售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Configuring IPCop Firewalls
Table of Contents
Configuring IPCop Firewalls
Credits
About the Authors
About the Reviewers
Preface
What This Book Covers
What You Need for This Book
Conventions
Reader Feedback
Customer Support
Downloading the Example Code for the Book
Errata
Questions
1. Introduction to Firewalls
An Introduction to (TCP/IP) Networking
The Purpose of Firewalls
The OSI Model
Layer 1: The Physical Layer
Layer 2: The Data Link Layer
Layer 3: The Network Layer
Layer 4: The Transport Layer
Layer 5: The Session Layer
Layer 6: The Presentation Layer
Layer 7: The Application Layer
How Networks are Structured
Servers and Clients
Switches and Hubs
Routers
Routers, Firewalls, and NAT
Network Address Translation
Combined Role Devices
Traffic Filtering
Personal Firewalls
Stateless Packet Filtering
Stateful Packet Filtering
Application-Layer Firewalling
Proxy Servers
Other Services Sometimes Run on Firewalls
DNS
DHCP
Summary
2. Introduction to IPCop
Free and Open Source Software
Forking IPCop
The Purpose of IPCop
The Benefits of Building on Stable Components
The Gap IPCop Fills
Features of IPCop
Web Interface
Network Interfaces
The Green Network Interface
The Red Network Interface
USB and PCI ADSL Modems
ISDN Modems
Analog (POTS) Modems
Cable and Satellite Internet
The Orange Network Interface
The Blue Network Interfaces
Simple Administration and Monitoring
Modem Settings
Services
Web Proxy
DHCP
Dynamic DNS
Time Server
Advanced Network Services
Port Forwarding
Virtual Private Networking
ProPolice Stack Protection
Why IPCop?
Summary
3. Deploying IPCop and Designing a Network
Trust Relationships between the Interfaces
Altering IPCop Functionality
Topology One: NAT Firewall
Topology Two: NAT Firewall with DMZ
Topology Three: NAT Firewall with DMZ and Wireless
Planning Site-To-Site VPN Topologies
Summary
4. Installing IPCop
Hardware Requirements
Other Hardware Considerations
The Installation Procedure
Installation Media
Hard Drive Partitioning and Formatting
Restore Configuration from Floppy Backup
Green Interface Configuration
Finished?
Locale Settings
Hostname
DNS Domain Name
ISDN Configuration
Network Configuration
Drivers and Card Assignment
Address Settings
DNS and Default Gateway
DHCP Server
Finished!
First Boot
Summary
5. Basic IPCop Usage
The System Menu
Software Updates
Passwords
SSH Access
Connecting to SSH
A Little More about SSH
GUI Settings
Backup
Shutdown
Checking the Status of Our IPCop Firewall
Network Status
System Graphs
Network Graphs
Connections
Services
DHCP Server
Dynamic DNS
Edit Hosts
Time Server
Firewall Functionality
External Access
Port Forwarding
Firewall Options
Network Troubleshooting with Ping
Summary
6. Intrusion Detection with IPCop
Introduction to IDS
Introduction to Snort
Do We Need an IDS?
How Does an IDS Work?
Using Snort with IPCop
Monitoring the Logs
Priority
Log Analysis Options
Perl Scripts
ACID and BASE
What to Do Next?
Summary
7. Virtual Private Networks
What is a VPN?
IPSec
A Little More about Deploying IPSec
Prerequisites for a Successful VPN
A Reliable Network
Two Endpoints Attached to the Internet Running IPSec Software
Static Red IP Addresses for Both Endpoints or Dynamic DNS Hostnames
Non-Overlapping Internal Address Spaces
Time and Patience
Verifying Connectivity
Host-to-Net Connections Using Pre-Shared Keys
Host-to-Net Connections Using Certificates
A Brief Explanation of Certificates and X.509
Certificates with IPSec in IPCop
Site-to-Site VPNs Using Certificates
VPN Authentication Options
Configuring Clients for VPNs
The Blue Zone
Prerequisites for a Blue Zone VPN
Setup
Summary
8. Managing Bandwidth with IPCop
The Bandwidth Problem
The HTTP Problem
The Solutions: Proxying and Caching
Introduction to Squid
Configuring Squid
Cache Management
Transfer Limits
Managing Bandwidth without a Cache
Traffic Shaping Basics
Traffic Shaping Configuration
Adding a Traffic Shaping Service
Editing a Traffic Shaping Service
Summary
9. Customizing IPCop
Addons
Firewall Addons Server
Installing Addons
Common Addons
SquidGuard
Enhanced Filtering
Blue Access
LogSend
Copfilter
Status
Monitoring
POP3 Filtering
SMTP Filtering
HTTP Filter (and FTP)
AntiSPAM
AntiVirus
Tests and Logs
Up and Running!
Summary
10. Testing, Auditing, and Hardening IPCop
Security and Patch Management
Why We Should Be Concerned
Appliances and How this Affects Our Management of IPCop
Basic Firewall Hardening
Checking What Exposure Our Firewall Has to Clients
What is Running on Our Firewall?
Advanced Hardening
Stack-Smashing Protector (Propolice)
Service Hardening
Logfiles and Monitoring Usage
Establishing a Baseline with Graphs
Logfiles
Usage and Denial of Service
CPU and Memory Usage
Logged-In Users
Other Security Analysis Tools
Where to Go Next?
Full-Disclosure
Wikipedia
SecurityFocus
Literature
Summary
11. IPCop Support
Support
User Mailing Lists
Internet Relay Chat (IRC)
Returning the Support
Summary
Index
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