Virtual Private Networks: Technologies and Solutions

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Hardcover)
  • All (19) from $1.99   
  • New (5) from $39.04   
  • Used (14) from $1.99   

Overview

Virtual private networks have become an essential part of today's business networks, as they provide a cost-effective means of assuring private internal and external communications over the shared Internet infrastructure. Virtual Private Networks: Technologies and Solutions is a comprehensive, practical guide to VPNs. This book presents the various technology components, concrete solutions, and best practices you need to deploy and manage a highly successful VPN.

Readers will find an overview of fundamental VPN concepts and architectures, followed by an in-depth examination of advanced features and functions such as tunneling, authentication, access control, VPN gateways, VPN clients, and VPN network and service management. Specific topics covered include:

  • IPsec, featuring the Authentication Header, Encapsulating Security Payload, Internet Key
  • Exchange, and implementation details
  • PPTP, L2F, L2TP, and MPLS as VPN tunneling protocols
  • Two-party and three-party authentication, including RADIUS and Kerberos
  • Public key infrastructure (PKI) and its integration into VPN solutions
  • Access control policies, mechanisms, and management, and their application to VPNs
  • VPN gateway functions, including site-to-site intranet, remote access, and extranet
  • Gateway configuration, provisioning, monitoring, and accounting
  • Gateway interaction with firewalls and routers
  • VPN client implementation issues, including interaction with operating systems
  • Client operation issues, including working with NAT, DNS, and link MTU limits
  • VPN management architectures and tunnel and security management
  • Outsourcing and service provider environments

The book concludes with a forward look at the future of VPNs that examines such issues as security and quality of service (QoS). VPN scenarios throughout the book demonstrate how to put the described techniques and technologies to work in a real-world Virtual Private Network.

0201702096B04232001

Read More Show Less

Editorial Reviews

Daniel M. St. Andre
As you stroll the book aisles, Virtual Private Networks: Technologies and Solutions, by Ruixi Yuan and W. Timothy Strayer, might lead you to grab for a VPN-How-To volume. After all, isn't every organization going to need VPNs if they haven't got them already?

Early in Chapter 1 the authors state "Virtual private networking is the collection of technologies applied to a public network -- the Internet -- to provide solutions for private networking needs." That said, they go on to deliver page after page of what could have been dry and tedious protocols and bitmaps in a style that I found fun to read. Consider:

"The essence of creating a VPN is to assemble the technological components according to a cohesive architecture in order to create practical solutions for organizational communications needs. These components make possible both the 'virtual' and the 'private' aspects of a VPN."

"Part I: VPN Fundamentals" is a must read for anyone with any involvement with contemporary networks and their security. Yuan and Strayer present topic by topic and layer by layer in a systematic manner. There is a consistent flow from situation, through candidate approaches and available protocols, to implementation. At no time do they coerce you into a conclusion. Instead, after reading each section, I found some approach obviously better than others. Later reading would reveal that I had chosen the approach that the authors preferred.

Even for those who simply use their computer from their homes or from the enclosure of their workplace surroundings, this book explains much of what happens behind the scenes to connect the several distributed offices and facilities of a modern organization.

Each of the chapters in "Part II: VPN Technologies" covers frame and packet level details of topics such as Tunnels, IPsec, Authentication, Public Key Infrastructure, and Access Control. as separate chapters. The authors begin by discussing the concept of network Tunnels independently from how they might be implemented. This lays a foundation for the several issues that must be resolved while deciding tunnel deployment configuration. While there are several alternatives, Yuan and Strayer make clear their preference for IPsec to enable delivery of network layer security services. They devote an entire chapter to the IPsec topic. Given a secure method to make connections, a network must be able to Authenticate connection requests -- is the requester who they claim to be? -- and the Public Key services available to carry the various forms of authentication information. Once the requested connection exists, a network uses various Access Control mechanisms to grant or deny use.

Every chapter presents a thorough definition of the topic, a discussion of the issues and concerns relating to this topic, and then describes the various protocols and techniques that exist to address each concern. Consider the following discussion of Authentication:

"The difference between various two-party authentication schemes lies in how the authentication information, the authentication function, and the expected results are created, stored, and transmitted between the two authenticating parties."

The authors proceed to present discussion of passwords, challenge-and-response, token cards, and smartcards as basic technologies. They follow the technology discussions with the details about PAP, CHAP, EAP, RADIUS and other protocols that implement the features of the basic technologies.

