The Best Damn Firewall Book Period


Dr. Thomas W. Shinder
Cherie Amon
Robert J. Shimonski
Debra Littlejohn Shinder

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively "Makers") of this book ("the Work") do not guarantee or warrant the results to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media , Syngress , "Career Advancement Through Skill Enhancement ," "Ask the Author UPDATE ," and "Hack Proofing " are registered trademarks of Syngress Publishing, Inc. "Syngress: The Definition of a Serious Security Library™," "Mission Critical™," and "The Only Way to Stop a Hacker is to Think Like One™" are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.

KEY

SERIAL NUMBER

001

PK9ST3V343

002

KATHYT6CVF

003

8J9HFJASQN

004

Z2B4NDREAY

005

U8J3N5R33S

006

X6B7MATTY6

007

G8TR2SH2AK

008

9BKTHQM4S7

009

SW4KP7V6FH

010

5BVF7UM39Z

PUBLISHED BYSyngress Publishing, Inc.800 Hingham StreetRockland, MA 02370

Copyright 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1 2 3 4 5 6 7 8 9 0

ISBN: 1-931836-90-6

Technical Editor: Anne Carasik-Henmi
Acquisitions Editor: Catherine B. Nolan
Indexer: J. Edmund Rush
Cover Designer: Michael Kavish
Page Layout and Art by: Patricia Lupien & John Vickers
Copy Editor: Beth A. Roberts & Amy Thomson

Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada.

Contributor andTechnical Editor

Anne Carasik-Henmi is a System Administrator at the Center for Advanced Computational Research (CACR) at the California Institute of Technology. She is in charge of information security at CACR, which includes every aspect of information security including intrusion detection (running Snort, of course), network security, system security, internal IT auditing, and network security policy. Her specialties include Linux, Secure Shell, public key technologies, penetration testing, and network security architectures. Anne's background includes positions as a Principal Security Consultant at SSH Communications Security, and as an Information Security Analyst at VeriSign, Inc.

Contributors

Debra Littlejohn Shinder (MCSE) is a technology consultant, trainer, and writer who has authored a number of books on networking, including: Scene of the Cybercrime: Computer Forensics Handbook published by Syngress Publishing (ISBN: 1-931836-65-5), and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband Dr. Thomas Shinder, of Troubleshooting Windows 2000 TCP/IP (ISBN: 1-928994-11-3), the best-selling Configuring ISA Server 2000 (ISBN: 1-928994-29-6), and ISA Server and Beyond (ISBN: 1-931836-66-3). Deb is also a technical editor and contributor to books on subjects such as the Windows 2000 MCSE exams, the CompTIA Security+ exam, and TruSecure's ICSA certification. She edits the Brainbuzz A+ Hardware News and Sunbelt Software's WinXP News and is regularly published in TechRepublic's TechProGuild and Windowsecurity.com. Deb specializes in security issues and Microsoft products. She lives and works in the Dallas-Fort Worth area and can be contacted at deb@shinder.net or via the website at www.shinder.net.

Thomas W. Shinder M.D. (MVP, MCSE) is a computing industry veteran who has worked as a trainer, writer, and a consultant for Fortune 500 companies including FINA Oil, Lucent Technologies, and Sealand Container Corporation. Tom was a Series Editor of the Syngress/Osborne Series of Windows 2000 Certification Study Guides and is author of the best selling books Configuring ISA Server 2000: Building Firewalls with Windows 2000 (Syngress Publishing, ISBN: 1-928994-29-6) and Dr. Tom Shinder's ISA Server and Beyond (ISBN: 1-931836-66-3). Tom is the editor of the Brainbuzz.com Win2k News newsletter and is a regular contributor to TechProGuild. He is also content editor, contributor, and moderator for the World's leading site on ISA Server 2000, www.isaserver.org. Microsoft recognized Tom's leadership in the ISA Server community and awarded him their Most Valued Professional (MVP) award in December of 2001.

