Atjaunināt sīkdatņu piekrišanu

Technical Guide to IPSec Virtual Private Networks [Mīkstie vāki]

3.50/5 (12 ratings by Goodreads)
(Raleigh, North Carolina, USA)
  • Formāts: Paperback / softback, 372 pages, height x width: 254x178 mm, weight: 700 g, 14 Tables, black and white
  • Izdošanas datums: 11-Dec-2000
  • Izdevniecība: Auerbach
  • ISBN-10: 0849308763
  • ISBN-13: 9780849308765
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 130,13 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
  • Bibliotēkām
Technical Guide to IPSec Virtual Private NetworksPalielināt
  • Formāts: Paperback / softback, 372 pages, height x width: 254x178 mm, weight: 700 g, 14 Tables, black and white
  • Izdošanas datums: 11-Dec-2000
  • Izdevniecība: Auerbach
  • ISBN-10: 0849308763
  • ISBN-13: 9780849308765
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9780849308765.html
Keywords:
What is IPSec? What's a VPN? Why do the need each other? Virtual Private Network (VPN) has become one of the most recognized terms in our industry, yet there continuously seems to be different impressions of what VPNs really are and can become. A Technical Guide to IPSec Virtual Private Networks provides a single point of information that represents hundreds or resources and years of experience with IPSec VPN solutions. It cuts through the complexity surrounding IPSec and the idiosyncrasies of design, implementation, operations, and security. Starting with a primer on the IP protocol suite, the book travels layer by layer through the protocols and the technologies that make VPNs possible. It includes security theory, cryptography, RAS, authentication, IKE, IPSec, encapsulation, keys, and policies. After explaining the technologies and their interrelationships, the book provides sections on implementation and product evaluation. A Technical Guide to IPSec Virtual Private Networks arms information security, network, and system engineers and administrators with the knowledge and the methodologies to design and deploy VPNs in the real world for real companies.
Foreword xv
Introduction xix
Getting Started
1(18)
Information Age
2(1)
The Internet
3(1)
Security Considerations
3(3)
Authentication
4(1)
Access Controls
4(1)
Data Integrity
5(1)
Confidentiality
6(1)
Non-repudiation
6(1)
Policy
6(4)
Network Security Considerations
7(1)
Services Offered versus Security Provided
7(1)
Ease of Use versus Security
8(1)
Cost of Security versus Risk of Loss
8(1)
The Need for Security Policies
9(1)
Legal Reasons
9(1)
Business Requirements
9(1)
General Control
10(1)
The Other Guys
10(1)
What Does VPN Mean?
11(2)
Why Are VPNs So Popular?
13(2)
Cost Savings
13(1)
Scalability
14(1)
Enhanced Communication Security
14(1)
Intended Audience
15(4)
Network Professionals
15(1)
Consultants
15(1)
Developers
16(1)
Technical Individuals
16(1)
What One Should' Know
16(3)
Technical Primer
19(32)
TCP/IP Quickie
20(18)
Common TCP/IP Networks
20(2)
Reference Models
22(1)
Application Layer
23(1)
Transport Layer
24(1)
Network Layer
24(1)
Link Layer
25(1)
Communication Types
25(1)
Packet Structure
26(1)
Header
27(1)
Internet Protocol
28(1)
Routing
29(1)
Structure
30(1)
Transmission Control Protocol (TCP)
30(1)
TCP Application Ports
31(1)
Structure
31(1)
User Datagram Protocol (UDP)
31(1)
Structure
31(1)
Pseudo Headers
32(1)
Internet Control Message Protocol (ICMP)
33(1)
ARP and RARP
34(1)
Non-routable IP Addresses
34(1)
Network Address Translation (NAT)
35(3)
IPSec and TCP/IP Layers
38(1)
Other VPN Standards
39(8)
Layer 2 Tunneling Protocol (L2TP)
39(2)
Layer 3
41(1)
Upper Layers
41(1)
Aventail SSL VPN Solution
42(5)
Cryptography
47(4)
Encryption
48(1)
Symmetrical
48(1)
Asymmetrical
48(1)
Hash Function
48(1)
Message Authentication Code
48(1)
Hash-Message Authentication Code
48(3)
IP Security Primer
51(10)
History
52(1)
Structure
52(1)
RFCs
53(4)
Clients and Networks
54(1)
What Is an SA?
54(1)
Authentication Header
55(1)
Encapsulating Security Payload
56(1)
Shims and Virtual Adapters
56(1)
Operating Systems Support
56(1)
Operations within the Standard
57(2)
Two Distinct Operations
57(1)
Internet Key Exchange
57(1)
IPSec Communication Suite
58(1)
IKE and IPSec Relationship
58(1)
Two Distinct Modes
58(1)
VPNs and Policies
59(2)
Cryptography
61(22)
History
62(1)
Symmetrical Encryption
62(4)
Typical Symmetrical Algorithms
63(1)
DES and 3DES
64(1)
AES
64(1)
MARS
64(1)
RC6
65(1)
Rijndael
65(1)
Serpent
65(1)
Twofish
65(1)
Asymmetrical Encryption
66(7)
What is PKI?
