Network Perimeter Security: Building Defense In-Depth
Chapter 2: Managing Network Security
- Exhibit 1: The Security Policy Model
Chapter 3: The Network Stack and Security
- Exhibit 1: LAN Topologies
- Exhibit 2: Learning Bridge Operation
- Exhibit 3: Common Data-Link Layer MTUs in Octets
- Exhibit 4: A Sample Routing Table
- Exhibit 5: The TCP/IP Suite and Common Protocols
- Exhibit 6: The Internet Protocol Header
- Exhibit 7: Fragmentation Example
- Exhibit 8: Sample Traceroute
- Exhibit 9: Common IP Packet Types
- Exhibit 10: ICMP Redirect Example
- Exhibit 11: NAT Example
- Exhibit 12: Distance Vector Routing
- Exhibit 13: Transmission Control Protocol Header Format
- Exhibit 14: TCP Three-Way Handshake
- Exhibit 15: User Datagram Protocol Header Format
- Exhibit 16: The Demilitarized Zone
Chapter 4: Cryptography and VPN Terminology
- Exhibit 1: A "Simple" Diffie-Hellman Example
- Exhibit 2: Split Tunneling
Chapter 5: Application Security Needs
- Exhibit 1: The Logical Structure of the DNS Name Space
- Exhibit 2: Sample DNS .zone and in.addr Files
- Exhibit 3: Split DNS Example
Chapter 6: Access Control
- Exhibit 1: Sample RADIUS Implementation
Chapter 7: The Public Key Infrastructure
- Exhibit 1: Logical PKI Implementation
- Exhibit 2: PKI Hierarchical Trust Model
- Exhibit 3: PKI Distributed Trust Model
- Exhibit 4: PKI Web-Based Trust Model
- Exhibit 5: PKI User-Centric Trust Model
- Exhibit 6: X.509v3 Certificate Format
Chapter 8: Firewalls
- Exhibit 1: TCP Proxy Example
- Exhibit 2: Proxy Implementation Considerations
- Exhibit 3: Firewalls Cannot Check Encrypted Traffic
- Exhibit 4: Together, These Devices Operate as a "Firewall"
- Exhibit 5: Simple Network Diagram and Firewall Placement
- Exhibit 6: Initial Notes for Firewall Rules
- Exhibit 7: Return Traffic and Essential Protocols Added to Firewall Notes
- Exhibit 8: Allowing Return Traffic Looking for ACK Bits
- Exhibit 9: Normal Mode FTP Operation
- Exhibit 10: Source Routing Operation
- Exhibit 11: Where to Place Firewall Filters?
- Exhibit 12: Check Point Policy Editor
- Exhibit 13: NAT and the Firewall: Setting the Scene
- Exhibit 14: Using NAT on the Screening Router
- Exhibit 15: Using NAT on the Firewall
Chapter 9: Intrusion Detection Systems
- Exhibit 1: Using an IDS with Switch Port Mirroring
- Exhibit 2: Using an IDS with a TAP
- Exhibit 3: Create a Separate LAN between the IDS Sensors and Management Station
Chapter 10: Virtual Private Networks
- Exhibit 1: Host-to-Gateway VPN
- Exhibit 2: Gateway-to-Gateway VPN
- Exhibit 3: Frame Relay VPN versus MPLS VPN
- Exhibit 4: Generic Routing Encapsulation Header
- Exhibit 5: Each Header Needs to Define What the Next Protocol Header Is
- Exhibit 6: PPTP Network
- Exhibit 7: PPTP Operation Example
- Exhibit 8: L2TP Network
- Exhibit 9: L2TP Header Format
- Exhibit 10: ESP and AH Transport Mode
- Exhibit 11: ESP Tunnel Mode
- Exhibit 12: Gateway-to-Gateway ESP Tunnel Mode
- Exhibit 13: AH Format
- Exhibit 14: ESP Header Format
- Exhibit 15: Main Mode IKE Operation
- Exhibit 16: IKE Aggressive Mode
- Exhibit 17: Phase Two IKE Exchange
- Exhibit 18: NAT Cannot Operate Correctly When Port Information Is Encrypted
- Exhibit 19: UDP Wrapping Adds Extra Port Information for Proper NAT Operation
- Exhibit 20: NAT before Encrypting for Best Results
- Exhibit 21: Possible Firewall/VPN Gateway Configuration
Chapter 11: Wireless Network Security
- Exhibit 1: Treat All Wireless Communications as Untrusted and Plan the Network Design Accordingly