Cover image for The concise guide to enterprise internetworking and security
Title:
The concise guide to enterprise internetworking and security
Personal Author:
Publication Information:
Indianapolis, IN : Pearson Education, 2001
ISBN:
9780789724205
Added Author:

Available:*

Library
Item Barcode
Call Number
Material Type
Item Category 1
Status
Searching...
30000010047338 TK5105 C37 2001 Open Access Book Book
Searching...

On Order

Summary

Summary

An Internetwork is a collection of individual networks, connected by networking devices, that functions as a single large network. This text considers the demands placed on the netwwork infrastructure and changes in software.


Table of Contents

Introductionp. 1
About Securityp. 1
Layout of This Bookp. 2
Where to Go for More Informationp. 3
1 TCP/IP and Related Protocolsp. 5
How Data Travels Across Networksp. 5
The Monolithic Versus Layered Method of Application Designp. 6
The OSI Modelp. 6
The Physical Layerp. 7
The Data Link Layerp. 7
The Network Layerp. 7
The Transport Layerp. 7
The Session Layerp. 7
The Presentation Layerp. 8
The Application Layerp. 8
TCP/IP and the Internet Layer Modelp. 8
Mapping TCP/IP to the OSI Modelp. 9
The Basics of Layer 2p. 10
Address Resolution Protocolp. 11
Connection Versus Connectionless Communicationp. 11
TCP/IPp. 12
Making TCP Connectionsp. 13
IP Addressingp. 13
IP Address Classesp. 14
Routingp. 15
User Datagram Protocolp. 18
IP Packet Headersp. 19
Telnetp. 21
HTTPp. 21
SMTPp. 21
FTPp. 22
DNSp. 22
Internet Control Message Protocol (ICMP)p. 23
Pingp. 24
Internet Protocol Version 6 (IPv6) and ICMPv6p. 25
2 Understanding WAN Bandwidth Deliveryp. 29
Introduction to Bandwidth Delivery: How the Computer Crashed into the Telephonep. 29
Packet Switched Versus Circuit Switched Networksp. 31
The Telco Engineers Versus the Network Engineersp. 32
Analog Modemsp. 32
Hierarchy of Dedicated Digital Servicesp. 33
Physical Propertiesp. 33
Signal Encodingp. 33
DS0: The One True Standardp. 35
DS1: the Ever Popular T1p. 35
The T1 Framep. 37
Fractional T1p. 38
T3p. 38
Fractional T3p. 39
SONETp. 39
ISDNp. 42
Basic Rate Interface (BRI)p. 43
Primary Rate Interface (PRI)p. 44
ISDN Layer 1--Physicalp. 45
ISDN Layer 2--Data Linkp. 46
ISDN Layer 3--Networkp. 48
Digital Subscriber Line (XDSL, aDSL, sDSL)p. 49
ADSLp. 50
R-ADSLp. 50
HDSLp. 50
IDSLp. 51
VDSLp. 51
SDSLp. 51
Splitterless DSL or DSL-Litep. 51
Loading Coilsp. 53
Cable Modemsp. 53
Shared Network Technologiesp. 54
More on Sharingp. 55
Frame Relayp. 55
Circuit Switched Versus Packet Switchedp. 56
Advantages of Frame Relayp. 56
Components of Frame Relayp. 57
Congestion and Delayp. 60
Asynchronous Transfer Mode (ATM)p. 61
It's All About Timingp. 62
Mitosisp. 62
Why 53 Octets?p. 64
ATM OSI Layersp. 64
ATM Adaptation Layersp. 65
Guaranteed Service Levelsp. 65
Wirelessp. 66
Hardware Requirements for Different Networksp. 67
3 Security Conceptsp. 69
Who Is Threatening Your Data?p. 69
Common Types of Attacksp. 69
Web Defacementp. 70
Unsolicited Commercial Email (UCE or Spam)p. 70
Spoofingp. 70
Denial of Service (DoS)p. 71
Important Security Terminologyp. 73
Authenticationp. 74
Authorizationp. 74
Integrityp. 74
Encryptionp. 75
Of Public Keys and Private Washroomsp. 75
X.509 Certificatesp. 76
Pretty Good Privacy (PGP) Keysp. 77
Public Key Infrastructure (PKI)p. 78
Security Hardwarep. 78
Token-Based Cardsp. 78
Smart Cardsp. 79
Security Through Obscurityp. 79
World View Versus Internal Viewp. 79
Different Layers of Securityp. 80
No Securityp. 80
Hardened Securityp. 80
Firewallsp. 81
Demilitarized Zonep. 82
Intrusion Detection Systemsp. 82
Different Kinds of Access Controlp. 83
Packet Screeningp. 83
Circuit Proxiesp. 83
Application Gatewaysp. 84
Stateful Inspectionp. 84
Network Address Translationp. 84
4 Defining Connection Requirementsp. 87
Getting an Idea of What Your Users Needp. 87
Internet Applications Provided to the Internetp. 89
Sizing Your Internet Connectionp. 92
Buying the Skillsp. 92
Hiring the Skillsp. 93
Earning the Skillsp. 93
Bandwidth Doesn't Always Mean Performancep. 95
Criticality of Internet Connectionp. 96
Hosting All Servers On-Sitep. 96
