Tam / McAlpine / Hoz Salvador | UTM Security with Fortinet | E-Book | www.sack.de
E-Book

E-Book, Englisch, 452 Seiten

Tam / McAlpine / Hoz Salvador UTM Security with Fortinet

Mastering FortiOS
1. Auflage 2012
ISBN: 978-1-59749-977-4
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

Mastering FortiOS

E-Book, Englisch, 452 Seiten

ISBN: 978-1-59749-977-4
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)



Traditionally, network security (firewalls to block unauthorized users, Intrusion Prevention Systems (IPS) to keep attackers out, Web filters to avoid misuse of Internet browsing, and antivirus software to block malicious programs) required separate boxes with increased cost and complexity. Unified Threat Management (UTM) makes network security less complex, cheaper, and more effective by consolidating all these components. This book explains the advantages of using UTM and how it works, presents best practices on deployment, and is a hands-on, step-by-step guide to deploying Fortinet's FortiGate in the enterprise. - Provides tips, tricks, and proven suggestions and guidelines to set up FortiGate implementations - Presents topics that are not covered (or are not covered in detail) by Fortinet's documentation - Discusses hands-on troubleshooting techniques at both the project deployment level and technical implementation area

Kenneth Tam, Fortinet Certified Network Security Professional (FCNSP), is a senior security engineer at Fortinet, providing hands-on installation, support, and training to customers in the North Central United States. He has over 15 years' experience in the networking/security field from working with companies such as Juniper Networks, Netscreen Technologies, 3com, and US Robotics.
Tam / McAlpine / Hoz Salvador UTM Security with Fortinet jetzt bestellen!

Weitere Infos & Material


Chapter 1


Introduction to UTM (Unified Threat Management)


Information in this chapter:


• Basic Network Security Concepts

• Computer and Network Security Concepts and Principles

• Computer and Network Security Technology Concepts

• Network Security Technology Concepts

• Commonly used Computer and Network Security Terms

• Unified Threat Management (UTM) Foundations

• The World before UTM

• The History of the Unified Threat Management (UTM) Concept

• UTM vs other Security Architectures

- UTM vs Best-of-Breed

- UTM vs Next-Generation Firewalls

- UTM vs XTM

• Solving Problems with UTM

• Better Security

- Consistent Security Policy

- Protecting against Blended Threats

- Implementing Clean Pipes

• More Efficient Security

- Higher Performance

• Enhancing Operational Response Times (Meeting and Enhancing SLAs)

• Getting a Better Support Experience

- Increasing Network Availability

• Cost Effectiveness

- Easier Investment Justification

- Licensing Simplicity

- Lowering Operational Costs

• Current UTM Market Landscape

• UTM a-lá Fortinet

- Reliable Performance

- Selective Functionality

- Homegrown Technology

- In-house Security Intelligence Unit: FortiGuard Labs

- Single Licensing Cost

- Included Virtualization

• Other Vendors

Introduction


Internet and Security


It’s 4 PM and you realize you forgot today was your wedding anniversary. Some years ago, this would have meant problems back home with your spouse. Today, you can simply go to a site like Google or Bing and search for something to cover for you missing the occasion: look for recommendations for a good restaurant, book seats for a nice show, send flowers, or even buy a gift you can pick up on your way back home. You don’t even need to be at your office: you can do it from a cybercafe, a public kiosk, or conveniently from your smartphone while on the train or bus (never while driving your car!). This wouldn’t have been possible back in 1999.

Today we do many activities with computers connected to the Internet, and as new users and generations are brought online, many rely on the fact that computers and the Internet are there and will be there. We go to school, shop, do home banking, chat, and interact on social networks everyday and people think the services must be there. They take that for granted. However, the amount of effort, technology, and skill required to keep all the services on the Internet will be a surprise to many. The worst thing is that many of these newcomers begin their online life with little or no education on how to be a good Internet Citizen (or ), and that also means they don’t know the minimum measures they need to take to turn their online experience into a safe and pleasant one.

