| |
| |
An Overview of the Internet Protocol | |
| |
| |
A Brief History of the Internet | |
| |
| |
The Internet Protocol (IP) | |
| |
| |
How IP Addressing Works | |
| |
| |
IP Security Risks | |
| |
| |
User Datagram Protocol (UDP) | |
| |
| |
Attacking UDP Services: Using SATAN | |
| |
| |
ISS for UNIX and Windows NT | |
| |
| |
Transmission Control Protocol (TCP) | |
| |
| |
IP Addresses | |
| |
| |
Extending IP Addresses Through CIDR | |
| |
| |
TCP/IP Security Risks and Countermeasures | |
| |
| |
IPSEC--An IETF IP Security Countermeasure | |
| |
| |
IPSO--A DoD IP Security Countermeasure | |
| |
| |
Routing Information Protocol (RIP) | |
| |
| |
MBONE--The Multicast Backbone | |
| |
| |
Internet Control Message Protocol (ICMP) | |
| |
| |
Internet Group Management Protocol (IGMP) | |
| |
| |
Open Shortest-Path First (OSPF) | |
| |
| |
Border Gateway Protocol Version 4 (BGP-4) | |
| |
| |
Address Resolution Protocol (ARP) | |
| |
| |
Reverse Address Resolution Protocol (RARP) | |
| |
| |
Security Risks of Passing an IP Datagram Through Routers | |
| |
| |
Simple Network Management Protocol (SNMP) | |
| |
| |
Watch Your ISP Connection | |
| |
| |
Windows Sockets (Winsock) | |
| |
| |
Domain Name System (DNS) | |
| |
| |
Limiting DNS Information | |
| |
| |
From Here | |
| |
| |
Why IPv6? | |
| |
| |
The Internet Protocol | |
| |
| |
IPv6: The Business Perspective | |
| |
| |
Relevance of IPv6 | |
| |
| |
IPv6 Prime: An Overview | |
| |
| |
Address Expansion Features | |
| |
| |
Automatic Configuring Network Devices | |
| |
| |
Security | |
| |
| |
Real-Time Performance | |
| |
| |
Multicasting | |
| |
| |
The Conversion Challenge | |
| |
| |
IPv6 as a Catalyst of Business Opportunities | |
| |
| |
6Bone: A Brief Overview | |
| |
| |
From Here | |
| |
| |
IPv4 Versus IPv6: The Basic Grounds | |
| |
| |
A Brief Overview of IPv4's Limitations | |
| |
| |
The Addressing System of IPv4 | |
| |
| |
The Address Management Issues | |
| |
| |
IPv6 Address Enhancements | |
| |
| |
Auto-configuration | |
| |
| |
IPv6 Header | |
| |
| |
IPv6 Extensions | |
| |
| |
Security Enhancements | |
| |
| |
Transitioning to IPv6 | |
| |
| |
The 6Bone Initiative | |
| |
| |
From Here | |
| |
| |
IPv6 Development and Features | |
| |
| |
The Calling of the Internet Engineering Task Force | |
| |
| |
IPv6 Addressing | |
| |
| |
A Word About Address Resolution and Neighbor Discovery | |
| |
| |
IPv6 Is Multimedia-Ready | |
| |
| |
IPv6 Has Plug and Play Features | |
| |
| |
Added Flexibility | |
| |
| |
IPv4 Compatibility | |
| |
| |
Security Infrastructure | |
| |
| |
IPv6 Performance Considerations | |
| |
| |
IPv6 Security Considerations | |
| |
| |
IPv6 Autoconfiguration Considerations | |
| |
| |
Making the Transition to IPv6 | |
| |
| |
The Effect of IPv6 on Other Standards | |
| |
| |
Using Virtual LANs with IPv6 | |
| |
| |
Router-based LANs | |
| |
| |
Switched-based LANs | |
| |
| |
Understanding Virtual LANs | |
| |
| |
From Here | |
| |
| |
IPv6 Routing and Issues | |
| |
| |
Routing IPv6: Preliminary Considerations | |
| |
| |
Interdomain Routing | |
| |
| |
From CIDR to ISPs | |
| |
| |
BGP-4 and the IDRP Consideration | |
| |
| |
Intradomain Routing | |
| |
| |
Updating Open Shortest Path First | |
