Designing and Building Enterprise DMZs
暫譯: 設計與建構企業 DMZ

Description 

Some of the most complicated areas of network technology are designing, planning, implementing, and constantly maintaining a demilitarized zone (DMZ) segment. In this book, readers will learn the concepts and major design principles of all DMZs. Next, readers will learn how to configure the actual hardware that makes up DMZs for both newly constructed and existing networks. Then they will learn how to securely populate the DMZs with systems and services. The final section of the book deals with troubleshooting, maintaining, testing, and implementing security on the DMZ.

·        Plan Your Network Security
Understand DMZ concepts, layout, and conceptual design.

·        Build a Windows DMZ
Use the check list to start your Windows DMZ implementation by covering network engineering, systems engineering, and security analysis.

·        Learn Sun Solaris DMZ Design
Determine what software is required to provide DMZ services with a Solaris system, including Check Point FireWall-1 and SunScreen Secure Net.

·        Build a Wireless DMZ
Understand how, with a bit of creativity, you can implement a WLAN DMZ using RADIUS, Cisco LEAP, or PEAP.

·          Review Cisco PIX and ASA Versions and Features
Secure network perimeters using PIX/ASA.

·        Use Check Point to Secure Your Network Perimeter
Use SmartDefense to protect your network from multiple types of attacks, including DoS attacks.

·        Review the Features of Juniper NetScreen
NetScreen has a variety of options to implement: deep inspection (DI) technology, SecureOS, and features such as Web filtering and antivirus scanning.

·          Configure ISA 2004 as an Enterprise Network Services Segment Perimeter Firewall
See how the ISA firewall can act in a number of roles: a front-end edge firewall that sits in front of a whole company or as a back-end firewall located behind another edge firewall.

·        Secure the Router and Switch
Don’t overlook hardening the routers or switches supporting the DMZ.

·        Review DMZ-Based VPN Services
See how VPN services in the DMZ can be designed to provide connectivity to two primary groups of users: business partners and remote users.

·        Configure Bastion Hosts
See how to configure your bastion host as a Web server.