Virtual Private NetworksHistorically, only large companies could afford secure networks, which they created from expensive leased lines. Smaller folks had to make do with the relatively untrusted Internet. Nowadays, even large companies have to go outside their private nets, because so many people telecommute or log in while they're on the road. How do you provide a low-cost, secure electronic network for your organization?The solution is a virtual private network: a collection of technologies that creates secure connections or "tunnels" over regular Internet lines--connections that can be easily used by anybody logging in from anywhere. A number of products now exist to help you develop that solution.This book tells you how to plan and build a VPN. It starts with general concerns like costs, configuration, and how a VPN fits in with other networking technologies like firewalls. It continues with detailed descriptions of how to install and use VPN technologies that are available for Windows NT and Unix, such as PPTP and L2TP, Altavista Tunnel, Cisco PIX, and the secure shell (SSH).New features in the second edition include SSH, which is a popular VPN solution for Unix systems, and an expanded description of the IPSec standard, for which several vendors have announced support.Topics include:
|
Contents
Why Build a Virtual Private Network? | 1 |
What Does a VPN Do? | 2 |
Security Risks of the Internet | 4 |
How VPNs Solve Internet Security Issues | 5 |
VPN Solutions | 8 |
A Note on IP Address and Domain Name Conventions Used in This Book | 10 |
Basic VPN Technologies | 11 |
Firewall Deployment | 12 |
VPNs and AltaVista | 108 |
Configuring and Testing the AltaVista Tunnel | 119 |
Configuring the AltaVista Tunnel Extranet and Telecommuter Server | 123 |
Configuring the AltaVista Telecommuter Client | 131 |
Creating a VPN with the Unix Secure Shell | 135 |
The SSH Software | 136 |
Building and Installing SSH | 138 |
SSH Components | 139 |
Encryption and Authentication | 22 |
VPN Protocols | 32 |
Methodologies for Compromising VPNs | 37 |
Patents and Legal Ramifications | 43 |
Wide Area Remote Access and the VPN | 45 |
VPN Versus WAN | 47 |
VPN Versus RAS | 55 |
Implementing Layer 2 Connections | 62 |
Differences Between PPTP L2F and L2TP | 63 |
How PPTP Works | 64 |
Features of PPTP | 74 |
Configuring and Testing Layer 2 Connections | 76 |
Installing and Configuring PPTP on a Windows NT RAS Server | 77 |
Configuring PPTP for Dialup Networking on a Windows NT Client | 84 |
Configuring PPTP for Dialup Networking on a Windows 95 or 98 Client | 87 |
Enabling PPTP on Remote Access Switches | 90 |
Making the Calls | 93 |
Using PPTP with Other Security Measures | 97 |
Implementing the AltaVista Tunnel 98 | 99 |
Advantages of the AltaVista Tunnel System | 100 |
AltaVista Tunnel Limitations | 102 |
How the AltaVista Tunnel Works | 103 |
Creating a VPN with PPP and SSH | 144 |
Troubleshooting Problems | 157 |
A Performance Evaluation | 160 |
The Cisco PIX Firewall | 162 |
The PIX in Action | 163 |
Configuring the PIX as a Gateway | 169 |
Configuring the Other VPN Capabilities | 177 |
Managing and Maintaining Your VPN | 180 |
Choosing an ISP | 181 |
Delivering Quality of Service | 186 |
Security Suggestions | 187 |
Keeping Yourself UptoDate | 190 |
A VPN Scenario | 191 |
Central Office | 192 |
Large Branch Office | 193 |
Remote Access Users | 194 |
A Network Diagram | 195 |
Emerging Internet Technologies | 197 |
Resources Online and Otherwise | 201 |
205 | |