Atjaunināt sīkdatņu piekrišanu

E-grāmata: IPSec Virtual Private Network Fundamentals

2.75/5 (8 ratings by Goodreads)
  • Formāts: 480 pages
  • Izdošanas datums: 19-Jul-2006
  • Izdevniecība: Cisco Press
  • Valoda: eng
  • ISBN-13: 9780132796682
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 27,23 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
IPSec Virtual Private Network FundamentalsPalielināt
  • Formāts: 480 pages
  • Izdošanas datums: 19-Jul-2006
  • Izdevniecība: Cisco Press
  • Valoda: eng
  • ISBN-13: 9780132796682
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Virtual private networks are becoming the industry standard for secure remote access, and given their relatively low cost use of Internet resources to connect remote sites it is likely they will remain in that penultimate position for some time. Focusing on the practical, internal consultant Carmouche covers the IPsec version, including design concepts with each chapter along with configurations and case studies. He introduces VPN technology and IPsec fundamentals, basic IPsec VPN configurations and common issues. He describes designing VPN architectures for high availability, local site-to-site applications, geographic sight-to sight, vendor interoperability, remote-access VPN, and advanced topics such as public key infrastructure and dynamically addressed peers. The index is particularly easy to use and helpful. Annotation ©2006 Book News, Inc., Portland, OR (booknews.com)

An introduction to designing and configuring Cisco IPsec VPNs

  • Understand the basics of the IPsec protocol and learn implementation best practices
  • Study up-to-date IPsec design, incorporating current Cisco innovations in the security and VPN marketplace
  • Learn how to avoid common pitfalls related to IPsec deployment
  • Reinforce theory with case studies, configuration examples showing how IPsec maps to real-world solutions

    IPsec Virtual Private Network Fundamentals provides a basic working knowledge of IPsec on various Cisco routing and switching platforms. It provides the foundation necessary to understand the different components of Cisco IPsec implementation and how it can be successfully implemented in a variety of network topologies and markets (service provider, enterprise, financial, government). This book views IPsec as an emerging requirement in most major vertical markets, explaining the need for increased information authentication, confidentiality, and non-repudiation for secure transmission of confidential data. The book is written using a layered approach, starting with basic explanations of why IPsec was developed and the types of organizations relying on IPsec to secure data transmissions. It then outlines the basic IPsec/ISAKMP fundamentals that were developed to meet demand for secure data transmission. The book covers the design and implementation of IPsec VPN architectures using an array of Cisco products, starting with basic concepts and proceeding to more advanced topics including high availability solutions and public key infrastructure (PKI). Sample topology diagrams and configuration examples are provided in each chapter to reinforce the fundamentals expressed in text and to assist readers in translating concepts into practical deployment scenarios. Additionally, comprehensive case studies are incorporated throughout to map topics to real-world solutions.

    • Papildus informācija

    IPsec Virtual Private Network Fundamentals provides a basic working knowledge of IPsec on various Cisco routing and switching platforms. It provides the foundation necessary to understand the different components of Cisco IPsec implementation and how it can be successfully implemented in a variety of network topologies and markets (service provider, enterprise, financial, government). This book views IPsec as an emerging requirement in most major vertical markets, explaining the need for increased information authentication, confidentiality, and non-repudiation for secure transmission of confidential data. The book is written using a layered approach, starting with basic explanations of why IPsec was developed and the types of organizations relying on IPsec to secure data transmissions. It then outlines the basic IPsec/ISAKMP fundamentals that were developed to meet demand for secure data transmission. The book covers the design and implementation of IPsec VPN architectures using an array of Cisco products, starting with basic concepts and proceeding to more advanced topics including high availability solutions and public key infrastructure (PKI). Sample topology diagrams and configuration examples are provided in each chapter to reinforce the fundamentals expressed in text and to assist readers in translating concepts into practical deployment scenarios. Additionally, comprehensive case studies are incorporated throughout to map topics to real-world solutions.
