Virtual private networks : technologies and solutions

VPNs enable any enterprise to utilize the Internet as its own secure private network. In this book, two leading VPN implementers offer a start-to-finish, hands-on guide to constructing and operating secure VPNs. Going far beyond the theory found in most books, Ruixi Yuan and Tim Strayer present best practices for every aspect of VPN deployment, including tunneling, IPsec, authentication, public key infrastructure, and network/service management. Strayer and Yuan begin with a detailed overview of the fundamental concepts and architectures associated with enterprise VPNs, including site-to-site VPNs, remote access VPNs, and extranets. They compare all options for establishing VPN tunnels across the Internet, including PPTP, L2F, and L2TP. Next, they present in-depth coverage of implementing IPsec; establishing two-party or trusted third-party authentication; building a robust public key infrastructure; and managing access control. The book includes expert coverage of VPN gateway configuration, provisioning, and management; Windows and other VPN clients; and network/service management, including SLAs and network operations centers. Finally, the authors preview the future of VPNs, showing how they may be enhanced to provide greater quality of service and network intelligence. For all networking and IT professionals, security specialists, consultants, vendors, and service providers responsible for building or operating VPNs.

Preface. I. VPN FUNDAMENTALS. 1. Introduction. Business Communication. VPN Motivation. The VPN Market. VPN Technologies. VPN Solutions. 2. Basic Concepts. A Brief History of the Internet. Network Architecture. ISO OSI Reference Model. IP. Network Topology. The Need for Security. Cryptography. Shared Key Cryptography. Public Key Cryptography. Digital Signatures. Message Authentication Codes. 3. VPN Architectures. Site-to-Site Intranet VPNs. Remote Access VPNs. Extranet VPNs. A Security Services Taxonomy. II. VPN TECHNOLOGIES. 4. Tunnels. Tunneling. Data Integrity and Confidentiality. VPN Tunneling Protocols. PPTP. L2F. L2TP. Ipsec. MPLS. 5. Ipsec. Basic IPsec Concepts. Security Protocols. Security Associations. Security Databases. IPsec and VPNs. Authentication Header. Encapsulating Security Payload. Internet Key Exchange. Phase 1 Negotiation. Phase 2 Negotiation. Key Generation in IKE. IPsec Implementation. Inbound Packet Processing. Outbound Packet Processing. 6. Authentication. Two-Party Authentication. PPP Authentication. RADIUS. S/KEY and OTP. Trusted Third-Party Authentication. Kerberos. X.509 Public Key Infrastructure. Pretty Good Privacy Trust Model. Authentication in VPNs. Gateway-Gateway Authentication. Client-Gateway Authentication. 7. Public Key Infrastructure. PKI Architecture. Certification. Validation. Certificate Revocation. Trust Models. Digital Certificate Formats. X.509 Digital Certificate. PGP Certificate. PKCS #6, Extended-Certificate Syntax Standard. X.509 Attribute Certificate. Certificate Management System. Certification Authority. Registration Authority. Certificate and CRL Repository. Certificate Protocols. Certificate Use in VPNs. Authentication. Key Management. Access Control. 8. Access Control. Access Control Policy. Attributes and Conditions. Access Control Rules. Access Control Mechanisms. Access Control Lists. Capabilities Lists. Access Control Policy Management. Distributed Policy Management. Centralized Policy Management. Policy Repository. Access Control in VPNs. III. VPN SOLUTIONS. 9. VPN Gateways. VPN Gateway Functions. Site-to-Site Intranet VPN Functions. Remote Access VPN Functions. Extranet VPN Functions. Forwarding, Routing, and Filtering Functions. Advanced Functions. Gateway Configuration and Provisioning. Gateway Identity Information. External Device Information. Security Policy Information. Gateway Management. Configuration Management. Network Monitoring. Accounting Information. Gateway Certification. Interaction with Firewalls. VPN Gateway and Firewall in Parallel. VPN Gateway and Firewall in Series. Hybrid Configurations. VPN Design Issues. A VPN Solution Scenario. 10. VPN Clients. VPN Client Functions. Operating System Issues. Microsoft Windows. Other Operating Systems. Operational Issues. Working with the Corporate Firewall. Working with Network Address Translation. Fragmentation and MTU Issues. Private and Public Domain Name Servers. WINS Server Issues. VPN Clients for Windows. Layer 2 Clients. IPsec Clients. L2TP/IPsec Combination Clients. VPN Client Software Installation. VPN Clients for Other Platforms. Layer 2 Implementations. IPsec Implementations. Alternative VPN Clients. SSH as VPN Client. SOCKS and SSL as VPN Client. User-Level Daemon. A Remote Access VPN Scenario. 11. VPN Network and Service Management. Network Management Standards. Network Management Architecture. Network Management Station. Managed Nodes. Network Management Protocol. Management Information. Probes. 6 Other Means of Management. SNMP. VPN Management. Managing Tunnels. VPN Management in a Service Provider Environment. Secure Management Tunnel in VPN. Out-of-Band Access for Management. Service Management. Service Level Agreement. Network Operations Center. Customer Portal. International Issues. 12. VPN Directions: Beyond Connectivity. Evolutions in Network Infrastructure. Evolutions in VPNs. Internetworking Beyond Connectivity. Network Security. Quality of Service. Intelligence in the Network. Acronyms. References. Index. 0201702096T04262001