万本电子书0元读

万本电子书0元读

顶部广告

Configuring IPCop Firewalls: Closing Borders with Open Source电子书

售       价:¥

0人正在读 | 0人评论 9.8

作       者:Barrie Dempster

出  版  社:Packt Publishing

出版时间:2006-10-01

字       数:251.6万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Anyone interested in securing their networks with IPCop ” from those new to networking and firewalls, to networking and IT Professionals with previous experience of IPCop. No knowledge of Linux or IPCop is required.
目录展开

Configuring IPCop Firewalls

Table of Contents

Configuring IPCop Firewalls

Credits

About the Authors

About the Reviewers

Preface

What This Book Covers

What You Need for This Book

Conventions

Reader Feedback

Customer Support

Downloading the Example Code for the Book

Errata

Questions

1. Introduction to Firewalls

An Introduction to (TCP/IP) Networking

The Purpose of Firewalls

The OSI Model

Layer 1: The Physical Layer

Layer 2: The Data Link Layer

Layer 3: The Network Layer

Layer 4: The Transport Layer

Layer 5: The Session Layer

Layer 6: The Presentation Layer

Layer 7: The Application Layer

How Networks are Structured

Servers and Clients

Switches and Hubs

Routers

Routers, Firewalls, and NAT

Network Address Translation

Combined Role Devices

Traffic Filtering

Personal Firewalls

Stateless Packet Filtering

Stateful Packet Filtering

Application-Layer Firewalling

Proxy Servers

Other Services Sometimes Run on Firewalls

DNS

DHCP

Summary

2. Introduction to IPCop

Free and Open Source Software

Forking IPCop

The Purpose of IPCop

The Benefits of Building on Stable Components

The Gap IPCop Fills

Features of IPCop

Web Interface

Network Interfaces

The Green Network Interface

The Red Network Interface

USB and PCI ADSL Modems

ISDN Modems

Analog (POTS) Modems

Cable and Satellite Internet

The Orange Network Interface

The Blue Network Interfaces

Simple Administration and Monitoring

Modem Settings

Services

Web Proxy

DHCP

Dynamic DNS

Time Server

Advanced Network Services

Port Forwarding

Virtual Private Networking

ProPolice Stack Protection

Why IPCop?

Summary

3. Deploying IPCop and Designing a Network

Trust Relationships between the Interfaces

Altering IPCop Functionality

Topology One: NAT Firewall

Topology Two: NAT Firewall with DMZ

Topology Three: NAT Firewall with DMZ and Wireless

Planning Site-To-Site VPN Topologies

Summary

4. Installing IPCop

Hardware Requirements

Other Hardware Considerations

The Installation Procedure

Installation Media

Hard Drive Partitioning and Formatting

Restore Configuration from Floppy Backup

Green Interface Configuration

Finished?

Locale Settings

Hostname

DNS Domain Name

ISDN Configuration

Network Configuration

Drivers and Card Assignment

Address Settings

DNS and Default Gateway

DHCP Server

Finished!

First Boot

Summary

5. Basic IPCop Usage

The System Menu

Software Updates

Passwords

SSH Access

Connecting to SSH

A Little More about SSH

GUI Settings

Backup

Shutdown

Checking the Status of Our IPCop Firewall

Network Status

System Graphs

Network Graphs

Connections

Services

DHCP Server

Dynamic DNS

Edit Hosts

Time Server

Firewall Functionality

External Access

Port Forwarding

Firewall Options

Network Troubleshooting with Ping

Summary

6. Intrusion Detection with IPCop

Introduction to IDS

Introduction to Snort

Do We Need an IDS?

How Does an IDS Work?

Using Snort with IPCop

Monitoring the Logs

Priority

Log Analysis Options

Perl Scripts

ACID and BASE

What to Do Next?

Summary

7. Virtual Private Networks

What is a VPN?

IPSec

A Little More about Deploying IPSec

Prerequisites for a Successful VPN

A Reliable Network

Two Endpoints Attached to the Internet Running IPSec Software

Static Red IP Addresses for Both Endpoints or Dynamic DNS Hostnames

Non-Overlapping Internal Address Spaces

Time and Patience

Verifying Connectivity

Host-to-Net Connections Using Pre-Shared Keys

Host-to-Net Connections Using Certificates

A Brief Explanation of Certificates and X.509

Certificates with IPSec in IPCop

Site-to-Site VPNs Using Certificates

VPN Authentication Options

Configuring Clients for VPNs

The Blue Zone

Prerequisites for a Blue Zone VPN

Setup

Summary

8. Managing Bandwidth with IPCop

The Bandwidth Problem

The HTTP Problem

The Solutions: Proxying and Caching

Introduction to Squid

Configuring Squid

Cache Management

Transfer Limits

Managing Bandwidth without a Cache

Traffic Shaping Basics

Traffic Shaping Configuration

Adding a Traffic Shaping Service

Editing a Traffic Shaping Service

Summary

9. Customizing IPCop

Addons

Firewall Addons Server

Installing Addons

Common Addons

SquidGuard

Enhanced Filtering

Blue Access

LogSend

Copfilter

Status

Email

Monitoring

POP3 Filtering

SMTP Filtering

HTTP Filter (and FTP)

AntiSPAM

AntiVirus

Tests and Logs

Up and Running!

Summary

10. Testing, Auditing, and Hardening IPCop

Security and Patch Management

Why We Should Be Concerned

Appliances and How this Affects Our Management of IPCop

Basic Firewall Hardening

Checking What Exposure Our Firewall Has to Clients

What is Running on Our Firewall?

Advanced Hardening

Stack-Smashing Protector (Propolice)

Service Hardening

Logfiles and Monitoring Usage

Establishing a Baseline with Graphs

Logfiles

Usage and Denial of Service

CPU and Memory Usage

Logged-In Users

Other Security Analysis Tools

Where to Go Next?

Full-Disclosure

Wikipedia

SecurityFocus

Literature

Summary

11. IPCop Support

Support

User Mailing Lists

Internet Relay Chat (IRC)

Returning the Support

Summary

Index

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部