| |
| |
| An Overview of the Internet Protocol | |
| |
| |
| A Brief History of the Internet | |
| |
| |
| The Internet Protocol (IP) | |
| |
| |
| How IP Addressing Works | |
| |
| |
| IP Security Risks | |
| |
| |
| User Datagram Protocol (UDP) | |
| |
| |
| Attacking UDP Services: Using SATAN | |
| |
| |
| ISS for UNIX and Windows NT | |
| |
| |
| Transmission Control Protocol (TCP) | |
| |
| |
| IP Addresses | |
| |
| |
| Extending IP Addresses Through CIDR | |
| |
| |
| TCP/IP Security Risks and Countermeasures | |
| |
| |
| IPSEC--An IETF IP Security Countermeasure | |
| |
| |
| IPSO--A DoD IP Security Countermeasure | |
| |
| |
| Routing Information Protocol (RIP) | |
| |
| |
| MBONE--The Multicast Backbone | |
| |
| |
| Internet Control Message Protocol (ICMP) | |
| |
| |
| Internet Group Management Protocol (IGMP) | |
| |
| |
| Open Shortest-Path First (OSPF) | |
| |
| |
| Border Gateway Protocol Version 4 (BGP-4) | |
| |
| |
| Address Resolution Protocol (ARP) | |
| |
| |
| Reverse Address Resolution Protocol (RARP) | |
| |
| |
| Security Risks of Passing an IP Datagram Through Routers | |
| |
| |
| Simple Network Management Protocol (SNMP) | |
| |
| |
| Watch Your ISP Connection | |
| |
| |
| Windows Sockets (Winsock) | |
| |
| |
| Domain Name System (DNS) | |
| |
| |
| Limiting DNS Information | |
| |
| |
| From Here | |
| |
| |
| Why IPv6? | |
| |
| |
| The Internet Protocol | |
| |
| |
| IPv6: The Business Perspective | |
| |
| |
| Relevance of IPv6 | |
| |
| |
| IPv6 Prime: An Overview | |
| |
| |
| Address Expansion Features | |
| |
| |
| Automatic Configuring Network Devices | |
| |
| |
| Security | |
| |
| |
| Real-Time Performance | |
| |
| |
| Multicasting | |
| |
| |
| The Conversion Challenge | |
| |
| |
| IPv6 as a Catalyst of Business Opportunities | |
| |
| |
| 6Bone: A Brief Overview | |
| |
| |
| From Here | |
| |
| |
| IPv4 Versus IPv6: The Basic Grounds | |
| |
| |
| A Brief Overview of IPv4's Limitations | |
| |
| |
| The Addressing System of IPv4 | |
| |
| |
| The Address Management Issues | |
| |
| |
| IPv6 Address Enhancements | |
| |
| |
| Auto-configuration | |
| |
| |
| IPv6 Header | |
| |
| |
| IPv6 Extensions | |
| |
| |
| Security Enhancements | |
| |
| |
| Transitioning to IPv6 | |
| |
| |
| The 6Bone Initiative | |
| |
| |
| From Here | |
| |
| |
| IPv6 Development and Features | |
| |
| |
| The Calling of the Internet Engineering Task Force | |
| |
| |
| IPv6 Addressing | |
| |
| |
| A Word About Address Resolution and Neighbor Discovery | |
| |
| |
| IPv6 Is Multimedia-Ready | |
| |
| |
| IPv6 Has Plug and Play Features | |
| |
| |
| Added Flexibility | |
| |
| |
| IPv4 Compatibility | |
| |
| |
| Security Infrastructure | |
| |
| |
| IPv6 Performance Considerations | |
| |
| |
| IPv6 Security Considerations | |
| |
| |
| IPv6 Autoconfiguration Considerations | |
| |
| |
| Making the Transition to IPv6 | |
| |
| |
| The Effect of IPv6 on Other Standards | |
| |
| |
| Using Virtual LANs with IPv6 | |
| |
| |
| Router-based LANs | |
| |
| |
| Switched-based LANs | |
| |
| |
| Understanding Virtual LANs | |
| |
| |
| From Here | |
| |
| |
| IPv6 Routing and Issues | |
| |
| |
| Routing IPv6: Preliminary Considerations | |
| |
| |
| Interdomain Routing | |
| |
| |
| From CIDR to ISPs | |
| |
| |
| BGP-4 and the IDRP Consideration | |
| |
| |
| Intradomain Routing | |
| |
| |
| Updating Open Shortest Path First | |
| |
| |
