Implementing virtual private networksPDF电子书下载

PART 1 THE FOUNDATIONS OF VPNs 1

Chapter 1 Introduction to VPN Technology 3

What Is a VPN? 4

Components That Make Up a VPN 13

Who Supports VPNs? 18

The Growth of VPNs 18

Identifying a Need for VPN 20

The Business Need for VPNs 21

How to Choose VPN Services 22

Conclusion 25

Chapter 2 Network Security for VPNs 27

What Is Network Security? 28

What Can You Do to Protect Against Threats? 30

How to Identify Attacks 40

What Are Some Security Requirements of VPNs? 42

Why Is Security So Important When Implementing VPNs? 46

Implementing a Good Security Policy 48

Is Your Organization Vulnerable to Attacks? 50

What Are Some Types of Attacks? 52

Conclusion 53

Chapter 3 The Advantages and Disadvantages of VPN Technology 55

VPN Benefits 56

Cost Savings of VPNs 57

Benefits of Network Design 58

End-User Benefits of VPNs 62

Benefits of a Global Reach 64

Benefits to ISPs 65

Competitive Advantage of VPNs 66

Cost of VPN Technology 67

Additional Telecommunication Costs 77

Quality of Service Guarantees 79

Service Level Agreements 80

Conclusion 82

Chapter 4 VPN Architecture 85

Introduction to Architecture 86

Which Is the Best VPN for You? 87

VPN Supplied by Network Service Provider 93

Firewall-Based VPNs 99

Black-Box-Based VPNs 101

Router-Based VPNs 102

Remote Access-Based VPNs 104

Application-Aware/Proxy Toolkit VPNs 105

Multiservice Applications with VPNs 106

Software-Based VPNs 108

Performance Statistics/Comparisons- 109

Tunnel Switches for VPNs 109

Certification/Compliance 112

Conclusion 113

Chapter 5 Topologies of VPNs 115

Introduction to VPN Topology 116

Firewall/VPN-to-Client Topology 118

VPN/LAN-to-LAN Topology 120

VPN/Firewall-to-Intranet/Extranet Topology 123

VPN/Frame or ATM Topology 126

Hardware (Black-Box) VPN Topology 128

VPN/NAT Topology 131

VPN Switch Topology 132

VPN Nested Tunnels 134

Load Balancing and Synchronization 135

Conclusion 139

Chapter 6 Government Restrictions on VPN Technology 141

Introduction to the Politics of Encryption 142

What Role Does Government play in VPN Technology? 144

Why Would the Government s Policy Actions Affect VPN Security? 146

Where Do I Get Permission to Use Strong Security? 148

The Economic Cost of Government Intrusion 149

Legal Status of Encryption 151

International Impact on U.S.Government s Encryption Policy 152

What s Happening Today? 153

Conclusion 158

PART 2 THE VPN IMPLEMENTATION 161

Chapter 7 The Basics 163

Decide on a Game Plan 164

VPN Architecture Placement 167

Routing Problems 168

Topology Placement 172

IP/NAT Addressing Concerns 176

Remote Access Issues 183

DNS/SMTP Issues 185

Conclusion 186

Chapter 8 Installing a VPN,Part I 189

Introduction to Installing a Firewall-Based VPN 190

The Firewall-Based VPN Model 193

Obtain and Assign IP Address Space 197

Implementing a Good Security Policy 205

Implementing Management Traffic 208

Implementing SMTP and DNS Issues 209

Implementing Authentication 210

The Drop All Rule 213

Implementing the VPN Rule 214

Branch Office VPNs 215

Remote Users VPNs 217

Conclusion 218

Chapter 9 Installing a VPN,Part Ⅱ 221

Service Provider VPN Services 222

Stand-alone VPN Services 223

Aventail ExtraNet Center 223

Compatible Systems—Access Servers 232

Nortel Networks—Extranet Switch 4000 237

Radguard—clPro System 242

RedCreek—Ravlin 247

Timestep—PERMIT Enterprise 252

VPNet—VPLink Architecture 257

Conclusion 263

Chapter 10 Troubleshooting VPNs 265

Introduction to Troubleshooting VPNs 266

Remote DiaHn Users 269

LAN-to-LAN VPN 276

PPTP VPN 277

LZTP VPN 283

IPSec VPN 285

Multihoned Firewall/VPN 288

Conclusion 293

Chapter 11 Maintaining a VPN 295

Introduction 296

Redundant Links 297

Growth in Your Organization 299

Software Updates 300

Onsite Technical Support 302

Telephone Support 303