Robert J. Shimonski (TruSecure TICSA, Cisco CCDP, CCNP, Symantec SPS, NAI Sniffer SCP, Nortel NNCSS, Microsoft MCSE, MCP+I, Novell Master CNE, CIP, CIBS, CNS, IWA CWP, DCSE, Prosoft MCIW, SANS.org GSEC, GCIH, CompTIA Server+, Network+, Inet+, A+, e-Biz+, Security+, HTI+) is a Lead Network and Security Engineer for a leading manufacturing company, Danaher Corporation. At Danaher, Robert is responsible for leading the IT department within his division into implementing new technologies, standardization, upgrades, migrations, high-end project planning and designing infrastructure architecture. Robert is also part of the corporate security team responsible for setting guidelines and policy for the entire corporation worldwide. In his role as a Lead Network Engineer, Robert has designed, migrated, and implemented very large-scale Cisco and Nortel based networks. Robert has held positions as a Network Architect for Cendant Information Technology and worked on accounts ranging from the IRS to AVIS Rent a Car, and was part of the team that rebuilt the entire Avis worldwide network infrastructure to include the Core and all remote locations. Robert maintains a role as a part time technical trainer at a local computer school, teaching classes on networking and systems administration whenever possible.

Robert is also a part-time author who has worked on over 25 book projects as both an author and technical editor. He has written and edited books on a plethora of topics with a strong emphasis on network security. Robert has designed and worked on several projects dealing with cutting edge technologies for Syngress Publishing, including the only book dedicated to the Sniffer Pro protocol analyzer. Robert has worked on the following Syngress Publishing titles: Building DMZs for Enterprise Networks (ISBN: 1-931836-88-4), Security+ Study Guide & DVD Training System (ISBN: 1-931836-72-8), Sniffer Pro Network Optimization & Troubleshooting Handbook (ISBN: 1-931836-57-4), Configuring and Troubleshooting Windows XP Professional (ISBN: 1-928994-80-6),SSCP Study Guide & DVD Training System (ISBN: 1-931836-80-9), Nokia Network Security Solutions Handbook (ISBN: 1-931836-70-1) and the MCSE Implementing and Administering Security in a Windows 2000 Network Study Guide & DVD Training System (ISBN: 1-931836-84-1).

Robert's specialties include network infrastructure design with the Cisco product line, systems engineering with Windows 2000/2003 Server, NetWare 6, Red Hat Linux and Apple OSX. Robert's true love is network security design and management utilizing products from the Nokia, Cisco, and Check Point arsenal. Robert is also an advocate of Network Management and loves to 'sniff ' networks with Sniffer-based technologies. When not doing something with computer related technology, Robert enjoys spending time with Erika, or snowboarding wherever the snow may fall and stick.

Cherie Amon (CCSA, CCSE, CCSI, NSA) is technical editor of and contributor to the best selling Check Point Next Generation Security Administration (Syngress Publishing, ISBN: 1-928994-74-1), as well as the Nokia Network Security Solutions Handbook (Syngress, ISBN: 1-931836-70-1). Cherie is a Senior Professional Security Engineer at Integralis, a systems integrator specializing in IT and e-commerce security solutions. She is both a Check Point and Nokia Certified Security Instructor and has been installing, configuring, and supporting Check Point products since 1997. Cherie currently provides third-tier technical support to Integralis clients and acts as Technical Lead for many managed firewall accounts. Cherie is a member of USENIX and SAGE.

