Configuring NetScreen Firewalls

FROM THE PUBLISHER

Configuring NetScreen Firewalls covers all of the aspects of Juniper's NetScreen product line, from SOHO devices to Enterprise NetScreen firewalls. Coverage includes basic policy creation and administration, advanced troubleshooting techniques, the NetScreen Security Manager and VPN configuration. In addition, this book covers both the WebUI and the command line interface of NetScreen ScreenOS 5.0, as well as the NetScreen Security Manager (NSM). As a special bonus, Juniper Networks provides detailed coverage of the new features and enhancements included with ScreenOS 5.1.0.

SYNOPSIS

Your Complete Guide to Juniper￯﾿ﾽs NetScreen Firewall Appliances

￯﾿ﾽ        Complete Coverage of Advanced Troubleshooting Techniques and the NetScreen Security Manager￯﾿ﾽ        Comprehensive Coverage of the NetScreen NCSA 5.0 Exam

Special Appendix from Juniper Networks Covering New Features in ScreenOS 5.1.0  

Configuring NetScreen Firewalls covers all of the aspects of Juniper￯﾿ﾽs NetScreen product line, from SOHO devices to Enterprise NetScreen firewalls. Coverage includes basic policy creation and administration, advanced troubleshooting techniques, the NetScreen Security Manager and VPN configuration. In addition, this book covers both the WebUI and the command line interface of NetScreen ScreenOS 5.0. as well as the NetScreen Security Manager (NSM). As a special bonus, Juniper Networks provides detailed coverage of the new features and enhancements included with ScreenOS 5.1.0.

￯﾿ﾽ          Select NetScreen Management OptionsDecide whether the WebUI or the Command Line Interface (CMI) is right for your enterprise. ￯﾿ﾽ          Configure Transparent ModeSwitching from layer 3 to layer 2 means moving the interfaces into the layer 2 zones.￯﾿ﾽ          Monitor NetScreen DevicesNetScreen firewalls support Syslog, SNMP, Webtrends, and e-mail in addition to NSM.￯﾿ﾽ          Build a Troubleshooting ToolboxMaster the use of commands such as ping, traceroute, get, and debug along with sniffers such as Snoop.￯﾿ﾽ          Optimize NetScreen Redundancy Protocol UsageUse redundant hardware to transfer firewall functionality as needed.￯﾿ﾽ          Avoid Naming Convention ErrorsDecide upon a naming convention for your organization. ￯﾿ﾽ          Configure SCREEN SettingsDeploy SCREEN to inspect traffic when the stream is read from the interface off the wire, not as it passes through the NetScreen.￯﾿ﾽ          Support External Authentication ServersAllow RADIUS, SecurID, and LDAP to help NetScreen perform authentication and authorization.￯﾿ﾽ          Incorporate NAT functionalityUnderstand key NAT features from early ScreenOS to ScreenOS 5.0.

ACCREDITATION

Rob Cameron (CCSA, CCSE, CCSE+, NSA, JNCIA-FWV, CCSP, CCNA, INFOSEC, RSA SecurID CSE) is an IT consultant who has worked with over 200 companies to provide network security planning and implementation services.  He has spent the last five years focusing on network infrastructure and extranet security. His strengths include Juniper￯﾿ﾽs NetScreen Firewall products, NetScreen SSL VPN Solutions, Check Point Firewalls, the Nokia IP appliance series, Linux, Cisco routers, Cisco switches, and Cisco PIX firewalls. Rob strongly appreciates his wife Kristen￯﾿ﾽs constant support of his career endeavors. He wants to thank her for all of her support through this project.

CJ Cui (CISSP, JNCIA) is Director of Professional Services for NetWorks Group, an information security consulting company headquartered in Brighton, Michigan. NetWorks Group provides information security solutions that mitigate risk while enabling secure online business. CJ leads the technical team at NetWorks Group to deliver information security services to customers ranging from medium-sized companies to fortune 500 corporations. These services touch every part of security lifecycle -- from enterprise security management, security assessment and audit to solution design and implementation ￯﾿ﾽ and leverage leading edge technologies including firewall/VPN, intrusion prevention, vulnerability management, malicious code protection, identity management and forensics analysis. CJ holds an M.S. degree from Michigan State University and numerous industrial certifications. He is a board member of ISSA Motor City Chapter and serves as the Director of Operations for the chapter.

Thomas Byrne is a Code Monkey with NetScreen Technologies (now Juniper Networks). He currently does design, planning, and implementation on Juniper￯﾿ﾽs Security Manager, their next-generation network management software. Tom￯﾿ﾽs background includes positions as a UI Architect at ePatterns, and as a senior developer and consultant for several Silicon Valley companies, including Lightsocket.com and Abovenet. Tom is an active developer on several open-source projects and a voracious contributor to several on-line technology forums. Tom currently lives in Silicon Valley with his wife Kelly, and children, Caitlin and Christian.

Dave Killion (NSCA, NSCP) is a senior security research engineer with Juniper Networks, Inc. Formerly with the U.S. Army￯﾿ﾽs Information Operations Task Force as an Information Warfare Specialist, he currently researches, develops, and releases signatures for the NetScreen Deep Inspection and Intrusion Detection and Prevention platforms.  Dave has also presented at several security conventions including DefCon and ToorCon, with a proof-of-concept network monitoring evasion device in affiliation with several local security interest groups that he helped form. Dave lives south of Silicon Valley with his wife Dawn and two children, Rebecca and Justin.

Kevin Russell (JNCIA-FWV, JNCIA-IDP) is a system engineer for Juniper Networks, specializing in firewalls, IPSEC, and intrusion detection and prevention systems. His background includes security auditing, implementation, and design. Kevin lives in Michigan with his wife and two children.