| Updating Routing Information Protocol (RIP) | |
| |
| |
| RIPv2 | |
| |
| |
| OSI's ES-IS/IS-IS Routing Protocols | |
| |
| |
| From Here | |
| |
| |
| IPv6 Addressing | |
| |
| |
| Introduction | |
| |
| |
| A Quick Review of IPv4 Addressing | |
| |
| |
| Changing Role of IP Addresses | |
| |
| |
| Introducing IPv6 Addressing | |
| |
| |
| Unicast Addresses | |
| |
| |
| Anycast Addresses | |
| |
| |
| Multicast Addresses | |
| |
| |
| A Node's Required Addresses | |
| |
| |
| Address Resolution | |
| |
| |
| From Here | |
| |
| |
| IPv6 Headers | |
| |
| |
| Introduction | |
| |
| |
| Quick Review of IPv4 Headers | |
| |
| |
| The IPv6 Protocol | |
| |
| |
| IPv6 Header Format | |
| |
| |
| Priority Field Operation | |
| |
| |
| Flow Labels | |
| |
| |
| Extension Headers | |
| |
| |
| IPv6 and Packet Size | |
| |
| |
| IPv6 and the Upper Layer Protocol Issues | |
| |
| |
| From Here | |
| |
| |
| IPv6 and Intranetwork Communications | |
| |
| |
| Introduction | |
| |
| |
| Internet Group Management Protocol | |
| |
| |
| Neighbor Discovery Protocol | |
| |
| |
| Overview of the IP the Routing Process | |
| |
| |
| Routing Protocols for IPv6 | |
| |
| |
| From Here | |
| |
| |
| IPv6 Performance | |
| |
| |
| Introduction | |
| |
| |
| IETF's Efforts for IPv6 Performance | |
| |
| |
| Increased Efficiency | |
| |
| |
| Increasing Performance with Flow Labels | |
| |
| |
| Is IPv6 Performance Satisfactory? | |
| |
| |
| Resource ReserVation Protocol to the Rescue | |
| |
| |
| Vendors Are Gearing Up | |
| |
| |
| Mentat IP Next Generation (MING) | |
| |
| |
| From Here | |
| |
| |
| Transmitting IPv6 Packets | |
| |
| |
| What is 6bone? | |
| |
| |
| The Transition to IPv6 | |
| |
| |
| The Dual-Stack Hosts | |
| |
| |
| IPv6 Domain Name Service (DNS) | |
| |
| |
| Routing in IPv6/IPv4 Networks | |
| |
| |
| Automatic Tunneling | |
| |
| |
| Making the Transition | |
| |
| |
| Transmitting IPv6 Packets Over Ethernet | |
| |
| |
| Maximum Transmission Unit | |
| |
| |
| Frame Format | |
| |
| |
| Stateless Autoconfiguration and Link-Local Addresses | |
| |
| |
| Address Mapping--Unicast | |
| |
| |
| Address Mapping--Multicast | |
| |
| |
| Transmitting IPv6 Packets over FDDI Networks | |
| |
| |
| Maximum Transmission Unit | |
| |
| |
| Frame Format | |
| |
| |
| Interaction with Bridges | |
| |
| |
| IPv6 over PPP | |
| |
| |
| Introduction | |
| |
| |
| Sending IPv6 Datagrams over PPP | |
| |
| |
| PPP Network Control Protocol | |
| |
| |
| IPV6CP Configuration Options | |
| |
| |
| IPv6-Compression-Protocol | |
| |
| |
| From Here | |
| |
| |
| ICMPv6 and IPv6 | |
| |
| |
| Introduction | |
| |
| |
| ICMPv6 | |
| |
| |
| Message General Format | |
| |
| |
| Message Source Address Determination | |
| |
| |
| Message Checksum Calculation | |
| |
| |
| Message Processing Rules | |
| |
| |
| ICMPv6 Message Types | |
| |
| |
| Destination Unreachable Message | |
| |
| |
| Packet Too Big Message | |
| |
| |
| Time Exceeded Message | |
| |
| |
| Parameter Problem Message | |
| |
| |
| Echo Request Message | |
| |
| |
| Echo Reply Message | |
| |
| |
| Group Membership Messages | |
| |
| |
| From Here | |
| |
| |
| IP Security for IPv6 and IPv4 | |
| |
| |
| Introduction | |
| |
| |
| Quick Review of IPv6 Features Pertinent to Security | |
| |
| |
| IPv6 Headers | |
| |
| |
| Addressing | |
| |
| |
| Routing | |
| |
| |
| IP Security Architecture | |
| |
| |
