第6讲Juniper防火墙基本介绍.pptVIP

NetScreen Security Concepts 第六讲 Juniper防火墙基本介绍 Objectives Identify requirements that must be met by network security devices Name and describe the function of components of the Universal Security Gateway Architecture including Virtual Systems (VSYS) Zones Policies Virtual Routers Interfaces Describe the packet processing sequence in a NetScreen device Select correct deployment scenarios for NetScreen appliances and systems Security Device Requirements Frame/Packet Forwarding Bridging (Layer 2) Routing (Layer 3) Firewall Filter based on contents of IP, TCP/UDP, and application header Network/Port Address Translation Private to public address translation Virtual Private Networks Encapsulation, authentication, and encryption Primarily implemented using IPSec Layer 2 Frame Forwarding (Bridging/Switching) Transparent Bridge Functions Learning (based on Source MAC address) Forward/Flood/Filter (based on Destination MAC address) Loop prevention (Spanning Tree protocol) Layer 3 Packet Forwarding (Routing) Forward IP packets based on destination address Maintain Route Table entries Static routes Dynamic routes (RIP, OSPF, BGP) Default routes Firewall Packet filter based on packet header IP (SA, DA, Protocol) TCP/UDP (Port #) Used to implement security policies Network/Port Address Translation Convert private address space to public address Virtual Private Networks Provide secure tunnels across the Internet Encapsulation Encryption Authentication Traditional Firewall Requirements Untrust Network Internet or another public network No control Trust Network Our private network We have control Emergence of the DMZ Additional requirements for public access Emergence of “DMZ” Access to services such as Web, Mail, and FTP Next Step: No Trusted Networks Security required within our private network Introduces new requirements Flexible architecture Scalability NetScreen Security Architecture NetScreen solution to new security requirements Provides flexible, scalable software architect