ebook img

Building & Managing Virtual Private Networks PDF

396 Pages·1998·4.029 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Building & Managing Virtual Private Networks

Building and Managing Virtual Private Networks by Dave Kosiur Wiley Computer Publishing, John Wiley & Sons, Inc. ISBN: 0471295264 Pub Date: 09/01/98 Preface PART I—The Internet and Business CHAPTER 1—Business on the Internet The Changing Business Environment The Internet The Internet’s Infrastructure What the Internet Delivers Using Internet Technology Summary CHAPTER 2—Virtual Private Networks The Evolution of Private Networks What Is an Internet VPN? Why Use an Internet VPN? Cost Savings Some Detailed Cost Comparisons SCENARIO 1 SCENARIO 2 SCENARIO 3 Flexibility Scalability Reduced Tech Support Reduced Equipment Requirements Meeting Business Expectations Summary CHAPTER 3—A Closer Look at Internet VPNs The Architecture of a VPN Tunnels: The “Virtual” in VPN Security Services: The “Private” in VPN The Protocols behind Internet VPNs Tunneling and Security Protocols Management Protocols VPN Building Blocks The Internet Security Gateways Other Security Components Summary PART II—Securing an Internet VPN CHAPTER 4—Security: Threats and Solutions Security Threats on Networks Spoofing Session Hijacking Electronic Eavesdropping or Sniffing The Man-in-the-Middle Attack Authentication Systems Traditional Passwords One-Time Passwords Other Systems PASSWORD AUTHENTICATION PROTOCOL (PAP) CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL (CHAP) TERMINAL ACCESS CONTROLLER ACCESS-CONTROL SYSTEM (TACACS) REMOTE AUTHENTICATION DIAL-IN USER SERVICE Hardware-Based Systems SMART CARDS AND PC CARDS TOKEN DEVICES Biometric Systems An Introduction to Cryptography What Is Encryption? What Is Public-Key Cryptography? Two Important Public-Key Methods THE DIFFIE-HELLMAN TECHNIQUE RSA PUBLIC-KEY CRYPTOGRAPHY Selecting Encryption Methods Public-Key Infrastructures PUBLIC-KEY CERTIFICATES GENERATING PUBLIC KEYS CERTIFICATE AND KEY DISTRIBUTION CERTIFICATE AUTHORITIES Summary CHAPTER 5—Using IPSec to Build a VPN What Is IPSec? The Building Blocks of IPSec Security Associations The Authentication Header ESP: The Encapsulating Security Payload A Question of Mode Key Management ISAKMP’s Phases and Oakley’s Modes MAIN MODE AGGRESSIVE MODE QUICK MODE Negotiating the SA Using IPSec Security Gateways Wild Card SAs Remote Hosts Tying It All Together Sample Deployment Remaining Problems with IPSec Summary CHAPTER 6—Using PPTP to Build a VPN What Is PPTP? The Building Blocks of PPTP PPP and PPTP Tunnels RADIUS Authentication and Encryption LAN-to-LAN Tunneling Using PPTP PPTP Servers PPTP Client Software Network Access Servers Sample Deployment Applicability of PPTP Summary CHAPTER 7—Using L2TP to Build a VPN What Is L2TP? The Building Blocks of L2TP PPP and L2TP Tunnels Authentication and Encryption LAN-to-LAN Tunneling Key Management Using L2TP L2TP Network Servers L2TP Client Software Network Access Concentrators Sample Deployment Applicability of L2TP Summary CHAPTER 8—Designing Your VPN Determining the Requirements for Your VPN Some Design Considerations Network Issues Security Issues ISP Issues Planning for Deployment Summary PART III—Building Blocks of a VPN CHAPTER 9—The ISP Connection ISP Capabilities Types of ISPs What to Expect from an ISP Learning an ISP’s Capabilities ISP INFRASTRUCTURE NETWORK PERFORMANCE AND MANAGEMENT CONNECTIVITY OPTIONS SECURITY AND VPNS Service Level Agreements Preparing for an SLA Monitoring ISP Performance In-House or Outsourced VPNs? Commercial VPN Providers ANS VPDN Services AT&T WorldNet VPN CompuServe IP Link GTE Internetworking InternetMCI VPN UUNET ExtraLink Other VPN Providers Future Trends in ISPs Summary CHAPTER 10—Firewalls and Routers A Brief Primer on Firewalls Types of Firewalls PACKET FILTERS APPLICATION AND CIRCUIT PROXIES STATEFUL INSPECTION General Points Firewalls and VPNs Firewalls and Remote Access Product Requirements COMMON REQUIREMENTS IPSEC PPTP AND L2TP AN OVERVIEW OF THE PRODUCTS Routers Product Requirements AN OVERVIEW OF THE PRODUCTS Summary CHAPTER 11—VPN Hardware Types of VPN Hardware The Price of Integration Different Products for Different VPNs Product Requirements An Overview of the Products Summary CHAPTER 12—VPN Software Different Products for Different VPNs Tunneling Software VPNs and NOS-Based Products Host-to-Host VPNs Product Requirements An Overview of the Products Summary PART