69(1)
Effective PKI
69(1)
Third-party Trust
69(1)
PKI Requirements
70(1)
Public Key Certificates
70(1)
Certificate Repository
70(1)
Certificate Revocation (CRL)
71(1)
Key Backup and Recovery
71(1)
Non-repudiation
71(1)
Automatic Update of Certificates and Key Pairs
71(1)
Key history
72(1)
Cross-certification
72(1)
Certificate Validation Process
72(1)
Message Authentication
73(6)
Authentication Basis
73(1)
Ciphertest
73(2)
Message Digest
75(1)
Hash Functions
75(1)
Message Authentication Code (MAC)
76(1)
Block Cipher-based Message Authentication
76(1)
Hash Function-based Message Authentication Code (HMAC)
77(1)
Digests over Encryption
77(1)
Performance
78(1)
Application Considerations
78(1)
System Performance
78(1)
Application Tampering
78(1)
Legacy Utilization
79(1)
Legal Restrictions
79(1)
Diffie-Hellman
79(3)
Perfect Forward Secrecy
82(1)
Implementation Theory
83(18)
Moving to the Internet
84(7)
WAN Augmentation
86(2)
WAN Replacement
88(1)
Redundancy Concepts
89(1)
Reevaluating the WAN
90(1)
Remote Access
91(1)
Current Remote Access Technology
91(1)
VPN Revolution
91(1)
LAN Security Augmentation
92(1)
Performance Considerations
93(5)
The Internet
94(2)
The Security
96(1)
The System
96(1)
Implemented versus Required
97(1)
Network Address Translation
98(3)
Authentication
101(10)
Pre-shared Secret
102(1)
Digital Signatures
103(1)
Public Key Encryption
104(7)
Remote User Authentication
105(1)
History
105(1)
IPSec and Remote Authentication
106(1)
Authentication Protocols
107(1)
Password Authentication Protocol (PAP)
107(1)
Challenge Handshake Authentication Protocol (CHAP)
108(1)
RADIUS
109(1)
X.500 and LDAP
109(2)
IPSec Architecture
111(38)
Security Associations
112(9)
IKE Security Associations
112(1)
IPSec Security Associations
112(2)
Security Parameter Index (SPI)
114(1)
Security Policy Database (SPD)
114(1)
Selectors
115(1)
Security Association Database
116(1)
SA Configurations
117(1)
Host-based VPN
117(2)
Gateway-based VPN
119
Host to Gateway
118(1)
Hosts and Gateways
118(2)
Availability versus Standards
120(1)
Transport Mode
121(1)
Tunnel Mode
122(1)
Remote Access, Routing, and Networks
123(12)
IP Pools and Networks
124(1)
Internally Available
124(1)
Internally Networked
125(1)
Virtually Networked
126(1)
Support for All
127(3)
Acting As a Router versus a Bridge
130(1)
Finding Gateways with Maps
130(3)
Map Example Internals
133(2)
Vendor Modes and Remote Access
135(3)
Split Tunnel
136(1)
Single Tunnel
137(1)
Hybrid Tunnel Realization
138(2)
Reverse VPN NAT
138(1)
Map-based Routing Table
138(1)
Arguments
139(1)
Implementation Considerations of Tunnel Types
140(1)
Data Fragmentation
141(3)
Discovery with ICMP
144(1)
Compression within IPSec
144(3)
Replay Protection
147(2)
Wrap-around
148(1)
Security Protocols
149(10)
Encapsulating Security PAYLOAD CESP)
150(4)
ESP Header Definition
150(2)
ESP Placement
152(1)
Process Execution
152(1)
Outbound Process
152(1)
Inbound Process
153(1)
ESP Authentication and Replay Protection
153(1)
Changes from Previous RFC
154(1)
Authentication Header (AH)
154(5)
AH Placement
155(1)
Process Execution
155(1)
Outbound Process
155(2)
Inbound Process
157(1)
The Purpose of AH
157(1)
Changes from Previous RFC
158(1)
Key Management
159(50)
The Role of Key Management
160(1)
Manual Key Management
161(1)
Automatic Key Management
161(1)
Creating IKE for IPSec
161(3)
ISAKMP
162(1)
Oakley
162(1)
SKEME
163(1)
Phases and Modes
163(1)
ISAKMP Framework
164(1)
ISAKMP Header
164(14)
Generic Payload Header
166(1)
Security Association Payload
166(1)
Proposal Payload
166(3)
Transform Payload
169(1)
Identification Payload
170(1)
Certificate Payload
170(1)
Certificate Request Payload
171(1)
Notification Payload
172(1)
Delete Payload
172(1)
Information Attributes
172(2)
Phase I Attributes
174(2)
Phase II Attributes
176(1)
Other Payloads
177(1)
Phase I
178(21)
Main Mode
178(1)
Pre-shared Keys/Secret
