Configuring IPCop Firewalls: Closing Borders with Open Source

Name: Configuring IPCop Firewalls: Closing Borders with Open Source
Price: 1625 TWD
Availability: OnlineOnly
Author: James Eaton-Lee, Barrie Dempster
ISBN: 1904811361

James Eaton-Lee, Barrie Dempster

出版商: Packt Publishing
出版日期: 2006-09-05
售價: $1,710
貴賓價: 9.5 折 $1,625
語言: 英文
頁數: 244
裝訂: Paperback
ISBN: 1904811361
ISBN-13: 9781904811367

海外代購書籍(需單獨結帳)

商品描述

Description

IPCop is a powerful, open source, Linux based firewall distribution for primarily Small Office Or Home (SOHO) networks, although it can be used in larger networks. It provides most of the features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way.

This book is an easy introduction to this popular application. After introducing and explaining the foundations of firewalling and networking and why they're important, the book moves on to cover using IPCop, from installing it, through configuring it, to more advanced features, such as configuring IPCop to work as an IDS, VPN and using it for bandwidth management. While providing necessary theoretical background, the book takes a practical approach, presenting sample configurations for home users, small businesses, and large businesses. The book contains plenty of illustrative examples.

Table of Contents

Preface

Chapter 1: Introduction to Firewalls

An Introduction to (TCP/IP) Networking
The Purpose of Firewalls
The OSI Model

Layer 1: The Physical Layer
Layer 2: The Data Link Layer
Layer 3: The Network Layer
Layer 4: The Transport Layer
Layer 5: The Session Layer
Layer 6: The Presentation Layer
Layer 7: The Application Layer

How Networks are Structured

Servers and Clients
Switches and Hubs
Routers
Routers, Firewalls, and NAT

Network Address Translation
Combined Role Devices

Traffic Filtering

Personal Firewalls
Stateless Packet Filtering
Stateful Packet Filtering
Application-Layer Firewalling
Proxy Servers

Other Services Sometimes Run on Firewalls

DNS
DHCP

Summary

Chapter 2: Introduction to IPCop

Free and Open Source Software

Forking IPCop

The Purpose of IPCop
The Benefits of Building on Stable Components
The Gap IPCop Fills
Features of IPCop

Web Interface
Network Interfaces
The Green Network Interface
The Red Network Interface

USB and PCI ADSL Modems
ISDN Modems
Analog (POTS) Modems
Cable and Satellite Internet

The Orange Network Interface
The Blue Network Interfaces
Simple Administration and Monitoring
Modem Settings
Services

Web Proxy
DHCP
Dynamic DNS
Time Server
Advanced Network Services
Port Forwarding

Virtual Private Networking

ProPolice Stack Protection

Why IPCop?
Summary

Chapter 3: Deploying IPCop and Designing a Network

Trust Relationships between the Interfaces
Altering IPCop Functionality
Topology One: NAT Firewall
Topology Two: NAT Firewall with DMZ
Topology Three: NAT Firewall with DMZ and Wireless
Planning Site-To-Site VPN Topologies
Summary

Chapter 4: Installing IPCop

Hardware Requirements
Other Hardware Considerations
The Installation Procedure

Installation Media
Hard Drive Partitioning and Formatting
Restore Configuration from Floppy Backup

Green Interface Configuration

Finished?
Locale Settings
Hostname
DNS Domain Name
ISDN Configuration
Network Configuration

Drivers and Card Assignment
Address Settings

DNS and Default Gateway
DHCP Server
Finished!

First Boot
Summary

Chapter 5: Basic IPCop Usage

The System Menu

Software Updates
Passwords
SSH Access

Connecting to SSH
A Little More about SSH

GUI Settings
Backup
Shutdown

Checking the Status of Our IPCop Firewall
Network Status

System Graphs
Network Graphs
Connections

Services

DHCP Server
Dynamic DNS
Edit Hosts
Time Server

Firewall Functionality

External Access
Port Forwarding
Firewall Options
Network Troubleshooting with Ping

Summary

Chapter 6: Intrusion Detection with IPCop

Introduction to IDS
Introduction to Snort
Do We Need an IDS?
How Does an IDS Work?
Using Snort with IPCop
Monitoring the Logs

Priority

Log Analysis Options

Perl Scripts
ACID and BASE

What to Do Next?
Summary

Chapter 7: Virtual Private Networks

What is a VPN?

IPSec
A Little More about Deploying IPSec
Prerequisites for a Successful VPN
Verifying Connectivity
Host-to-Net Connections Using Pre-Shared Keys
Host-to-Net Connections Using Certificates

A Brief Explanation of Certificates and X.509

Certificates with IPSec in IPCop
Site-to-Site VPNs Using Certificates
VPN Authentication Options
Configuring Clients for VPNs
The Blue Zone

Prerequisites for a Blue Zone VPN
Setup

Summary

Chapter 8: Managing Bandwidth with IPCop

The Bandwidth Problem
The HTTP Problem
The Solutions: Proxying and Caching
Introduction to Squid
Configuring Squid
Cache Management

Transfer Limits

Managing Bandwidth without a Cache

Traffic Shaping Basics
Traffic Shaping Configuration
Adding a Traffic Shaping Service
Editing a Traffic Shaping Service

Summary

Chapter 9: Customizing IPCop

Addons
Firewall Addons Server

Installing Addons

Common Addons

SquidGuard
Enhanced Filtering

Blue Access

LogSend
Copfilter

Status
Email
Monitoring
POP3 Filtering
SMTP Filtering
HTTP Filter (and FTP)
AntiSPAM
AntiVirus
Tests and Logs

Up and Running!

Summary

Chapter 10: Testing, Auditing, and Hardening IPCop

Security and Patch Management

Why We Should Be Concerned
Appliances and How this Affects Our Management of IPCop

Basic Firewall Hardening

Checking What Exposure Our Firewall Has to Clients
What is Running on Our Firewall?

Advanced Hardening

Stack-Smashing Protector (Propolice)
Service Hardening

Logfiles and Monitoring Usage

Establishing a Baseline with Graphs
Logfiles

Usage and Denial of Service

CPU and Memory Usage
Logged-In Users
Other Security Analysis Tools

Where to Go Next?

Full-Disclosure
Wikipedia
SecurityFocus
Literature

Summary

Chapter 11: IPCop Support

Support

User Mailing Lists
Internet Relay Chat (IRC)
Returning the Support

Summar

Index

Configuring IPCop Firewalls: Closing Borders with Open Source

James Eaton-Lee, Barrie Dempster

商品描述

類似商品