| IPSec Protocol Suite | |
| |
| |
| IPSec Services for IPv4 and IPv6 | |
| |
| |
| Combining Security Mechanisms | |
| |
| |
| Typical Use | |
| |
| |
| IPSec Modes | |
| |
| |
| IPSec and Key Management | |
| |
| |
| Control and Logic of the IPSec Mechanisms | |
| |
| |
| Security Associations | |
| |
| |
| IP Authentication Header Details | |
| |
| |
| Encapsulating Security Payload Details | |
| |
| |
| Different Ways to Use IP Security Mechanisms | |
| |
| |
| IPSec Use with Firewalls | |
| |
| |
| IPSec Use with IP Multicast | |
| |
| |
| IPSec Notes, Cautions, and Precautions | |
| |
| |
| Limitations of the IPSec Mechanisms | |
| |
| |
| Security Services for Upper Layers | |
| |
| |
| Summary of IPSec Requirements | |
| |
| |
| IPSec, Secure Socket Layer Security, or Both | |
| |
| |
| Typical Use of SSL and IPSec Features | |
| |
| |
| IPSec and SSL Key Exchange Options | |
| |
| |
| IPSec and SSL Ciphers | |
| |
| |
| Authentication | |
| |
| |
| Encryption | |
| |
| |
| Using SSL and IPv6 Security Together | |
| |
| |
| Extranets, Virtual Private Networks, and Security | |
| |
| |
| From Here | |
| |
| |
| IPv6 Key-Management Issues and Protocols | |
| |
| |
| Introduction | |
| |
| |
| Implementing IPSec in the TCP/IP Stack | |
| |
| |
| Independent Key-Management Mechanism | |
| |
| |
| Independence of the Cryptographic Algorithms | |
| |
| |
| Security of the Keys in the Host | |
| |
| |
| Refresher on IPv6 Key-Management Requirements | |
| |
| |
| Questions to Ask when Selecting a Key-Management System | |
| |
| |
| Basic Key Management | |
| |
| |
| Types of Key Management | |
| |
| |
| Certification Methods | |
| |
| |
| Key-Management Issues | |
| |
| |
| Key-Distribution Methods | |
| |
| |
| The Key-Management Protocols | |
| |
| |
| Simple Key-Management for Internet Protocols | |
| |
| |
| Internet Security Association and Key Management Protocol (ISAKMP) | |
| |
| |
| The Oakley Key-Determination Protocol | |
| |
| |
| The Resolution of ISAKMP with Oakley | |
| |
| |
| SKEME: A Versatile Secure Key-Exchange Mechanism for the Internet | |
| |
| |
| Domain Name System Security Extensions | |
| |
| |
| From Here | |
| |
| |
| DNS Extensions for IPv6 | |
| |
| |
| New Resource Record Definition and Domain | |
| |
| |
| The AAAA Record Type | |
| |
| |
| The AAAA Data Format | |
| |
| |
| The AAAA Query | |
| |
| |
| The Textual Format of AAAA Records | |
| |
| |
| IP6.INT Domain | |
| |
| |
| Modifications to Existing Query Types | |
| |
| |
| Transition from RFC-1886 to New Format | |
| |
| |
| Transition Strategies | |
| |
| |
| Security Considerations | |
| |
| |
| From Here | |
| |
| |
| IP Address Management: Working with IPv4 and IPv6 | |
| |
| |
| Introduction | |
| |
| |
| Renumbering Network Components | |
| |
| |
| Address and Name Spaces | |
| |
| |
| Some Renumbering Strategies | |
| |
| |
| Preparing to Renumber Checklist | |
| |
| |
| Developing the Renumbering Plan | |
| |
| |
| Tips and Resources | |
| |
| |
| Subnet Addressing | |
| |
| |
| Configuring a Subnet Mask | |
| |
| |
| Classless Inter-Domain Routing Overview and Issues | |
| |
| |
| Routing Protocol Support | |
| |
| |
| Domains | |
| |
| |
| The CIDR Protocol | |
| |
| |
| Variable-Length Subnet Masks | |
| |
| |
| Route Aggregation | |
| |
| |
| User Impacts | |
| |
| |
| CIDR- and Non-CIDR-Capable Routing | |
| |
| |
| Need More Information? | |
| |
| |
