Acknowledgments | p. xvii |
Introduction | p. xix |
Networks and Security | |
Layering Architecture and the OSI Model | p. 3 |
Layering Principles | p. 4 |
Open Systems Interconnection (OSI) Model | p. 4 |
Peer Communications and Encapsulation | p. 8 |
Layer Interactions | p. 10 |
Summary | p. 19 |
Network Architectures | p. 21 |
Networks and Network Topologies | p. 22 |
Local Area Networks (LANs) | p. 25 |
Wide Area Networks (WANs) | p. 46 |
The TCP/IP Protocol Stack | p. 73 |
The DOD Reference Model Layers | p. 75 |
Protocol Descriptions | p. 77 |
TCP/IP Application Layer Protocols | p. 99 |
Security | p. 105 |
What Is Security? | p. 106 |
Information Security Domains | p. 108 |
General Security Considerations | p. 111 |
Planning Your Security Approach | p. 113 |
Components of a Sound Security Architecture | p. 117 |
The Five Security Characteristics of Information | p. 118 |
The Three States of Information | p. 127 |
Threats and Attack Methods | p. 129 |
Packet Sniffing | p. 130 |
Spoofing and Denial of Service Threats | p. 134 |
Spoofing | p. 135 |
Denial of Service | p. 151 |
Password Attacks | p. 154 |
Application Layer Attacks | p. 154 |
Summary | p. 157 |
Intrusion Detection Systems | p. 159 |
Why Is Intrusion Detection Necessary? | p. 160 |
What Are Intrusion Detection Systems? | p. 161 |
IDS Detection Methods | p. 164 |
Assessment Architectures | p. 165 |
How to Know When You Have Been Attacked | p. 172 |
Honey Pots | p. 176 |
Firewalls | p. 179 |
What Is a Firewall? | p. 180 |
Types of Firewalls | p. 182 |
Firewall Architectures | p. 198 |
Virtual Private Networks | |
VPN Basics | p. 207 |
What Is a VPN? | p. 208 |
Internets, Intranets, and Extranets | p. 210 |
History of VPNs | p. 213 |
What Is Tunneling? | p. 217 |
Tunneling Protocols | p. 217 |
A Tunnel from the Past | p. 219 |
Tunnel Types | p. 220 |
Summary | p. 222 |
VPN Architectures | p. 223 |
VPN Components and General Requirements | p. 224 |
VPN Architectures | p. 226 |
Types of VPNs | p. 234 |
Summary | p. 238 |
VPN Protocols | |
Tunneling Protocols | p. 241 |
Generic Routing Encapsulation (GRE) | p. 242 |
Point-to-Point Tunneling Protocol (PPTP) | p. 249 |
Summary | p. 259 |
L2F and L2TP | p. 261 |
Access VPNs or VPDNs | p. 262 |
Layer 2 Forwarding (L2F) PROTOCOL | p. 263 |
Layer 2 Tunneling Protocol (L2TP) | p. 273 |
Summary | p. 296 |
Secure Communication | |
Cryptography | p. 299 |
Cryptography | p. 300 |
Steganography | p. 305 |
Cryptographic Algorithm Methods | p. 307 |
Cryptanalysis | p. 309 |
Future Cryptographic Methods | p. 311 |
Summary | p. 312 |
Cryptographic Algorithms | p. 313 |
Hash Algorithms | p. 314 |
Private-Key (Symmetric) Algorithms | p. 316 |
Public-Key (Asymmetric) Algorithms | p. 319 |
Summary | p. 326 |
Certificates | p. 327 |
Digital Signatures | p. 329 |
Certificates | p. 334 |
Digital Signatures, Certificates, and Public Key Infrastructure (PKI) | p. 343 |
Summary | p. 346 |
Authentication | p. 347 |
Human Identification | p. 348 |
Entity Authentication | p. 350 |
Authentication Protocols | p. 351 |
Terminal Access Controller Access Control System (TACACS), XTACACS, and TACACS+ | p. 364 |
Summary | p. 372 |
IPSec | |
IPSec Components | p. 375 |
IPSec Background | p. 376 |
IPSec Components and Concept Overview | p. 380 |
The Authentication Header (AH) Protocol | p. 385 |
The Encapsulating Security Payload (ESP) Protocol | p. 390 |
Why Two Authentication Protocols? | p. 394 |
Security Associations and Policies | p. 395 |
Security Databases | p. 399 |
Summary | p. 402 |
Key Management | p. 403 |
Key Management Concepts and Overview | p. 404 |
Perfect Forward Secrecy (PFS) | p. 406 |
Diffie-Hellman | p. 407 |
The Pseudo-Random Function | p. 408 |
Domain of Interpretation (DOI) | p. 408 |
Internet Security Association and Key Management Protocol (ISAKMP) | p. 408 |
IPSec IKE | p. 410 |
Summary | p. 416 |
Key Management/Exchange Protocols | p. 417 |
In-Band and Out-of-Band Key Exchanges | p. 418 |
Diffie-Hellman Key Exchange | p. 419 |
Simple Key-Management for Internet Protocols (SKIP) | p. 420 |
Photuris | p. 421 |
SKEME | p. 422 |
Oakley | p. 423 |
ISAKMP | p. 424 |
The Internet Key Exchange (IKE) or ISAKMP/Oakley | p. 441 |
Negotiating Multiple Security Associations | p. 459 |
Using ISAKMP/Oakley with Remote Access | p. 460 |
Summary | p. 461 |
IPSec Architecture and Implementation | p. 463 |
IPSec Architecture and Implementation | p. 464 |
Managing the Security Associations | p. 473 |
Security Association Databases | p. 479 |
Summary | p. 486 |
MPLS | |
Quality of Service (QoS) | p. 491 |
Basic Terms | p. 492 |
What is Quality of Service (QoS)? | p. 494 |
Why do we need QoS? | p. 495 |
The QoS Framework | p. 509 |
QoS Protocols | p. 510 |
Traffic Engineering | p. 520 |
Summary | p. 522 |
Traffic Engineering--Movement of Data | p. 523 |
Routing to Switching to Routing? | p. 524 |
Traffic Engineering 101 | p. 526 |
Summary | p. 534 |
MPLS Background | p. 535 |
What Is MPLS? | p. 536 |
Why Do We Need MPLS? | p. 537 |
History Behind MPLS | p. 539 |
Summary | p. 545 |
MPLS Components and Concepts | p. 547 |
MPLS Components and Concepts | p. 548 |
Distribution of Label Information | p. 556 |
MPLS Virtual Private Networks (MPLS VPNs) | p. 561 |
Summary | p. 565 |
Index | p. 567 |
Table of Contents provided by Syndetics. All Rights Reserved. |