IV—Managing a VPN CHAPTER 13—Security Management Corporate Security Policies Selecting Encryption Methods Protocols and Their Algorithms Key Lengths Key Management for Gateways Identification of Gateways Handling Session Keys Key Management for Users Authentication Services Managing an In-House CA Controlling Access Rights Summary CHAPTER 14—IP Address Management Address Allocation and Naming Services Static and Dynamic Address Allocation Internal versus External DNS Private Addresses and NAT Multiple Links to the Internet IPv6 Summary CHAPTER 15—Performance Management Network Performance Requirements of Real-Time Applications Supporting Differentiated Services VPN Performance Policy-Based Management Monitoring ISP Performance and SLAs Summary PART V—Looking Ahead CHAPTER 16—Extending VPNs to Extranets Reasons for an Extranet Turning a VPN into an Extranet Summary CHAPTER 17—Future Directions VPN Deployment ISPs and the Internet VPN Standards Security and Digital Certificates VPN Management Product Trends Keeping Up Appendix A Appendix B Appendix C Glossary Index Building and Managing Virtual Private Networks by Dave Kosiur Wiley Computer Publishing, John Wiley & Sons, Inc. ISBN: 0471295264 Pub Date: 09/01/98 Previous Table of Contents Next Preface The world of virtual private networks (VPNs) has exploded in the last year, with more and more vendors offering what they call VPN solutions for business customers. Unfortunately, each vendor has his own definition of what a VPN is; to add to the confusion, each potential customer has his own idea of what comprises a VPN as well. Mix in the usual portion of marketing hype, and you’ve got quite a confusing situation indeed. One of the purposes of this book is to dispell as much of the confusion surrounding VPNs as possible. Our approach has been based on three main ideas: relate the current usage of the term VPN to past private networks so that both experienced and new network managers can see how they’re related; carefully describe and compare the various protocols so that you, the reader, will see the advantages and disadvantages of each; and always keep in mind that more than one kind of VPN fits into the business environment. With the wide variety of technologies available for VPNs, it should be the customer who decides what kind of VPN—and, therefore, what protocols and products—meets his business needs best. To that end, this book aims to provide you with the background on VPN technologies and products that you need to make appropriate business decisions about the design of a VPN and expectations for its use. Who Should Read This Book This book is aimed at business and IS managers, system administrators, and network managers who are looking to understand what Internet-based VPNs are and how they can be set up for business use. Our goal is to provide the reader with enough background to understand the concepts, protocols, and systems associated with VPNs so that his company can decide whether it wants to deploy a VPN and what might be the best way to do so, in terms of cost, performance, and technology. How This Book Is Organized This book has been organized into five parts: 1. The Internet and Business 2. Securing an Internet VPN 3. Building Blocks of a VPN 4. Managing a VPN 5. Looking Ahead Part I, The Internet and Business, covers the relationship between business and Internet, including how VPNs can provide competitive advantages to businesses. The first three chapters of the book make up Part I. Chapter 1, “Business on the Internet,” discusses today’s current dynamic business environment, the basics of the Internet, and how Internet technology meshes with business needs using intranets, extranets, and VPNs. Chapter 2, “Virtual Private Networks,” covers the different types of private networks and virtual private networks (VPNs) that have been deployed by businesses over the past 30 years and introduces the focus of this book, virtual private networks created using the Internet. Here, you’ll find details on cost justifications for Internet-based VPNs, along with other reasons for using VPNs. Chapter 3, “A Closer Look at Internet VPNs,” delves into the nature of Internet-based VPNs, introducing their architecture as well as the components and protocols that can be used to create a VPN over the Internet. Part II, Securing an Internet VPN, focuses on the security threats facing Internet users and how the three main VPN protocols—IPSec, PPTP, and