Paperback(New Edition)
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
Overview
Product Details
| ISBN-13: | 9781578702466 |
|---|---|
| Publisher: | Pearson Education |
| Publication date: | 01/19/2001 |
| Series: | Circle |
| Edition description: | New Edition |
| Pages: | 408 |
| Product dimensions: | 5.88(w) x 8.90(h) x 0.92(d) |
About the Author
Read an Excerpt
Chapter 1: What Is a Virtual Private Network?
In recent years, as more companies have come to require network connections to central offices, the need has grown for inexpensive, secure communications with remote users and offices. Although they're known to be reliable and secure, dedicated circuits and leased lines are not financially feasible for most companies. A Virtual Private Network (VPN) simulates a private network by utilizing the existing public network infrastructure, usually the Internet. The network is termed "virtual" because it uses a logical connection that is built on the physical connections. Client applications are unaware of the actual physical connection and route traffic securely across the Internet in much the same way traffic on a private network is securely routed. When the VPN is configured and initiated, applications will not be able to tell the difference between the virtual adapter and a physical adapter.When a Virtual Private Network is properly set up, it combines public networks (such as the Internet), Frame Relay, and Asynchronous Transfer Mode (ATM) into a wide area network (WAN) that a dialup link treats as a private network. Once the VPN infrastructure is defined and configured, it provides seamless integration that enables the network to be viewed the same as a private network.
History of Virtual Private Networks
So how did VPNs get to where they are today? Until just a few years ago, VPNs were basically nonexistent. Recently, VPNs have experienced a lot of movement and development in a relatively short period of time as corporate demand to stay connected with users has increased.
A few vendors, such as IBM, Microsoft,and Cisco Systems, Inc., started developing tunneling technologies in the mid `90s. Although products such as IPX and SNA over IP tunneling were available several years ago, they were very specific to their environments and of limited use to the industry as a whole. The industry needed a tunnel solution that could be standardized for all types of traffic. Much of this push toward standardization was based on the acceptance and standardization of TCP/IP.
In 1996, several vendors realized the importance of VPNs, and many of these companies worked together to define tunneling protocols. These tunneling protocols facilitated two major VPN solutions: Point-to-Point Tunneling Protocol (PPTP), created by Microsoft, Ascend, 3Com, and US Robotics, and Layer 2 Forwarding (L2F), created by Cisco. Because both of these solutions are vendor-specific, proprietary protocol interoperability is limited to products from supporting vendors. PPTP and L2F are Open Systems Interconnection (OSI) Layer 2 tunneling protocols that were designed to transport Layer 3 protocols, such as Apple Talk, IP, and IPX, across the Internet. To do this, PPTP and L2F leveraged the existing Layer 2 PPP standard to transport different Layer 3 protocols across serial links. The Layer 3 packets were encapsulated into PPP frames and then encased in IP packets for transport across the IP-based network. Because neither protocol provides data encryption, authentication, or integrity functions that are critical to VPN privacy, these functions must be added as separate processes. PPTP is discussed in detail in Chapter 4, "Point-to-Point Tunneling Protocol (PPTP)".
Driven by the shortcomings of the existing tunneling protocols, in 1997 standardization and planning began to take place. This began with the introduction of Layer 2 Transport Protocol (L2TP) and Internet Protocol Security (IPSec) by the Internet Engineering Task Force (IETF). Because L2TP and IPSec are a multivendor effort, interoperability is not as much a problem as it was for their predecessors. Being a Layer 2 protocol, L2TP allowed for multiprotocol support over an IP-based network. This means that it was not restricted to a specific protocol but could be used to transport several different protocols. The L2TP specification has no built-in data security functions and requires IPSec for data security in transport mode. L2TP is covered in Chapter 7, "Layer 2 Tunneling Protocol (L2TP)."
Because tunneling technology had matured to a point that administrators were able to actually use it, the deployment of tunneling clients became more widespread. Additionally, Windows NT provided the administrator with basic network functions, such as auditing, accounting, and alarms, which allowed for easy implementation and monitoring.
In 1998, VPNs continued to mature with centralized user management, better network management, and enhanced authentication and encryption. Microsoft worked on the Windows NT 4.0 tunneling solution, updating the protocol and the security-related process. Many clients were updated to include tunnel client software for a more streamlined configuration.
