Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series
- Autorzy:
- Brad Woodberg, Rob Cameron
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 1020
- Dostępne formaty:
-
ePubMobi
Opis ebooka: Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series
This complete field guide, authorized by Juniper Networks, is the perfect hands-on reference for deploying, configuring, and operating Juniper’s SRX Series networking device. Authors Brad Woodberg and Rob Cameron provide field-tested best practices for getting the most out of SRX deployments, based on their extensive field experience.
While their earlier book, Junos Security, covered the SRX platform, this book focuses on the SRX Series devices themselves. You'll learn how to use SRX gateways to address an array of network requirements—including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. Along with case studies and troubleshooting tips, each chapter provides study questions and lots of useful illustrations.
- Explore SRX components, platforms, and various deployment scenarios
- Learn best practices for configuring SRX’s core networking features
- Leverage SRX system services to attain the best operational state
- Deploy SRX in transparent mode to act as a Layer 2 bridge
- Configure, troubleshoot, and deploy SRX in a highly available manner
- Design and configure an effective security policy in your network
- Implement and configure network address translation (NAT) types
- Provide security against deep threats with AppSecure, intrusion protection services, and unified threat management tools
Wybrane bestsellery
-
Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Secu...
Junos Security. A Guide to Junos for the SRX Services Gateways and Security Certification Junos Security. A Guide to Junos for the SRX Services Gateways and Security Certification
(203.15 zł najniższa cena z 30 dni)203.15 zł
239.00 zł(-15%) -
The book will cover the practical guide to becoming a network architect, helping you build expertise in networking engineering skills, fabric layout design, collaboration with stakeholders, and essential certifications for success in the field.
Network Architect's Handbook. An expert-led journey to building a successful career as a network architect Network Architect's Handbook. An expert-led journey to building a successful career as a network architect
-
This advanced guide takes you through the well-architected delivery landscape for Salesforce projects, offering strategic insights and practical solutions. It empowers architects to accelerate deployments with automation and measure success.
Salesforce DevOps for Architects. Discover tools and techniques to optimize the delivery of your Salesforce projects Salesforce DevOps for Architects. Discover tools and techniques to optimize the delivery of your Salesforce projects
-
This practical guide enables you to implement DevOps best practices while building systems with automation and reusability in mind. You’ll learn the modern-day infrastructure design best practices needed to create an impact on data-persistent technologies.
DevOps for Databases. A practical guide to applying DevOps best practices to data-persistent technologies DevOps for Databases. A practical guide to applying DevOps best practices to data-persistent technologies
-
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
The Linux DevOps Handbook. Customize and scale your Linux distributions to accelerate your DevOps workflow The Linux DevOps Handbook. Customize and scale your Linux distributions to accelerate your DevOps workflow
-
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they ...
Pentesting Active Directory and Windows-based Infrastructure. A comprehensive practical guide to penetration testing Microsoft infrastructure Pentesting Active Directory and Windows-based Infrastructure. A comprehensive practical guide to penetration testing Microsoft infrastructure
-
AWS DevOps Simplified covers in detail the most important AWS services to accelerate your DevOps journey in the cloud. The hands-on examples get you up to speed in no time to build and operate modern enterprise-grade software solutions on AWS, with increased reliability and confidence.
AWS DevOps Simplified. Build a solid foundation in AWS to deliver enterprise-grade software solutions at scale AWS DevOps Simplified. Build a solid foundation in AWS to deliver enterprise-grade software solutions at scale
-
This practice book comes with a plethora of practice questions that are designed to condition and prepare you for each domain of the exam. The questions are distributed according to the weightage each domain holds in the exam.
CompTIA A+ Practice Test Core 1 (220-1101). Over 500 practice questions to help you pass the CompTIA A+ Core 1 exam on your first attempt CompTIA A+ Practice Test Core 1 (220-1101). Over 500 practice questions to help you pass the CompTIA A+ Core 1 exam on your first attempt
Ebooka "Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- ISBN Ebooka:
- 978-14-493-3904-3, 9781449339043
- Data wydania ebooka:
- 2013-06-07 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 18.7MB
- Rozmiar pliku Mobi:
- 45.2MB
Spis treści ebooka
- Juniper SRX Series
- Foreword
- Preface
- How to Use This Book
- Whats in This Book?
