| |
| |
Preface | |
| |
| |
| |
VPN Fundamentals | |
| |
| |
| |
Introduction | |
| |
| |
| |
Business Communication | |
| |
| |
| |
VPN Motivation | |
| |
| |
| |
The VPN Market | |
| |
| |
| |
VPN Technologies | |
| |
| |
| |
VPN Solutions | |
| |
| |
| |
Basic Concepts | |
| |
| |
| |
A Brief History of the Internet | |
| |
| |
| |
Network Architecture | |
| |
| |
| |
ISO OSI Reference Model | |
| |
| |
| |
IP | |
| |
| |
| |
Network Topology | |
| |
| |
| |
The Need for Security | |
| |
| |
| |
Cryptography | |
| |
| |
| |
Shared Key Cryptography | |
| |
| |
| |
Public Key Cryptography | |
| |
| |
| |
Digital Signatures | |
| |
| |
| |
Message Authentication Codes | |
| |
| |
| |
VPN Architectures | |
| |
| |
| |
Site-to-Site Intranet VPNs | |
| |
| |
| |
Remote Access VPNs | |
| |
| |
| |
Extranet VPNs | |
| |
| |
| |
A Security Services Taxonomy | |
| |
| |
| |
VPN Technologies | |
| |
| |
| |
Tunnels | |
| |
| |
| |
Tunneling | |
| |
| |
| |
Data Integrity and Confidentiality | |
| |
| |
| |
VPN Tunneling Protocols | |
| |
| |
| |
PPTP | |
| |
| |
| |
L2F | |
| |
| |
| |
L2TP | |
| |
| |
| |
IPsec | |
| |
| |
| |
MPLS | |
| |
| |
| |
IPsec | |
| |
| |
| |
Basic IPsec Concepts | |
| |
| |
| |
Security Protocols | |
| |
| |
| |
Security Associations | |
| |
| |
| |
Security Databases | |
| |
| |
| |
IPsec and VPNs | |
| |
| |
| |
Authentication Header | |
| |
| |
| |
Encapsulating Security Payload | |
| |
| |
| |
Internet Key Exchange | |
| |
| |
| |
Phase 1 Negotiation | |
| |
| |
| |
Phase 2 Negotiation | |
| |
| |
| |
Key Generation in IKE | |
| |
| |
| |
IPsec Implementation | |
| |
| |
| |
Inbound Packet Processing | |
| |
| |
| |
Outbound Packet Processing | |
| |
| |
| |
Authentication | |
| |
| |
| |
Two-Party Authentication | |
| |
| |
| |
PPP Authentication | |
| |
| |
| |
RADIUS | |
| |
| |
| |
S/KEY and OTP | |
| |
| |
| |
Trusted Third-Party Authentication | |
| |
| |
| |
Kerberos | |
| |
| |
| |
X.509 Public Key Infrastructure | |
| |
| |
| |
Pretty Good Privacy Trust Model | |
| |
| |
| |
Authentication in VPNs | |
| |
| |
| |
Gateway-Gateway Authentication | |
| |
| |
| |
Client-Gateway Authentication | |
| |
| |
| |
Public Key Infrastructure | |
| |
| |
| |
PKI Architecture | |
| |
| |
| |
Certification | |
| |
| |
| |
Validation | |
| |
| |
| |
Certificate Revocation | |
| |
| |
| |
Trust Models | |
| |
| |
| |
Digital Certificate Formats | |
| |
| |
| |
X.509 Digital Certificate | |
| |
| |
| |
PGP Certificate | |
| |
| |
| |
PKCS #6, Extended-Certificate Syntax Standard | |
| |
| |
| |
X.509 Attribute Certificate | |
| |
| |
| |
Certificate Management System | |
| |
| |
| |
Certification Authority | |
| |
| |
| |
Registration Authority | |
| |
| |
| |
Certificate and CRL Repository | |
| |
| |
| |
Certificate Protocols | |
| |
| |
| |
Certificate Use in VPNs | |
| |
| |
| |
Authentication | |
| |
| |
| |
Key Management | |
| |
| |
| |
Access Control | |
| |
| |
| |
Access Control | |
| |
| |
| |
