070-410 exam 44
Chapter 1 ?Defining a Firewall
Q: It would be easier 070-410 exam 070-410 exam dumps for me to administer my firewall via HTTP or Telnet. Why are clear
text protocols so dangerous?
A: There are numerous versions of a type of tool called a packet sniffer available. A packet
sniffer captures the TCP/IP packets passing between devices and records the data. These devices can be used to “steal” data as it travels across the network. The sniffer captures individual data packets and allows hackers to view and analyze the message contents and packet headers. Should you use a plain text protocol, not only will all the commands be passed for a potential intruder to see, but so will your username and password. It would then be trivial for an intruder to access your firewall and change the configuration to suit his needs.
Packet sniffers are also called protocol analyzers or network analyzers. Sniffer and Sniffer Pro are two packet-sniffer products marketed by Network Associates.
Defining a Firewall ?Chapter 1
As you can see, this is completely legible. If there was a username and password in this conversation, it would be available. Here is an encrypted session captured on TCP Port 443. This was captured by accessing , my personal page: As you can see, this is completely illegible. This was transmitted with 128-bit encryption, which is nearly unbreakable. This is typical of any encrypted protocol, HTTPS, SSH, SFTP, and so forth. While it is not necessarily easy to sniff network traffic, it can be done. Particularly vulnerable are unencrypted wireless connections, Internet Caf?s, and networks connected via hubs rather than switches. Therefore, never, under any circumstances, enable clear text protocols on a network connection to important data or the devices protecting that data.
Solutions in this chapter:
Initial CLI Setup Initial Web Setup Certificates Security and System Settings
Summary Solutions Fast Track Frequently Asked Questions
Chapter 2 ?Setup
As you can see by the size of this book, you can design and configure quite a bit when it comes to the Juniper Secure Sockets Layer (SSL) virtual private network (VPN). Fortunately, you must complete relatively few tasks to get the box up and running on your network. In this chapter, we will focus on those initial steps that involve everything you need to know to get the IVE up and running. We will then go into some detail about IVE licensing (features and support), as well as certificates and other system wide settings to be configured on the IVE. The tools we discuss in this chapter will enable you to get your box up and running on the network. Unlike some other appliances, you do very little through the command-line interface (CLI) on the Juniper IVE. Juniper has left most of the configuration to its AdminUI, which you can access in virtually any Web browser. The CLI is basically enabled to allow for the initial setup, as well as for some last-resort troubleshooting techniques which you may have to employ if you lose your connection to the IVE or are locked out for one reason or another. In any event, you will find that the IVE provides you with the tools you need to set up your IVE, as well as maintain the system that your organization will no doubt rely heavily upon.
Initial CLI Setup
We start our IVE endeavor with a task in which many of you no doubt have much experience: the command line. Although this may seem like an odd place to start the configuration, Juniper has good reason for beginning the initial configuration at this spot. Essentially, you accomplish all IVE configuration within the AdminUI, which is a Web-based interface that allows you to configure all of the IVE’s great aspects. But before we can configure the device through a Web browser, we must make some initial configurations on the IVE to give it basic network information, as well as set up a login account (we actually will need to complete a few more steps, but not many). Like many other appliances, the IVE does not waste system resources (software or hardware) on providing a keyboard, video, and mouse (KVM) interface with a graphical user interface (GUI) such as a desktop. Rather, Juniper has designed the underlying operating system to be as lightweight as possible, so it can maximize the IVE’s performance for its intended purpose (which is to deliver applications and remote access securely to remote users). To help incorporate this feature, Juniper uses a simple console-based setup to configure the IVE.
IVE Console Setup
On the front of every 070-410 exam questions 070-410 exam cost IVE model is a console serial port which is an RS-232 DB9 male connector. Your IVE should come with a console cable to connect to a serial port on a workstation, laptop, or server. Many newer-model computers do not have an RS-232 serial