Ipsec Securing Vpns
Written in conjunction with RSA Security—the most trusted name in e-security—this book gives a detailed presentation of IPSec components,implementation,and VPN interoperability. Part of the RSA Press Series. \ Improve network security using this comprehensive RSA Security-endorsed guidebook Implement IPSec across a virtual private network and you'll ensure the highest level of network security available. This authoritative book explains IP security protocols,ways to implement these protocols...
Search in google:
The Barnes & Noble Review IPSec VPNs: they offer the potential of powerful cost savings compared with yesterday's long-distance and leased line charges, even if they're still far tougher to install and manage than they should be. If you're deploying or considering an IPSec-based VPN, and you really want to understand the technology and the industry, check out IPSec: Securing VPNs. It's one of the first books from RSA -- folks who go back to the very beginnings with public-key cryptography -- and the pedigree shows. Carlton Lewis starts by making sure you're comfortable with the technologies IPSec is built on, introducing public-key cryptosystems, hash functions and message authentication codes, the key components of a public-key infrastructure, alternatives such as the PGP trust model, and the role of LDAP-based directories in IPSec VPNs. Next, Lewis introduces the IPSec security architecture itself, including security associations, policies, and databases. He shows how Authentication Headers guarantee the security of packets, how the Encapsulating Security Payload ensures their confidentiality; and how Internet Key Exchange makes it possible to negotiate keys remotely and secretly. From technology to products to the future of IPSec itself, IPSec: Securing VPNs is the authoritative, systematic guide technical professionals have been looking for. (Bill Camarda)Bill Camarda is a consultant and writer with nearly 20 years' experience in helping technology companies deploy and market advanced software, computing, and networking products and services. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.
Chapter 1: TCP/IP Overview\ The Transmission Control Protocol/Internet Protocol (TCP/IP) is the most widely used network protocol. TCP/IP can be considered the engine that powers the flow of data, the vessel that transports the data, and the controller that navigates the flow of data on the Internet. The Internet is being utilized for just about every transaction imaginable. You can buy groceries online and have them delivered to your door within an hour. Online trading will become ever more commonplace in our lives as time progresses; it therefore certainly helps to have some knowledge of the operation of this ubiquitous infrastructure the Internet-that has become such an integral part of our lives.\ Since it plays such an important role, we should all be concerned about the security of the Internet. Unfortunately, there are still a number of companies out there whose security infrastructures leave much to be desired, and yet they are wooing us to conduct online transactions with them. It is definitely advantageous to be aware of, if not abreast with, network security concepts and terminologies. This is not just for the "techies." This applies to all of us. Before we click the button and send our credit card or banking account information over the Internet, we should all be able to click the "security" link on the Web page of the company that we are considering doing business with, and make an informed opinion as to whether or not the security mechanisms are adequate for online trading. If we are capable of making this important judgment, we might just save ourselves from the predicament of our credit card number or bank account and PIN number getting into the wrong hands.\ For a good understanding of IPSec or any other security protocol, a sound knowledge of TCP/IP can be considered a prerequisite. In this chapter, we are going to give-in some instances-a detailed review of the components of the TCP/IP protocol suite that are relevant to IPSec. If you are not interested in the detail, please feel free to skim through and just direct your attention to the portions that you consider relevant. We will start by giving a brief history of the Internet and TCPAP\ 1.1 Some History\ In the mid-1960s at the height of the cold war, the Department of Defense (DoD) wanted a command and control. network that could survive a nuclear war. The DoD consequently commissioned its research armARPA (Advance Research Projects Agency)-to invent the technology that could get data to their destination reliably even if an arbitrary part of the network disappeared without warning as a result of a nuclear attack.\ The technology, called circuit switching, that existed back then and is still used today to transmit wired-telephone data, had serious drawbacks. In circuit switching, a route for data to get from one point to the next needs to be set up using relays that make physical connections among pieces of cable. Consequently, if part of the circuit fails, a new circuit must be set up, which could be quite difficult and time consuming depending on the severity of the damage.\ To overcome these problems, ARPA used the technology called packet switching. The idea of packet switching networks was proposed by Paul Baran in the early 1960s [Bar64]. With packet switching, data to be sent over a network are divided up into discrete parts called packets. Each packet is routed independently from one computer to the next over the network until it reaches its final destination.\ The first experimental network-called the ARPANET-went into operation in December 1969. It consisted of subnets and host computers. The subnets consisted of minicomputers called IMPs (interface message processors) connected by transmission lines. This network contained four nodes, one each at UCLA (University of California at Los Angeles), UCSB (University of California at Santa Barbara), SRI (Stanford Research Institute), and University of Utah. Each node of the network was made up of an IMP and a host in the same room, connected by wire. For the purposes of our discussion, a host is synonymous with a computer. These four sites were chosen because all had large ARPA contracts; additionally, all four sites had different and completely incompatible computers. This experimental network grew rapidly: in July 1970 it grew to 8 nodes, by March 1971 it had expanded to 16 nodes, in April 1972 it grew to 23 nodes, and by September 1972 it consisted of 34 nodes.\ This network worked well in its early stage when there were few nodes. However, as the number of nodes increased, the network experienced a number of system crashes. Additionally, when satellite and radio networks were added to the ARPANET in the early 1970s, Network Control Protocol (NCP) [NKPC70], the existing protocol of the ARPANET, had trouble working with these networks. As a result, research started in the early 1970s for a new protocol that was robust and able to work well with different kinds of networks. The research effort culminated with the development of the TCP/IP protocol suite in 1974.\ The TCP/IP protocol suite proved to be quite robust and was very adaptable to different networks...
Chapter 1: TCP/IP Overview. Chapter 2: Symmetric-Key Cryptography. Chapter 3: Public-Key Cryptosystems. Chapter 4: Hash Functions and MAC. Chapter 5: Public-Key Infrastructure. Chapter 6: LDAP. Chapter 7: IP Security Architecture. Chapter 8: Authentication Header. Chapter 9: Encapsulating Security Payload. Chapter 10: ISAKMP. Chapter 11: Internet Key Exchange. Chapter 12: IP Compression. Chapter 13: VPN Solutions. Appendix A: A Reference C Implementation for AES. Appendix B: A Java Implementation of AES. Appendix C: A Reference Implementation of MD5.