    Introduction xvii
    Part I Introductory Concepts and Configuration/Troubleshooting 3(202)
    Chapter 1 Introduction to VPN Technologies
    		5(30)
    VPN Overview of Common Terms
    		5(1)
    Characteristics of an Effective VPN
    		6(3)
    VPN Technologies
    		9(16)
    Virtual Private Dialup Networks
    		10(8)
    Layer 2 Forwarding Protocol
    		10(2)
    Point-to-Point Tunneling Protocol
    		12(4)
    Layer 2 Tunneling Protocol
    		16(2)
    Multiprotocol Label Switching VPNs
    		18(2)
    IPsec VPNs
    		20(1)
    Transport Layer VPNs
    		21(4)
    Secure Socket Layer VPNs
    		21(4)
    Transport Layer Security and SSL VPNs
    		25(1)
    Common VPN Deployments
    		25(4)
    Site-to-Site VPNs
    		25(3)
    Remote Access VPNs
    		28(1)
    SSL in RAVPN Architectures
    		28(1)
    Business Drivers for VPNs
    		29(2)
    Remote Access VPN Business Drivers—A Practical Example
    		30(1)
    Site-to-Site VPN Business Drivers—A Practical Example
    		30(1)
    IPsec VPNs and the Cisco Security Framework
    		31(1)
    Summary
    		32(3)
    Chapter 2 IPsec Fundamentals
    		35(70)
    Overview of Cryptographic Components
    		35(11)
    Asymmetric Encryption
    		36(3)
    Symmetric Encryption
    		39(3)
    Message Authentication, Message Integrity, and Sender Non repudiation Mechanisms
    		42(4)
    Hashing and Message Digests
    		42(2)
    Digital Signatures
    		44(2)
    Public Key Encryption Methods
    		46(5)
    RSA Public-Key Technologies
    		48(3)
    RSA Encryption
    		48(2)
    RSA Signatures
    		50(1)
    Diffie-Hellman Key Exchange
    		51(1)
    The IP Security Protocol (IPsec)
    		51(27)
    IPsec Modes
    		52(3)
    Transport Mode
    		52(2)
    Tunnel Mode
    		54(1)
    IPsec Transforms
    		55(4)
    ESP 55 AH
    		57(1)
    IP Payload Compression Protocol (IPPCP) and LZS
    		58(1)
    IPsec SA
    		59(4)
    IPsec Configuration Elements
    		63(5)
    Creating an IPsec Transform
    		63(3)
    Crypto Map Configuration
    		66(2)
    Manual Keying
    		68(9)
    The Need for Security Association and Key Management
    		77(1)
    IKE and ISAKMP
    		78(22)
    IKE and ISAKMP Terminology and Background
    		78(1)
    IKE SA Negotiation and Maintenance
    		79(1)
    IPsec Diffie-Hellman Shared Secret Key Generation Using IKE
    		79(4)
    IKE Authentication Services
    		83(4)
    Pre-Shared Keys
    		83(2)
    RSA Encryption (Encrypted Nonces)
    		85(1)
    RSA Signatures and X.509 Certificates
    		86(1)
    IKE Phase I Negotiation
    		87(3)
    Main Mode
    		88(1)
    Aggressive Mode
    		89(1)
    IKE Phase II Negotiation
    		90(4)
    Quick Mode
    		90(1)
    PFS
    		91(1)
    Dead Peer Detection and IKE Keepalives
    		92(2)
    Configuring ISAKMP
    		94(2)
    IKE with RAVPN Extensions
    		96(11)
    Mode Configuration
    		96(2)
    X-Auth
    		98(2)
    Summary
    		100(5)
    Chapter 3 Basic IPsec VPN Topologies and Configurations
    		105(36)
    Site-to-Site IPsec VPN Deployments
    		107(14)
    Site-to-Site VPN Architectural Overview for a Dedicated Circuit
    		107(10)
    Cisco IOS Site-to-Site IPsec VPN Configuration
    		108(3)
    Verifying Cisco LOS Site-to-Site IPsec VPN Operation
    		111(6)
    Site-to-Site Architectural Overview over a Routed Domain
    		117(4)
    Site-to-Site IPsec VPN Deployments and GRE (IPsec+GRE)
    		121(7)
    Site-to-Site IPsec+ GRE Architectural Overview
    		121(2)
    Increased Packet Size and Path MTU Considerations
    		122(1)
    GRE and Weighted Fair Queuing
    		122(1)
    QoS and the IPsec Anti-Replay Window
    		122(1)
    Site-to-Site IPsec +GRP: Sample Configurations
    		123(5)
    Cisco IOS Site-to-Site IPsec+GRE Configuration
    		123(3)
