Book description
Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks.
Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. Junos Security is a clear and detailed roadmap to the SRX platform. The author's newer book, Juniper SRX Series, covers the SRX devices themselves.
- Get up to speed on Juniper’s multi-function SRX platforms and SRX Junos software
- Explore case studies and troubleshooting tips from engineers with extensive SRX experience
- Become familiar with SRX security policy, Network Address Translation, and IPSec VPN configuration
- Learn about routing fundamentals and high availability with SRX platforms
- Discover what sets SRX apart from typical firewalls
- Understand the operating system that spans the entire Juniper Networks networking hardware portfolio
- Learn about the more commonly deployed branch series SRX as well as the large Data Center SRX firewalls
"I know these authors well. They are out there in the field applying the SRX's industry-leading network security to real world customers everyday. You could not learn from a more talented team of security engineers."
--Mark Bauhaus, EVP and General Manager, Juniper Networks
Publisher resources
Table of contents
- A Note Regarding Supplemental Files
- Foreword
-
Preface
- This Book’s Assumptions About You
- What’s In This Book?
- Juniper Networks Technical Certification Program (JNTCP)
- Topology for This Book
- Conventions Used in This Book
- Using Code Examples
- We’d Like to Hear from You/How to Contact Us/Comments and Questions
- Safari® Books Online
- About the Tech Reviewers
- Acknowledgments
- 1. Introduction to the SRX
- 2. What Makes Junos So Special?
- 3. Hands-On Junos
-
4. Security Policy
- Security Policy Overview
- SRX Policy Processing
- Viewing SRX Policy Tables
- Viewing Policy Statistics
- Viewing Session Flows
- Policy Structure
- Policy Logging
- Troubleshooting Security Policy and Traffic Flows
- Application Layer Gateway Services
- Policy Schedulers
- Web and Proxy Authentication
- Case Study 4-1
- Case Study 4-2
- Converters and Scripts
- Summary
- Chapter Review Questions
- Chapter Review Answers
- 5. Network Address Translation
-
6. IPsec VPN
- VPN Architecture Overview
- IPsec VPN Concepts Overview
- Phase 1 IKE Negotiations
- Phase 2 IKE Negotiations
- Flow Processing and IPsec VPNs
- SRX VPN Types
- Other SRX VPN Components
- Selecting the Appropriate VPN Configuration
-
IPsec VPN Configuration
- Configuring NTP
- Certificate Preconfiguration Tasks
- Phase 1 IKE Configuration
- Phase 2 IKE Configuration
- Configuring Manual Key IPsec VPNs
- Dynamic VPN
- VPN Verification and Troubleshooting
- Case Studies
- Summary
- Chapter Review Questions
- Chapter Review Answers
-
7. High-Performance Attack Mitigation
- Network Protection Tools Overview
- Protecting Against Network Reconnaissance
- Protecting Against Basic IP Attacks
- Basic Denial-of-Service Screens
- Advanced Denial-of-Service and Distributed Denial-of-Service Protection
- ICMP Floods
- UDP Floods
- SYN/TCP Floods
- SYN Cookies
- Session Limitation
- AppDoS
- Application Protection
- Protecting the SRX
- Summary
- Chapter Review Questions
- Chapter Review Answers
-
8. Intrusion Prevention
- The Need for IPS
- Configuring IPS Features on the SRX
- Deploying and Tuning IPS
- Troubleshooting IPS
- Case Study 8-1
- Summary
- Chapter Review Questions
- Chapter Review Answers
- 9. Unified Threat Management
-
10. High Availability
- Understanding High Availability in the SRX
-
Configuration
- Differences from Standalone
- Activating JSRPD (Juniper Services Redundancy Protocol)
- Managing Cluster Members
- Configuring the Control Ports
- Configuring the Fabric Links
- Node-Specific Information
- Configuring Heartbeat Timers
- Redundancy Groups
- Configuring Interfaces
- Integrating Dynamic Routing
- Upgrading the Cluster
- Fault Monitoring
- Troubleshooting the Cluster
- Summary
- Chapter Review Questions
- Chapter Review Answers
- 11. Routing
-
12. Transparent Mode
-
Transparent Mode Overview
- Why Use Transparent Mode?
- MAC Address Learning
- Transparent Mode and Bridge Loops, Spanning Tree Protocol
- Transparent Mode Limitations
- Transparent Mode Components
- Interface Modes in Transparent Mode
- Bridge Domains
- IRB Interfaces
- Transparent Mode Zones
- Transparent Mode Security Policy
- Transparent Mode Specific Options
- QoS in Transparent Mode
- VLAN Rewriting
- High Availability with Transparent Mode
- Transparent Mode Flow Process
- Configuring Transparent Mode
- Transparent Mode Commands and Troubleshooting
- Case Study 12-1
- Summary
- Chapter Review Questions
- Chapter Review Answers
-
Transparent Mode Overview
-
13. SRX Management
- The Management Infrastructure
- J-Web
- NSM and Junos Space
- NETCONF
- Scripting and Automation
- Keeping Your Scripts Up-to-Date
-
Case Studies
- Case Study 13-1: Displaying the Interface and Zone Information
- Case Study 13-2: Zone Groups
- Case Study 13-3: Showing the Security Policies in a Compact Format
- Case Study 13-4: Track-IP Functionality to Trigger a Cluster Failover
- Case Study 13-5: Track-IP Using RPM Probes
- Case Study 13-6: Top Talkers
- Case Study 13-7: Destination NAT on Interfaces with Dynamic IP Addresses
- Case Study 13-8: High-End SRX Monitor
- Summary
- Chapter Review Questions
- Chapter Review Answers
- Index
- About the Authors
- Colophon
- Copyright
Product information
- Title: Junos Security
- Author(s):
- Release date: August 2010
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781449381714
You might also like
video
CCNP and CCIE Security Core SCOR 350-701
12+ Hours of Video Instruction More than 12 hours of video instruction and remediation organized to …
video
Learning Linux Security
In this Learning Linux Security training course, expert author Ric Messier will teach you how to …
book
Linux Security Cookbook
Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good …
book
Network Security Hacks
To the uninitiated, the title may seem like an oxymoron: after all, aren't hacks what network …