| |
| |
Updating Routing Information Protocol (RIP) | |
| |
| |
RIPv2 | |
| |
| |
OSI's ES-IS/IS-IS Routing Protocols | |
| |
| |
From Here | |
| |
| |
IPv6 Addressing | |
| |
| |
Introduction | |
| |
| |
A Quick Review of IPv4 Addressing | |
| |
| |
Changing Role of IP Addresses | |
| |
| |
Introducing IPv6 Addressing | |
| |
| |
Unicast Addresses | |
| |
| |
Anycast Addresses | |
| |
| |
Multicast Addresses | |
| |
| |
A Node's Required Addresses | |
| |
| |
Address Resolution | |
| |
| |
From Here | |
| |
| |
IPv6 Headers | |
| |
| |
Introduction | |
| |
| |
Quick Review of IPv4 Headers | |
| |
| |
The IPv6 Protocol | |
| |
| |
IPv6 Header Format | |
| |
| |
Priority Field Operation | |
| |
| |
Flow Labels | |
| |
| |
Extension Headers | |
| |
| |
IPv6 and Packet Size | |
| |
| |
IPv6 and the Upper Layer Protocol Issues | |
| |
| |
From Here | |
| |
| |
IPv6 and Intranetwork Communications | |
| |
| |
Introduction | |
| |
| |
Internet Group Management Protocol | |
| |
| |
Neighbor Discovery Protocol | |
| |
| |
Overview of the IP the Routing Process | |
| |
| |
Routing Protocols for IPv6 | |
| |
| |
From Here | |
| |
| |
IPv6 Performance | |
| |
| |
Introduction | |
| |
| |
IETF's Efforts for IPv6 Performance | |
| |
| |
Increased Efficiency | |
| |
| |
Increasing Performance with Flow Labels | |
| |
| |
Is IPv6 Performance Satisfactory? | |
| |
| |
Resource ReserVation Protocol to the Rescue | |
| |
| |
Vendors Are Gearing Up | |
| |
| |
Mentat IP Next Generation (MING) | |
| |
| |
From Here | |
| |
| |
Transmitting IPv6 Packets | |
| |
| |
What is 6bone? | |
| |
| |
The Transition to IPv6 | |
| |
| |
The Dual-Stack Hosts | |
| |
| |
IPv6 Domain Name Service (DNS) | |
| |
| |
Routing in IPv6/IPv4 Networks | |
| |
| |
Automatic Tunneling | |
| |
| |
Making the Transition | |
| |
| |
Transmitting IPv6 Packets Over Ethernet | |
| |
| |
Maximum Transmission Unit | |
| |
| |
Frame Format | |
| |
| |
Stateless Autoconfiguration and Link-Local Addresses | |
| |
| |
Address Mapping--Unicast | |
| |
| |
Address Mapping--Multicast | |
| |
| |
Transmitting IPv6 Packets over FDDI Networks | |
| |
| |
Maximum Transmission Unit | |
| |
| |
Frame Format | |
| |
| |
Interaction with Bridges | |
| |
| |
IPv6 over PPP | |
| |
| |
Introduction | |
| |
| |
Sending IPv6 Datagrams over PPP | |
| |
| |
PPP Network Control Protocol | |
| |
| |
IPV6CP Configuration Options | |
| |
| |
IPv6-Compression-Protocol | |
| |
| |
From Here | |
| |
| |
ICMPv6 and IPv6 | |
| |
| |
Introduction | |
| |
| |
ICMPv6 | |
| |
| |
Message General Format | |
| |
| |
Message Source Address Determination | |
| |
| |
Message Checksum Calculation | |
| |
| |
Message Processing Rules | |
| |
| |
ICMPv6 Message Types | |
| |
| |
Destination Unreachable Message | |
| |
| |
Packet Too Big Message | |
| |
| |
Time Exceeded Message | |
| |
| |
Parameter Problem Message | |
| |
| |
Echo Request Message | |
| |
| |
Echo Reply Message | |
| |
| |
Group Membership Messages | |
| |
| |
From Here | |
| |
| |
IP Security for IPv6 and IPv4 | |
| |
| |
Introduction | |
| |
| |
Quick Review of IPv6 Features Pertinent to Security | |
| |
| |
IPv6 Headers | |
| |
| |
Addressing | |
| |
| |
Routing | |
| |
| |
IP Security Architecture | |
| |
| |
IPSec Protocol Suite | |
| |
| |
IPSec Services for IPv4 and IPv6 | |
| |
| |
Combining Security Mechanisms | |
| |
| |
Typical Use | |
| |
| |
IPSec Modes | |
| |
| |
IPSec and Key Management | |
| |
| |
Control and Logic of the IPSec Mechanisms | |
| |
| |
Security Associations | |
| |
| |
IP Authentication Header Details | |
| |
| |
Encapsulating Security Payload Details | |
| |
| |
Different Ways to Use IP Security Mechanisms | |
| |
| |
IPSec Use with Firewalls | |
| |
| |
IPSec Use with IP Multicast | |
| |
| |
IPSec Notes, Cautions, and Precautions | |
| |
| |
Limitations of the IPSec Mechanisms | |
| |
| |
Security Services for Upper Layers | |
| |
| |
Summary of IPSec Requirements | |
| |
| |
IPSec, Secure Socket Layer Security, or Both | |
| |
| |
Typical Use of SSL and IPSec Features | |
| |
| |
IPSec and SSL Key Exchange Options | |
| |
| |
IPSec and SSL Ciphers | |
| |
| |
Authentication | |
| |
| |
Encryption | |
| |
| |
Using SSL and IPv6 Security Together | |
| |
| |
Extranets, Virtual Private Networks, and Security | |
| |
| |
From Here | |
| |
| |
IPv6 Key-Management Issues and Protocols | |
| |
| |
Introduction | |
| |
| |
Implementing IPSec in the TCP/IP Stack | |
| |
| |
Independent Key-Management Mechanism | |
| |
| |
Independence of the Cryptographic Algorithms | |
| |
| |
Security of the Keys in the Host | |
| |
| |
Refresher on IPv6 Key-Management Requirements | |
| |
| |
Questions to Ask when Selecting a Key-Management System | |
| |
| |
Basic Key Management | |
| |
| |
Types of Key Management | |
| |
| |
Certification Methods | |
| |
| |
Key-Management Issues | |
| |
| |
Key-Distribution Methods | |
| |
| |
The Key-Management Protocols | |
| |
| |
Simple Key-Management for Internet Protocols | |
| |
| |
Internet Security Association and Key Management Protocol (ISAKMP) | |
| |
| |
The Oakley Key-Determination Protocol | |
| |
| |
The Resolution of ISAKMP with Oakley | |
| |
| |
SKEME: A Versatile Secure Key-Exchange Mechanism for the Internet | |
| |
| |
Domain Name System Security Extensions | |
| |
| |
From Here | |
| |
| |
DNS Extensions for IPv6 | |
| |
| |
New Resource Record Definition and Domain | |
| |
| |
The AAAA Record Type | |
| |
| |
The AAAA Data Format | |
| |
| |
The AAAA Query | |
| |
| |
The Textual Format of AAAA Records | |
| |
| |
IP6.INT Domain | |
| |
| |
Modifications to Existing Query Types | |
| |
| |
Transition from RFC-1886 to New Format | |
| |
| |
Transition Strategies | |
| |
| |
Security Considerations | |
| |
| |
From Here | |
| |
| |
IP Address Management: Working with IPv4 and IPv6 | |
| |
| |
Introduction | |
| |
| |
Renumbering Network Components | |
| |
| |
Address and Name Spaces | |
| |
| |
Some Renumbering Strategies | |
| |
| |
Preparing to Renumber Checklist | |
| |
| |
Developing the Renumbering Plan | |
| |
| |
Tips and Resources | |
| |
| |
Subnet Addressing | |
| |
| |
Configuring a Subnet Mask | |
| |
| |
Classless Inter-Domain Routing Overview and Issues | |
| |
| |
Routing Protocol Support | |
| |
| |
Domains | |
| |
| |
The CIDR Protocol | |
| |
| |
Variable-Length Subnet Masks | |
| |
| |
Route Aggregation | |
| |
| |
User Impacts | |
| |
| |
CIDR- and Non-CIDR-Capable Routing | |
| |
| |
Need More Information? | |
| |
| |