- Conventions Used in This Book
- Using Code Examples
- Safari Books Online
- How to Contact Us
- Acknowledgments
- 1. Welcome to the SRX
- Evolving into the SRX
- ScreenOS to Junos
- Inherited ScreenOS features
- Device management
- ScreenOS to Junos
- Evolving into the SRX
- The SRX Series Platform
- Built for Services
- Deployment Solutions
- Small Branch
- Medium Branch
- Large Branch
- Data Center
- Data Center Edge
- Data Center Services Tier
- Service Provider
- Mobile Carriers
- Cloud Networks
- The Junos Enterprise Services Reference Network
- Summary
- Study Questions
- 2. SRX Series Product Lines
- Branch SRX Series
- Branch-Specific Features
- SRX100 Series
- SRX200 Series
- Interface modules for the SRX200 line
- SRX500 Series
- SRX600 Series
- Interface modules for the SRX600 line
- Branch SRX Series
- JunosV Firefly (Virtual Junos)
- AX411
- CX111
- Branch SRX Series Hardware Overview
- Licensing
- Branch Summary
- Data Center SRX Series
- Data Center SRX-Specific Features
- SPC
- NPU
- Data Center SRX Series Session Setup
- Data Center SRX Series Hardware Overview
- SRX1000 Series
- SRX3000 Series
- IOC modules
- SRX5000 Series
- NG-SPC
- IOC modules
- Summary
- Study Questions
- 3. SRX GUI Management
- J-Web: Your On-Box Assistant
- Dashboard
- Chassis view
- Informational panels
- Dashboard
- Device Configuration
- Task wizards
- Committing the configuration
- Interfaces
- Firewall policies
- Point and click CLI
- J-Web: Your On-Box Assistant
- Monitoring Your SRX
- Interface monitoring
- Traffic reports
- Operational Tasks
- Software management
- Configuration management
- Rebooting
- Disk management
- Troubleshooting from J-Web
- Packet capture
- Network connectivity
- Centralized Management
- Space: The Final Frontier of Management
- The Junos Space ecosphere
- Security Director
- Firewall policy management
- Space: The Final Frontier of Management
- Log Management with STRM
- Reporting with STRM
- Legacy Security Management
- Using NSM
- Summary
- Study Questions
- 4. SRX Networking Basics
- Interfaces
- Physical Interfaces
- Management Interfaces
- Virtual Interfaces
- Logical Interfaces
- Switching Configuration
- Aggregate Interfaces
- LACP protocol
- Transparent Interfaces
- Interfaces
- Zones
- Security Zones
- Functional Zones
- Basic Protocols
- Static Routing
- Dynamic Routing Protocols
- Spanning Tree
- Routing Instances
- Routing Instance Types
- Configuring Routing Instances
- Flow Mode and Packet Mode
- Sample Deployment
- Summary
- Study Questions
- 5. System Services
- System Services Operation on the SRX
- System Services and the Control Plane
- System services that operate on the control plane
- System Services and the Control Plane
- System Services and the Data Plane
- Accounts for Administrative Users
- Configuring local users
- Creating a login class
- Remote authentication
- System Services Operation on the SRX
- Accessing System Services: Control Plane Versus Data Plane
- Configuring a stateless firewall filter to control traffic on fxp0
- Configuring a stateless firewall filter to control all inbound management traffic
- Configuring a security policy to control data plane management traffic
- Zone-Based Service Control
- Configuring system services and protocols per zone or interface
- Management Services
- Command-Line Interfaces
- Configuring console options
- Configuring Telnet access
- Configuring SSH access
- Command-Line Interfaces
- Web Management on the SRX
- Enabling NetConf over SSH
- SNMP Management
- Configuring SNMP Management
- Configuring SNMP Traps
- SNMP in High Availability Chassis Clusters
- Junos SNMP MIB
- Networking Services
- Network Time Protocol
- Manually configuring SRX time
- Configuring the SRX as an NTP client
- Configuring the SRX as an NTP server
- Network Time Protocol
- Domain Name System
- Configuring the SRX as a DNS client
- Configuring the SRX as a proxy server
- Dynamic Host Configuration Protocol
- Configuring the SRX as a DHCP server
- Configuring the SRX as a DHCP client
- Configuring the SRX as a DHCP relay server
- SRX Logging and Flow Records
- Control Plane Versus Data Plane Logs
- Data plane logs: Event versus Stream mode
- Configuring control plane logging on the SRX
- Configuring Stream mode logging on the data plane
- Syslog format types
- Configuring Event mode logging to the control plane
- Control Plane Versus Data Plane Logs
- Tips for Viewing Syslog Messages
- JFlow on the SRX
- Best Practices
- Troubleshooting and Operation
- Viewing the System Connection Table
- Viewing the Services/Counters on the Interface
- Checking NTP Status
- Checking SNMP Status
- DHCP Operational Mode Commands
- Viewing Security Logs Locally
- Checking for Core Dumps
- Restarting Platform Daemons
- Troubleshooting Individual Daemons
- Summary
- Study Questions
- 6. Transparent Mode
- Transparent Mode Overview
- When to Use Transparent Mode
- Segmenting a Layer 2 domain
- Complex routing environments
- Separation of duties
- Existing transparent mode infrastructure
- When to Use Transparent Mode
- MAC Address Learning
- Transparent Mode and Bridge Loops, Spanning Tree Protocol
- Transparent Mode Limitations
- Transparent Mode Components
- Interfaces, family bridge, and bridge domains in transparent mode
- Transparent Mode Overview
- Interface Modes in Transparent Mode
- Bridge Domains
- IRB Interfaces
- Transparent Mode Zones
- Transparent Mode Security Policy
- Transparent Mode Specific Options
- QoS in Transparent Mode
- VLAN Rewriting
- High Availability with Transparent Mode
- Spanning Tree Protocol in transparent mode Layer 2 deployments
- Transparent Mode Flow Process
- Slow-path SPU packet processing
- Fast-path SPU packet processing
- Session teardown
- Configuring Transparent Mode
- Configuring Transparent Mode Basics
- Traditional Switching
- Configuring Integrated Routing and Bridging
- Configuring Transparent Mode Security Zones
- Configuring Transparent Mode Security Policies
- Configuring Bridging Options
- Restricting BPDUs to VLANs
- Configuring Transparent Mode QoS
- Configuring VLAN Rewriting
- Troubleshooting and Operation
- The show bridge domain Command
- The show bridge mac-table Command
- The show l2-learning global-information Command
- The show l2-learning global-mac-count Command
- The show l2-learning interface Command
- Transparent Mode Troubleshooting Steps
- Sample Deployments
- Summary
- Study Questions
- 7. High Availability
- Understanding High Availability in the SRX
- Chassis Cluster
- The Control Plane
- The Data Plane
- Understanding High Availability in the SRX
- Getting Started with High Availability
- Cluster ID
- Node ID
- Redundancy Groups
- Interfaces
- Deployment Concepts
- Active/passive
- Active/active
- Mixed mode
- Six pack
- Preparing Devices for Deployment
- Differences from Standalone
- Activating Juniper Services Redundancy Protocol
- Managing Cluster Members
- Configuring the Control Ports
- Configuring the Fabric Links
- Configuring the Switching Fabric Interface
- Node-Specific Information
- Configuring Heartbeat Timers
- Redundancy Groups
- Integrating the Cluster into Your Network
- Configuring Interfaces
- Fault Monitoring
- Interface Monitoring
- IP Monitoring
- Hardware Monitoring
- Route engine
- Switch control board
- Switch fabric board
- Services Processing Card/Next Generation Services Processing Card
- Network Processing Card
- Interface card
- Control link
- Data link
- Control link and data link failure
- Power supplies
- Software Monitoring
- Preserving the Control Plane
- Troubleshooting and Operation
- First Steps
- Checking Interfaces
- Verifying the Data Plane
- Core Dumps
- The Dreaded Priority Zero
- When All Else Fails
- Manual Failover
- Sample Deployments
- Summary
- Study Questions
- 8. Security Policies
- Packet Flow
- Security Policy Criteria and Precedence
- Security Policy Precedence
- Top to Bottom Policy Evaluation
- Security Policy Components in Depth
- Match Criteria
- Security zones
- One interface per zone versus multiple interfaces per zone
- Configuring security zones
- Security zones
- Address books
- Address objects
- IP prefix address objects
- Configuring IP prefix address objects
- DNS address objects
- Configuring DNS address objects
- IP range objects
- Configuring IP range objects
- Wildcard address objects
- Configuring wildcard address objects
- Address sets
- Configuring address sets
- Match Criteria
- Application objects
- Application sets
- Configuring applications and application sets
- Source-Identity
- Negated source and destination objects
- Schedulers
- Configuring schedulers
- Action Criteria
- Permit options
- Configuring security policies
- Host security policies
- Configuring a policy to restrict inbound or outbound management requests
- Application Layer Gateways
- Enabling an ALG example
- Best Practices
- Troubleshooting and Operation
- Viewing Security Policies
- Security policy tools
- Viewing Security Policies
- Viewing the Firewall Session Table
- Sample firewall logs
- Monitoring Interface Counters
- Performing a Flow Trace
- Performing a Packet Capture on SRX Branch
- Performing a Packet Capture on the High-End SRX
- Sample Deployment
- Summary
- Study Questions
- 9. Network Address Translation
- The Need for NAT
- NAT as a Security Component?
- The Need for NAT
- Junos NAT Fundamentals
- Junos NAT Types
- NAT Precedence in the Junos Event Chain
- NAT type precedence
- Junos NAT Components
- Rulesets
- Static NAT rulesets
- Destination NAT rulesets
- Source NAT rulesets
- NAT ruleset precedence
- NAT ruleset precedence example
- Rulesets
- NAT Interfaces, Pools, and Mapping Objects
- Static NAT transforms
- Source NAT transforms
- Interfaces
- Pools
- Destination NAT pools
- NAT Rules
- NAT and Security Policies
- Proxy-ARP and Proxy-NDP
- Configuring Proxy-ARP/NDP
- When you dont need Proxy-ARP/NDP
- Configuring Proxy-ARP/NDP
- Junos NAT in Practice
- Static NAT
- Static NAT one-to-one mapping
- Static NAT many-to-many mapping
- Option 1: NAT44/NAT66
- Option 2: NAT46 Static mapping
- Option 3: NAT 64 automatic translation
- Static NAT
- Source NAT
- Source NAT with interfaces
- Source NAT with pools and interfaces
- Other SRX source NAT configuration options
- Destination NAT
- Configuration destination NAT
- Combination Source and Destination NAT
- No-NAT with Source or Destination NAT
- Best Practices
- Troubleshooting and Operation
- NAT Rule and Usage Counters
- Viewing the Session Table
- View NAT Errors
- View Firewall Logs with NAT
- Flow Debugging with NAT
- Source NAT
- Destination NAT
- Static NAT
- Sample Deployment
- Summary
- Study Questions
- 10. IPsec VPN
- VPN Architecture Overview
- Site-to-Site IPsec VPNs
- Hub and Spoke IPsec VPNs
- Full Mesh VPNs
- Partial Mesh VPNs
- Remote Access VPNs
- VPN Architecture Overview
- IPsec VPN Concepts Overview
- IPsec Encryption Algorithms
- IPsec Authentication Algorithms
- IKE Version 1 Overview
- Phase 1 IKE negotiation modes
- Main mode
- Aggressive mode
- Phase 1 IKE negotiation modes
- Phase 2 IKE negotiation modes
- Perfect Forward Secrecy
- Quick mode
- Proxy ID negotiation
- IKE Version 2
- IKEv1 versus IKEv2
- IPsec VPN Protocol
- IPsec VPN Mode
- IPsec Manual Keys
- IPv6 and IPsec on the SRX
- IKE Negotiations
- IKE Authentication
- Preshared key authentication
- Certificate authentication
- IKE Authentication
- IKE Identities
- Flow Processing and IPsec VPNs
- SRX VPN Types
- Policy-Based VPNs
- Route-Based VPNs
- Numbered versus unnumbered st0 interfaces
- Point-to-point versus point-to-multipoint VPNs
- Special point-to-multipoint attributes
- Point-to-multipoint NHTB
- Which should you use: Policy- or route-based VPN?
- Other SRX VPN Components
- Dead Peer Detection
- VPN Monitoring
- XAuth
- NAT Traversal
- Anti-Replay Protection
- Fragmentation
- Differentiated Services Code Point
- IKEv1 Key Lifetimes
- Network Time Protocol
- Certificate Validation
- Simple Certificate Enrollment Protocol
- Group VPN
- Dynamic VPN
- Selecting the Appropriate VPN Configuration
- IPsec VPN Configuration
- Configuring NTP
- Certificate Preconfiguration Tasks
- Phase 1 IKE Configuration
- Configuring Phase 1 proposals
- Configuration for Remote-Office1 proposal with preshared keys
- Configuration for Remote-Office1 proposal with certificates
- Configuring Phase 1 proposals
- Configuring IKEv1 Phase 1 policies
- Configuring IKEv1 Phase 1 IKE policy with preshared key, Main mode
- Configuring IKEv1 Phase 1 IKE policy with preshared key, Aggressive mode
- Configuring IKEv1 Phase 1 IKE policy with certificates
- Configuring IKEv1 Phase 1 gateways
- Configuring an IKEv1 gateway with static IP address and DPD
- Configuring dynamic gateways and remote access clients
- Configuring an IKE gateway with a dynamic IP address
- Configuring an IKEv1 remote access client
- Phase 2 IKE Configuration
- Configuring IKEv1 Phase 2 proposals
- Configuring an IKEv1 Phase 2 proposal for remote offices and client connections
- Configuring IKEv1 Phase 2 proposals
- Configuring Phase 2 IPsec policy
- Configuring an IPsec policy defining the Phase 2 proposal
- Configuring common IPsec VPN components
- Configuring a common site-to-site VPN component
- IKEv1 Versus IKEv2 Configuration
- Configuring policy-based VPNs
- Configuring a policy-based VPN for the East Branch to the Central site VPN
- Configuring policy-based VPNs
- Configuring route-based VPNs
- IPsec and SRX HA
- IPsec termination in HA
- ISSU for VPN
- Dynamic VPN
- Best Practices
- Troubleshooting and Operation
- Useful VPN Commands
- show security ike security-associations
- show security ipsec security-associations
- show security ipsec inactive-tunnels
- show security ipsec statistics
- Checking interface statistics
- Useful VPN Commands
- VPN Tracing and Debugging
- VPN troubleshooting process
- Configuring and analyzing VPN tracing
- Sample Deployments
- Site-to-Site VPN
- Remote Access VPN
- IPsec Caveats on SRX
- Summary
- Study Questions
- 11. Screens and Flow Options
- A Brief Review of Denial-of-Service Attacks
- Exploit-Based DoS
- Flood-Based DoS
- DoS Versus DDoS
- A Brief Review of Denial-of-Service Attacks
- Screen Theory and Examples
- How Screens Fit into the Packet Flow
- Screen Processing only happens on the ingress interface
- How Screens Fit into the Packet Flow
- Screens in Hardware and Software
- Screen Profiles
- Packet versus threshold Screens
- Applying Screen profiles to single and multiple zones
- Configuring a Screen profile
- DoS Attacks with IP Protocols
- Bad IP Option Screen
- Configuring Bad IP Option Screen
- Bad IP Option Screen
- Block Frag Screen
- Configuring Block Frag Screen
- Route Option Screens
- Configuring Route Option Screens
- IP Security Option Screen
- Configuring the IP Security Option Screen
- IP Spoofing Screen
- Configuring the IP Spoofing Screen
- IP Stream Option Screen
- Configuring the IP Stream Option Screen
- IP Tear Drop Screen
- Configuring the IP Tear Drop Screen
- IP Timestamp Option Screen
- Configuring the IP Timestamp Option Screen
- Unknown IP Protocol Screen
- Configuring the Unknown IP Protocol Screen
- DoS Attacks with ICMP
- ICMP Flood Screen
- Configuring the ICMP Flood Screen
- ICMP Flood Screen
- ICMP Fragment Screen
- Configuring the ICMP Fragment Screen
- ICMP IP Sweep Screen
- Configuring the ICMP IP Sweep Screen
- ICMP Large Packet Screen
- Configuring the ICMP Large Packet Screen
- ICMP Ping of Death Screen
- Configuring the ICMP Ping of Death Screen
- DoS Attacks with UDP
- UDP Flood Screen
- Configuring the UDP Flood Screen
- UDP Flood Screen
- UDP Sweep Screen
- Configuring the UDP Sweep Screen
- DoS Attacks with TCP
- FIN-No-ACK Screen
- Configuring the FIN-No-ACK Screen
- FIN-No-ACK Screen
- LAND Attack Screen
- Configuring the LAND Attack Screen
- TCP Port Scan Screen
- Configuring the TCP Port Scan Screen
- SYN-ACK-ACK Proxy Screen
- Configuring the SYN-ACK-ACK-Proxy Screen
- SYN-FIN Screen
- Configuring the SYN-FIN Screen
- SYN flood/spoofing attacks
- SYN flood rate limiting
- Configuring SYN Flood Rate Limiting
- SYN Spoofing Protection Modes
- Configuring SYN Cookie/Proxy Protection
- SYN-Frag Screen
- Configuring the SYN-Frag Screen
- TCP No Flags Screen
- Configuring the TCP No Flags Screen
- TCP Sweep Screen
- Configuring the TCP Sweep Screen
- WinNuke Screen
- Configuring the WinNuke Screen
- Session Limit Screens
- Source IP Session Limit Screen
- Configuring the Source IP Session Limit Screen
- Source IP Session Limit Screen
- Destination IP Session Limit Screen
- Configuring the Destination IP Session Limit Screen
- SRX Flow Options
- Aggressive session aging
- Configuring the aggressive session ageout flow option
- Aggressive session aging
- TCP sequence checks
- Configuring TCP sequence checks
- Configuring TCP sequence checks for RST packets
- TCP SYN checks
- Strict SYN checks
- Configuring the strict SYN check
- SYN checks in tunnels
- TCP state timeouts
- Configuring the TCP initial session timeout and TCP time wait timeout
- Best Practices
- Troubleshooting and Operation
- Viewing Screen Profile Settings
- Viewing the Screen Attack Statistics
- Viewing Flow Exceptions
- Sample Deployment
- Configuration for Screen and Flow Option Sample Deployment
- Summary
- Study Questions
- 12. AppSecure Basics
- AppSecure Component Overview
- Application Identification
- Application Tracking
- Application Firewall
- Application Quality of Service
- User Role Firewalling
- SSL Forward Proxy
- AI Processing Architecture
- How Application Identification identifies applications
- Signature-based pattern matching
- Nested application signatures
- Keeping honest applications honest
- Heuristic-based detection
- Predictive session identification
- Application system cache
- AppSecure Component Overview
- Deploying AppSecure
- AppSecure Licensing
- Downloading and Installing Application Identification Sigpacks
- Controlling application caching
- Enabling application identification heuristics
- Controlling application caching
- AppID Signature Operations
- Enabling and disabling applications and application groups
- Creating Layer 3/Layer 4 applications
- Creating custom application groups
- Configuring and Deploying AppTrack
- Enabling AppTrack
- Configuring AppTrack options
- Configuring and Deploying Application Firewall
- Three types of Application Firewall rulesets
- Configuring a blacklist application ruleset
- Configuring a whitelist application ruleset
- Configuring a hybrid application ruleset
- When to use blacklist, whitelist, and hybrid rulesets
- Configuring application redirect
- Three types of Application Firewall rulesets
- Configuring and Deploying Application Quality of Service
- DSCP rewrite
- Forwarding class
- Logging
- Loss priority
- Rate limiter
- Configuring an AppQoS example
- Configuring and Deploying User Role Firewall
- UserFW functionality overview
- UserFW packaging and licensing
- Deploying UserFW
- Configuring the SRX for UserFW
- Configuring the IC
- Configuring the SRX as an IC enforcer
- Configuring the authentication server
- Configuring realms, roles, and sign-in policies
- Miscellaneous Active Directory tasks
- Configuring and Deploying SSL Forward Proxy
- Configuring SSL Forward Proxy on the SRX
- AppFW with encrypted applications
- Best Practices
- Application Identification
- AppTrack
- AppFW
- AppQoS
- UserFW
- SSL FP
- Troubleshooting and Operation
- Operating Application Identification
- Checking the AppID package
- Checking the AppID engine settings and cache
- Checking AppID counters
- Checking application statistics
- AppTrack
- Operating Application Identification
- Operating Application Firewall
- Operating Application QoS
- Operating UserFW
- Operating SSL Forward Proxy
- Sample Deployments
- Summary
- Study Questions
- 13. Intrusion Prevention
- The Need for IPS
- What About Application Firewalling in NGFW?