Access Control Policy | |
| |
| |
| |
Attributes and Conditions | |
| |
| |
| |
Access Control Rules | |
| |
| |
| |
Access Control Mechanisms | |
| |
| |
| |
Access Control Lists | |
| |
| |
| |
Capabilities Lists | |
| |
| |
| |
Access Control Policy Management | |
| |
| |
| |
Distributed Policy Management | |
| |
| |
| |
Centralized Policy Management | |
| |
| |
| |
Policy Repository | |
| |
| |
| |
Access Control in VPNs | |
| |
| |
| |
VPN Solutions | |
| |
| |
| |
VPN Gateways | |
| |
| |
| |
VPN Gateway Functions | |
| |
| |
| |
Site-to-Site Intranet VPN Functions | |
| |
| |
| |
Remote Access VPN Functions | |
| |
| |
| |
Extranet VPN Functions | |
| |
| |
| |
Forwarding, Routing, and Filtering Functions | |
| |
| |
| |
Advanced Functions | |
| |
| |
| |
Gateway Configuration and Provisioning | |
| |
| |
| |
Gateway Identity Information | |
| |
| |
| |
External Device Information | |
| |
| |
| |
Security Policy Information | |
| |
| |
| |
Gateway Management | |
| |
| |
| |
Configuration Management | |
| |
| |
| |
Network Monitoring | |
| |
| |
| |
Accounting Information | |
| |
| |
| |
Gateway Certification | |
| |
| |
| |
Interaction with Firewalls | |
| |
| |
| |
VPN Gateway and Firewall in Parallel | |
| |
| |
| |
VPN Gateway and Firewall in Series | |
| |
| |
| |
Hybrid Configurations | |
| |
| |
| |
VPN Design Issues | |
| |
| |
| |
A VPN Solution Scenario | |
| |
| |
| |
VPN Clients | |
| |
| |
| |
VPN Client Functions | |
| |
| |
| |
Operating System Issues | |
| |
| |
| |
Microsoft Windows | |
| |
| |
| |
Other Operating Systems | |
| |
| |
| |
Operational Issues | |
| |
| |
| |
Working with the Corporate Firewall | |
| |
| |
| |
Working with Network Address Translation | |
| |
| |
| |
Fragmentation and MTU Issues | |
| |
| |
| |
Private and Public Domain Name Servers | |
| |
| |
| |
WINS Server Issues | |
| |
| |
| |
VPN Clients for Windows | |
| |
| |
| |
Layer 2 Clients | |
| |
| |
| |
IPsec Clients | |
| |
| |
| |
L2TP/IPsec Combination Clients | |
| |
| |
| |
VPN Client Software Installation | |
| |
| |
| |
VPN Clients for Other Platforms | |
| |
| |
| |
Layer 2 Implementations | |
| |
| |
| |
IPsec Implementations | |
| |
| |
| |
Alternative VPN Clients | |
| |
| |
| |
SSH as VPN Client | |
| |
| |
| |
SOCKS and SSL as VPN Client | |
| |
| |
| |
User-Level Daemon | |
| |
| |
| |
A Remote Access VPN Scenario | |
| |
| |
| |
VPN Network and Service Management | |
| |
| |
| |
Network Management Standards | |
| |
| |
| |
Network Management Architecture | |
| |
| |
| |
Network Management Station | |
| |
| |
| |
Managed Nodes | |
| |
| |
| |
Network Management Protocol | |
| |
| |
| |
Management Information | |
| |
| |
| |
Probes | |
| |
| |
| |
Other Means of Management | |
| |
| |
| |
SNMP | |
| |
| |
| |
VPN Management | |
| |
| |
| |
Managing Tunnels | |
| |
| |
| |
VPN Management in a Service Provider Environment | |
| |
| |
| |
Secure Management Tunnel in VPN | |
| |
| |
| |
Out-of-Band Access for Management | |