构建虚拟专用网

PART1 THE FOUNDATIONS OF VPNs

Chapter1 Introduction to VPN Technology

What Is a VPN?

Components That Make Up a VPN

Who Supports VPNs?

The Growth of VPNs

Identifying a Need for VPN

The Business Need for VPNs

How to Choose VPN Services

Conclusion

Chapter2 Network Secrity for VPNs

What Is Network Security?

What Can You Do to Protect Against Threats?

How to Identify Attacks

What Are Some Security Requirements of VPNs?

Why Is Security So Important when Implementing VPNs?

Implementing a Good Security Policy

Is Your Organization vuinerable to Attacks?

What Are Some Types of Attacks?

Conclusion

Chapter3 The Advatages and Disdvantages of VPN Technology

VPN Benefits

Cost Savings of VPNs

Benefits of Network Design

End-User Benefits of VPNs

Benefits of a Global Reach

Benefits to ISPs

Competitive Advatage of VPNs

Cost of VPN Technology

Additional Telecommunication costs

Quality of Service guarantees

Service Level Agreements

Conclusion

Chapter4 VPN Architecture

Introduction to Architecture

Which Is the Best VPN for You?

VPN Supplied by Network Servcie Provider

Firewall-Based VPNs

Black-Based VPNs

router-Based VPNs

Remote Access-Based VPNs

Application-Applications with VPNs

Software-Based VPNs

Tunnel Switches for VPNs

Performance Statistics/Comparisons-

certification/Compliance

Conclusion

Chapter5 Topologies of VPNs

Introduction to VPN Topology

Firewall/VPN-to-Client Topology

VPN/LAN-to-LAN Topology

VPN/Firewall-to-Intranec/Extranet Topology

VPN/ Frame of ATM Topology

Hardware(Black-Box)VPN Topology

VPN/NAT Topology

VPN Switch Topology

VPN Nested Tunnels

Load Balancing and Synchronization

Conclusion

Chapter6 Government Restrictions on VPN Technology

Introducton to the Politics of Encryption

What Role Does Government Play in VPN Technology?

Why Would the Government’s Policy Actions Affect VPN Security?

Where Do I Get Permission to Use Strong Security?

The Economic Cost of Government Intrusion

Legal Status of Encryption

International Impact on U.S.Government’s Encryption Policy

What’s Happening Today?

Conclusion

PART2 THE VPN IMPLENENTATION

Chapter7 The Basics

Decide on a Game Plan

VPN Architecture Placement

Routing Problems

Topology Palcement

IP/NAT Addressing concerns

Remote Access Issues

DNS/SMTP Issues

Conclusion

Chapter8 Installing a VPN,Part1

Introduction to Installing a Firewall-Based VPN

The Firewall-Based VPN Model

Obtain and Assign IP Address Space

Implementing a Good Security Policy

Implementing Management Traffic

Implementing SMTP and DNS Issues

Implementing Authentication

The Drop All Rule

Implementing the VPN Rule

Branch Office VPNs

Remote Users’VPNs

Conclusion

Chapter9 Installing a VPN,Part2

Service Provider VPN Services

Stand-alone VPN Services

Aventail ExtraNet Center

Compatible Systems-Access Servers

Nortel Networks-Extranet Switch 4000

Radguard-cIPro System

RedCreek-ravlin

Timestep-PERMIT Enterprise

VPNet-VPLink Architecture

Conclusion

Chapter10 Troubleshooting VPNs

Introduction to Troubleshooting VPNs

Remote Dial-In Users

LAN-to-LAN VPN

PPTP VPN

LZTP VPN

IPSec VPN

Multihoned Firewall/VPN

Conclusion

Chapter11 Maintaining a VPN

Introduction

Redundant Links

Growth in Your Organization

Software Updates

Onsite Technical Support

Telephone Support

Help Desk Support to Remote Users

VPNs,Build or Buy?

Compatibility Issues

Monitoring

Alerting

Logging

Event Correlation

Encrption and Encapsulation

Key Management

Random-Number Generators

Certificates

Security Update

Support of Major Upgrade

Tunneling Protocols

Management Devices

Performance

Quality of Service

Authentication

Skilled Labor

conclusion

PART3 THE SECURITY OF VPNs

Chapter12 Cryptography

What Is Cryptography?

Private versus Public Key Cryptography

Block Ciphers

Stream Ciphers

Hash Functions

Message Authentication Codes

Digital Timestamps

Digital Signatures with Certificate Authorities

Strengths of cryptographic Hash Functions

Random-Number Generators

Clipper Chip

Which Cryptosystem Is Right for You?

Cryptography Timeline

Conclusion

Chapter13 Encrption

Private-Key Encryption

Public-Key Encryption

Shared Secret Key

Digital Signatures

Certificate Authorities(CAs)

Diffie-Hellman Public-Key Algorithm

RSA Public-Key Algorithm

Pretty Good Privacy(PGP)

Internet Security Protocol (IPSec)

Encapsulating Security Payload(ESP)PFC-2406

Public Key Infrastructure(PKI)

Layer 2 Forwarding Protocol(LZF)

Point-to-Point Tunneling Protocol(PPTP)

Layer 2 tunneling Protocol(L2TP)

Simple Key Internet Protocol(SKIP)

Secure Wide Area Network(S/WAN)

Conclusion

Chapter14 Secure Communication and Authentication

Authentication Protocols

Operating System Passwords

S/KEY

Remote Authentication Dial-In Service(RADIUS)

Terminal Access Controller Access Control System(TACACS/XTACACS)

Terminal Access Controller Access Control System Plus(TACACS+)

Kerberos

Certificates

Smart Cards

Hardware Tokens/PKCS#11

Lightweight Directory Access Protocol(LDAP)

ACE/Server with SecurID

Biometrics

Secure Modems

Conclusion

Chapter15 VPN Operating System Vulnerabilities

What Are VPN Operating System Vulnerabilities?

UNIX Guidelines

UNIX Operating System Vulnerabilities

Windows 95 Guidelines

Windows 95 Vulnerabilities

Windows NT Guidelines

Windows NT Vulnerabilities

Novell Guidelines

Conclusion

Chapter16 VPN Security Attacks

Introduction to VPN Attacks

Cryptographic Algorithms Attacks

Random-Number Generator(RNG)Attacks

Government Attacks via Key Pecovery

Internet Security(IPSec)Attacks

Point-To-Point tunneling Protocol(PPTP)Attacks

SKIP Attacks

Certificate Authorities Attacks

RADIUS Attacks

Kerberos Attacks

Pretty Good Privacy(PGP)Attacks

Denial of Service(DoS)Attacks

Other Attacks

Conclusion

Chapter17 Security Toolbelt

What Is a Security Toolbelt?

The Need for a Security Toolbelt

RFC 2196 Site Security Handbook

Security Escalation Procedures

Building a Secure Site

Security Tools

Incident Response Centers

Mailing Lists/Newsgroups

Web Security

Conclusion

chapter18 Intrusion Detection and Security Scanning

Introduction to Intrusion Detection

Categories of Intrusion Systems

Characteristics of a Good Intrusion Detection System

Intrusion Detection/footprint

Fooling an Intrusion detection System

Intrusion Detection Tools

Limiting Intrusion

Scanners

Conclusion

Chapter19 Emerging Technologies for VPNs

Introduction to Emerging Technologies

Advances in Computing

Advances in cryptographic Systems

Private Doorbell

Steganography

What Are the New Threats?

Government Regulations

Wireless VPNs

Conclusion

Appendix A:Links and References

Glossary

Index