Kyle X. Hourihan (NSA) is the Course Development Manager and a Senior Technical Trainer for Nokia Internet Communications in Mountain View, CA. He designs, writes, and teaches Nokia Internet Division's internal and external training material. He conducts Train-the-Trainer sessions for Nokia Authorized Training Partners as well as high-end training for Nokia's internal R&D and TACs (Telephone Assistance Centers). Kyle has been working in Network Security since 1999, and previously worked for 3Com as a Senior Instructor and Developer for their Carrier Systems Division (Commworks). He began his career working as a programmer writing code for Cisco IOS implementing minor routing protocols and performing software QA on their routers. Kyle earned a bachelor's of Science in Computer Science from the University of Maryland, College Park. He was a co-author of the highly acclaimed Nokia Network Security Solutions Handbook (Syngress Publishing, ISBN: 1-931836-70-1), and he is also a co-author of Freesoft.org (www.freesoft.org), a comprehensive source of Internet engineering information. Kyle resides in Palo Alto, CA.

James Stanger (Ph.D., Symantec Technology Architect (STA), Convergence Technology Professional, CIW Master Administrator, MCP, Linux+, A+) is co-author of Syngress Publishing's E-mail Virus Protection Handbook (ISBN: 1-928994-23-7) and Hack Proofing Linux: A Guide to Open Source Security (ISBN: 1-928994-34-2). A network security consultant and writer, James' specialties include virus management, mail server administration, intrusion detection, and network auditing. Currently Senior Course Director for ProsoftTraining, James consults with Symantec to enable security professionals to deploy virus protection, vulnerability management, and firewall/VPN solutions in enterprise networks. James has also consulted for companies and organizations such as IBM, Securify, Brigham Young University, ITM Technology, and the William Blake Archive. James is the Chairperson of the Linux Professional Institute (LPI) Advisory Council and sits on the CompTIA Linux+ and Server+ cornerstone committees. In addition to authoring books for Syngress, James has also authored security books and courses for Sybex, Osborne/McGraw-Hill, and ComputerPREP. James resides in Washington.

Randy Cook (SCSA) is a Senior Engineer with BayMountain (www.baymountain.com) a local IT services company. Randy was the co-author and technical editor of the Sun Certified System Administrator for Solaris 8.0 Study Guide (ISBN: 0-07-212369-9), and Syngress Publishing's Hack Proofing Sun Solaris 8.0 (ISBN: 1-928994-34-2) and has written technical articles for industry publications. He has also hosted a syndicated radio program, Technically News, which provided news and information for IT professionals.

siLutions@syngress.com

With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we continue to look for ways we can better serve the information needs of our readers. One way we do that is by listening.

Readers like yourself have been telling us they want an Internet-based service that would extend and enhance the value of our books. Based on reader feedback and our own strategic plan, we have created a Web site that we hope will exceed your expectations.

Solutions@syngress.com is an interactive treasure trove of useful information focusing on our book topics and related technologies. The site offers the following features:

  • One-year warranty against content obsolescence due to vendor product upgrades. You can access online updates for any affected chapters.

  • "Ask the Author" customer query forms that enable you to post questions to our authors and editors.

  • Exclusive monthly mailings in which our experts provide answers to reader queries and clear explanations of complex material.

  • Regularly updated links to sites specially selected by our editors for readers desiring additional reliable information on key topics.

Best of all, the book you're now holding is your key to this amazing site. Just go to www.syngress.com/solutions, and keep this book handy when you register to verify your purchase.

Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there's anything else we can do to help you get the _maximum value from your investment. We're listening.

www.syngress.com/solutions

about itfaqnet.com

Syngress Publishing is a proud sponsor of itfaqnet.com, one of the web's most comprehensive FAQ sites for IT professionals. This is a free service that allows users to query over 10,000 FAQs pertaining to Cisco networking, Microsoft networking. Network security tools, .NET development, Wireless technology, IP Telephony, Storage Area Networking, Java development and much more. The content on itfaqnet.com is all derived from our hundreds of market proven books, written and reviewed by content experts.

So bookmark ITFAQnet.com as your first stop for mission critical advice from the industry's leading experts.

www.itfaqnet.com




The Best Damn Firewall Book Period
The Best Damn Firewall Book Period
ISBN: 1931836906
EAN: 2147483647
Year: 2003
Pages: 240

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net