Index_C

Previous page
Table of content
Next page


C

"C-shell" (/bin/csh), 694

CA. see Certificate authorities (CAs)

Cable, failover, 388–389

Cable pinouts

Ethernet, 380

failover, 389

Cables, securing, 47

Cabling, troubleshooting, 378–381

Cache Array Routing Protocol (CARP), 968–969

Cache configuration, ISA Server, 970–973

Caching problems, 1019–1020

Cain & Abel password breaker, 262

Capabilities and features, 370, 408

Capacity, increasing, 714–715

capture command (PIX firewalls), 266

Capturing traffic

description, 404–405

displaying traffic, 405–406

downloading traffic, 406–407

support options, 407–408

Cards, networking, 800

CARP (Cache Array Routing Protocol), 968–969

Categories of firewalls, 55–57

CCO (Cisco Connection Online), 407

CD, installing from, 435–444, 460–465

Central licensing, 522

Certificate, self-signed, 671–672

Certificate authorities (CAs)

description, 582

encryption, 582

initialization, 450–452, 471–473, 633–636

objects, 512

Certificate servers

enterprise root, 942–944

publishing, 1100–1102

stand-alone root, 935–942

Certificates, Web site, 944–947

Certification, Common Criteria EAL4, 243

CGI scripts with fwlogwatch tool, 202–205

Chains, user-defined, 139

Chains and tables (Linux), 138

Challenge-Handshake Authentication Protocol (CHAP), 363

Check Point High Availability (CPHA) module

description, 556

enabling, 556–559

failover, 559–560

firewall synchronization, 560–562

NG FP2/FP3 difference, 754

Check Point software

encryption algorithms, 580

objects, managing, 492

options for Nokia Security Platform (NSP), 618–619

Performance Pack, 801

reason for deploying, 530

Security Policy, 530

workstation objects, 495

see also Check Point High Availability (CPHA) module; ClusterXL; Configuration of FireWall-1; FireWall-1 (Check Point); Objects, managing; Rules

checksum command (PIX firewalls), 265

CIR (Committed Information Rate), 514

Cisco

Internetworking Operating System (IOS), 243, 612

IP Phones, 347

IP/TV, 326

see also PIX firewalls

Cisco Connection Online (CCO), 407

CiscoWorks management tool, 242

Clean-up rule, 545

CLI. see Command-line interface (CLI) for PIX firewalls

CLI Reference Guide, 654

Client connection problems, 1017–1019

Client performance problems, 1015–1016

Client-to-site VPNs, 582

Clients

DHCP, 342–343

FireWall-1 management, 492, 631–632

Firewall Service, 838–839

ISA Server, 838–842

Microsoft Outlook, 321, 1165

redirection of, 311

SecuRemote, 596–599

CLISH (Command Line Interface Shell) tool, 654, 696

Closed systems, 6

Cluster solutions

connections, increasing, 802–807

HA performance tuning, 799–807

hubs or network switches, 719

load-sharing or high availability, 715, 727

management station, 716–719

Network Address Translation (NAT), 719–720, 755–758, 767, 787–788

operating systems, 715

reasons for clusters, 714–683

remote authentication servers, 721

security servers, 720

single gateways or clusters, 719

stateful inspection, 715

stickiness, 716

third-party, 722, 799

throughput, improving, 800–802

throughput versus connections, 799–800

virtual private networks (VPNs), 721

see also Clusters with Nokia; ClusterXL (Check Point)

Clusters with Nokia

Address Resolution Protocol (ARP), 788

cluster object topology, 788

configuration steps, 768–769

configuration with Voyager, 774–778

description, 784–786

failover, 786–787

FireWall-1, configuration of, 769–770

gateway cluster object, configuring, 770–774

gateway cluster object, creating, 729–739

Network Address Translation (NAT), 787–788

testing, 778–784

topology, configuring, 772

see also Cluster solutions

ClusterXL (Check Point)