- The Need for IPS
- How Does IPS Work?
- Licensing
- IPS and UTM
- What Is the Difference Between Full IPS and Deep Inspection/IPS Lite?
- Is It IDP or IPS?
- False Positives and False Negatives in IPS
- Management IPS Functionality on the SRX
- Stages of a System Compromise
- IPS Packet Processing on the SRX
- Packet processing path
- Direction-specific detection
- SRX deployment options
- Attack Object Types
- Application contexts
- Predefined attack objects and groups
- Custom attack objects and groups
- Severities
- Signature performance impacts
- IPS Policy Components
- Rulebases
- Match criteria
- Then actions
- IPS actions
- Notification actions
- Packet logging
- Configuring packet logging in the STRM
- IP actions
- Targets and timeouts
- Terminal Match
- Security Packages
- Attack database
- Attack object updates versus full updates
- Application objects
- Detector engines
- Policy templates
- Scheduling updates
- Sensor Attributes
- SSL Inspection (Reverse Proxy)
- Custom Attack Groups
- Static attack groups
- Dynamic attack groups
- Configuring IPS Features on the SRX
- Getting Started with IPS on the SRX
- Getting started example
- Configuring automatic updates
- Useful IPS files
- Viewing IPS attack objects and group membership
- Configuring static and dynamic attack groups
- Creating, activating, and referencing IPS
- Exempt rulebase
- Enabling GZIP/Deflate Decompression
- Getting Started with IPS on the SRX
- Deploying and Tuning IPS
- First Steps to Deploying IPS
- Building the Policy
- Testing Your Policy
- Leveraging sniffer mode for the deployment
- Actual Deployment
- Day-to-Day IPS Management
- Best Practices
- Troubleshooting and Operation
- Checking IPS Status
- Checking Security Package Version
- Troubleshooting and Monitoring Security Package Installation
- Clearing the download and cache files on the SRX
- Checking Policy Compilation Status
- IPS Attack Table
- IPS Counters
- IP Action Table
- Sample Deployments
- Summary
- Study Questions
- 14. Unified Threat Management
- Shifting Threats
- UTM, IPS, or Both?
- Antivirus
- URL Filtering
- Antispam
- Content Filtering
- Antivirus + URL Filtering+ IPS?
- I Have SRX Antivirus: Do I Need Desktop Antivirus?
- UTM Licensing
- Configuring Licensing
- UTM Components
- Feature Profiles
- Custom Objects
- UTM Policies
- Application Proxy
- Networking Requirements for UTM Features
- Antivirus
- Antivirus flavors in the SRX
- Sophos AV
- Implementing Sophos AV
- Configuring Sophos with a default profile
- Default profile configuration
- Sophos AV feature profiles
- Configuring Sophos feature profile example
- Kaspersky Full AV
- Configuring Kaspersky with the default profile
- Default Kaspersky profile configuration
- Configuring Kaspersky AV scanning and fallback options
- Express AV
- Default Express AV profile
- Which AV to Choose?
- URL Filtering
- URL filtering flavors
- Configuring the URL filtering with default profiles
- URL filtering flavors
- Websense Enhanced filtering
- Configuring Websense Enhanced default profile
- Default Websense Enhanced profile
- Configuring a custom Websense Enhanced profile
- Surfcontrol/Websense Integrated URL filtering
- Configuring Surfcontrol Integrated with default profile
- Default Surfcontrol/Websense profile configuration
- Configuring Surfcontrol/Websense Integrated options
- Websense Redirect
- Configuring Websense Redirect
- Default Websense Redirect profile
- Default local URL filtering profile
- URL Custom URLs, blacklists, whitelists, and categories
- Custom URL patterns
- Custom URL category
- URL filtering profiles
- Juniper Local feature profile options
- Putting it all together for Juniper Local web filtering
- Which URL filtering solution to choose?