| Private Address Space | |
| |
| |
| Class A, B, and C Address Blocks | |
| |
| |
| Changing the Public or Private Address Status of a Host | |
| |
| |
| Advantages and Disadvantages of Using Private Address Space | |
| |
| |
| Tips for Designing Private Networks | |
| |
| |
| The Dynamic Host Configuration Protocol Overview and Issues | |
| |
| |
| Design | |
| |
| |
| Configuration | |
| |
| |
| IP Address Allocation | |
| |
| |
| Network Address Translator (NAT): An Alternative Addressing Solution | |
| |
| |
| Using Network Address Translators to Reuse Addresses | |
| |
| |
| Using Network Address Translators with CIDR | |
| |
| |
| Using Network Address Translators with Private Networks | |
| |
| |
| NAT Advantages | |
| |
| |
| Address Management Tools | |
| |
| |
| From Here | |
| |
| |
| Making the Transition to IPv6 Networking | |
| |
| |
| Introduction | |
| |
| |
| Migrating the Applications | |
| |
| |
| Moving from IPv4 to IPv6 | |
| |
| |
| Transition Plan Objectives | |
| |
| |
| Transition Plan Issues | |
| |
| |
| Summary of Transition Mechanisms for IPv6 Hosts and Routers | |
| |
| |
| SIT Operational Issues | |
| |
| |
| SIT Features | |
| |
| |
| Transition Components | |
| |
| |
| Component Dependencies | |
| |
| |
| Transition Mechanisms for IPv6 Hosts and Routers | |
| |
| |
| Addressing | |
| |
| |
| Dual IP Layer | |
| |
| |
| DNS and Hostname-to-Address Mapping | |
| |
| |
| Tunneling | |
| |
| |
| Binary Compatibility | |
| |
| |
| Upgrade Dependencies | |
| |
| |
| Multiprotocol Support | |
| |
| |
| OSI NSAP Address Plans | |
| |
| |
| Restricted NSAP Address Mapping into a 16-Octet IPv6 Address | |
| |
| |
| Truncated NSAP Address Used as an IPv6 Address | |
| |
| |
| Normal IPv6 Address, Full NSAP Address in the IPv6 Option | |
| |
| |
| IPv6 Address Carried as an OSI Address | |
| |
| |
| Combined IPv4 and IPv6 Sending Algorithm | |
| |
| |
| A Sample Sending Algorithm | |
| |
| |
| On/Off-Link Determination | |
| |
| |
| IPv6/IPv4 Dual Node Structure | |
| |
| |
| From Here | |
| |
| |
| TCP/IP Transport-Layer Protocols | |
| |
| |
| Introduction | |
| |
| |
| The Transport-Layer Protocols | |
| |
| |
| Transmission Control Protocol | |
| |
| |
| TCP Introduction | |
| |
| |
| TCP Operation | |
| |
| |
| TCP Characteristics | |
| |
| |
| User Datagram Protocol | |
| |
| |
| UDP Introduction | |
| |
| |
| UPD Specifics | |
| |
| |
| Port Number Assignments | |
| |
| |
| From Here | |
| |
| |
| TCP/IP Application-Layer Protocols | |
| |
| |
| Introduction | |
| |
| |
| The Application-Layer Protocols | |
| |
| |
| Effect of IPv6 on Upper-Layer Protocols | |
| |
| |
| Virtual Terminal Protocol | |
| |
| |
| TELNET Model | |
| |
| |
| The Network Virtual Terminal | |
| |
| |
| Option Negotiation | |
| |
| |
| File Transfer Protocol | |
| |
| |
| FTP Model | |
| |
| |
| FTP Data Transfer and Data Types | |
| |
| |
| FTP Site Types | |
| |
| |
| FTP Security Extensions | |
| |
| |
| Trivial File Transfer Protocol | |
| |
| |
| TFTP Model | |
| |
| |
| TFTP and Other Protocols | |
| |
| |
| TFTP Packets | |
| |
| |
| Simple Mail Transfer Protocol | |
| |
| |
| The SMTP Related Protocols | |
| |
| |
| The SMTP Model | |
| |
| |
| SMTP Commands | |
| |
| |
| From Here | |
| |
| |
| |
| |
| |
| Bibliography | |
| |
| |
| Reference Books | |
| |
| |
| Web References | |
| |
| |
| Glossary | |
| |
| |
| Index | |
| |
| |
| About the Authors | |