    Verification of IPsec+GRE Tunnel Establishment
    		126(2)
    Hub-and-Spoke IPsec VPN Deployments
    		128(4)
    Hub-and-Spoke Architectural Overview
    		129(1)
    Standard Hub-and-Spoke Design without High Availability
    		129(1)
    Clustered Spoke Design to Redundant Hubs
    		130(1)
    Redundant Clustered Spoke Design to Redundant Hubs
    		131(1)
    Remote Access VPN Deployments
    		132(6)
    RAVPN Architectural Overview
    		132(1)
    RAVPN Clients
    		132(1)
    Standalone VPN Concentrator Designs
    		133(4)
    VPN Concentrator on Outside Network with Single DMZ
    		133(1)
    VPN Concentrator and Firewall in Parallel
    		134(1)
    VPN Concentrator with Dual DMZs to Firewall
    		135(1)
    What to Avoid in DMZ/VPN Concentrator Topologies
    		136(1)
    Clustered VPN Concentrator Designs
    		137(1)
    Summary
    		138(3)
    Chapter 4 Common IPsec VPN Issues
    		141(64)
    IPsec Diagnostic Tools within Cisco IOS
    		141(1)
    Common Configuration Issues with IPsec VPNs
    		142(29)
    IKE SA Proposal Mismatches
    		142(4)
    IKE Authentication Failures and Errors
    		146(19)
    IKE Authentication Errors and PSKs
    		146(5)
    IKE Authentication Errors with RSA Encryption
    		151(7)
    IKE Authentication Errors with RSA Signatures
    		158(7)
    IPsec SA Proposal Mismatches
    		165(4)
    Crypto-Protected Address Space Issues (Crypto ACL Errors)
    		169(2)
    Architectural and Design Issues with IPsec VPNs
    		171(29)
    Troubleshooting IPsec VPNs in Firewalled Environments
    		171(3)
    Allowing the Required IPsec Protocols to Pass
    		171(2)
    Firewall's Handling of Fragmented IPsec Packets
    		173(1)
    Filtering of ICMP Unreachables
    		174(1)
    NAT Issues in IPsec VPN Designs
    		174(6)
    Intrinsic IPsec/NAT Incompatibilities
    		175(3)
    IPsec NAT Transparency (NAT-T)
    		178(1)
    SPI-Based NAT
    		179(1)
    The Influence of IPsec on Traffic Flows Requiring QoS
    		180(3)
    IPsec's Influence on DiffSery and LLQ/CBWFQ
    		181(2)
    IPsec's Effect on IntSery and RSVP
    		183(1)
    Solving Fragmentation Issues in IPsec VPNs
    		183(14)
    Path MTU Discovery
    		184(5)
    Fragmentation Behavior on Cisco IOS VPN Endpoints
    		189(4)
    Solutions for Preventing Fragmentation
    		193(4)
    The Effect of Recursive Routing on IPsec VPNs
    		197(3)
    Summary
    		200(5)
    Part II Designing VPN Architectures 205(184)
    Chapter 5 Designing for High Availability
    		207(28)
    Network and Path Redundancy
    		208(2)
    IPSec Tunnel Termination Redundancy
    		210(5)
    Multiple Physical Interface HA with Highly Available Tunnel Termination Interfaces
    		210(1)
    Tunnel Termination HA Using HSRP/VRRP Virtual Interfaces
    		211(1)
    HA with Multiple Peer Statements
    		212(2)
    RP-based IPSec HA
    		214(1)
    Managing Peer and Path Availability
    		215(4)
    Peer Availability
    		216(2)
    Path Availability
    		218(1)
    Managing Path Symmetry
    		219(3)
    Load Balancing, Load Sharing, and High Availability
    		222(10)
    Load-Sharing with Peer Statements
    		222(2)
    Routing
    		224(1)
    Domain Name System (DNS)
    		225(2)
    Cisco VPN3000 Concentrator Clustering
    		227(3)
    IPSec Session Load-Balancing Using External Load Balancers
    		230(2)
    Summary
    		232(3)
    Chapter 6 Solutions for Local Site-to-Site High Availability
    		235(32)
    Using Multiple Crypto Interfaces for High Availability
    		235(7)
    Impact of Routing Protocol Reconvergence on IPsec Reconvergence
    		238(2)
    Impact of Stale SAs on IPsec Reconvergence
    		240(1)
    Impact of IPsec and ISAKMP SA Renegotiation on IPsec Reconvergence
    		241(1)
    Stateless IPsec VPN High-Availability Alternatives
