Virtual Private Networks
Making the Right ConnectionBy
- Dennis Fowler
Network-dependent companies are excited by the benefits promised by the virtual private network, including lower costs, greater flexibility, and improvements in connectivity. But they also have questions: What benefits are real? How can they be measured? What are the expenses and the dangers?
Virtual Private Networks: Making the Right Connection is an intelligent introduction written especially for business and IT professionals who want a realistic assessment of what a VPN can provide for their organizations. Covering advantages and risks, this book expands your understanding of what you can do with a VPN, while detailing all that implementing it will demand of you. With its help, you'll find your way through VPN hype to the answers you need to make sound decisions.
Paperback, 350 Pages
Published: May 1999
Imprint: Morgan Kaufmann
"Dennis Fowler provides an insightful view to both the business benefits and technical requirements to VPNs. His examples of other customers' experiences with VPNs breathe life into the discussion."
From the Foreword by Susan Scheer Aoko, Cisco systems, Inc.
- CHAPTER 1 DEFINING THE VPN1.1 What is a VPN?1.2 What a VPN is good for and why you should consider building one. 1.2.1 Economies of Sharing 1.2.2 Flexibility 1.2.3 Worldwide connectivity on a budget1.2.4 The VPN and the Mobil Workforce1.3 Every Silver Lining has a Cloud1.4 How a VPN works. 1.4.1 Tunneling1.4.2 Securing the Data1.4.3 Making the Combination Work1.5 Where we go from here.CHAPTER 2 How to use a VPN.2.1 The VPN for Remote Access 2.1.1 A Medical Software Company 2.1.2 Prudential Insurance Company 2.2 The VPN as an Extranet 2.2.1 Automotive Network eXchange (ANX)2.2.2 Open Access Same-time Information Systems (OASIS)2.3 The VPN as an Intranet2.3.1 Mazzio's Corp. 2.3.2 Galaxy Scientific Corporation2.4 Conclusion CHAPTER 3 The Downside to VPNs3.1 Do You Really Need a VPN? 3.2 Connection Availability 3.3 Security3.3.1 Snooping or sniffing3.3.2 Capturing Addresses3.3.3 Session Hijacking 3.3.4 Data Tampering 3.4 The Lack of Standards 3.5 Performance/Quality of Service3.6 Hidden Costs3.7 Management3.8 Fitting it in with your architecture3.9 End user training3.10 Security, again3.11 ConclusionCHAPTER 4: Internet versus Other VPNs4.1 Clearing Up Some Confusion 4.1.1 The Internet4.1.2 TCP/IP on other networks.4.1.3 Frame Relay, ATM and TCP/IP4.2 The Internet vs. Private Services4.2.1 The Frame Relay Advantages4.2.2 An Example of a Frame Relay VPN4.3 The Trade-offs 4.3.1 The Cost Factor 4.3.2 Flexibility4.3.3 Security 4.3.4 Reliability and Accountability4.3.5 Customer Services and Technical Support 4.4 Conclusion CHAPTER 5 - ENCRYPTION5.1 An Overview of Encryption5.2 Secret key (Symmetric) Cryptosystems 5.3 Public (asymmetric) Key Cryptosystems5.3.1 Diffie-Hellman (DH)5.3.2 Rivest Shamir Adleman (RSA) Encryption5.3.3 Other Public Key Systems5.4 Digital Signatures, Hashing and MACs5.5 Putting it all together.5.6 ConclusionCHAPTER 6 USER AUTHENTICATION, AUTHORIZATION AND KEY MANAGEMENT6.1 User Authentication6.1.1 THE USERNAME-PASSWORD CHALLENGE6.1.2 VPN USER AUTHENTICATION - THE SIMPLEST SCENARIORADIUSTACACSKERBEROS6.2 KEY MANAGEMENT AND CERTIFICATE AUTHORITIES6.2.1 CERTIFICATE AUTHORITIES6.2.2 THE ITU-T X.509 CERTIFICATE STANDARD AND PKI6.2.3 PKCS 6.2.4 LDAP and VPNs6.3 MAKING THE CONNECTION; MORE THAN JUST MANAGING KEYS. 6.3.1 ISAKMP/Oakley, alias IKE6.4 CONCLUSION CHAPTER 7: TUNNELING AND THE VPN PROTOCOL SUITES7.1 TUNNELING7.1.1 The IP Packet and Encapsulation7.2 VPNs and the OSI Model7.3 The Packet VPNs7.3.1 PPTP7.3.2 L2F7.3.3 L2TP 7.3.4 ALTAVISTA TUNNEL7.3.5 IPSec7.3.6 SKIP7.4 APPLICATION ORIENTED VPN PROTOCOLS7.4.1 SECURE SHELL7.4.2 SOCKS version 5 network security protocol 7.4.3 Sun.NET 7.5 Quality of Service (QoS) Protocols and VPNs7.6 CONCLUSIONCHAPTER 8 ARCHITECTURE8.1 Software vs. Hardware Solutions8.2 "Hiding" your LAN 8.3 User Authentication8.4 The Basic Scenarios8.4.1 The Client to LAN VPN 8.4.2 The LAN to LAN VPN8.5 Conclusion CHAPTER 9 Planning Your VPN9.1 Analyze Your Needs 9.1.1 Consider the Possibilities9.1.2 Look at What you are doing Now. 9.2 Take a Detailed Inventory of Your Resources 9.2.1 Inventory Your Physical Resources. 9.2.2 Inventory Your Human Resources 9.2.3 Outsourced vs In House 9.3 Establish the Goals for Your VPN9.4 Plan for the Evolution/Expansion of the Network9.5 Begin to Sketch Out a Budget 9.6 Study ALL Your Options 9.7 Develop an Architecture 9.7.1 A Review of the Protocols 9.8 A Review of the Protocols 9.8.1 IPSec is a Developing Industry Standard 9.8.2 PPTP and L2TP's Ready Availability 9.8.3 SKIP is being marginalized in the market 9.8.4 AltaVista, SOCKS v.5, and Secure SHell are Niche Products. 9.8.5 Sun.NET is an unproved product. 9.9 Evaluate Products and Vendors 9.10 Define a Pilot Project9.11 Plan on a Phased Roll out 9.12 Conclusion Chapter 10 Administration and management10.1 Security10.1.1 The First Line of Defense10.1.2 Beware Back Doors 10.1.3 Security Through Obscurity 10.2 Keeping the VPN Up 10.2.1 Service Level Agreements (SLAs) 10.2.2 Managing Performance on Your Part 10.3 Managing One Big Network10.4 Conclusion