did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780471344674

Implementing Ipsec : Making Security Work on VPNs, Intranets, and Extranets

by ;
  • ISBN13:

    9780471344674

  • ISBN10:

    0471344672

  • Format: Hardcover
  • Copyright: 1999-09-01
  • Publisher: Wiley

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $60.00 Save up to $15.00
  • Buy Used
    $45.00
    Add to Cart Free Shipping Icon Free Shipping

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

Supplemental Materials

What is included with this book?

Summary

How do you secure your IP network without destroying it? The IPsec protocols are the only viable standard for secure, network-layer transmission on IP, yet they can wreak havoc on critical applications and other enhanced network services. Interoperability problems between vendors, as well as limitations in the basic technology, can cause problems that range from annoying to disastrous. This book tells you how IPsec works (or doesn't work) with other technologies, describes how to select products that will meet your needs, and discusses legal issues critical to IPsec deployment. This hands-on guide will help you to: * Analyze how and why IPsec may break existing networks * Combine IPsec with other enhanced IP services and applications * Determine the causes of IPsec performance problems and protocol conflicts * Understand how existing laws and regulatory trends may impact your use of IPsec products * Understand the basic technological components of IPsec * Evaluate IPsec vendors and products Networking council Networking Council Books put technology into perspective for decision-makers who need an implementation strategy, a vendor and outsourcing strategy, and a product and design strategy. Series advisors are four of the most influential leaders of the networking community: Lyman Chapin-Chief Scientist at BBN/GTE and founding trustee of the Internet Society Scott Bradner-Director of the Harvard University Network Device Test Lab, trustee of the Internet Society, and ISOC VP of Standards Vinton Cerf-Senior Vice President at MCI/WorldCom and current chair of the Internet Society Ed Kozel- Senior VP for Corporate Development at Cisco Systems and member of the Board of Directors Visit our Web site at: www.wiley.com/compbooks Visit the Networking Council web site at: www.wiley.com/networkingcouncil

Author Biography

Elizabeth Kaufman is the Senior Director and General Manager for Security Products and Technologies at Cisco Systems.<br> <br> Newman is the Senior Systems Analyst for Yale University.

Table of Contents

Acknowledgments xiii
Foreword xv
Introduction
1(4)
How This Book Is Organized
2(2)
Part One: Before You Start
3(1)
Part Two: Technology Essentials
3(1)
Part Three: Making It Work
3(1)
Part Four: Going Shopping
4(1)
Who Should Read This Book
4(1)
Conclusion
4(1)
Part One: Before You Start 5(54)
Laying the Groundwork for Security
7(12)
Beyond Links and Perimeters
7(1)
The Tedium of Good Planning
8(1)
Security Manager or Network Manager?
8(2)
Dynamic Addresses, Mobile Users
9(1)
The Integration of Security with the Infrastructure
9(1)
The Need to Avoid Downtime
10(1)
Who Should Keep Reading
10(1)
Mapping Your Network
11(6)
Most Networks Have Hearts of Darkness
11(1)
The Physical Infrastructure
12(3)
The IP and Applications Infrastructure
15(1)
Network Properties of Important Applications
16(1)
Planned Services
17(2)
Security Principles and Practices
19(12)
Do You Need a Security Policy?
20(1)
If Policy Is Not Possible
20(1)
From Practices to Policy
21(1)
Common Nontechnical Errors
21(2)
Stay Away from Silly Jargon
22(1)
Diplomacy Beats Drama
22(1)
Assessing Current Vulnerabilities
23(5)
Name That (Potential) Attacker
23(1)
Vulnerability Analysis
24(3)
Other Data Perimeters
27(1)
Filling Out the Matrix
28(1)
An Implementation Strategy
28(3)
Encrypting within the Law
31(28)
Overview
32(1)
Disclaimer
32(1)
Terminology
33(2)
What Is an Import?
33(1)
What Is an Export?
33(1)
What Is an End User?
34(1)
What Is an End Use?
34(1)
Encryption for U.S. Businesses with U.S.-Only Networks
35(1)
Encryption for Everyone Else: Cracking Open the Door to Hell
35(1)
Broad Availability Does Not Imply Deregulation
35(1)
The Politics of Cryptography
36(2)
Industry, Experts, and Lobbyists
36(1)
Law-Enforcement Agencies
37(1)
Intelligence Agencies
37(1)
Important International Bodies
38(3)
The Wassenaar Arrangement
38(2)
The Organization for Economic Co-operation and Development
40(1)
International Overview
41(4)
Types of Controls
42(1)
The Regulations Don't Favor IPsec
42(1)
Basic Regulatory Categories
43(2)
Key Escrow and Key Recovery
45(9)
Wiretaps and Warrants
46(1)
Basics of Crypto-Busting
47(1)
The U.S. Example
47(1)
Which Keys Matter?
48(1)
IPsec and Third-Party Key Access
48(1)
Deploying IPsec with Escrow or KMI
49(3)
Alternatives to Third-Party Key Access
52(2)
Product Selection and Licensing
54(2)
Vendor Licensing
54(1)
Back-door Deals
55(1)
The Licensing Process
55(1)
Where to Get More Information
56(3)
Part Two: Technology Essentials 59(38)
The Risks of IP Networking
61(6)
IP Functional Overview
62(3)
Basic Design Characteristics
62(3)
Summary of IP Security Risks
65(2)
Cryptographic Protocols and Techniques
67(10)
Cryptography Basics
68(4)
Brute Force and Known Plaintext Attacks
68(1)
Symmetric Encryption
68(1)
One-way Hash Functions
69(2)
Public Key Cryptography
71(1)
Pretty Good Privacy (PGP)
71(1)
Steganography: The Data Vanishes
72(1)
Cryptographic Authentication Mechanisms
73(4)
Preshared Secrets
73(1)
Third Parties and Preshared Secrets
74(1)
Third Parties and Public Key Cryptography
74(1)
Authentication and the Zero-Knowledge Proof
75(1)
Kerberos
76(1)
The Basics of IPsec and Public Key Infrastructures
77(20)
The Anatomy of IPsec
78(7)
Two Security Protocols
78(1)
Two Modes of Operation
78(1)
The Implementation Options
78(1)
Security Associations
79(1)
The Authentication Header (AH)
80(1)
The Encapsulating Security Payload (ESP)
81(2)
Why Bother with AH?
83(1)
Authentication Header (AH) and Encapsulating Security Payload (ESP)
84(1)
IPsec Authentication: Defining a PKI
85(9)
Whose Key Is It?
86(1)
X.509 Certificates
86(1)
The Public-Key Infrastructure (X.509) (PKIX) Initiative
87(1)
Cross-Certification
88(1)
Attributes of an X.509 Certificate
89(4)
PKI Planning
93(1)
IPsec Encryption Key Management
94(2)
The OAKLEY Protocol
94(1)
The Internet Key Exchange Protocol
95(1)
Summary
96(1)
Part Three: Making It Work 97(52)
What Won't Work with IPsec: Other Network Services and Technologies
99(40)
A Moving Target
100(1)
IPsec Design Objectives
100(1)
Ugly Outcomes of IPsec Design
101(1)
Predicting Problems
101(11)
Symptoms
102(1)
Limits on Processing Power
102(5)
Order-of-Operation Conflicts
107(3)
The Predictive Power of Topology
110(1)
Meltdown Alert: Protocols to Watch
110(2)
Bandwidth Optimization
112(10)
Some Packets Are More Equal than Others
113(1)
Link-Layer Compression
113(3)
Quality of Service
116(6)
Packet Classification
122(3)
Packet Classification for IPsec
122(1)
Packet Classification with IPsec
122(1)
Packet Filtering
123(1)
Proxy Firewalls
123(1)
Content Filtering
124(1)
Network Address Translation
124(1)
Network Infrastructure
125(3)
IP Routing Protocols
125(2)
Domain Name System (DNS)
127(1)
Network Monitoring
128(3)
Sniffers
128(1)
Network Intrusion Detection
129(1)
Remote Monitoring (RMON and RMON2)
129(2)
Network Management
131(2)
Simple Network Management Protocol (SNMP)
131(1)
Syslog
132(1)
Telnet
132(1)
Trivial File Transfer Protocol (TFTP)
133(1)
Voice and Video
133(2)
Multicast
133(1)
Voice over IP (VoIP)
134(1)
Interoperability--A Quick Summary
135(1)
Wrap-up
136(3)
Processing Power and Order of Operations
137(1)
Do Not Despair
137(2)
IPsec and PKI Rollout Considerations
139(10)
Where Are the Case Studies?
139(1)
Generic IPsec Topologies
140(4)
Gateway-to-Gateway
140(1)
End Host-to-Gateway: Remote-Access Scenarios
141(3)
End Host-to-End Host
144(1)
Failure Modes
144(2)
Is the Failure Mode Adjustable?
144(1)
Is the Failure Mode Predictable?
145(1)
What Will Cause a Failure?
145(1)
Planning a Certificate Infrastructure
146(3)
Certificate Policy and Certification Practices Statement
146(1)
Commercial PKI Products and PKIX
147(2)
Part Four: Going Shopping 149(24)
Evaluating Vendors
151(4)
The Right Products
152(1)
The Right Plans
152(1)
Technology Integration
152(1)
Support Requirements
153(2)
Pre-Sales Design
153(1)
Licensing
153(1)
Post-Sales Support
154(1)
Availability of Spares
154(1)
Follow Your Gut
154(1)
What to Ask Your Vendors
155(18)
End Host: Bump in the Stack or Replacement Stack?
157(1)
Version Numbers and Shipping Products
158(1)
How to Evaluate Claims of Standards Support
159(1)
The Public Key Problem for IPsec
160(1)
Key Length Is Not Always Key Strength
161(1)
Bogus Answer Alert
161(1)
Algorithms Other than DES and 3DES
162(1)
What Is This about Roots?
163(1)
Roots, for Gateways Only
163(1)
Why Insist on Certificates?
164(1)
Why Worry about SA Negotiation Speed?
165(2)
End Host: Why Prekey?
167(1)
Gateway: Why Prekey?
167(4)
What's This about Configuration and Interception?
171(1)
Conclusions
172(1)
Appendix 173(68)
Glossary 241(12)
Bibliography 253(4)
Index 257

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program