| |
| |
| Preface | |
| |
| |
| |
| VPN Fundamentals | |
| |
| |
| |
| Introduction | |
| |
| |
| |
| Business Communication | |
| |
| |
| |
| VPN Motivation | |
| |
| |
| |
| The VPN Market | |
| |
| |
| |
| VPN Technologies | |
| |
| |
| |
| VPN Solutions | |
| |
| |
| |
| Basic Concepts | |
| |
| |
| |
| A Brief History of the Internet | |
| |
| |
| |
| Network Architecture | |
| |
| |
| |
| ISO OSI Reference Model | |
| |
| |
| |
| IP | |
| |
| |
| |
| Network Topology | |
| |
| |
| |
| The Need for Security | |
| |
| |
| |
| Cryptography | |
| |
| |
| |
| Shared Key Cryptography | |
| |
| |
| |
| Public Key Cryptography | |
| |
| |
| |
| Digital Signatures | |
| |
| |
| |
| Message Authentication Codes | |
| |
| |
| |
| VPN Architectures | |
| |
| |
| |
| Site-to-Site Intranet VPNs | |
| |
| |
| |
| Remote Access VPNs | |
| |
| |
| |
| Extranet VPNs | |
| |
| |
| |
| A Security Services Taxonomy | |
| |
| |
| |
| VPN Technologies | |
| |
| |
| |
| Tunnels | |
| |
| |
| |
| Tunneling | |
| |
| |
| |
| Data Integrity and Confidentiality | |
| |
| |
| |
| VPN Tunneling Protocols | |
| |
| |
| |
| PPTP | |
| |
| |
| |
| L2F | |
| |
| |
| |
| L2TP | |
| |
| |
| |
| IPsec | |
| |
| |
| |
| MPLS | |
| |
| |
| |
| IPsec | |
| |
| |
| |
| Basic IPsec Concepts | |
| |
| |
| |
| Security Protocols | |
| |
| |
| |
| Security Associations | |
| |
| |
| |
| Security Databases | |
| |
| |
| |
| IPsec and VPNs | |
| |
| |
| |
| Authentication Header | |
| |
| |
| |
| Encapsulating Security Payload | |
| |
| |
| |
| Internet Key Exchange | |
| |
| |
| |
| Phase 1 Negotiation | |
| |
| |
| |
| Phase 2 Negotiation | |
| |
| |
| |
| Key Generation in IKE | |
| |
| |
| |
| IPsec Implementation | |
| |
| |
| |
| Inbound Packet Processing | |
| |
| |
| |
| Outbound Packet Processing | |
| |
| |
| |
| Authentication | |
| |
| |
| |
| Two-Party Authentication | |
| |
| |
| |
| PPP Authentication | |
| |
| |
| |
| RADIUS | |
| |
| |
| |
| S/KEY and OTP | |
| |
| |
| |
| Trusted Third-Party Authentication | |
| |
| |
| |
| Kerberos | |
| |
| |
| |
| X.509 Public Key Infrastructure | |
| |
| |
| |
| Pretty Good Privacy Trust Model | |
| |
| |
| |
| Authentication in VPNs | |
| |
| |
| |
| Gateway-Gateway Authentication | |
| |
| |
| |
| Client-Gateway Authentication | |
| |
| |
| |
| Public Key Infrastructure | |
| |
| |
| |
| PKI Architecture | |
| |
| |
| |
| Certification | |
| |
| |
| |
| Validation | |
| |
| |
| |
| Certificate Revocation | |
| |
| |
| |
| Trust Models | |
| |
| |
| |
| Digital Certificate Formats | |
| |
| |
| |
| X.509 Digital Certificate | |
| |
| |
| |
| PGP Certificate | |
| |
| |
| |
| PKCS #6, Extended-Certificate Syntax Standard | |
| |
| |
| |
| X.509 Attribute Certificate | |
| |
| |
| |
| Certificate Management System | |
| |
| |
| |
| Certification Authority | |
| |
| |
| |
| Registration Authority | |
| |
| |
| |
| Certificate and CRL Repository | |
| |
| |
| |
| Certificate Protocols | |
| |
| |
| |
| Certificate Use in VPNs | |
| |
| |
| |
| Authentication | |
| |
| |
| |
| Key Management | |
| |
| |
| |
| Access Control | |
| |
| |
| |
| Access Control | |
| |
| |
| |
| Access Control Policy | |
| |
| |
| |
| Attributes and Conditions | |
| |
| |
| |
| Access Control Rules | |
| |
| |
| |
| Access Control Mechanisms | |
| |
| |
| |
| Access Control Lists | |
| |
| |
| |
| Capabilities Lists | |
| |
| |
| |
| Access Control Policy Management | |
| |
| |
| |
| Distributed Policy Management | |
| |
| |
| |
| Centralized Policy Management | |
| |
| |
| |
| Policy Repository | |
| |
| |
| |
| Access Control in VPNs | |
| |
| |
| |
| VPN Solutions | |
| |
| |
| |
| VPN Gateways | |
| |
| |
| |
| VPN Gateway Functions | |
| |
| |
| |
| Site-to-Site Intranet VPN Functions | |
| |
| |
| |
| Remote Access VPN Functions | |
| |
| |
| |
| Extranet VPN Functions | |
| |
| |
| |
| Forwarding, Routing, and Filtering Functions | |
| |
| |
| |
| Advanced Functions | |
| |
| |
| |
| Gateway Configuration and Provisioning | |
| |
| |
| |
| Gateway Identity Information | |
| |
| |
| |
| External Device Information | |
| |
| |
| |
| Security Policy Information | |
| |
| |
| |
| Gateway Management | |
| |
| |
| |
| Configuration Management | |
| |
| |
| |
| Network Monitoring | |
| |
| |
| |
| Accounting Information | |
| |
| |
| |
| Gateway Certification | |
| |
| |
| |
| Interaction with Firewalls | |
| |
| |
| |
| VPN Gateway and Firewall in Parallel | |
| |
| |
| |
| VPN Gateway and Firewall in Series | |
| |
| |
| |
| Hybrid Configurations | |
| |
| |
| |
| VPN Design Issues | |
| |
| |
| |
| A VPN Solution Scenario | |
| |
| |
| |
| VPN Clients | |
| |
| |
| |
| VPN Client Functions | |
| |
| |
| |
| Operating System Issues | |
| |
| |
| |
| Microsoft Windows | |
| |
| |
| |
| Other Operating Systems | |
| |
| |
| |
| Operational Issues | |
| |
| |
| |
| Working with the Corporate Firewall | |
| |
| |
| |
| Working with Network Address Translation | |
| |
| |
| |
| Fragmentation and MTU Issues | |
| |
| |
| |
| Private and Public Domain Name Servers | |
| |
| |
| |
| WINS Server Issues | |
| |
| |
| |
| VPN Clients for Windows | |
| |
| |
| |
| Layer 2 Clients | |
| |
| |
| |
| IPsec Clients | |
| |
| |
| |
| L2TP/IPsec Combination Clients | |
| |
| |
| |
| VPN Client Software Installation | |
| |
| |
| |
| VPN Clients for Other Platforms | |
| |
| |
| |
| Layer 2 Implementations | |
| |
| |
| |
| IPsec Implementations | |
| |
| |
| |
| Alternative VPN Clients | |
| |
| |
| |
| SSH as VPN Client | |
| |
| |
| |
| SOCKS and SSL as VPN Client | |
| |
| |
| |
| User-Level Daemon | |
| |
| |
| |
| A Remote Access VPN Scenario | |
| |
| |
| |
| VPN Network and Service Management | |
| |
| |
| |
| Network Management Standards | |
| |
| |
| |
| Network Management Architecture | |
| |
| |
| |
| Network Management Station | |
| |
| |
| |
| Managed Nodes | |
| |
| |
| |
| Network Management Protocol | |
| |
| |
| |
| Management Information | |
| |
| |
| |
| Probes | |
| |
| |
| |
| Other Means of Management | |
| |
| |
| |
| SNMP | |
| |
| |
| |
| VPN Management | |
| |
| |
| |
| Managing Tunnels | |
| |
| |
| |
| VPN Management in a Service Provider Environment | |
| |
| |
| |
| Secure Management Tunnel in VPN | |
| |
| |
| |
| Out-of-Band Access for Management | |