    		242(15)
    Solution Overview for Stateless IPsec High Availability
    		242(4)
    Hot Standby Routing Protocol
    		244(1)
    RRI
    		245(1)
    Stateless High Availability Failover Process
    		246(11)
    Step 1: Initial IPsec VPN Tunnel Establishment
    		247(4)
    Step 2: Pre-HSRP RRI Execution
    		251(3)
    Step 3: Active Router Failure
    		254(1)
    Step 4: HSRP Reconvergence
    		254(1)
    Step 5: IPsec Reconvergence
    		255(2)
    Step 6: Post-HSRP RRI Execution
    		257(1)
    Stateful IPsec VPN High- Availability Alternatives
    		257(6)
    Solution Overview for Stateful IPsec High Availability
    		258(3)
    HSRP and RRI
    		259(1)
    Stateful Switchover (SSO) and IPsec High Availability
    		259(2)
    Stateful High Availability Failure, Process
    		261(2)
    Step 1: Initial IPsec VPN Tunnel Establishment
    		261(1)
    Step 2: SADB Synchronization with SSO
    		261(1)
    Step 3: Pre-HSRP Failover RRI Execution
    		262(1)
    Step 4: Active Router Failure
    		262(1)
    Step 5: HSRP Reconvergence
    		262(1)
    Step 6: IPsec Reconvergence
    		262(1)
    Step 7: Post-HSRP RRI Execution
    		263(1)
    Summary
    		263(4)
    Stateless IPsec VPN High Availability Design Summary
    		263(2)
    Stateful IPsec VPN High Availability Design Summary
    		265(2)
    Chapter 7 Solutions for Geographic Site-to-Site High Availability
    		267(30)
    Geographic IPsec VPN HA with Reverse Route Injection and Multiple IPsec Peers
    		267(11)
    Solution Overview for RRI with Multiple IPsec Peers
    		267(11)
    Geographic IPsec VPN High Availability with IPsec+GRE and Encrypted Routing Protocols
    		278(9)
    Solution Overview for IPsec+GRE with Encrypted Routing Protocols
    		279(8)
    Dynamic Multipoint Virtual Private Networks
    		287(8)
    DMVPN Solution Design Drivers
    		288(1)
    DMVPN Component-Level Overview and System Operation
    		289(6)
    Summary
    		295(2)
    Chapter 8 Handling Vendor Interoperability with High Availability
    		297(16)
    Vendor Interoperability Impact on Peer Availability
    		297(4)
    The Inability to Specify Multiple Peers
    		297(3)
    Lack of Peer Availability Mechanisms
    		300(1)
    Vendor Interoperability Impact on Path Availability
    		301(5)
    IPSec HA Design Considerations for Platforms with Limited Routing Protocol Support
    		302(2)
    IPSec HA Design Considerations for Lack of RRI Support
    		304(1)
    IPSec HA Design Considerations for Lack of Generic Routing Encapsulation (GRE) Support
    		305(1)
    Vendor Interoperability Design Considerations and Options
    		306(5)
    Phase 1 and 2 SA Lifetime Expiry
    		307(1)
    SADB Management with Quick Mode Delete Notify Messages
    		307(1)
    Invalid Security Parameter Index Recovery
    		308(1)
    Vendor Interoperability with Stateful IPSec HA
    		309(2)
    Summary
    		311(2)
    Chapter 9 Solutions for Remote-Access VPN High Availability
    		313(46)
    IPsec RAVPN Concentrator High Availahility Virtual Interfaces for Tunnel Termination
    		314(19)
    IPsec RAVPN Concentrator High Availability Using VRRP
    		315(12)
    IPsec RAVPN Concentrator HA Using HSRP
    		327(6)
    IPsec RAVPN Concentrator HA Using the VCA Protocol
    		333(9)
    IPsec RAVPN Geographic HA Design Options
    		342(13)
    VPN Concentrator Session Load Balancing Using DNS
    		343(2)
    VPN Concentrator Redundancy Using Multiple Peers
    		345(10)
    Summary
    		355(4)
    Chapter 10 Further Architectural Options for IPsec
    		359(30)
    IPsec VPN Termination On-a-Stick
    		359(9)
    IPsec with Router-on-a-Stick Design Overview
    		359(3)
    Single, Flatly Addressed L3 Domain
    		360(1)
    Lack of In-Path Design Options
    		361(1)
