Front Cover -- Designing and Building Enterprise DMZs -- Copyright Page -- Contents -- Chapter 1. DMZ Concepts, Layout, and Conceptual Design -- Introduction -- Planning Network Security -- DMZ Definitions and History -- Traffic and Security Risks -- Advaced Risks -- Web and FTP Sites -- E-Mail Services -- Advanced Design Stratgies -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 2. Windows DMZ Design -- Introduction -- Introducing Windows DMZ Security -- Building a Windows DMZ -- Windows DMZ Design Planning List -- A Look Forward to Longhorn -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 3. Sun Solaris DMZ Design -- Introduction -- New Features of Sun Solaris 10 -- Placement of Servers -- The Firewall Ruleset -- System Design -- Implementation: The Quick and Dirty Details -- Hardening Checklists for DMZ Servers and Solaris -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 4. Wireless DMZs -- Introduction -- The Need for Wireless DMZs -- Designing the Wireless DMZ -- Wireless DMZ Components -- Wireless DMZ Examples -- Wireless LAN Security Best-Practices Checklist -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 5. Implementing Wireless DMZs -- Introduction -- Implementing RADIUS With Cisco EAP -- Installing and Configuring Juniper Steel-Belted RADIUS -- Windows Active Directory Domain Authentication With LEAP and RADIUS -- Implementing PEAP -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 6. Firewall Design: Cisco PIX and ASA -- Introduction -- PIX and ASA Basics -- Securing Your Network Perimeters -- Cisco PIX/ASA Versions and Features -- Making a DMZ and Controlling Traffic -- PIX/ASA Configuration Basics -- Configuring Advanced PIX/ASA Features -- PIX/ASA Firewall Design and Configuration Checklist -- Summary.

Solutions Fast Track -- Frequently Asked Questions -- Chapter 7. Firewall and DMZ Design: Check Point -- Introduction -- Basics of Check Point Firewalls -- Securing Your Network Perimeters -- Configuring Your DMZ -- Configuring the Firewall -- Configuring the Security Rulebase -- Configuring the Address Translation Rulebase -- Configuring Networkand Application Protections -- Check Point NG Secure DMZ Checklist -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 8. Firewall and DMZ Design: SecurePlatform and Nokia Firewalls -- Introduction -- Basics of SecurePlatform Firewalls -- Basics of Nokia Firewalls -- Using cpconfig -- Nokia Firewall and DMZ Design Checklist -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 9. Firewall and DMZ Design: Juniper NetScreen -- Introduction -- NetScreen Basics -- Securely Managing Juniper NetScreen Firewalls -- NetScreen Configuration Basics -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 10. Firewall and DMZ Design: ISA Server 2005 -- Introduction -- Network Services Segment Configuration Options -- Scenario 1 : A LAN Router between the ISA Firewall and Corporate Network -- ISA Firewall Stateful Packet Inspection and Request/Response Paths -- Multiple Departmental Networks/Security Zones Connected to a Backbone Network -- Example Network and Perimeter Network Design -- Creating the ISA Representing the Corporate Network on the Network Services Perimeter -- Creating the Corpnet ISA Firewall Network -- Creating the Rule on the Network Services Perimeter ISA, Setting a Route Relationship between the Corporate Network and Network Services Segment -- Creating an Intradomain Communications Access Rule on the Network Services Perimeter ISA Firewall and a DNS Server Publishing Rule.

Creating Access Rules Controlling Outbound Access from the Network Services Segment on the Perimeter ISA Firewall -- Creating the Network Services Access Rules Enabling Corpnet Clients Access to Network Services -- Configuring the Default Internal Network on the Edge ISA Firewall -- Creating a Routing Table Entry on the Edge ISA Firewall -- Joining the Edge ISA Firewall to the Domain -- Creating Access Rules on the Edge ISA Firewall, Controlling Outbound Access from Corpnet Hosts and Hosts on the Network Services Segment -- Creating Publishing Rules on the Edge ISA FirewaU to Allow Inbound Connections to the Exchange Server Mail Services -- Creating a Routing Table Entry on Network Clients (Required Only If No LAN Routers Are Installed) -- Joining the Network Clients to the Domain -- Creating and Configuring DNS Entries in the Domain DNS, Including WPAD Entries -- Configuring the Firewall and Web Proxy Client Settings on the Edge ISA Firewall, and Enabling Autodiscovery -- Installing the Firewall Client Share on the Network Services Segment File Server -- Installing the Firewall Client on the Network Clients -- Connecting the Corporate Network Clients to Resources on the Network Services Segment and the Internet -- Summary -- Chapter 11. DMZ Router and Switch Security -- Introduction -- Securing the Router -- Securing the Switch -- IOS Bugs and Security Advisories -- DMZ Router and Switch Security Best-Practice Checklists -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 12. DMZ-Based VPN Services -- Introduction -- VPN Services in the DMZ -- Designing an IPSec Solution -- Connecting B2B Sites -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 13. Windows Bastion Hosts -- Introduction -- Configuring Bastion Hosts -- Testing Bastion Host Security -- Configuration Fundamentals -- Remote Administration.

Bastion Host Configurations -- Bastion Host Maintenance and Support -- Windows Bastion Host Checklist -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 14. Linux Bastion Hosts -- Introduction -- System Installation -- Removing Optional Components -- Additional Steps -- Controlling Access to Resources -- Auditing Access to Resources -- Remote Administration -- Bastion Host Configurations -- Bastion Host Maintenance and Support -- Linux Bastion Host Checklist -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Index.