Virtual Private Networking. A Construction, Operation and Utilization Guide

  • ID: 2175240
  • Book
  • 306 Pages
  • John Wiley and Sons Ltd
1 of 4
A guide to delivering secure remote access to private enterprise networks.

Using the public communications infrastructure to connect remoteusers to an organization′s network is a cost–effective and efficient way to provide communication and collaboration opportunities across large distances.  But how is private information kept private in a public network? And how may access be restricted to authorized individuals? Virtual Private networks (VPNs) hold the answer.

In Virtual Private Networking, Gil Held gives a detailed overview of the various VPN solutions available, how they are constructed, the rationale for their use, and which solutions satisfy which operational requirements.  Detailed information on specific products available from vendors such as Cisco® and Checkpoint® together with hands–on examples on how to configure client and server in a Microsoft® Windows® operating environment, make this a supremely practical tutorial for practicing network managers and administrators

Read on for:

  • Information on appropria te authenication and encryption techniques
  • A tutorial on TCP/IP focused specifically at creating and operating VPNs
  • In–depth discussion on tunneling protocols PPTP and L2TP
  • A comparison of commonly used security protocols IPSec and SSL
  • The rationale for service provider–based VPNs and advice on service level agreement parameters to consider when using a VPN service provider
Concluding this book  is a comprehensive checklist of VPN features and operational techniques that may be used for ′build it yourself′ applications as well as comparing the features and capabilities of third parties that provide VPN solutions.
Note: Product cover images may vary from those shown
2 of 4