    Single Interface to the Bridged LAN
    		361(1)
    Crypto-Enabled Loopback Interface
    		361(1)
    Case Study: Small Branch IPsec VPN Tunnel Termination with NAT On-a-Stick
    		362(6)
    In-Path Versus Out-of-Path Encryption with IPsec
    		368(11)
    Out-of-Path Encryption Design Overview
    		370(1)
    Case Study: Firewalled Site-to-Site IPsec VPN Tunnel Termination
    		370(9)
    Separate Termination of IPsec and GRE (GRE-Offload)
    		379(7)
    GRE-Offload Design Overview
    		379(3)
    Lack of Support for GRE Processing
    		380(1)
    Low GRE Performance
    		380(2)
    Case Study: Large-Scale IPsec VPN Tunnel Termination with GRE Offload
    		382(1)
    Dynamic Crypto Maps and GRE-Offload
    		383(1)
    IKE Extended Authentication (X-Auth)
    		384(1)
    Firewalled Cleartext Traffic
    		385(1)
    High-Speed GRE Tunnel Termination for GRE-Offload
    		385(1)
    Summary
    		386(3)
    Part III Advanced Topics 389(60)
    Chapter 11 Public Key Infrastructure and IPsec VPNs
    		391(26)
    PK1 Background
    		391(3)
    PKI Components
    		394(3)
    Public Key Certificates
    		394(1)
    Registration Authorities
    		395(1)
    Certificate Revocation Lists and CRL Issuers
    		396(1)
    Certificate Authorities
    		397(1)
    PKI Cryptographic Endpoints
    		397(1)
    Life of a Public Key Cell Certificate
    		397(7)
    RSA Signatures and X.509v3 Certificates
    		397(5)
    Generating Asymmetric Keypairs on Cryptographic Endpoints
    		402(1)
    Registration and Endpoint Authentication
    		402(1)
    Receipt and Authentication of the CA's Certificate
    		403(1)
    Forwarding and Signing of Public Keys
    		403(1)
    Obtaining and Using Public Key Certificates
    		403(1)
    PKI and the IPSec Protocol Suite—Where PKI Fits into the IPSec model
    		404(1)
    OCSP and CRL Scalability
    		404(1)
    OCSP
    		405(1)
    Case Studies and Sample Configurations
    		405(9)
    Case Study 1: PKI Integration of Cryptographic Endpoints
    		407(3)
    Case Study 2: PKI with CA and RA
    		410(2)
    Case Study 3: PKI with Redundant CAs (CA Hierarchy)
    		412(2)
    Summary
    		414(3)
    Chapter 12 Solutions for Handling Dynamically Addressed Peers
    		417(32)
    Dynamic Crypto Maps
    		417(13)
    Dynamic Crypto Map Impact on VPN Behavior
    		418(7)
    Dynamic Crypto Map Impact on ISAKMP/IKE
    		418(1)
    Routing Considerations with Dynamic Crypto Maps
    		419(2)
    Security Considerations for Dynamic Crypto Maps
    		421(4)
    Dynamic Crypto Map Configuration and Verification
    		425(5)
    Tunnel Endpoint Discovery
    		430(2)
    TED Configuration and Verification
    		432(1)
    Case Study—Using Dynamic Addressing with Low-Maintenance Small Home Office Deployments
    		432(14)
    Summary
    		446(3)
    Appendix A Resources 449(3)
    Books
    		449(1)
    RFCs
    		449(1)
    Web and Other Resources
    		450(2)
    Index 452
    James Henry Carmouche, CCIE No. 6085, currently works for Cisco Systems Enterprise Systems Engineering group in Research Triangle Park, North Carolina where he is responsible for building, validating, and evangelizing new and emerging security integration concepts in new network architectures and solution reference designs. Prior to joining ESE, Henry served as a technical marketing engineer in Cisco's Government Systems Unit in Research Triangle Park, NC, where he is responsible for bringing advanced security products to market, building technical marketing collateral and presentations, and designing new product introduction training for the GSU's newly introduced security platforms.
    Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
    Permanent link: https://www.kriso.lv/db/97801327966826e.html
    Keywords: