Virtual Private Networks
Making the Right Connection
- 1st Edition - May 17, 1999
- Imprint: Morgan Kaufmann
- Author: Dennis Fowler
- Language: English
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 5 2 0 6 5 - 0
Network-dependent companies are excited by the benefits promised by the virtual private network, including lower costs, greater flexibility, and improvements in connectivity. Bu… Read more
Purchase options
Network-dependent companies are excited by the benefits promised by the virtual private network, including lower costs, greater flexibility, and improvements in connectivity. But they also have questions: What benefits are real? How can they be measured? What are the expenses and the dangers?
Virtual Private Networks: Making the Right Connection is an intelligent introduction written especially for business and IT professionals who want a realistic assessment of what a VPN can provide for their organizations. Covering advantages and risks, this book expands your understanding of what you can do with a VPN, while detailing all that implementing it will demand of you. With its help, you'll find your way through VPN hype to the answers you need to make sound decisions.
* Thoroughly explains VPN concepts and technologies, and examines the potential of VPNs as intranets, extranets, and remote access solutions.
* Covers essential VPN topics like tunneling, encapsulation, encryption, security, and protocols.
* Provides detailed points of comparison between typical VPN costs and the costs of maintaining traditional WANs.
* Offers frank consideration of the hidden costs and risks sometimes associated with VPNs, helping you decide if a VPN is right for you.
* Lists and assesses the software and hardware products you may need to implement a VPN.
* Discusses both Internet-based VPNs and VPN services offered by providers of "private" ATM and frame relay networks, detailing the pros and cons of each.
* Covers essential VPN topics like tunneling, encapsulation, encryption, security, and protocols.
* Provides detailed points of comparison between typical VPN costs and the costs of maintaining traditional WANs.
* Offers frank consideration of the hidden costs and risks sometimes associated with VPNs, helping you decide if a VPN is right for you.
* Lists and assesses the software and hardware products you may need to implement a VPN.
* Discusses both Internet-based VPNs and VPN services offered by providers of "private" ATM and frame relay networks, detailing the pros and cons of each.
CHAPTER 1 DEFINING THE VPN
1.1 What is a VPN?
1.2 What a VPN is good for and why you should consider building one.
1.2.1 Economies of Sharing
1.2.2 Flexibility
1.2.3 Worldwide connectivity on a budget
1.2.4 The VPN and the Mobil Workforce
1.3 Every Silver Lining has a Cloud
1.4 How a VPN works.
1.4.1 Tunneling
1.4.2 Securing the Data
1.4.3 Making the Combination Work
1.5 Where we go from here.
CHAPTER 2 How to use a VPN.