Preface xiii

Acknowledgements xv

Chapter 1 Introduction to Virtual Private Networking 1

1.1 THE VPN CONCEPT 1

1.1.1 DEFINITION 1

1.1.2 TYPES OF VPNS 2

1.1.3 CATEGORIES OF VPNS 4

1.1.4 INFRASTRUCTURE 8

1.1.5 BENEFITS OF USE 9

1.1.6 DISADVANTAGES OF VPNS 12

1.1.7 VPN PROTOCOLS 14

1.1.8 SUMMARY 17

1.1.9 ALTERNATIVES TO VPNS 18

1.1.10 ECONOMIC ISSUES 19

1.1.11 OTHER ALTERNATIVES 20

1.2 BOOK PREVIEW 20

1.2.1 UNDERSTANDING AUTHENTICATION AND CRYPTOLOGY 21

1.2.2 UNDERSTANDING THE TCP/IP PROTOCOL SUITE 21

1.2.3 LAYER 2 VPN TECHNIQUES 21

1.2.4 HIGHER LAYER VPNS 22

1.2.5 VPN HARDWARE AND SOFTWARE 22

1.2.6 SERVICE PROVIDER–BASED VPNS 22

Chapter 2 Understanding Authentication and Encryption 23

2.1 AUTHENTICATION 23

2.1.1 PASSWORD AUTHENTICATION PROTOCOL 24

2.1.2 CHALLENGE–HANDSHAKE AUTHENTICATION PROTOCOL 27

2.1.3 EXTENSIBLE AUTHENTICATION PROTOCOL – TRANSPORT LEVEL SECURITY 30

2.1.4 TOKEN AUTHENTICATION 30

2.2 ENCRYPTION 31

2.2.1 GENERALMETHOD OF OPERATION 31

2.2.2 PRIVATE VERSUS PUBLIC KEY SYSTEMS 33

2.2.3 PUBLIC KEY ENCRYPTION 34

2.2.4 THE RSA ALGORITHM 35

2.2.5 DIGITAL CERTIFICATES 40

2.2.6 HASHING AND DIGITAL SIGNATURES 49

Chapter 3 Understanding the TCP/IP Protocol Suite 53

3.1 FRAME FORMATION 53

3.1.1 HEADER SEQUENCING 54

3.1.2 SEGMENTS AND DATAGRAMS 54

3.1.3 ICMP MESSAGES 55

3.1.4 ON THE LAN 56

3.1.5 DATAFLOW CONTROL FIELDS 56

3.2 THE NETWORK LAYER 57

3.2.1 THE IPV4 HEADER 57

3.2.2 SUBNETTING 61

3.2.3 THE SUBNETMASK 63

3.2.4 THEWILDCARDMASK 63

3.2.5 ICMP 65

3.3 THE TRANSPORT LAYER 69

3.3.1 TRANSPORT LAYER PROTOCOLS 69

3.3.2 THE TCP HEADER 69

3.3.3 THE UDP HEADER 70

3.3.4 SOURCE AND DESTINATION PORT FIELDS 71

3.4 PROXY SERVICES AND NETWORK ADDRESS TRANSLATION 73

3.4.1 PROXY SERVICE 73

3.4.2 NETWORK ADDRESS TRANSLATION 74

3.4.3 TYPES OF ADDRESS TRANSLATION 75

3.4.4 VPN CONSIDERATIONS 76

Chapter 4 Layer 2 Operations 79

4.1 THE POINT–TO–POINT PROTOCOL 79

4.1.1 COMPONENTS 79

4.1.2 PPP ENCAPSULATION 80

4.1.3 LINK CONTROL PROTOCOL OPERATIONS 83

4.1.4 MULTILINK PPP 89

4.2 POINT–TO–POINT TUNNELING PROTOCOL 90

4.2.1 IMPLEMENTATIONMODELS 90

4.2.2 NETWORKING FUNCTIONS 93

4.2.3 ESTABLISHING THE PPTP TUNNEL 95

4.2.4 PPTP ENCAPSULATED PACKETS 95

4.2.5 THE PPTP CONTROL CONNECTION PACKET 96

4.2.6 CONTROL CONNECTION PROTOCOL OPERATION 111

4.2.7 PPTP DATA TUNNELING 112

4.3 LAYER TWO FORWARDING 115

4.3.1 EVOLUTION 115

4.3.2 OPERATION 115

4.3.3 THE L2F PACKET FORMAT 116

4.3.4 TUNNEL OPERATIONS 118

4.3.5 MANAGEMENTMESSAGES 119

4.4 LAYER TWO TUNNELING PROTOCOL 119

4.4.1 OVERVIEW 120

4.4.2 ARCHITECTURALMODELS 120

4.4.3 THE L2TP PACKET FORMAT 121

4.4.4 CONTROLMESSAGES 124

4.4.5 PROTOCOL OPERATIONS 127

Chapter 5 Higher Layer VPNs 133

5.1 UNDERSTANDING IPSEC 133

5.1.1 OVERVIEW 134

5.1.2 TOPOLOGIES SUPPORTED 134

5.1.3 SPECIFYING SESSION PARAMETERS 135

5.1.4 THE SPI 137

5.1.5 PROTOCOLS 137

5.1.6 AUTHENTICATION HEADER 139

5.1.7 ENCAPSULATING SECURITY PAYLOAD 142

5.1.8 OPERATIONS 146

5.1.9 KEYMANAGEMENT 152

5.2 WORKING WITH IPSEC 157

5.2.1 CONFIGURING IPSEC POLICIES 157

5.2.2 ADDING THE IPSEC SNAP–IN 158

5.2.3 CREATING AN IPSEC POLICY 161

5.2.4 WORKING WITH IPSEC FILTERS 172

5.3 SSL AND TLS 187

5.3.1 RATIONALE FOR SSL 187

5.3.2 OVERVIEW OF SSL 188

5.3.3 SSL OPERATION 190

5.3.4 MESSAGE EXCHANGE 190

5.3.5 CIPHER SUITES 194

5.3.6 THE NETILLA SECURITY PLATFORM 197

5.3.7 SUMMARY 201

Chapter 6 VPN Hardware and Software 203

6.1 USING THE ASANTE VPN SECURITY ROUTER 203

6.1.1 OVERVIEW 204

6.1.2 CONFIGURATION ACCESS 204

6.1.3 WIRELESS CONSIDERATIONS 205

6.1.4 VPN OPERATIONS 209

6.1.5 CLIENT–TO–NETWORK 215

6.2 WINDOWS VPN SOFTWARE 216

6.2.1 USING AWINDOWS XP CLIENT 217

6.2.2 CREATING THE VPN 217

6.3 WORKING WITHWINDOWS 2000 SERVER 233

6.3.1 INSTALLING RRAS 234

6.3.2 ENABLING RRAS 234

6.3.3 CONFIGURING RRAS 239

6.3.4 CREATING A TEST ACCOUNT 254

6.3.5 TESTING THE CONNECTION 256

Chapter 7 Service Provider–Based VPNs 261

7.1 RATIONALE FOR USE 262

7.1.1 ECONOMICS 262

7.1.2 PERSONNEL LIMITATIONS 263

7.1.3 RELIABILITY 264

7.1.4 COMMUNICATIONS UNITY 265

7.1.5 MANAGEMENT 266

7.1.6 INSTALLATION AND SUPPORT 266

7.1.7 PACKAGED SECURITY 267

7.2 TRANSPORT FACILITIES AND VPN OPERATION 267

7.2.1 HARDWARE–BASED SWITCHING 268

7.2.2 SOFTWARE–BASED SWITCHING 269

7.3 SERVICE LEVEL AGREEMENTS 271

7.3.1 SLAMETRICS 271

7.3.2 SLA LIMITATIONS 275

7.4 VPN SERVICE PROVIDER OVERVIEW 276

7.4.1 AT&T CORPORATION 277

7.4.2 LEVEL 3 COMMUNICATIONS 279

7.4.3 SPRINT 279

7.4.4 VERIZON 280

Appendix A VPN Checklist 283

Index 287

Note: Product cover images may vary from those shown
3 of 4

Loading
LOADING...

4 of 4
Gilbert Held is an award winning author and lecturer. Gil has written over 50 technical books and 400 articles over the past 30 years. In addition, Gil has earned many accolades and has been presented with an award from the Association of American Publishers. He has also been selected byFederal Computer Week to join the Federal 100, a list of the top 100 persons in academia, industry and the Federal Government that have made a significant impact upon the equipment acquisition process.
Note: Product cover images may vary from those shown
5 of 4
Note: Product cover images may vary from those shown
Adroll
adroll