[ Pobierz całość w formacie PDF ]
Virtual Private Networks, Second Edition
Charlie Scott
Paul Wolfe
Mike Erwin
Publisher: O'Reilly
Second Edition January 1999
ISBN: 1-56592-529-7, 225 pages
This book explains how to build a Virtual Private Network (VPN), a collection of
technologies that creates secure collections or "tunnels" over regular Internet lines. It
discusses costs, configuration, and how to install and use technologies that are available for
Windows NT and UNIX, such as PPTP and L2TP, Altavista Tunnel, Cisco PIX, and the
secure shell (SSH). New features in the second edition include SSH and an expanded
description of the IPSec standard.
Table of Contents
Preface
.....................................................
Audience
...................................................
Contents of This Book
..........................................
Conventions Used in This Book
....................................
Comments and Questions
........................................
Updates
....................................................
Acknowledgments
.............................................
1
1
1
3
4
4
4
1. Why Build a Virtual Private Network?
.............................
1.1 What Does a VPN Do?
.......................................
1.2 Security Risks of the Internet
...................................
1.3 How VPNs Solve Internet Security Issues
...........................
1.4 VPN Solutions
.............................................
1.5 A Note on IP Address and Domain Name Conventions Used in This Book
.....
6
6
8
9
12
13
2. Basic VPN Technologies
........................................
2.1 Firewall Deployment
.........................................
2.2 Encryption and Authentication
..................................
2.3 VPN Protocols
.............................................
2.4 Methodologies for Compromising VPNs
............................
2.5 Patents and Legal Ramifications
.................................
14
14
24
32
36
40
3. Wide Area, Remote Access, and the VPN
............................
3.1 General WAN, RAS, and VPN Concepts
...........................
3.2 VPN Versus WAN
..........................................
3.3 VPN Versus RAS
...........................................
42
42
44
50
4. Implementing Layer 2 Connections
................................
4.1 Differences Between PPTP, L2F, and L2TP
..........................
4.2 How PPTP Works
...........................................
4.3 Features of PPTP
...........................................
57
57
58
67
5. Configuring and Testing Layer 2 Connections
........................
5.1 Installing and Configuring PPTP on a Windows NT RAS Server
............
5.2 Configuring PPTP for Dial-up Networking on a Windows NT Client
.........
5.3 Configuring PPTP for Dial-up Networking on a Windows 95 or 98 Client
......
5.4 Enabling PPTP on Remote Access Switches
.........................
5.5 Making the Calls
...........................................
5.6 Troubleshooting Problems
.....................................
5.7 Using PPTP with Other Security Measures
..........................
69
69
76
77
80
83
84
87
6. Implementing the AltaVista Tunnel 98
..............................
6.1 Advantages of the AltaVista Tunnel System
.........................
6.2 AltaVista Tunnel Limitations
...................................
6.3 How the AltaVista Tunnel Works
................................
6.4 VPNs and AltaVista
........................................
89
90
91
92
96
7. Configuring and Testing the AltaVista Tunnel
........................
7.1 Getting Busy
..............................................
7.2 Installing the AltaVista Tunnel
..................................
7.3 Configuring the AltaVista Tunnel Extranet and Telecommuter Server
.........
7.4 Configuring the AltaVista Telecommuter Client
.......................
7.5 Troubleshooting Problems
.....................................
107
107
107
110
116
117
8. Creating a VPN with the Unix Secure Shell
..........................
8.1 The SSH Software
..........................................
8.2 Building and Installing SSH
....................................
8.3 SSH Components
...........................................
8.4 Creating a VPN with PPP and SSH
...............................
8.5 Troubleshooting Problems
.....................................
8.6 A Performance Evaluation
.....................................
120
121
122
123
128
140
142
9. The Cisco PIX Firewall
........................................
9.1 The Cisco PIX Firewall
.......................................
9.2 The PIX in Action
..........................................
9.3 Configuring the PIX as a Gateway
................................
9.4 Configuring the Other VPN Capabilities
............................
144
144
144
150
156
10. Managing and Maintaining Your VPN
.............................
10.1 Choosing an ISP
...........................................
10.2 Solving VPN Problems
......................................
10.3 Delivering Quality of Service
..................................
10.4 Security Suggestions
........................................
10.5 Keeping Yourself Up-to-Date
..................................
159
159
160
163
164
166
11. A VPN Scenario
............................................
11.1 The Topology
.............................................
11.2 Central Office
............................................
11.3 Large Branch Office
........................................
11.4 Small Branch Offices
........................................
11.5 Remote Access Users
.......................................
11.6 A Network Diagram
........................................
167
167
167
168
169
169
170
A. Emerging Internet Technologies
..................................
A.1 IPv6
...................................................
A.2 IPSec
...................................................
A.3 S/WAN
.................................................
171
171
172
172
B. Resources, Online and Otherwise
.................................
B.1 Software Updates
...........................................
B.2 The IETF
................................................
B.3 CERT Advisories
...........................................
B.4 The Trade Press
............................................
B.5 Networking and Intranet-Related Web Sites
.........................
B.6 Usenet Newsgroups
.........................................
B.7 Mailing Lists
..............................................
174
174
174
174
175
175
175
176
Colophon
....................................................
177
Virtual Private Networks, Second Edition
Preface
This book is about a very new area of computer technology: providing secure access between
members of an organization who are cast far around the world. Both the technology providers
and the users are feeling their way.
We approached the idea of the virtual private network (VPN) with some skepticism, since we
own an Internet service provider. Security compromises are fairly common, as end users fail
to understand the importance of password integrity and other basic protections. Though
known cracks are not common, attempted cracks are; unfortunately, the successful cracks are
those you never hear about.
Customers began approaching us with requests for solutions. How can we use the global reach
of the Internet to access our various networks around the country and the world? Can we do it
securely? Can we do it now? Charlie probably looked them square in the eye and said, "Oh,
yeah, we can do that," then gave a cackle, to Mike's and Paul's dismay. In the course of trying
to find solutions for these needy customers, and for our own nationally expanding networks,
we turned to the virtual private network, and eventually wrote this book.
Although it doesn't fully represent the drama and tribulations of learning about and erecting a
VPN, this book covers everything you need to know to get one up and running. The
technology of the virtual private network is widely available; however, specific solutions are
fairly slim. We cover the four that are currently available—Layer 2 tunneling through PPTP
or L2TP, the Cisco PIX firewall, the AltaVista Tunnel, and the Secure Shell (SSH)—and
other basics on how VPNs work, how much they cost, and why you should use one. (And
when you shouldn't.)
Audience
We assume that you are a network administrator who has already set up local area networks
and knows something about the Internet and remote access (dial-in use). VPN solutions are
usually employed along with firewalls, which are discussed only briefly in this book. For help
with firewall concepts and technologies, you can find a variety of useful books, including
Building Internet Firewalls,
by D. Brent Chapman and Elizabeth D. Zwicky, published by
O'Reilly & Associates, Inc.
Contents of This Book
Chapter 1
Do you need a virtual private network? Good question. Read this chapter and find out.
After we scare you with some common security breaches, you will find some
comforting reasons why a virtual private network may be your solution.
Chapter 2
Still here? This chapter details the various pieces that make a VPN function and make
it more secure. Firewalls, encryption/authentication, and some basic VPN protocols
and standards are covered. Rounding out this chapter are some of the varied and fun
1
[ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • gackt-camui.opx.pl