2.1 The VPN for Remote Access
2.1.1 A Medical Software Company
2.1.2 Prudential Insurance Company
2.2 The VPN as an Extranet
2.2.1 Automotive Network eXchange (ANX)
2.2.2 Open Access Same-time Information Systems (OASIS)
2.3 The VPN as an Intranet
2.3.1 Mazzio's Corp.
2.3.2 Galaxy Scientific Corporation
2.4 Conclusion
CHAPTER 3 The Downside to VPNs
3.1 Do You Really Need a VPN?
3.2 Connection Availability
3.3 Security
3.3.1 Snooping or sniffing
3.3.2 Capturing Addresses
3.3.3 Session Hijacking
3.3.4 Data Tampering
3.4 The Lack of Standards
3.5 Performance/Quality of Service
3.6 Hidden Costs
3.7 Management
3.8 Fitting it in with your architecture
3.9 End user training
3.10 Security, again
3.11 Conclusion
CHAPTER 4: Internet versus Other VPNs
4.1 Clearing Up Some Confusion
4.1.1 The Internet
4.1.2 TCP/IP on other networks.
4.1.3 Frame Relay, ATM and TCP/IP
4.2 The Internet vs. Private Services
4.2.1 The Frame Relay Advantages
4.2.2 An Example of a Frame Relay VPN
4.3 The Trade-offs
4.3.1 The Cost Factor
4.3.2 Flexibility
4.3.3 Security
4.3.4 Reliability and Accountability
4.3.5 Customer Services and Technical Support
4.4 Conclusion
CHAPTER 5 - ENCRYPTION
5.1 An Overview of Encryption
5.2 Secret key (Symmetric) Cryptosystems
5.3 Public (asymmetric) Key Cryptosystems
5.3.1 Diffie-Hellman (DH)
5.3.2 Rivest Shamir Adleman (RSA) Encryption
5.3.3 Other Public Key Systems
5.4 Digital Signatures, Hashing and MACs
5.5 Putting it all together.
5.6 Conclusion
CHAPTER 6 USER AUTHENTICATION, AUTHORIZATION AND KEY MANAGEMENT
6.1 User Authentication
6.1.1 THE USERNAME-PASSWORD CHALLENGE
6.1.2 VPN USER AUTHENTICATION - THE SIMPLEST SCENARIO
RADIUS
TACACS
KERBEROS
6.2 KEY MANAGEMENT AND CERTIFICATE AUTHORITIES
6.2.1 CERTIFICATE AUTHORITIES
6.2.2 THE ITU-T X.509 CERTIFICATE STANDARD AND PKI
6.2.3 PKCS
6.2.4 LDAP and VPNs
6.3 MAKING THE CONNECTION; MORE THAN JUST MANAGING KEYS.
6.3.1 ISAKMP/Oakley, alias IKE
6.4 CONCLUSION
CHAPTER 7: TUNNELING AND THE VPN PROTOCOL SUITES
7.1 TUNNELING
7.1.1 The IP Packet and Encapsulation
7.2 VPNs and the OSI Model
7.3 The Packet VPNs
7.3.1 PPTP
7.3.2 L2F
7.3.3 L2TP
7.3.4 ALTAVISTA TUNNEL
7.3.5 IPSec
7.3.6 SKIP
7.4 APPLICATION ORIENTED VPN PROTOCOLS
7.4.1 SECURE SHELL
7.4.2 SOCKS version 5 network security protocol
7.4.3 Sun.NET
7.5 Quality of Service (QoS) Protocols and VPNs
7.6 CONCLUSION
CHAPTER 8 ARCHITECTURE
8.1 Software vs. Hardware Solutions
8.2 "Hiding" your LAN
8.3 User Authentication
8.4 The Basic Scenarios
8.4.1 The Client to LAN VPN
8.4.2 The LAN to LAN VPN
8.5 Conclusion
CHAPTER 9 Planning Your VPN
9.1 Analyze Your Needs
9.1.1 Consider the Possibilities
9.1.2 Look at What you are doing Now.
9.2 Take a Detailed Inventory of Your Resources
9.2.1 Inventory Your Physical Resources.
9.2.2 Inventory Your Human Resources
9.2.3 Outsourced vs In House
9.3 Establish the Goals for Your VPN
9.4 Plan for the Evolution/Expansion of the Network
9.5 Begin to Sketch Out a Budget
9.6 Study ALL Your Options
9.7 Develop an Architecture
9.7.1 A Review of the Protocols
9.8 A Review of the Protocols
9.8.1 IPSec is a Developing Industry Standard
9.8.2 PPTP and L2TP's Ready Availability
9.8.3 SKIP is being marginalized in the market
9.8.4 AltaVista, SOCKS v.5, and Secure SHell are Niche Products.
9.8.5 Sun.NET is an unproved product.
9.9 Evaluate Products and Vendors
9.10 Define a Pilot Project
9.11 Plan on a Phased Roll out
9.12 Conclusion
Chapter 10 Administration and management
10.1 Security
10.1.1 The First Line of Defense
10.1.2 Beware Back Doors
10.1.3 Security Through Obscurity
10.2 Keeping the VPN Up
10.2.1 Service Level Agreements (SLAs)
10.2.2 Managing Performance on Your Part
10.3 Managing One Big Network
10.4 Conclusion
1.1 What is a VPN?
1.2 What a VPN is good for and why you should consider building one.
1.2.1 Economies of Sharing
1.2.2 Flexibility
1.2.3 Worldwide connectivity on a budget
1.2.4 The VPN and the Mobil Workforce
1.3 Every Silver Lining has a Cloud
1.4 How a VPN works.
1.4.1 Tunneling
1.4.2 Securing the Data
1.4.3 Making the Combination Work
1.5 Where we go from here.
CHAPTER 2 How to use a VPN.
