- Shopping Bag ( 0 items )
When a Virtual Private Network is properly set up, it combines public networks (such as the Internet), Frame Relay, and Asynchronous Transfer Mode (ATM) into a wide area network (WAN) that a dialup link treats as a private network. Once the VPN infrastructure is defined and configured, it provides seamless integration that enables the network to be viewed the same as a private network.
History of Virtual Private Networks
So how did VPNs get to where they are today? Until just a few years ago, VPNs were basically nonexistent. Recently, VPNs have experienced a lot of movement and development in a relatively short period of time as corporate demand to stay connected with users has increased.
A few vendors, such as IBM, Microsoft,and Cisco Systems, Inc., started developing tunneling technologies in the mid `90s. Although products such as IPX and SNA over IP tunneling were available several years ago, they were very specific to their environments and of limited use to the industry as a whole. The industry needed a tunnel solution that could be standardized for all types of traffic. Much of this push toward standardization was based on the acceptance and standardization of TCP/IP.
In 1996, several vendors realized the importance of VPNs, and many of these companies worked together to define tunneling protocols. These tunneling protocols facilitated two major VPN solutions: Point-to-Point Tunneling Protocol (PPTP), created by Microsoft, Ascend, 3Com, and US Robotics, and Layer 2 Forwarding (L2F), created by Cisco. Because both of these solutions are vendor-specific, proprietary protocol interoperability is limited to products from supporting vendors. PPTP and L2F are Open Systems Interconnection (OSI) Layer 2 tunneling protocols that were designed to transport Layer 3 protocols, such as Apple Talk, IP, and IPX, across the Internet. To do this, PPTP and L2F leveraged the existing Layer 2 PPP standard to transport different Layer 3 protocols across serial links. The Layer 3 packets were encapsulated into PPP frames and then encased in IP packets for transport across the IP-based network. Because neither protocol provides data encryption, authentication, or integrity functions that are critical to VPN privacy, these functions must be added as separate processes. PPTP is discussed in detail in Chapter 4, "Point-to-Point Tunneling Protocol (PPTP)".
Driven by the shortcomings of the existing tunneling protocols, in 1997 standardization and planning began to take place. This began with the introduction of Layer 2 Transport Protocol (L2TP) and Internet Protocol Security (IPSec) by the Internet Engineering Task Force (IETF). Because L2TP and IPSec are a multivendor effort, interoperability is not as much a problem as it was for their predecessors. Being a Layer 2 protocol, L2TP allowed for multiprotocol support over an IP-based network. This means that it was not restricted to a specific protocol but could be used to transport several different protocols. The L2TP specification has no built-in data security functions and requires IPSec for data security in transport mode. L2TP is covered in Chapter 7, "Layer 2 Tunneling Protocol (L2TP)."
Because tunneling technology had matured to a point that administrators were able to actually use it, the deployment of tunneling clients became more widespread. Additionally, Windows NT provided the administrator with basic network functions, such as auditing, accounting, and alarms, which allowed for easy implementation and monitoring.
In 1998, VPNs continued to mature with centralized user management, better network management, and enhanced authentication and encryption. Microsoft worked on the Windows NT 4.0 tunneling solution, updating the protocol and the security-related process. Many clients were updated to include tunnel client software for a more streamlined configuration.
1999 saw the introduction of effective VPNs with new features, such as a standards-based authentication model, an easier interface for server configuration, and additional client configuration tools. With the new authentication model, the smart cards that could be deployed for client access increased security and integration of VPNs into consumer devices. Therefore, VPN use by telecommuters became widespread, and corporate use of VPNs for branch office links increased. Windows 2000 has a mature VPN option that provides the necessary features for a secure and manageable tunneling solution that is dramatically less expensive than a hardware solution and/or leased lines. Microsoft has fully committed to implementing VPN technologies in Windows 2000 because they predict that VPNs will be an important element in corporate networks in the near future. Windows 2000 not only comes with built-in support for IPSec, L2TP, and PPTP, but also delivers a full suite of securityrelated services ranging from full Remote Authentication Dial-In User Service (RADIUS) support to the Extensible Authentication Protocol (EAP). Windows 2000 VPN services are discussed in more detail in Chapter 3, "VPN Features in Windows 2000."
