| Acknowledgments | p. xvii |
| Introduction | p. xix |
| Networks and Security | |
| Layering Architecture and the OSI Model | p. 3 |
| Layering Principles | p. 4 |
| Open Systems Interconnection (OSI) Model | p. 4 |
| Peer Communications and Encapsulation | p. 8 |
| Layer Interactions | p. 10 |
| Summary | p. 19 |
| Network Architectures | p. 21 |
| Networks and Network Topologies | p. 22 |
| Local Area Networks (LANs) | p. 25 |
| Wide Area Networks (WANs) | p. 46 |
| The TCP/IP Protocol Stack | p. 73 |
| The DOD Reference Model Layers | p. 75 |
| Protocol Descriptions | p. 77 |
| TCP/IP Application Layer Protocols | p. 99 |
| Security | p. 105 |
| What Is Security? | p. 106 |
| Information Security Domains | p. 108 |
| General Security Considerations | p. 111 |
| Planning Your Security Approach | p. 113 |
| Components of a Sound Security Architecture | p. 117 |
| The Five Security Characteristics of Information | p. 118 |
| The Three States of Information | p. 127 |
| Threats and Attack Methods | p. 129 |
| Packet Sniffing | p. 130 |
| Spoofing and Denial of Service Threats | p. 134 |
| Spoofing | p. 135 |
| Denial of Service | p. 151 |
| Password Attacks | p. 154 |
| Application Layer Attacks | p. 154 |
| Summary | p. 157 |
| Intrusion Detection Systems | p. 159 |
| Why Is Intrusion Detection Necessary? | p. 160 |
| What Are Intrusion Detection Systems? | p. 161 |
| IDS Detection Methods | p. 164 |
| Assessment Architectures | p. 165 |
| How to Know When You Have Been Attacked | p. 172 |
| Honey Pots | p. 176 |
| Firewalls | p. 179 |
| What Is a Firewall? | p. 180 |
| Types of Firewalls | p. 182 |
| Firewall Architectures | p. 198 |
| Virtual Private Networks | |
| VPN Basics | p. 207 |
| What Is a VPN? | p. 208 |
| Internets, Intranets, and Extranets | p. 210 |
| History of VPNs | p. 213 |
| What Is Tunneling? | p. 217 |
| Tunneling Protocols | p. 217 |
| A Tunnel from the Past | p. 219 |
| Tunnel Types | p. 220 |
| Summary | p. 222 |
| VPN Architectures | p. 223 |
| VPN Components and General Requirements | p. 224 |
| VPN Architectures | p. 226 |
| Types of VPNs | p. 234 |
| Summary | p. 238 |
| VPN Protocols | |
| Tunneling Protocols | p. 241 |
| Generic Routing Encapsulation (GRE) | p. 242 |
| Point-to-Point Tunneling Protocol (PPTP) | p. 249 |
| Summary | p. 259 |
| L2F and L2TP | p. 261 |
| Access VPNs or VPDNs | p. 262 |
| Layer 2 Forwarding (L2F) PROTOCOL | p. 263 |
| Layer 2 Tunneling Protocol (L2TP) | p. 273 |
| Summary | p. 296 |
| Secure Communication | |
| Cryptography | p. 299 |
| Cryptography | p. 300 |
| Steganography | p. 305 |
| Cryptographic Algorithm Methods | p. 307 |
| Cryptanalysis | p. 309 |
| Future Cryptographic Methods | p. 311 |
| Summary | p. 312 |
| Cryptographic Algorithms | p. 313 |
| Hash Algorithms | p. 314 |
| Private-Key (Symmetric) Algorithms | p. 316 |
| Public-Key (Asymmetric) Algorithms | p. 319 |
| Summary | p. 326 |
| Certificates | p. 327 |
| Digital Signatures | p. 329 |
| Certificates | p. 334 |
| Digital Signatures, Certificates, and Public Key Infrastructure (PKI) | p. 343 |
| Summary | p. 346 |
| Authentication | p. 347 |
| Human Identification | p. 348 |
| Entity Authentication | p. 350 |
| Authentication Protocols | p. 351 |
| Terminal Access Controller Access Control System (TACACS), XTACACS, and TACACS+ | p. 364 |
| Summary | p. 372 |
| IPSec | |
| IPSec Components | p. 375 |
| IPSec Background | p. 376 |
| IPSec Components and Concept Overview | p. 380 |
| The Authentication Header (AH) Protocol | p. 385 |
| The Encapsulating Security Payload (ESP) Protocol | p. 390 |
| Why Two Authentication Protocols? | p. 394 |
| Security Associations and Policies | p. 395 |
| Security Databases | p. 399 |
| Summary | p. 402 |
| Key Management | p. 403 |
| Key Management Concepts and Overview | p. 404 |
| Perfect Forward Secrecy (PFS) | p. 406 |
| Diffie-Hellman | p. 407 |
| The Pseudo-Random Function | p. 408 |
| Domain of Interpretation (DOI) | p. 408 |
| Internet Security Association and Key Management Protocol (ISAKMP) | p. 408 |
| IPSec IKE | p. 410 |
| Summary | p. 416 |
| Key Management/Exchange Protocols | p. 417 |
| In-Band and Out-of-Band Key Exchanges | p. 418 |
| Diffie-Hellman Key Exchange | p. 419 |
| Simple Key-Management for Internet Protocols (SKIP) | p. 420 |
| Photuris | p. 421 |
| SKEME | p. 422 |
| Oakley | p. 423 |
| ISAKMP | p. 424 |
| The Internet Key Exchange (IKE) or ISAKMP/Oakley | p. 441 |
| Negotiating Multiple Security Associations | p. 459 |
| Using ISAKMP/Oakley with Remote Access | p. 460 |
| Summary | p. 461 |
| IPSec Architecture and Implementation | p. 463 |
| IPSec Architecture and Implementation | p. 464 |
| Managing the Security Associations | p. 473 |
| Security Association Databases | p. 479 |
| Summary | p. 486 |
| MPLS | |
| Quality of Service (QoS) | p. 491 |
| Basic Terms | p. 492 |
| What is Quality of Service (QoS)? | p. 494 |
| Why do we need QoS? | p. 495 |
| The QoS Framework | p. 509 |
| QoS Protocols | p. 510 |
| Traffic Engineering | p. 520 |
| Summary | p. 522 |
| Traffic Engineering--Movement of Data | p. 523 |
| Routing to Switching to Routing? | p. 524 |
| Traffic Engineering 101 | p. 526 |
| Summary | p. 534 |
| MPLS Background | p. 535 |
| What Is MPLS? | p. 536 |
| Why Do We Need MPLS? | p. 537 |
| History Behind MPLS | p. 539 |
| Summary | p. 545 |
| MPLS Components and Concepts | p. 547 |
| MPLS Components and Concepts | p. 548 |
| Distribution of Label Information | p. 556 |
| MPLS Virtual Private Networks (MPLS VPNs) | p. 561 |
| Summary | p. 565 |
| Index | p. 567 |
| Table of Contents provided by Syndetics. All Rights Reserved. |