1999 saw the introduction of effective VPNs with new features, such as a standards-based authentication model, an easier interface for server configuration, and additional client configuration tools. With the new authentication model, the smart cards that could be deployed for client access increased security and integration of VPNs into consumer devices. Therefore, VPN use by telecommuters became widespread, and corporate use of VPNs for branch office links increased. Windows 2000 has a mature VPN option that provides the necessary features for a secure and manageable tunneling solution that is dramatically less expensive than a hardware solution and/or leased lines. Microsoft has fully committed to implementing VPN technologies in Windows 2000 because they predict that VPNs will be an important element in corporate networks in the near future. Windows 2000 not only comes with built-in support for IPSec, L2TP, and PPTP, but also delivers a full suite of securityrelated services ranging from full Remote Authentication Dial-In User Service (RADIUS) support to the Extensible Authentication Protocol (EAP). Windows 2000 VPN services are discussed in more detail in Chapter 3, "VPN Features in Windows 2000."
How a Virtual Private Network Works
As stated previously, a Virtual Private Network is essentially a "private tunnel" over a public infrastructure. To emulate a private network link, the VPN encapsulates data with a header that provides routing information, which enables the data to travel the public network (normally the Internet) from the source to the destination. To emulate a private link, the VPN encrypts the encapsulated data being sent for confidentiality, authenticity, and guaranteed integrity. Packets that are intercepted on the public network are unreadable without the encryption keys. A link in which the data is encapsulated and encrypted is known as a VPN, or tunnel, connection.
VPNs can be maintained by a variety of devices. It is now possible to have a Windows 2000 server connect to a router with an encrypted tunnel, or another Windows 2000 device, or a firewall, or anything that uses the standard protocols and support that encryption mechanizes...
Table of Contents
(NOTE: Each chapter concludes with a Summary.)Preface.
Introduction.
1. What Is a Virtual Private Network?
History of Virtual Private Networks. How a Virtual Private Network Works. Alternative Services. Common Uses of Virtual Private Networks. Other Benefits of Virtual Private Networks.
2. Basic Virtual Private Network Deployment.
Terminology. Design Considerations. Virtual Private Network Deployment. Network Design Concepts with Tunneling.
3. VPN Features in Windows 2000.
Active Directory. PPTP. L2TP. IPSec. Internet Key Exchange (IKE). NAT. Connection Manager. Certificate Server. Dynamic DNS. Highly Configurable Network Traffic. Easier Router Configuration.
4. Point-to-Point Tunneling Protocol (PPTP).
How PPTP Works. PPTP Security. Performance Gains.
5. Certificates.
What Is a Certificate Server? Digital Signatures. Certificate Authority. Certificate Enrollment. Certificate Verification. Certificate Revocation. Certificate Storage Model. Implementing Certificate Server for Virtual Private Networks.
6. Internet Protocol Security (IPSec).
IPSec Communication. Choosing an IPSec Environment. Bringing the Whole IPSec Picture Together.
7. Layer 2 Tunneling Protocol (L2TP).
Goals for Windows 2000 L2TP/IPSec. L2TP versus PPTP. L2TP Implementation Details. L2TP Communications in Detail. Internet Key Exchange Settings. Key Exchange Methods (H3). Power Management. L2TP/IPSec Procedures.
8. NAT and Proxy Servers.
Proxy Server. Proxy Server Functions: Speed and Security. Network Address Translation. Firewalls. Edge Servers. Windows 2000 Network Address Translation. Various Server-Side Network Designs. Various Client-Side Network Designs. Summary of Distributed Network Designs. NAT and Proxy Server Configuration. Setting Up NAT with RRAS. Sharing a VPN Link.
9. Connection Manager, Remote Access Policy, and IAS.
Connection Manager. Remote Access Policies. Windows 2000 Remote Access Policy. Internet Authentication Service (IAS).
10. Routing and Filtering.
Windows 2000 Routing. Client-Side Routing. Automatic Private IP Addressing (APIPA). Tunnels and Routing.
11. Name Resolution in Windows 2000.
Name Resolution for Tunnel Clients. Name Resolution for Home LAN/Branch Office. Name Resolution for a VPN-Based Active Directory Environment. Relationship Between the Branch Office Name Servers.
12. Active Directory Design in VPNs.
Replication. Single Master Replication and VPNs. Optimization. Site Design. Deploying the AD. The HappyVPN Model.
Appendix A. History and Context of Virtual Private Networking.
The Early Years. ISPs. Private Networks. OSI Reference Model. VPN-Related RFCs.
Appendix B. Troubleshooting.
Troubleshooting Factors. Common Issues and Troubleshooting Tips.
Appendix C. Windows 2000 to Cisco IOS IPSec Connectivity.
Network Setup. Windows 2000 Security Policy Configuration. Cisco IPSec Configuration. Testing. Summary.
Appendix D. VPN and Network Futures.
Predicting VPN and Windows Trends.
Index.