Well, the cliché goes that a chain is only as strong as its weakest link. Now imagine your company's building is suspended from that chain, and it is the only thing that is keeping it from collapsing and crumbling. Would you want to ensure that every link in that chain is strong enough?

Albeit a little drastic, the analogy rings true to security practices. When should you feel secure enough to let your guard down? The answer is never. Security is always an ongoing process and all aspects of security must be considered.

To this point, we have been primarily discussing how to fortify the central location with the VPN concentrator. This also includes securing the remote access connections into that central location. One aspect we did not consider yet is securing the clients themselves. Any workstation employing a VPN client is susceptible to Trojan horses or other malicious services that can launch an attack or give access to secure data. If we cannot protect the clients that we trust, then they are a liability to become the weak links in our overall security chain.

This chapter looks at the reasons clients can become a danger to your security implementation. After helping you identify the problem, it then provides a look at the solutions you can offer those clients in terms of firewall protection. In addition, it looks into the VPN Concentrator's unique ability to enforce firewall policies and to interact with these firewall clients.



CSVPN Exam Cram 2 (Exam 642-511)
CCSP CSVPN Exam Cram 2 (Exam Cram 642-511)
ISBN: 078973026X
EAN: 2147483647
Year: 2002
Pages: 185

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net