"Part III: VPN Solutions" was both a surprise and a disappointment. Given the word "solutions" in the section title, I expected to find system administrator level command-line configuration details used to deploy a VPN on some reference platform. Failing to find pages of cryptic parameter settings, I was at first disappointed. However, as I read on, I realized that the treatment used by Yuan and Strayer fell into the "teach a man to fish" category. For example, while reading about Site-to-Site VPN deployment, I found a bulleted list naming the requirement for a type of tunneling mechanism. The discussion that followed presented IPsec, and L2TP as candidates for this mechanism. The discussion of IPsec revealed that I needed to use an encryption algorithm (3DES, for example), a message integrity algorithm (such as SHA-1), and a type of authentication (shared secret, certificate authority, and the like). At the conclusion, I was left with a thorough understanding of the deployment of a VPN.

Lest you think I fell besotted by the material, there are some things that, while primarily editorial, might result in a better book were they corrected in a second printing or follow-up edition. As you might expect in a networking volume, there are plenty of graphs and diagrams. Things might be better were these diagrams located in better locations, typically before the prose that discusses them. Once, a Windows protocol layer diagram appears bracketed by UNIX specific prose -- completely outside of the nearby Microsoft Windows section title.

Another annoyance involved the huge number of references to Internet Request For Comments (RFC) documents -- only to find additional details tucked away in an appendix. It might have been better to warn readers and arm them with access to supporting materials, either in the Preface or preferably as a footnote to the first RFC reference.

Lastly, I expected to find a detailed case study that either ran throughout the material or as a chapter unto itself toward the end of the book. This case study might have used one of the Linux distributions to provide you a platform for self-directed study. Any of the Linux kits currently available contains most of the recommended parts and the rest are readily available online. A Windows-based implementation might be problematic due to the licensing and fee-for-software nature of that environment. The book contains a case study, but it is far too lightweight for a serious student. In defense of this omission, I suspect that any attempt to present a cookbook deployment might result in a sofa-sized volume or might offer such superficial treatment as to be practically useless. There were only a few instances when the authors resorted to lines of code-level discussions. These were brief, on topic, and might be skipped without any loss.

When the time came, the book equipped me with good understanding of what to do during VPN deployment without the droll reprinting of configuration files, command lines, or screens from some user interface. Add this book to your networking library. You won't regret it.
ercb.com

Booknews
This guide presents the various technology components, concrete solutions, and best practices you need to deploy and manage a highly successful virtual private network (VPN). Yuan (researcher focusing on high-speed networking and security) and Strayer (scientist and VPN researcher) present 12 chapters that overview fundamental VPN concepts and architectures and examine advanced features and functions such as tunneling, authentication, access control, and VPN gateways, clients, and network and service management. They conclude with a look at the future of VPNs that examines such issues as security and quality of service. VPN scenarios demonstrate how to put the described techniques and technologies to work in a real-world situation. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Read More Show Less

Product Details

Meet the Author

Ruixi Yuan is a network researcher focusing on high-speed networking and security. He was the architect of Genuity's VPN Advantage Service and served as its product manager. In addition, he has conducted research and development in computer and communication networks at NEC, GTE Laboratories, and BBN Technologies. W. Timothy Strayer is a senior scientist at BBN Technologies where he conducts research on network protocols, routing infrastructures, computer security, and network management and monitoring systems for VPNs. Prior to BBN, he was a senior network researcher at Sandia National Laboratories. He co-authored the book, XTP: The Xpress Transfer Protocol (Addison-Wesley, 1992).

0201702096AB04062001

Read More Show Less

Read an Excerpt

The Internet has been around in one form or anotherfor more than three decades now, but it really has been since the middleof the 1990s that the use of the Internet became a daily part of people'slives. Connectivity to the Internet is now imperative for almost all companies,regardless of what their business really is. Individuals can find Internetaccess at school, work, and home, in cafés and kiosks, and in cellphones and PDAs. Staying connected has become an obsession.

The focus has shifted from being connected to being securelyconnected. It is one thing to have Internet access, but without security,the usefulness of the connectivity is rather limited. People want to havethe reach of the Internet, but they should not have to compromise theirprivacy or expose proprietary resources.

Fortunately, all of the ingredients are present for constructinga private network on top of a public one. The challenge comes in puttingthe technologies together so that the result is a viable and secure virtualprivate network.

This book provides a comprehensive guide to the technologiesused to enable VPNs, the VPN products built from these technologies, andthe combinations of various components to provide practical VPN solutions.

VPN technologies and solutions are still rapidly evolving.This book describes the current state of the art in this field. But thingschange quickly, so when appropriate, we have attempted to point out thecontinued effort in the industry to develop new technologies and solutions.Audience

This book is intended for a broad range of readers interestedin virtual private networks.

For network engineers and managers, this book serves asa practical guide to thetechnologies and solutions. It discusses issuesto be considered in designing and implementing a VPN.

For VPN software and hardware developers, it provides the necessary background material to understand the functions to be developed and the rationale behind them.

For IT managers and executives, this book sets the overallcontext of VPNs and provides the means for assessing various implementationsfrom equipment vendors and service offerings from service providers.

For students and educators, this book can be used as areference text for a course in network security or electronic commerce.Book Organization

This book is organized in three parts. Part I—VPN Fundamentals—consistsof three chapters: Introduction, Basic Concepts, and VPN Architectures.Chapter 1 introduces the concept of VPN and how it permits flexibilityin facilitating private communication in a public network. We also classifythe relevant technologies into four distinct categories. Chapter 2 setsVPNs in context by briefly reviewing the development of the Internet andhow security has been thrust to the forefront. It also reviews the basicIP networking and cryptography concepts that pertain to VPNs. Chapter 3presents VPN architectures in two ways. The first approach is based ondesigning VPN around practical networking solutions: site-to-site intranet,extranet, and remote access. The second approach focuses on the differenttraffic aggregation points where security services are applied.

Part II—VPN Technologies—consists of five chapters:Tunnels, IPsec, Authentication, Public Key Infrastructure, and Access Control.Chapter 4 is concerned with the most important technology category—tunneling.We investigate the many different tunneling technologies that are importantin VPN solutions. Chapter 5 concentrates on IPsec, the security protocolfor IP standardized by the IETF and, in our opinion, the VPN tunnelingtechnology that will be most prevalent going forward. Chapter 6 describesauthentication in a broad context first and then describes the varioustwo-party and three-party schemes that widely applied in networking. Themost important three-party scheme—PKI—is then presented in Chapter 7.In Chapter 8, we look at access control technologies, an often overlookedbut vital aspect of VPNs. We describe how access policies can be presented,managed, and enforced in a networked environment.

Part III—VPN Solutions—consists of four chapters: VPNGateways, VPN Clients, VPN Network and Service Management, and VPN Directions:Beyond Connectivity. This part describes how the various technology componentscan be assembled to create practical VPN solutions. Chapter 9 starts withthe roles played by a VPN gateway, then derives the requirements imposedon the gateway, and finally describes the various functions that shouldbe implemented. It also presents a concrete design example. Chapter 10details the many issues of VPN clients, some similar to VPN gateways andsome different. Chapter 11 presents the needs and approaches for performingcontinued management of VPNs from the viewpoints of both a network anda service. Finally, we discuss the future directions of VPNs in Chapter12 and how important it is to realize that networking is the means, notthe goal, and to look beyond simple connectivity in the networking arena.How to Read the Book

There are two ways to read this book. For novices, werecommend completing Part I before proceeding to either Part II or PartIII. For readers already knowledgeable in networking and security, eachchapter is self-contained and can be read separately.

Readers are encouraged to read Chapters 4 and 5 togetherto obtain a fuller grasp on the concept of tunneling and IPsec as a layer-threetunneling technology. Similarly, Chapters 6 and 7 deal with authentication,with Chapter 7 exploring public key infrastructures in detail. It is alsoa good idea to review how a certain technology is introduced in Part IIbefore seeing how it is applied to a VPN solution in Part III.

Ruixi Yuan
Tim Strayer

Boston, Massachusetts
March 2001

Read More Show Less

Table of Contents

Preface.

I. VPN FUNDAMENTALS.

1. Introduction.

Business Communication.

VPN Motivation.

The VPN Market.

VPN Technologies.

VPN Solutions.

2. Basic Concepts.

A Brief History of the Internet.

Network Architecture.

ISO OSI Reference Model.

IP.

Network Topology.

The Need for Security.

Cryptography.

Shared Key Cryptography.

Public Key Cryptography.

Digital Signatures.

Message Authentication Codes.