How a Virtual Private Network Works
As stated previously, a Virtual Private Network is essentially a "private tunnel" over a public infrastructure. To emulate a private network link, the VPN encapsulates data with a header that provides routing information, which enables the data to travel the public network (normally the Internet) from the source to the destination. To emulate a private link, the VPN encrypts the encapsulated data being sent for confidentiality, authenticity, and guaranteed integrity. Packets that are intercepted on the public network are unreadable without the encryption keys. A link in which the data is encapsulated and encrypted is known as a VPN, or tunnel, connection.
VPNs can be maintained by a variety of devices. It is now possible to have a Windows 2000 server connect to a router with an encrypted tunnel, or another Windows 2000 device, or a firewall, or anything that uses the standard protocols and support that encryption mechanizes...
|1||What Is a Virtual Private Network?||1|
|2||Basic Virtual Private Network Deployment||13|
|3||VPN Features in Windows 2000||31|
|4||Point-to-Point Tunneling Protocol (PPTP)||43|
|7||Layer 2 Tunneling Protocol (L2TP)||145|
|8||NAT and Proxy Servers||167|
|9||Connection Manager, Remote Access Policy, and IAS||209|
|10||Routing and Filtering||235|
|11||Name Resolution in Windows 2000||261|
|12||Active Directory Design in VPNs||279|
|A||History and Context of Virtual Private Networking||301|
|Windows 2000 to Cisco IOS IPSec Connectivity||321|
|VPN and Network Futures||343|
Posted May 15, 2001
We are a small company that is deploying Windows 2000 as our VPN solution and had been having problems understanding all of the issues with the deployment. This book puts it all together and explains the whole picture of how the deployment should work. I particularly found the chapter of Proxy and NAT information helpful. I have NEVER seen a book the explains all of the issues and basic differences between different types of connection sharing devices. Also, the book covers about 20 different designs of how you can put together your network with both the tunnel server and the home LANs (a lot of my users have home LANs). It is neat how Thaddeus did not try to tell the reader how they should do it, but rather lists the advantages and disadvantages of each. I cannot recommend this book enough! Thank you.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted February 22, 2001
If you're searching for a book on VPN technologies within the Windows 2000 environment, this book is a must read. The author did a great job explaining real-world approaches to implementing VPNs under different business needs and requirements. I found the book easy to read and well structured, with each chapters devoting in-depth discussions to different aspects of VPN.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted February 23, 2001
Once you struggled through the VPN theory, this book can be a great help in configuring your VPN using Win2K. This book distinguishes itself from most of the works I read on VPN, because it also describes HOW to configure your VPN with Win2K. This is the work you want on your shelf next to the RFC's. A recommendation!Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted March 8, 2001
This book you must have if you are new in the field of Virtual Private Networking. Book is also recommended for administrators or even designer who are intending to deploy VPN's in Win2k. You can read how to implement your VPN solution step by step. The book includes lots of screen shots of Win2k setup screens and also good - detailed description.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted April 5, 2001
In have found the book to be an interesting mix of theory and practical how to. It is focused on helping the implementer of VPN's, it cover the basics, the analysis, the policies but most of the book is step by step howto. Good work.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted February 4, 2001
This book is a must read for anyone who needs to have a basic understanding of VPNs and a must keep for any administrator or designer intending to implement VPNs in Windows 2000. There is enough information to guide you through a full analysis, from security risks to alternative solutions, and all the way to obtaining a cost-effective solution.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted February 5, 2001
I reviewed this book before it went to press and thought it was excellent. I received a copy of the finished book and have already used it on many occasions to help configure Windows 2000 VPNs. This book is not for those looking to learn about VPN technologies, but for those looking to implement VPN services on Windows 2000. It provides detailed step-by-step configuration instructions and I highly recommend it.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted February 4, 2001
I gave Fortenberry's Win2000 VPN book 4 Stars because I may not be smart enough to recognize a 5 Star book; however, it is a very good book. I am an engineer with a startup involved in Internet security. This book covered many areas of interest involving both Win2000 specifics and general VPN information. We successfully found answers to questions regarding IPSec Drivers and the TCP/IP Stack, NAT limitations, and network design. The book will certainly be on my desk as a valuable reference.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted December 12, 2000