Cover image for Practical guide for implementing secure intranets and extranets
Title:
Practical guide for implementing secure intranets and extranets
Author:
Phaltankar, Kaustubh M.
Personal Author:
Publication Information:
Boston : Artech House, [2000]

©2000
Physical Description:
xx, 401 pages : illustrations ; 24 cm.
Language:
English
ISBN:
9780890064474
Format :
Book

Available:*

Library
Call Number
Material Type
Home Location
Status
Item Holds
Searching...
TK5105.875.I6 P43 2000 Adult Non-Fiction Non-Fiction Area
Searching...

On Order

Summary

Summary

This volume provides hands-on methodology for designing effective network-level security systems for your corporate intranet or extranet. Using real-world examples and referencing intranet and extranet technology, this guidebook for IT professionals shows how to configure network and security elements such as routers, switches, servers and firewalls to achieve top-notch security. Components of effective security are critically reviewed in detail, including different types of firewalls, such as Packet Filters, Stateful and Application level proxy devices, and encryption schemes, such as DES, RSA, and IPSEC. Secure data transport and data access are also discussed, as well as the use of remote intelligent agents on network devices and servers. The book discusses how to evaluate security options based on requirements such as cost, complexity, and performance, and network and service management issues. It seeks to close the gap between theory and implementation by featuring detailed case studies and an interactive approach with diagrams and configurations.


Author Notes

Kaustubh M. Phaltanka received his M.S. in Telecommunications from George Washington University.

Phaltankar is chairman of NetPlexus in Springfield, Virginia, specializing in high resiliency architecture for network implementations and security of intranets and extranets, and previously served as chief architect of MCI’s Internet Solutions Center.