command-line diagnostic tools (HA New mode), 745–748

command-line diagnostic tools (load-sharing mode), 761–764

configuration in ClusterXL HA New mode, 729–743

configuration in HA Legacy mode, 717, 758

configuration in load-sharing mode, 759

failover in HA New mode, 749–755

HA New mode, 727–728, 748–749

load-sharing mode, 764–767

modes, 727

monitoring and manipulating, 745–747

Network Address Translation (NAT), 755–758, 767

packet structure, 766

requirements, 727–728

SmartView Status GUI, 744

testing in HA New mode, 743–748

testing in load-sharing mode, 759–764

trust state, 731–732

user authentication, 767

see also Cluster solutions

Code, filtering, 339–341

Code Red worm, 6

Command-line diagnostic tools

ClusterXL in HA New mode, 745–748

ClusterXL in load-sharing mode, 761–764

VRRP, 796

Command-line interface (CLI) for IPSO

CLI Reference Guide, 654

installing packages, 686–687

Command-line interface (CLI) for PIX firewalls

administrative access modes, 265–267

commands, basic, 267–270

commands, management, 271–273

configuring interfaces, 268–269

default configurations, 264

password configuration, 270

static routes, 269–270

Command Line Interface Shell (CLISH) tool, 654, 696

Commands, emacs-style, 267

Committed Information Rate (CIR), 514

Common Criteria EAL4 certification, 243

Communication handshake, 243

Component options for firewall hosts, 429–432

conduit command (PIX firewalls), 246, 292–294

Conduits, 294, 305–307, 312, 394

Conectiva Linux, 1210

conf directory, 622

Confidentiality, 7

/config/active file, 656

Configuration of FireWall-1

address range for rule base, 502

administrators, 629–631

certificate authorities (CAs), initialization of, 633–636

certificate authority object, 512

configuration file, 544

configuration screens, returning to, 636–637

cpconfig tool, 626–628

DCE-RPC service object, 509

domain objects, 497–498

dynamic objects, 503–504

enabling on NSP, 621–623

environment and path variables on NSP, 622

FireWall-1 directories on NSP, 622–624

gateway clusters, 503

group objects, 508–509

groups of objects, 514

GUI client access, testing of, 638–641

ICMP service object, 507–508

implied rules, 518–519

InitialPolicy script, effect of, 636

InitialPolicy script, unloading, 625–626

installation on NSP, 620–621

internal users, 513

IP forwarding, 623–625

LDAP account unit, 512

licenses, 628–629

logical server group, 501–502

management clients, 631–632

network objects, 496–497

Nokia Security Platform (NSP), 620

Open Security Extension (OSE) objects, 498–499

policies, 623–625

policy, pushing and fetching, 641–644

RADIUS server objects, 510–511

Random Pool, 633

remote procedure call (RPC), 506–507

scheduled events, 514

SecuRemote DNS internal servers, 513

SMTP resource objects, 510

SYNDefender, 519–520

TACACS servers, 511

TCP service object, 505

time objects, 513–514

UDP service object, 506

URI for QoS objects, 510

user-defined services object, 508

Virtual Links, 514–515

VPN-1 directories on NSP, 622

workstation objects, 494–496

Configuration of Linux kernel, 137

Configuration of Nokia Security Platform (NSP)

host name, 618

licenses, obtaining, 617

options, 618–620

preparation, 616–617

Configuration of PIX firewalls

access lists, 284–290, 293, 302–305

complex example, 301

default, 264

dynamic translation, 278–282

ICMP-type object groups, 298

identity NAT, 282–283

interfaces, 268–269, 302

managing, 271–273

network object groups, 298–299

passwords, 270

protocol object groups, 299

service object groups, 299–301

static translation, 292–293

Configuration of VPN, multiple-entry-point (MEP)

description, 567–568

gateway configuration, 571–572

network object, 569

overlapping VPN domains, 568–570, 572–574

synchronization not available, 561

Configuration of VPN, single-entry-point (SEP)

description, 562

gateway configuration, 563–567

gateway objects, 583

network object, 564

policy configuration, 567

Configuration of VPN-1/FireWall-1 NG

on Nokia, 487–488

on Solaris, 465–466, 475–476

on Windows, 444, 453–455

configure command (PIX firewalls), 266, 272

ConnectControl panel (FireWall-1), 521

Connected routes, 353–355

Connection dropped, 1014

Connections

assessing, 39

inbound and outbound, 246

increasing, 802–807

maximum number of, 243

Connectivity, troubleshooting, 175, 381–382

Console ports, 257–259

Control commands (PIX firewalls), 267

Control connections in FTP, 314

Controls, security, 533

copy command (PIX firewalls), 266, 271–272

Costs, maintenance, 243

Counters, ISA Server performance, 949–958

Counters for errors, 377–378

cpconfig command (CPHA), 557–559

cpconfig tool, 626–628

$CPDIR variable, 430–431

CPHA. see Check Point High Availability (CPHA) module

cphaprob diagnostic tool, 559–560, 745–747, 762

cplic command (FireWall-1), 645

cpstat ha diagnostic tool, 747–748, 762–764

cpstop and cpstart commands (FireWall-1), 620, 645

CRL grace periods, 520

cron scheduler, 174, 205–206, 625–626, 638, 708–710

CU-SeeMe, 330

curpriv command (PIX firewalls), 265

Customization, ISA Server

administration scripts, 975–977

application filters, 977–978

Software Developer's Kit (SDK), 975

third-party add-on tools, 978–980

CVS versioning system, 1226



Previous page
Table of content
Next page
The Best Damn Firewall Book Period
The Best Damn Firewall Book Period
ISBN: 1931836906
EAN: 2147483647
Year: 2003
Pages: 240
Authors: Cherie Amon, Thomas W. Shinder, Anne Carasik-Henmi
BUY ON AMAZON
Beginning Cryptography with Java
C & Data Structures (Charles River Media Computer Engineering)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Cisco CallManager Fundamentals (2nd Edition)
Microsoft VBScript Professional Projects
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy