PART 1 THE FOUNDATIONS OF VPNs

Chapter 1 Introduction to VPN Technology

What Is a VPN?

Components That Make Up a VPN

Who Supports VPNs?

The Growth of VPNs

Identifying a Need for VPN

The Business Need for VPNs

How to Choose VPN Services

Conclusion

Chapter 2 Network Security for VPNs

What Is Network Security?

What Can You Do to Protect Against Threats?

How to Identify Attacks

What Are Some Security Requirements of VPNs?

Why Is Security So Important When Implementing VPNs?

Implementing a Good Security Policy

Is Your Organization Vulnerable to Attacks?

What Are Some Types of Attacks?

Conclusion

Chapter 3 The Advantages and Disadvantages of VPN Technology

VPN Benefits

Cost Savings of VPNs

Benefits of Network Design

End-User Benefits of VPNs

Benefits of a Global Reach

Benefits to ISPs

Competitive Advantage of VPNs

Cost of VPN Technology

Additional Telecommunication Costs

Quality of Service Guarantees

Service Level Agreements

Conclusion

Chapter 4 VPN Architecture

Introduction to Architecture

Which Is the Best VPN for You?

VPN Supplied by Network Service Provider

Firewall-Based VPNs

Black-Box-Based VPNs

Router-Based VPNs

Remote Access-Based VPNs

Application-Aware/Proxy Toolkit VPNs

Multiservice Applications with VPNs

Software-Based VPNs

Performance Statistics/Comparisons-

Tunnel Switches for VPNs

Certification/Compliance

Conclusion

Chapter 5 Topologies of VPNs

Introduction to VPN Topology

Firewall/VPN-to-Client Topology

VPN/LAN-to-LAN Topology

VPN/Firewall-to-Intranet/Extranet Topology

VPN/Frame or ATM Topology

Hardware (Black-Box) VPN Topology

VPN/NAT Topology

VPN Switch Topology

VPN Nested Tunnels

Load Balancing and Synchronization

Conclusion

Chapter 6 Government Restrictions on VPN Technology

Introduction to the Politics of Encryption

What Role Does Government play in VPN Technology?

Why Would the Government s Policy Actions Affect VPN Security?

Where Do I Get Permission to Use Strong Security?

The Economic Cost of Government Intrusion

Legal Status of Encryption

International Impact on U.S.Government s Encryption Policy

What s Happening Today?

Conclusion

PART 2 THE VPN IMPLEMENTATION

Chapter 7 The Basics

Decide on a Game Plan

VPN Architecture Placement

Routing Problems

Topology Placement

IP/NAT Addressing Concerns

Remote Access Issues

DNS/SMTP Issues

Conclusion

Chapter 8 Installing a VPN,Part I

Introduction to Installing a Firewall-Based VPN

The Firewall-Based VPN Model

Obtain and Assign IP Address Space

Implementing a Good Security Policy

Implementing Management Traffic

Implementing SMTP and DNS Issues

Implementing Authentication

The Drop All Rule

Implementing the VPN Rule

Branch Office VPNs

Remote Users VPNs

Conclusion

Chapter 9 Installing a VPN,Part Ⅱ

Service Provider VPN Services

Stand-alone VPN Services

Aventail ExtraNet Center

Compatible Systems—Access Servers

Nortel Networks—Extranet Switch 4000

Radguard—clPro System

RedCreek—Ravlin

Timestep—PERMIT Enterprise

VPNet—VPLink Architecture

Conclusion

Chapter 10 Troubleshooting VPNs

Introduction to Troubleshooting VPNs

Remote DiaHn Users

LAN-to-LAN VPN

PPTP VPN

LZTP VPN

IPSec VPN

Multihoned Firewall/VPN

Conclusion

Chapter 11 Maintaining a VPN

Introduction

Redundant Links

Growth in Your Organization

Software Updates

Onsite Technical Support

Telephone Support

Help Desk Support to Remote Users

VPNs,Build or Buy?

Compatibility Issues

Alerting

Monitoring

Logging

Event Correlation

Encryption and Encapsulation

Key Management

Random-Number Generators

Certificates

Security Update

Support to Major Upgrade

Tunneling Protocols

Management Devices

Performance

Quality of Service

Authentication

Conclusion

Skilled Labor

PART 3 THE SECURITY OF VPNs

Chapter 12 Cryptography

What is Cryptography?

Private versus Public Key Cryptography

Block Ciphers

Stream Ciphers

Hash Functions

Message Authentication Codes

Digital Timestamps

Digital Signatures with Certificate Authorities

Strengths of Cryptographic Hash Functions

Random-Number Generators

Clipper Chip

Which Cryptosystem is Right for You?

Cryptography Timeline

Conclusion

Chapter 13 Encryption

Private-Key Encryption

Public-Key Encryption

Shared Secret Key

Digital Signatures

Certificate Authorities (CAs)

Diffie-Hellman Public-Key Algorithm

RSA Public-Key Algorithm

Pretty Good Privacy(PGP)

Internet Security Protocol(IPSec)

Encapsulating Security Payload(ESP)RFC-2406

Public Key Infrastructure(PKI)

Layer Z Forwarding Protocol(LZF)

Point-to-Point Tunneling Protocol(PPTP)

Layer Z Tunneling Protocol(LZTP)

Simple Key Internet Protocol(SKIP)

Secure Wide Area Network(S/WAN)

Conclusion

Chapter 14 Secure Communication and Authentication

Authentication Protocols

Operating System Passwords

S/KEY

Remote Authentication DiaHn Service(RADIUS)

Terminal Access Controller Access Control System(TACACS/XTACACS)

Terminal Access Controller Access Control System Plus(TACACS+)

Kerberos

Certificates

Smart Cards

Hardware Tokens/PKCS#11

Lightweight Directory Access Protocol(LDAP)

ACE/Server with SecurlD

Biometrics

Secure Modems

Conclusion

Chapter 15 VPN Operating System Vulnerabilities

What Are VPN Operating System Vulnerabilities?

UNIX Guidelines

UNIX Operating System Vulnerabilities

Windows 95 Guidelines

Windows 95 Vulnerabilities

Windows NT Guidelines

Windows NT Vulnerabilities

Novell Guidelines Conclusion

Chapter 16 VPN Security Attacks

Introduction to VPN Attacks

Cryptographic Algorithms Attacks

Random-Number Generator(RNG)Attacks

Government Attacksvia Key Recovery

Internet Security(IPSec)Attacks

Point-To-Point Tunneling Protocol(PPTP)Attacks

SKIP Attacks

Certificate Authorities Attacks

RADIUS Attacks

Kerberos Attacks

Pretty Good Privacy(PGP)Attacks

Denial of Service(DoS)Attacks

Other Attacks

Conclusion

Chapter 17 Security Toolbelt

What Is a Security Toolbelt?

The Need for a Security Toolbelt

RFC 2196 Site Security Handbook

Security Escalation Procedures

Building a Secure Site

Security Tools

Incident Response Centers

Mailing Lists/Newsgroups

Web Security

Conclusion

Chapter 18 Intrusion Detection and Security Scanning

Introduction to Intrusion Detection

Categories of Intrusion Systems

Characteristics of a Good Intrusion Detection System

Intrusion Detection/Footprint

Fooling an Intrusion Detection System

Intrusion Detection Tools

Limiting Intrusion

Scanners

Conclusion

Chapter 19 Emerging Technologies for VPNs

Introduction to Emerging Technologies

Advances in Computing

Advances in Cryptographic Systems

Private Doorbell

Steganography

What Are the New Threats?

Government Regulations

Wireless VPNs

Conclusion

Appendix A Links and References

Glossary

Index