Computer Security Policies and SunScreen Firewalls

Acknowledgments.


Preface.


1. What Is a Security Policy?


The Need for Security. What Is a Threat? Examples of Computer Threats. The Importance of a Security Policy. Why a Security Policy? Who Writes a Security Policy? Starting Out. Building a Foundation for the Policy. Identify the OrganizationOs Assets. Develop a Mission Statement. Develop a Draft Budget. Enlist Management Support. Allot Sufficient Time. Analyzing Risks. Developing the Security Policy. Structure: Policies, Standards, Procedures. Some Suggested Topics for Standards. Considering Tools and Technology. Security Policy Components. Statement of Purpose. Scope. Policy Statement. Enforcement. Exceptions. Additional Considerations. Writing Style. Review and Approval Process. Communicating the Policy to Users. Implementing the Policy. Implement and Test Rules. Define Emergency Procedures/Response. Monitor for Compliance. Reviewing and Updating the Policy.



2. Firewalls as Part of Your Security Strategy.


What Is a Firewall? What Security Problems Does a Firewall Try to Solve? Packet Filtering. Packet Filtering with State. Packet Filters and Proxies. Cryptography. Tunnel Addresses and Network Address Translation. SunScreen Firewalls as Part of Your Security.



3. Security Concepts and the Technology Behind Them.


Discussion of Some Security Concepts. Authentication Access Control. Privacy. Integrity. Putting the Concepts Together. Cryptography. Key Technology. Shared-Key Technology. Public-Key Technology. Diffie-Hellman Key Technology. Public-Key Certificates. Signed Certificates. Self-Signed Certificates. Simple Key-Management for Internet Protocols (SKIP).



4. How the SunScreen Firewalls Work.


Overview and Diagrams. How the Screen Checks Packet Traffic. The SunScreen EFS Firewall. The SunScreen SPF-200 Firewall. Explanation of Some Differences. Operating Environment and Networks. Rules.



5. Managing SunScreen Firewalls.


What Does Administration Include? Interacting with the Screen. Using the SunScreen EFS and SPF-200 Firewalls Together. An Example Use. Backward Compatibility. EFS Administration. SPF-200 Administration. Some Administration Scenarios. Adding Another Remote Administration Station. Using Another Machine as an Administration Station. Copying a Configuration. Creating Address Lists. Understanding Packet Traffic on the Network. Protocol Stack. Communicating Securely with SKIP. How SKIP Works. SKIP in SunScreen Firewalls and SKIP on an End System. Monitoring. Using Logs. Why Logs Are Useful. How To Use SunScreen Logs. The SunScreen Log Browser. Storing SunScreen Logs. Receiving SNMP Alerts. Checking the Status of Your Firewalls. Troubleshooting. Routing. Services. SKIP Connections. Logs. Programs to Generate Information.



6. Translating Your Security Policy to Your SunScreen.


Firewalls. Getting Organized. Security Policy. Network Topology Map. IP Addresses. Understanding Rules. Basic Rule Elements. Source and Destination Addresses. Rule Type. Service. Optional Rule Elements. Proxies. Encryption. Putting All the Rule Elements Together. Other Elements That Affect Your Configuration. Tunneling. SNMP Alerts. Turning Your Security Policy into SunScreen Rules. Creating Address Names. Entering Certificates. Creating a Service Group. Creating the Rules. Entering a Rule in SunScreen. EFS. How Rules Are Processed. Rule Ordering for EFS 2.0. Rule Ordering in SPF-200 1.0. Reviewing Your Current Rules. Increasing the Effectiveness of Your Rules. Rules to Help Protect Against Denial-of-Service. Attacks. IP Spoofing. Tips to Increase Performance. Summary.



A. Scenarios with the SunScreen EFS Firewall.


Scenario: Perimeter Defense. Diagram. Discussion. Rules. Scenario: Two Lines of Defense. Diagram. Discussion. Rules. Scenario: Site- to-Site Tunneling Firewall. Diagram. Discussion. Rules. Scenario: Remote Access Firewall. Diagram. Discussion. Rules. Scenario: Compartmentalization Firewall. Diagram. Discussion. Rules.



B. Resources.


Resources on the Internet. Request for Comments (RFCs). Web URLs. Internet Newsgroups. Books. SunScreen Product Documentation.



Index.