050


Table of Contents

Forewordp. xiii
Prefacep. xv
Intended Audiencep. xvii
Book Layoutp. xvii
Web Sitep. xviii
Acknowledgmentsp. xix
Conventionsp. xix
1 Introductionp. 1
1.1 Internetp. 1
1.2 Intranetp. 3
1.2.1 Traditional Approachp. 5
1.2.2 Frame Relay-Based Approachp. 7
1.2.3 Internet VPN-Based Approachp. 9
1.3 Intranet Componentsp. 11
1.4 Intranet Summaryp. 14
1.5 Extranetp. 16
1.5.1 Advantages of Extranetp. 17
1.5.2 Securityp. 19
1.5.3 Examples of Extranetp. 23
1.6 Conclusionp. 28
2 Wide Area Network Componentsp. 29
2.1 Asynchronous Dial-Up Connections On-Demand Using the Public Switched Telephone Networkp. 32
2.2 Dedicated Digital Point-to-Point Serial Connection to an Internet Service Providerp. 32
2.2.1 Point-to-Point Protocolp. 34
2.2.2 PPP Operationp. 35
2.3 Packet-Switched Technologies Like X.25, Frame Relay, ATM, and SMDSp. 37
2.3.1 X.25p. 37
2.3.2 Frame Relayp. 39
2.3.3 Asynchronous Transfer Modep. 44
2.3.4 Switched Multimegabit Data Servicep. 49
2.4 Integrated Services Digital Networkp. 51
2.4.1 ISDN Physical Setupp. 52
2.4.2 Basic Rate Interfacep. 54
2.4.3 Primary Rate Interfacep. 55
2.4.4 Applications of ISDNp. 55
2.4.5 Security Features of ISDNp. 57
2.4.6 Signaling System Number 7p. 57
2.5 WAN Topologies and Resiliency Considerationsp. 57
2.5.1 WAN Topologiesp. 58
2.6 Conclusionp. 60
3 Local Area Network Componentsp. 61
3.1 Ethernetp. 62
3.1.1 Bridgesp. 65
3.1.2 Routersp. 66
3.2 Fast Ethernet (100BaseT)p. 67
3.2.1 Ethernet Switch (Layer 2 Switch)p. 69
3.2.2 Switch Operationp. 70
3.2.3 Virtual LANsp. 73
3.2.4 Hot-Standby Routing Protocolp. 74
3.3 Gigabit Ethernetp. 76
3.4 Fiber Distributed Data Interfacep. 77
3.4.1 Infrastructurep. 77
3.5 ATM in the LAN Environmentp. 80
3.5.1 LAN Architecture and Operationp. 80
3.5.2 Multiprotocol Over ATMp. 86
3.6 Token Ringp. 88
3.6.1 Token Ring Operationp. 90
3.7 Layer 3 Switchingp. 90
3.8 LAN Routing Protocolsp. 91
3.8.1 Staticp. 91
3.8.2 Distance Vector Routing Protocolp. 94
3.8.3 Link State Routing Protocolp. 98
3.8.4 LAN QOSp. 99
3.9 Conclusionp. 100
4 Network and Service Managementp. 101
4.1 Network Managementp. 101
4.1.1 OSI FCAPS Modelp. 101
4.1.2 SNMPp. 102
4.2 Management Information Basep. 106
4.2.1 Structured Management Informationp. 108
4.3 SNMP Commandsp. 109
4.3.1 SNMP Product Offeringsp. 109
4.4 Remote Network Monitoringp. 111
4.4.1 RMON-IIp. 114
4.4.2 RMON Product Offeringsp. 116
4.5 Service Managementp. 118
4.6 Conclusionp. 119
5 Security Components of Intranets and Extranetsp. 121
5.1 Security Framework for Intranet and Extranetp. 122
5.2 Developing a Security Planp. 129
5.3 Security Toolsp. 130
5.3.1 Preventionp. 130
5.3.2 Detectionp. 132
5.3.3 Correctionp. 132
5.4 Data Securityp. 132
5.4.1 Data Confidentialityp. 134
5.4.2 Data Integrityp. 138
5.4.3 Data Access Control and Authenticationp. 140
5.4.4 Authenticationp. 142
5.5 Firewallsp. 172
5.5.1 Origin of Firewallsp. 172
5.5.2 What Is the Role of a Firewall in an Intranet or an Extranet?p. 172
5.5.3 What Are the Different Types of Firewalls?p. 174
5.6 Conclusionp. 182
6 Virtual Private Networkp. 183
6.1 What Is VPN?p. 183
6.1.1 LAN-to-LAN VPN for Connecting Various Parts of an Intranetp. 184
6.1.2 LAN-to-WAN VPN for Extending an Intranet to External Entities to Form Extranetsp. 184
6.1.3 Remote-LAN-Dial VPDN for Accessing Intranet and Extranet Applicationsp. 184
6.2 Why VPN?p. 186
6.2.1 Lower Cost of Deploymentp. 186
6.2.2 Data Privacyp. 186
6.2.3 Ubiquitous Accessp. 186
6.2.4 Deployment Flexibilityp. 187
6.2.5 Implementation Scalabilityp. 187
6.3 VPN Implementation for Intranet and Extranetp. 187
6.3.1 Securityp. 188
6.3.2 Performancep. 189
6.3.3 Ease of Managementp. 190
6.3.4 Conformance to Standards and Interoperabilityp. 191
6.4 Network-to-Network Connectionp. 191
6.4.1 Data Link Layerp. 192
6.4.2 Network Layerp. 198
6.4.3 Session Layerp. 207
6.4.4 Application Layer VPN Solutionp. 209
6.4.5 Dial-to-LAN VPDN Connectionp. 210
6.5 Conclusionp. 221
7 Case Studiesp. 223
7.1 Case Study I: Intranet in a Company Having a Single Office Locationp. 224
7.1.1 Case Study Objectivep. 224
7.1.2 Case Study Background and Requirementsp. 224
7.1.3 Conclusionp. 238
7.2 Case Study II: Intranet in a Company Having Multiple Office Locations Spread Over a Wide Geographical Areap. 238
7.2.1 Case Study Objectivep. 238
7.2.2 Cast Study Background and Requirementsp. 239
7.2.3 Conclusionp. 256
7.3 Case Study III: Intranet in a Company With a Legacy X.25 Connection to Its Operations in Europep. 256
7.3.1 Case Study Objectivep. 256
7.3.2 Case Study Background and Requirementsp. 261
7.3.3 Conclusionp. 308
7.4 Case Study IV: Intranet in a Company With a Legacy Connection to an IBM Mainframe System Using SNAp. 309
7.4.1 Case Study Objectivep. 309
7.4.2 Case Study Background and Requirementsp. 309
7.4.3 Conclusionp. 320
7.5 Case Study V: Intranet Connectivity in a Company Using Internet-Based VPNp. 321
7.5.1 Case Study Objectivep. 321
7.5.2 Case Study Background and Requirementsp. 322
7.5.3 Conclusionp. 341
7.6 Case Study VI: Remote Access to the Intranet Using Internet-Based VPNp. 341
7.6.1 Case Study Objectivep. 341
7.6.2 Case Study Background and Requirementsp. 341
7.6.3 Conclusionp. 359
7.7 Case Study VII: Extranet Access via VPNp. 359
7.7.1 Case Study Objectivep. 359
7.7.2 Case Study Background and Requirementsp. 360
7.7.3 Conclusionp. 375
List of Acronyms and Abbreviationsp. 377
Bibliographyp. 383
About the Authorp. 385
Indexp. 387