179(1)
First Exchange
179(1)
Second Exchange
180(2)
Third Exchange
182(1)
Digital Signatures with Certificates
183(1)
First Exchange
184(1)
Second Exchange
184(1)
Third Exchange
185(1)
Public Key Encryption
186(1)
First Exchange
186(1)
Second Exchange
187(1)
Third Exchange
188(1)
Revised Public Key Encryption
188(1)
First Exchange
189(1)
Second Exchange
190(1)
Third Exchange
191(1)
Aggressive Mode
191(1)
Pre-shared Keys/Secret
192(1)
Primary Exchange
193(1)
Final Exchange
193(1)
Digital Signatures with Certificates
194(1)
Primary Exchange
194(1)
Final Exchange
194(1)
Public Key Encryption
194(1)
Primary Exchange
195(1)
Final Exchange
195(1)
Public Key Encryption Revised
195(1)
Base Mode
196(1)
Pre-shared Keys/Secret
197(1)
Digital Signature with Certificates
197(1)
Public Key Encryption and Revised Public Key Encryption
198(1)
Phase II
199(6)
Quick Mode
199(1)
Primary Exchanges
200(2)
Extended Exchanges
202(1)
Key Material
202(2)
Initialization Vectors (IVs) in Quick Mode
204(1)
Other Phase Exchanges
205(4)
New Group Mode
205(1)
Notification Exchanges
206(3)
IKE in Action
209(18)
Router 1 Configuration
210(3)
Explanation of the R1 Configuration
210(3)
Router 2 Configuration
213(3)
Explanation of the R2 Configuration
213(3)
In Operation
216(11)
Explanation of R1 Debug
216(11)
Areas of Interest Within IKE
227(14)
Phase I with Shared Secret
228(4)
Denial of Service
232(1)
More on UDP 500 Limitations
233(1)
IKE, Algorithms, and the Creation of Keys
234(1)
Public Keys and Certificate Hashes
235(1)
Remote User Authentication Options
236(5)
CRACK
236(5)
Security Policies and the Security of VPNs
241(10)
Security of Dial-in versus Continuous Internet Access
242(1)
What is on the Box
243(1)
Connected All the Time
244(1)
Common Operating System and Increased Vulnerabilities
245(2)
More Time on the Internet, More Time for Attackers
245(1)
Identification and Location
246(1)
Connected to the Internet and the VPN
246(1)
In Summary
247(1)
The Next Step
247(4)
Implementation Considerations
251(42)
L2TP over IPSec
252(3)
IPSec and L2TP Limitations
253(2)
Information Security
255(1)
SA Provisioning
255(1)
IPSec Communication Policies
256(17)
IPSec Policy Implementation Requirements
257(3)
Microsoft IPSec VPN
260(1)
Configuration of MS VPN
261(7)
Advanced Configuration of MS VPN
268(3)
Policies and Performance
271(2)
Routing within VPNs
273(13)
Standard Example
278(2)
VPN Network
280(1)
The Difference
281(2)
Solution Models
283(2)
Current Status of Routing and VPNs
285(1)
Client Character
286(2)
System Interaction
286(1)
Helpdesk Opportunity
287(1)
Centralized Control
287(1)
Interoperability with Standard Applications
288(1)
Client Deployment
288(5)
Vendor-specific Considerations
288(1)
Product Interoperability Considerations
289(1)
Deployment Options
290(1)
Key Encapsulation
290(1)
Cost Issues
290(3)
Product Evaluation
293(14)
Business Drivers
294(8)
Functionality
295(1)
Application Support
295(1)
Infrastructure Interactions
296(1)
General Functionality Areas
296(1)
Authentication Process
296(1)
Existing Projects
297(1)
Authentication Collateral
297(1)
Vendor Integration
298(1)
Manageability
299(1)
Out-of-Band Management
299(1)
Browser
299(1)
SNMP
300(1)
Proprietary
300(1)
Security of the Management Application
300(1)
Multiple Device Support
300(1)
Client System Support
301(1)
Operating System Support
301(1)
Grading Methodology
302(4)
Connections
303(1)
Routing Protocol Support
303(1)
Authentication Mechanisms
304(1)
Client Functionality
304(1)
Access Control
304(1)
Scalability
304(1)
Cost Information
305(1)
Extra Effort
305(1)
Lab Testing
306(1)
Lab Setup
306(1)
Report on IPSec
307(16)
The Hybrid Report
308(15)
Appendix 323(12)
Etherpeek IKE Decode
323(7)
IPSEC.TXR
323(7)
Protocol Numbers
330(5)
Assigned Internet Protocol Numbers
330(3)
References
333(2)
Index 335
James S. Tiller (Raleigh, North Carolina, USA)