2.1 The VPN for Remote Access
2.1.1 A Medical Software Company
2.1.2 Prudential Insurance Company
2.2 The VPN as an Extranet
2.2.1 Automotive Network eXchange (ANX)
2.2.2 Open Access Same-time Information Systems (OASIS)
2.3 The VPN as an Intranet
2.3.1 Mazzio's Corp.
2.3.2 Galaxy Scientific Corporation
2.4 Conclusion
CHAPTER 3 The Downside to VPNs
3.1 Do You Really Need a VPN?
3.2 Connection Availability
3.3 Security
3.3.1 Snooping or sniffing
3.3.2 Capturing Addresses
3.3.3 Session Hijacking
3.3.4 Data Tampering
3.4 The Lack of Standards
3.5 Performance/Quality of Service
3.6 Hidden Costs
3.7 Management
3.8 Fitting it in with your architecture
3.9 End user training
3.10 Security, again
3.11 Conclusion
CHAPTER 4: Internet versus Other VPNs
4.1 Clearing Up Some Confusion
4.1.1 The Internet
4.1.2 TCP/IP on other networks.
4.1.3 Frame Relay, ATM and TCP/IP
4.2 The Internet vs. Private Services
4.2.1 The Frame Relay Advantages
4.2.2 An Example of a Frame Relay VPN
4.3 The Trade-offs
4.3.1 The Cost Factor
4.3.2 Flexibility
4.3.3 Security
4.3.4 Reliability and Accountability
4.3.5 Customer Services and Technical Support
4.4 Conclusion
CHAPTER 5 - ENCRYPTION
5.1 An Overview of Encryption
5.2 Secret key (Symmetric) Cryptosystems
5.3 Public (asymmetric) Key Cryptosystems
5.3.1 Diffie-Hellman (DH)
5.3.2 Rivest Shamir Adleman (RSA) Encryption
5.3.3 Other Public Key Systems
5.4 Digital Signatures, Hashing and MACs
5.5 Putting it all together.
5.6 Conclusion
CHAPTER 6 USER AUTHENTICATION, AUTHORIZATION AND KEY MANAGEMENT
6.1 User Authentication
6.1.1 THE USERNAME-PASSWORD CHALLENGE
6.1.2 VPN USER AUTHENTICATION - THE SIMPLEST SCENARIO
RADIUS
TACACS
KERBEROS
6.2 KEY MANAGEMENT AND CERTIFICATE AUTHORITIES
6.2.1 CERTIFICATE AUTHORITIES
6.2.2 THE ITU-T X.509 CERTIFICATE STANDARD AND PKI
6.2.3 PKCS
6.2.4 LDAP and VPNs
6.3 MAKING THE CONNECTION; MORE THAN JUST MANAGING KEYS.
6.3.1 ISAKMP/Oakley, alias IKE
6.4 CONCLUSION
CHAPTER 7: TUNNELING AND THE VPN PROTOCOL SUITES
7.1 TUNNELING
7.1.1 The IP Packet and Encapsulation
7.2 VPNs and the OSI Model
7.3 The Packet VPNs
7.3.1 PPTP
7.3.2 L2F
7.3.3 L2TP
7.3.4 ALTAVISTA TUNNEL
7.3.5 IPSec
7.3.6 SKIP
7.4 APPLICATION ORIENTED VPN PROTOCOLS
7.4.1 SECURE SHELL
7.4.2 SOCKS version 5 network security protocol
7.4.3 Sun.NET
7.5 Quality of Service (QoS) Protocols and VPNs
7.6 CONCLUSION
CHAPTER 8 ARCHITECTURE
8.1 Software vs. Hardware Solutions
8.2 "Hiding" your LAN
8.3 User Authentication
8.4 The Basic Scenarios
8.4.1 The Client to LAN VPN
8.4.2 The LAN to LAN VPN
8.5 Conclusion
CHAPTER 9 Planning Your VPN
9.1 Analyze Your Needs
9.1.1 Consider the Possibilities
9.1.2 Look at What you are doing Now.
9.2 Take a Detailed Inventory of Your Resources
9.2.1 Inventory Your Physical Resources.
9.2.2 Inventory Your Human Resources
9.2.3 Outsourced vs In House
9.3 Establish the Goals for Your VPN
9.4 Plan for the Evolution/Expansion of the Network
9.5 Begin to Sketch Out a Budget
9.6 Study ALL Your Options
9.7 Develop an Architecture
9.7.1 A Review of the Protocols
9.8 A Review of the Protocols
9.8.1 IPSec is a Developing Industry Standard
9.8.2 PPTP and L2TP's Ready Availability
9.8.3 SKIP is being marginalized in the market
9.8.4 AltaVista, SOCKS v.5, and Secure SHell are Niche Products.
9.8.5 Sun.NET is an unproved product.
9.9 Evaluate Products and Vendors
9.10 Define a Pilot Project
9.11 Plan on a Phased Roll out
9.12 Conclusion
Chapter 10 Administration and management
10.1 Security
10.1.1 The First Line of Defense
10.1.2 Beware Back Doors
10.1.3 Security Through Obscurity
10.2 Keeping the VPN Up
10.2.1 Service Level Agreements (SLAs)
10.2.2 Managing Performance on Your Part
10.3 Managing One Big Network
10.4 Conclusion
- Edition: 1
- Published: May 17, 1999
- Imprint: Morgan Kaufmann
- Language: English
DF
Dennis Fowler
Dennis Fowler is a columnist for ACM netWorker Magazine, a founding member of both the Association of Online Professionals and the Internet Press Guild, and a former contributing editor with Computer Shopper magazine. He is particularly interested in the practical application of online technologies-and the Internet in particular-to create new opportunities for commerce and enhance global communication.