3. VPN Architectures.

Site-to-Site Intranet VPNs.

Remote Access VPNs.

Extranet VPNs.

A Security Services Taxonomy.

II. VPN TECHNOLOGIES.

4. Tunnels.

Tunneling.

Data Integrity and Confidentiality.

VPN Tunneling Protocols.

PPTP.

L2F.

L2TP.

Ipsec.

MPLS.

5. Ipsec.

Basic IPsec Concepts.

Security Protocols.

Security Associations.

Security Databases.

IPsec and VPNs.

Authentication Header.

Encapsulating Security Payload.

Internet Key Exchange.

Phase 1 Negotiation.

Phase 2 Negotiation.

Key Generation in IKE.

IPsec Implementation.

Inbound Packet Processing.

Outbound Packet Processing.

6. Authentication.

Two-Party Authentication.

PPP Authentication.

RADIUS.

S/KEY and OTP.

Trusted Third-Party Authentication.

Kerberos.

X.509 Public Key Infrastructure.

Pretty Good Privacy Trust Model.

Authentication in VPNs.

Gateway-Gateway Authentication.

Client-Gateway Authentication.

7. Public Key Infrastructure.

PKI Architecture.

Certification.

Validation.

Certificate Revocation.

Trust Models.

Digital Certificate Formats.

X.509 Digital Certificate.

PGP Certificate.

PKCS #6, Extended-Certificate Syntax Standard.

X.509 Attribute Certificate.

Certificate Management System.

Certification Authority.

Registration Authority.

Certificate and CRL Repository.

Certificate Protocols.

Certificate Use in VPNs.

Authentication.

Key Management.

Access Control.

8. Access Control.

Access Control Policy.

Attributes and Conditions.

Access Control Rules.

Access Control Mechanisms.

Access Control Lists.

Capabilities Lists.

Access Control Policy Management.

Distributed Policy Management.

Centralized Policy Management.

Policy Repository.

Access Control in VPNs.

III. VPN SOLUTIONS.

9. VPN Gateways.

VPN Gateway Functions.

Site-to-Site Intranet VPN Functions.

Remote Access VPN Functions.

Extranet VPN Functions.

Forwarding, Routing, and Filtering Functions.

Advanced Functions.

Gateway Configuration and Provisioning.

Gateway Identity Information.

External Device Information.

Security Policy Information.

Gateway Management.

Configuration Management.

Network Monitoring.

Accounting Information.

Gateway Certification.

Interaction with Firewalls.

VPN Gateway and Firewall in Parallel.

VPN Gateway and Firewall in Series.

Hybrid Configurations.

VPN Design Issues.

A VPN Solution Scenario.

10. VPN Clients.

VPN Client Functions.

Operating System Issues.

Microsoft Windows.

Other Operating Systems.

Operational Issues.

Working with the Corporate Firewall.

Working with Network Address Translation.

Fragmentation and MTU Issues.

Private and Public Domain Name Servers.

WINS Server Issues.

VPN Clients for Windows.

Layer 2 Clients.

IPsec Clients.

L2TP/IPsec Combination Clients.

VPN Client Software Installation.

VPN Clients for Other Platforms.

Layer 2 Implementations.

IPsec Implementations.

Alternative VPN Clients.

SSH as VPN Client.

SOCKS and SSL as VPN Client.

User-Level Daemon.

A Remote Access VPN Scenario.

11. VPN Network and Service Management.

Network Management Standards.

Network Management Architecture.

Network Management Station.

Managed Nodes.

Network Management Protocol.

Management Information.

Probes.

6 Other Means of Management.

SNMP.

VPN Management.

Managing Tunnels.

VPN Management in a Service Provider Environment.

Secure Management Tunnel in VPN.

Out-of-Band Access for Management.

Service Management.

Service Level Agreement.

Network Operations Center.

Customer Portal.

International Issues.

12. VPN Directions: Beyond Connectivity.

Evolutions in Network Infrastructure.

Evolutions in VPNs.

Internetworking Beyond Connectivity.

Network Security.

Quality of Service.

Intelligence in the Network.

Acronyms.

References.

Index. 0201702096T04262001

Read More Show Less

Preface

The Internet has been around in one form or anotherfor more than three decades now, but it really has been since the middleof the 1990s that the use of the Internet became a daily part of people'slives. Connectivity to the Internet is now imperative for almost all companies,regardless of what their business really is. Individuals can find Internetaccess at school, work, and home, in cafés and kiosks, and in cellphones and PDAs. Staying connected has become an obsession.

The focus has shifted from being connected to being securelyconnected. It is one thing to have Internet access, but without security,the usefulness of the connectivity is rather limited. People want to havethe reach of the Internet, but they should not have to compromise theirprivacy or expose proprietary resources.

Fortunately, all of the ingredients are present for constructinga private network on top of a public one. The challenge comes in puttingthe technologies together so that the result is a viable and secure virtualprivate network.

This book provides a comprehensive guide to the technologiesused to enable VPNs, the VPN products built from these technologies, andthe combinations of various components to provide practical VPN solutions.

VPN technologies and solutions are still rapidly evolving.This book describes the current state of the art in this field. But thingschange quickly, so when appropriate, we have attempted to point out thecontinued effort in the industry to develop new technologies and solutions.

Audience

This book is intended for a broad range of readers interestedin virtual private networks.

For network engineers and managers, this book serves asa practical guide to the technologies and solutions. It discusses issuesto be considered in designing and implementing a VPN.

For VPN software and hardware developers, it provides the necessary background material to understand the functions to be developed and the rationale behind them.

For IT managers and executives, this book sets the overallcontext of VPNs and provides the means for assessing various implementationsfrom equipment vendors and service offerings from service providers.

For students and educators, this book can be used as areference text for a course in network security or electronic commerce.

Book Organization

This book is organized in three parts. Part I--VPN Fundamentals--consistsof three chapters: Introduction, Basic Concepts, and VPN Architectures.Chapter 1 introduces the concept of VPN and how it permits flexibilityin facilitating private communication in a public network. We also classifythe relevant technologies into four distinct categories. Chapter 2 setsVPNs in context by briefly reviewing the development of the Internet andhow security has been thrust to the forefront. It also reviews the basicIP networking and cryptography concepts that pertain to VPNs. Chapter 3presents VPN architectures in two ways. The first approach is based ondesigning VPN around practical networking solutions: site-to-site intranet,extranet, and remote access. The second approach focuses on the differenttraffic aggregation points where security services are applied.

Part II--VPN Technologies--consists of five chapters:Tunnels, IPsec, Authentication, Public Key Infrastructure, and Access Control.Chapter 4 is concerned with the most important technology category--tunneling.We investigate the many different tunneling technologies that are importantin VPN solutions. Chapter 5 concentrates on IPsec, the security protocolfor IP standardized by the IETF and, in our opinion, the VPN tunnelingtechnology that will be most prevalent going forward. Chapter 6 describesauthentication in a broad context first and then describes the varioustwo-party and three-party schemes that widely applied in networking. Themost important three-party scheme--PKI--is then presented in Chapter 7.In Chapter 8, we look at access control technologies, an often overlookedbut vital aspect of VPNs. We describe how access policies can be presented,managed, and enforced in a networked environment.

Part III--VPN Solutions--consists of four chapters: VPNGateways, VPN Clients, VPN Network and Service Management, and VPN Directions:Beyond Connectivity. This part describes how the various technology componentscan be assembled to create practical VPN solutions. Chapter 9 starts withthe roles played by a VPN gateway, then derives the requirements imposedon the gateway, and finally describes the various functions that shouldbe implemented. It also presents a concrete design example. Chapter 10details the many issues of VPN clients, some similar to VPN gateways andsome different. Chapter 11 presents the needs and approaches for performingcontinued management of VPNs from the viewpoints of both a network anda service. Finally, we discuss the future directions of VPNs in Chapter12 and how important it is to realize that networking is the means, notthe goal, and to look beyond simple connectivity in the networking arena.

How to Read the Book

There are two ways to read this book. For novices, werecommend completing Part I before proceeding to either Part II or PartIII. For readers already knowledgeable in networking and security, eachchapter is self-contained and can be read separately.

Readers are encouraged to read Chapters 4 and 5 togetherto obtain a fuller grasp on the concept of tunneling and IPsec as a layer-threetunneling technology. Similarly, Chapters 6 and 7 deal with authentication,with Chapter 7 exploring public key infrastructures in detail. It is alsoa good idea to review how a certain technology is introduced in Part IIbefore seeing how it is applied to a VPN solution in Part III.

Ruixi Yuan
Tim Strayer

Boston, Massachusetts
March 2001

0201702096P04242001

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)