L2TP—deal with these security issues so that you can properly design a VPN to meet your needs. Chapters 4 through 8 are included in Part II. Chapter 4, “Security: Threats and Solutions,” describes the major threats to network security and then moves on to detail the principles of different systems for authenticating users and how cryptography is used to protect your data. Chapter 5, “Using IPSec to Build a VPN,” is the first of three chapters presenting the details of the main protocols used to create VPNs over the Internet. The first of the trio covers the IP Security Protocol (IPSec) and the network components you can use with IPSec for a VPN. Chapter 6, “Using PPTP to Build a VPN,” discusses the details of PPTP, the Point-to-Point Tunneling Protocol. Like Chapter 5, it includes a discussion of protocol details and the devices that can be deployed to create a VPN. Chapter 7, “Using L2TP to Build a VPN,” is the last chapter dealing with VPN protocols; it covers L2TP, the Layer2 Tunneling Protocol. It shows how L2TP incorporates some of the features of PPTP and IPSec and how its VPN devices differ from those of the other two protocols. Chapter 8, “Designing Your VPN,” focuses on the issues you should deal with in planning your VPN. The major considerations you’ll most likely face in VPN design are classified into three main groups—network issues, security issues, and ISP issues. This chapter aims to serve as a transition from many of the theoretical and protocol-related issues discussed in the first seven chapters of the book to the more pragmatic issues of selecting products and deploying and managing the VPN, which is the focus of the remainder of the book. Part III, Building Blocks of a VPN, moves into the realm of the products that are available for creating VPNs, as well as the role the ISP can play in your VPN. Chapter 9, “The ISP Connection,” focuses on Internet Service Providers, showing how they relate to the Internet’s infrastructure and the service you can expect from them. Because your VPN is likely to become mission-critical, the role of the ISP is crucial to the VPN’s success. We, therefore, cover how service level agreements are used to state expected ISP performance and how they can be monitored. The last part of this chapter summarizes some of the current ISPs that offer special VPN services, including outsourced VPNs. Chapter 10, “Firewalls and Routers,” is the first of three chapters that deal with VPN products. This chapter discusses how firewalls and routers can be used to create VPNs. For each type of network device, we cover the principal VPN-related requirements and summarize many of the products that are currently available in the VPN market. Chapter 11, “VPN Hardware,” continues the product coverage, focusing on VPN hardware. One main issue covered in the chapter is the network services that should be integrated in the hardware and the resulting effects on network performance and management. Chapter 12, “VPN Software,” deals with VPN software, mainly the products that can be used with existing servers or as adjuncts to Network Operating Systems. As in the previous two chapters, this chapter includes a list of requirements and a summary of the available products. Part IV, Managing a VPN, includes three chapters that cover the three main issues of management—security, IP addresses, and performance. Chapter 13, “Security Management,” describes how VPNs have to mesh with corporate security policies and the new policies that may have to be formulated, particularly for managing cryptographic keys and digital certificates. The chapter includes suggestions on selecting encryption key lengths, deploying authentication services, and how to manage a certificate server for digital certificates. Chapter 14, “IP Address Management,” covers some of the problems network managers face in allocating IP addresses and naming services. It describes the solutions using Dynamic Host Configuration Protocol (DHCP) and Dynamic Domain Name System (DDNS) and points out some of the problems VPNs can cause with private addressing, Network Address Translation (NAT), and DNS. Chapter 15, “Performance Management,” is concerned with the basics of network performance and how the demands of new network applications like interactive multimedia can be met both on networks and VPNs. The chapter describes the five major approaches to providing differentiated

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.