Private Address Space | |
| |
| |
Class A, B, and C Address Blocks | |
| |
| |
Changing the Public or Private Address Status of a Host | |
| |
| |
Advantages and Disadvantages of Using Private Address Space | |
| |
| |
Tips for Designing Private Networks | |
| |
| |
The Dynamic Host Configuration Protocol Overview and Issues | |
| |
| |
Design | |
| |
| |
Configuration | |
| |
| |
IP Address Allocation | |
| |
| |
Network Address Translator (NAT): An Alternative Addressing Solution | |
| |
| |
Using Network Address Translators to Reuse Addresses | |
| |
| |
Using Network Address Translators with CIDR | |
| |
| |
Using Network Address Translators with Private Networks | |
| |
| |
NAT Advantages | |
| |
| |
Address Management Tools | |
| |
| |
From Here | |
| |
| |
Making the Transition to IPv6 Networking | |
| |
| |
Introduction | |
| |
| |
Migrating the Applications | |
| |
| |
Moving from IPv4 to IPv6 | |
| |
| |
Transition Plan Objectives | |
| |
| |
Transition Plan Issues | |
| |
| |
Summary of Transition Mechanisms for IPv6 Hosts and Routers | |
| |
| |
SIT Operational Issues | |
| |
| |
SIT Features | |
| |
| |
Transition Components | |
| |
| |
Component Dependencies | |
| |
| |
Transition Mechanisms for IPv6 Hosts and Routers | |
| |
| |
Addressing | |
| |
| |
Dual IP Layer | |
| |
| |
DNS and Hostname-to-Address Mapping | |
| |
| |
Tunneling | |
| |
| |
Binary Compatibility | |
| |
| |
Upgrade Dependencies | |
| |
| |
Multiprotocol Support | |
| |
| |
OSI NSAP Address Plans | |
| |
| |
Restricted NSAP Address Mapping into a 16-Octet IPv6 Address | |
| |
| |
Truncated NSAP Address Used as an IPv6 Address | |
| |
| |
Normal IPv6 Address, Full NSAP Address in the IPv6 Option | |
| |
| |
IPv6 Address Carried as an OSI Address | |
| |
| |
Combined IPv4 and IPv6 Sending Algorithm | |
| |
| |
A Sample Sending Algorithm | |
| |
| |
On/Off-Link Determination | |
| |
| |
IPv6/IPv4 Dual Node Structure | |
| |
| |
From Here | |
| |
| |
TCP/IP Transport-Layer Protocols | |
| |
| |
Introduction | |
| |
| |
The Transport-Layer Protocols | |
| |
| |
Transmission Control Protocol | |
| |
| |
TCP Introduction | |
| |
| |
TCP Operation | |
| |
| |
TCP Characteristics | |
| |
| |
User Datagram Protocol | |
| |
| |
UDP Introduction | |
| |
| |
UPD Specifics | |
| |
| |
Port Number Assignments | |
| |
| |
From Here | |
| |
| |
TCP/IP Application-Layer Protocols | |
| |
| |
Introduction | |
| |
| |
The Application-Layer Protocols | |
| |
| |
Effect of IPv6 on Upper-Layer Protocols | |
| |
| |
Virtual Terminal Protocol | |
| |
| |
TELNET Model | |
| |
| |
The Network Virtual Terminal | |
| |
| |
Option Negotiation | |
| |
| |
File Transfer Protocol | |
| |
| |
FTP Model | |
| |
| |
FTP Data Transfer and Data Types | |
| |
| |
FTP Site Types | |
| |
| |
FTP Security Extensions | |
| |
| |
Trivial File Transfer Protocol | |
| |
| |
TFTP Model | |
| |
| |
TFTP and Other Protocols | |
| |
| |
TFTP Packets | |
| |
| |
Simple Mail Transfer Protocol | |
| |
| |
The SMTP Related Protocols | |
| |
| |
The SMTP Model | |
| |
| |
SMTP Commands | |
| |
| |
From Here | |
| |
| |
| |
| |
| |
Bibliography | |
| |
| |
Reference Books | |
| |
| |
Web References | |
| |
| |
Glossary | |
| |
| |
Index | |
| |
| |
About the Authors | |