Among all the disciplines that are used to keep the Internet up and running, Internet Security is of special relevance: the day we began trading over the Internet and money began to be represented by bits flowing on wires, it became attractive to professional attackers and criminals to be online as well. Internet Security is what helps to keep the infrastructure up and running, and it is also the discipline that can keep the Internet as a safe place for us, our kids, and future generations.

Basic Network Security Concepts


Several network security books, especially the ones that are dedicated to firewalls, begin explaining technical concepts right at the first chapter. This book can’t be an exception. I would say the material below could be too basic if you are already a computer security master and you are looking to get directly into how Fortinet does things differently with FortiGates. If this is the case, it might be a good idea to jump to overview of this book. Otherwise, if you are relatively new to computer security or would like to review a different point of view on how to approach the computer and network security challenge, then please keep reading: the author of this chapter enjoyed writing it and tried his best to explain everything in a fun way, whenever possible:-)

But before getting deeper into security, I would like to mention some areas where you might need to get some expertise if you want to really be a network security star. If you are already seasoned, probably this would be a good reminder on areas you should keep updated. If you are new, then this could provide a nice road map to go deeper on the field after you finish reading this book:

•  Know at least one third-generation programming language, one fourth-generation programming language, and one script language. The differentiation is made because each one will help you understand different concepts and will teach you to think in different ways when you analyze problems. Some options are C language, SQL, and Korn-shell scripting, but it could also be C#, Ruby or Python, and Oracle SQL. If you want to become a pen-tester, you probably might want to learn a bit of assembler as well. Please note I mentioned “know,” which is different from “master.” This is important because you probably don’t want to become a professional programmer, but you will need to be fluent enough in the language so you can understand code you read (exploit code or source code of Web Applications, for example), modify that to suit your needs or automate tasks.

•  An operating system is the program that is loaded on a device, responsible for hardware and programs management. Every device from a cell phone, to a game console, to a tablet, to a personal computer, has an operating system. You need to understand how it works: memory management; I/O Management in general; processor, disk, and other hardware resources allocation; networking interface management, process management. As with programming, probably you don’t need to know how to tune kernel parameters or how to tune the server to achieve maximum performance. However, you need to understand how the operating system works, so you can identify and troubleshoot issues faster, as well as to understand how to secure an environment more effectively. It might not be a must, but experience on at least one of the following operating systems is highly desirable and will always come handy: Microsoft Windows (any version) or a Un*x flavor such as HP-UX, IBM AIX, FreeBSD, OpenBSD, or GNU/Linux.

•  One of the reasons why organizations need security is because of the open nature of the Internet, designed to provide robust connectivity using a range of open protocols to solve problems by collaboration. Almost no computer works alone these days. It’s quite important to know as much as you can about networking. One example of the networking importance: in the experience of this book authors, at least eighty percent (80%) of the issues typically faced with network security devices (especially devices with a firewall component like the FortiGate) are related to network issues more than to product issues. Due to this, it’s important knowing how switching technologies work, how ARP handles conversions between MAC addresses and IP addresses, STP and how it builds “paths” on a switching topology, 802.3AD and interface bindings, 802.1x and authentication, TCP and its connection states, and how static routing and dynamic routing with RIP, OSPF, and BGP work. All those are important, and I would dare to say, almost critical. And on networking, you will need a bit more than just “understanding”: real-world experience on configuring switches, routers, and other network devices will save your neck more than one time while configuring network security devices.

Yes, as you can see, being a security professional requires a lot of knowledge on the technical side, but it is rewarding in the sense that you always get to look at the bigger picture and then, by analysis, cover all the parts to ensure everything works smoothly and securely.

Computer and Network Security Concepts and Principles

Having covered all that we will now review security concepts. We won’t explain all the details about them here, since they will be better illustrated in the chapters to come, where all the concepts, technologies, and features mentioned are put to practical use. We will offer here definitions in such a way that have meaning through our book and may not necessarily be the same ones commonly used by other vendors.

Computer and Network Security is a complex discipline. In order to walk towards becoming a versed person, you need to truly understand how many things work: from programming, to hardware architectures, to networks, and even psychology. Going through the details of each field necessary to consider yourself a security professional is way beyond the scope of a single book, let alone a section within a book chapter. If you are interested on...



Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.