Help Desk Support to Remote Users 304

VPNs,Build or Buy? 304

Compatibility Issues 305

Alerting 306

Monitoring 306

Logging 307

Event Correlation 307

Encryption and Encapsulation 309

Key Management 311

Random-Number Generators 311

Certificates 312

Security Update 312

Support to Major Upgrade 314

Tunneling Protocols 315

Management Devices 315

Performance 316

Quality of Service 317

Authentication 317

Conclusion 318

Skilled Labor 318

PART 3 THE SECURITY OF VPNs 321

Chapter 12 Cryptography 323

What is Cryptography? 324

Private versus Public Key Cryptography 325

Block Ciphers 326

Stream Ciphers 333

Hash Functions 335

Message Authentication Codes 336

Digital Timestamps 336

Digital Signatures with Certificate Authorities 337

Strengths of Cryptographic Hash Functions 338

Random-Number Generators 339

Clipper Chip 340

Which Cryptosystem is Right for You? 341

Cryptography Timeline 342

Conclusion 352

Chapter 13 Encryption 353

Private-Key Encryption 354

Public-Key Encryption 356

Shared Secret Key 357

Digital Signatures 359

Certificate Authorities (CAs) 360

Diffie-Hellman Public-Key Algorithm 361

RSA Public-Key Algorithm 362

Pretty Good Privacy(PGP) 364

Internet Security Protocol(IPSec) 365

Encapsulating Security Payload(ESP)RFC-2406 368

Public Key Infrastructure(PKI) 372

Layer Z Forwarding Protocol(LZF) 373

Point-to-Point Tunneling Protocol(PPTP) 374

Layer Z Tunneling Protocol(LZTP) 377

Simple Key Internet Protocol(SKIP) 378

Secure Wide Area Network(S/WAN) 379

Conclusion 380

Chapter 14 Secure Communication and Authentication 381

Authentication Protocols 382

Operating System Passwords 384

S/KEY 385

Remote Authentication DiaHn Service(RADIUS) 388

Terminal Access Controller Access Control System(TACACS/XTACACS) 390

Terminal Access Controller Access Control System Plus(TACACS+) 391

Kerberos 392

Certificates 395

Smart Cards 399

Hardware Tokens/PKCS#11 400

Lightweight Directory Access Protocol(LDAP) 402

ACE/Server with SecurlD 403

Biometrics 405

Secure Modems 406

Conclusion 407

Chapter 15 VPN Operating System Vulnerabilities 409

What Are VPN Operating System Vulnerabilities? 410

UNIX Guidelines 411

UNIX Operating System Vulnerabilities 415

Windows 95 Guidelines 421

Windows 95 Vulnerabilities 422

Windows NT Guidelines 423

Windows NT Vulnerabilities 426

Novell Guidelines Conclusion 429

Chapter 16 VPN Security Attacks 431

Introduction to VPN Attacks 432

Cryptographic Algorithms Attacks 433

Random-Number Generator(RNG)Attacks 438

Government Attacksvia Key Recovery 439

Internet Security(IPSec)Attacks 440

Point-To-Point Tunneling Protocol(PPTP)Attacks 445

SKIP Attacks 449

Certificate Authorities Attacks 449

RADIUS Attacks 452

Kerberos Attacks 453

Pretty Good Privacy(PGP)Attacks 454

Denial of Service(DoS)Attacks 456

Other Attacks 461

Conclusion 462

Chapter 17 Security Toolbelt 465

What Is a Security Toolbelt? 466

The Need for a Security Toolbelt 470

RFC 2196 Site Security Handbook 473

Security Escalation Procedures 476

Building a Secure Site 477

Security Tools 480

Incident Response Centers 485

Mailing Lists/Newsgroups 487

Web Security 488

Conclusion 493

Chapter 18 Intrusion Detection and Security Scanning 495

Introduction to Intrusion Detection 496

Categories of Intrusion Systems 499

Characteristics of a Good Intrusion Detection System 502

Intrusion Detection/Footprint 503

Fooling an Intrusion Detection System 508

Intrusion Detection Tools 511

Limiting Intrusion 515

Scanners 517

Conclusion 520

Chapter 19 Emerging Technologies for VPNs 523

Introduction to Emerging Technologies 524

Advances in Computing 525

Advances in Cryptographic Systems 529

Private Doorbell 533

Steganography 535

What Are the New Threats? 538

Government Regulations 540

Wireless VPNs 543

Conclusion 544

Appendix A Links and References 547

Glossary 563

Index 581