- Antispam
- Configuration options for antispam
- Configuring antispam with the default profile
- Configuring a custom spam profile and policy
- Content Filtering
- Configuring content filtering example
- Logging UTM Messages
- Configuring syslog to send UTM to a remote server
- Best Practices
- Troubleshooting and Operation
- UTM Engine
- Antivirus
- Testing antivirus
- URL Filtering
- Websense site lookup tool
- Antispam
- Content Filtering
- Sample Deployments
- Summary
- Study Questions
- Index
- About the Authors
- Colophon
- Copyright
O'Reilly Media - inne książki
-
JavaScript gives web developers great power to create rich interactive browser experiences, and much of that power is provided by the browser itself. Modern web APIs enable web-based applications to come to life like never before, supporting actions that once required browser plug-ins. Some are s...(186.15 zł najniższa cena z 30 dni)
186.15 zł
219.00 zł(-15%) -
How will software development and operations have to change to meet the sustainability and green needs of the planet? And what does that imply for development organizations? In this eye-opening book, sustainable software advocates Anne Currie, Sarah Hsu, and Sara Bergman provide a unique overview...(160.65 zł najniższa cena z 30 dni)
177.65 zł
209.00 zł(-15%) -
OpenTelemetry is a revolution in observability data. Instead of running multiple uncoordinated pipelines, OpenTelemetry provides users with a single integrated stream of data, providing multiple sources of high-quality telemetry data: tracing, metrics, logs, RUM, eBPF, and more. This practical gu...(143.65 zł najniższa cena z 30 dni)
152.15 zł
179.00 zł(-15%) -
Interested in developing embedded systems? Since they don't tolerate inefficiency, these systems require a disciplined approach to programming. This easy-to-read guide helps you cultivate good development practices based on classic software design patterns and new patterns unique to embedded prog...(152.15 zł najniższa cena z 30 dni)
160.65 zł
189.00 zł(-15%) -
If you use Linux in your day-to-day work, then Linux Pocket Guide is the perfect on-the-job reference. This thoroughly updated 20th anniversary edition explains more than 200 Linux commands, including new commands for file handling, package management, version control, file format conversions, an...(92.65 zł najniższa cena z 30 dni)
101.15 zł
119.00 zł(-15%) -
Gain the valuable skills and techniques you need to accelerate the delivery of machine learning solutions. With this practical guide, data scientists, ML engineers, and their leaders will learn how to bridge the gap between data science and Lean product delivery in a practical and simple way. Dav...(245.65 zł najniższa cena z 30 dni)
254.15 zł
299.00 zł(-15%) -
This practical book provides a detailed explanation of the zero trust security model. Zero trust is a security paradigm shift that eliminates the concept of traditional perimeter-based security and requires you to "always assume breach" and "never trust but always verify." The updated edition off...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Decentralized finance (DeFi) is a rapidly growing field in fintech, having grown from $700 million to $100 billion over the past three years alone. But the lack of reliable information makes this area both risky and murky. In this practical book, experienced securities attorney Alexandra Damsker ...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Whether you're a startup founder trying to disrupt an industry or an entrepreneur trying to provoke change from within, your biggest challenge is creating a product people actually want. Lean Analytics steers you in the right direction.This book shows you how to validate your initial idea, find t...(126.65 zł najniższa cena z 30 dni)
126.65 zł
149.00 zł(-15%) -
When it comes to building user interfaces on the web, React enables web developers to unlock a new world of possibilities. This practical book helps you take a deep dive into fundamental concepts of this JavaScript library, including JSX syntax and advanced patterns, the virtual DOM, React reconc...(194.65 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Juniper SRX Series. A Comprehensive Guide to Security Services on the SRX Series Brad Woodberg, Rob Cameron (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.