Critical Outbound Access, No Critical On-Site Serversp. 97
Bandwidth-on-Demand: Out of Speedp. 97
Additional Servicesp. 97
Virtual Private Networksp. 98
Remote Accessp. 98
Multimedia, Multicasting, and the MBONEp. 98
Securityp. 98
Costp. 99
Customer Premises Equipmentp. 99
Firewalls and Serversp. 100
Where to Cut Cornersp. 100
Reiteration Is Your Constant Companionp. 102
Connection Requirements Checklistp. 102
5 Choosing an ISPp. 105
Selecting the Right ISP Is a Critical Decisionp. 105
NSP or ISP?p. 106
Network Access Point (NAP)p. 106
Metropolitan Area Exchange (MAE)p. 106
The Tiers of Babelp. 107
Costp. 107
Paying by Bandwidthp. 108
Paying by Usagep. 108
Extrasp. 108
Reimbursements for Network Downtimep. 108
Reliability/Reputationp. 108
Peer Surveyp. 108
Capacity (Can Your ISP Meet Your Needs?)p. 109
Installation and Setup Services ISPs Offerp. 109
Bandwidth Optionsp. 109
Web Hostingp. 110
Mail Hostingp. 110
Knowledge Services (Help Desk / Consulting)p. 110
Managing Equipment Leasep. 111
IP Address Blocksp. 111
Co-locate: Your Equipment, the ISP's Buildingp. 111
Co-Location Considerationsp. 112
Extended Protocols and Servicesp. 118
Provisioning a WANp. 120
Customer Premises Equipmentp. 121
Managed Servicesp. 121
Managing Your Routerp. 122
Managing Your Firewallp. 122
Managing VPN Connectivityp. 122
Offering Proxy Servicesp. 123
Domain Name Registrationp. 123
DNS Mail Exchanger Recordsp. 124
6 Consulting, Consultants, and Contractorsp. 125
Consultants, Contractors, and Projectsp. 125
Can You Do It All Yourself?p. 126
From the Insidep. 126
Before You Hire a Consultantp. 126
Before You Hire a Contractorp. 127
What Tasks Should You Farm Out?p. 128
Questions You Should Ask Your Hired Helpp. 129
Bonding and Insurancep. 130
The Request For Proposalp. 131
Agreeing Partiesp. 131
Stated Objectivesp. 131
Deliverablesp. 131
Scope of Servicesp. 132
Risksp. 132
Requirementsp. 132
Coordinatorsp. 133
Issues and Change Managementp. 133
Timeline and Costsp. 135
Additional Costsp. 135
Defining a Statement of Workp. 135
Segment the Project into Stagesp. 135
Information Collectionp. 136
Analysis and Evaluationp. 136
Recommendationp. 137
Implementationp. 137
Acceptance and Transitionp. 138
7 Design Considerationsp. 139
Before Building Your Networkp. 139
Getting Your Service from the Wall Through Hallp. 140
Terminating the Telecom Demarcationp. 140
Wiring Contractorsp. 140
Configuring Clients for a New Connectionp. 141
Proxy Configurationp. 141
IP Addressingp. 144
Internet Softwarep. 145
Standard Build Processp. 145
Defining IP Architecturep. 146
Multi-Protocol Network Requirementsp. 146
Tunneling of Protocols Within IPp. 146
Tunneling IPv6 in IPv4p. 147
Availability, Capacity, and Reliabilityp. 147
Bandwidth, Latency, and Throughputp. 149
Backup Circuitsp. 149
On-Demand Circuitsp. 149
Remote Access Policyp. 150
Doing Away with Dialupsp. 150
8 Assessing Your Security Needsp. 151
Build an Adaptable Infrastructurep. 151
The Tao of Security: Simplicityp. 152
Service Assessmentp. 152
Serving the Worldp. 153
Services Allowed from the Internetp. 156
The Special Case of FTPp. 158
Rules, Rulesets, and Rulebasesp. 159
Rule Orderp. 160
Performance-Tuning Your Firewallp. 161
Turning Security Policy into Securityp. 163
Security Policyp. 163
Default Stancep. 163
Security Architecturep. 163
Security Architecture to Rulebasep. 164
Change Managementp. 167
Harden All Your Serversp. 167
Drop Source Routed Trafficp. 168
Drop Directed Broadcast Trafficp. 169
Lock Down Your DNS Serversp. 169
Disable Relaying and Other Information Features on Your SMTP Serverp. 170
Sample Prototype Designsp. 170
Packet Filter Router Onlyp. 170
Packet Filter Router with a DMZp. 172
Router / Firewall and DMZ Revisited with VPNp. 175
9 Getting Connectedp. 179
Equipment Selectionp. 179
Router Selectionp. 179
CSU / DSU Selectionp. 182
Staging the Hardwarep. 182
Setting Up the Hardware: Out of the Box and Onto the Wallp. 183
Connect and Configure the CSU / DSUp. 183
B8ZSp. 183
Connect and Configure the Routerp. 184
Burn Inp. 185
10 Implementing Securityp. 187
Setting Proper Expectationsp. 187
Hardening Systemsp. 188
Windows NT 4.0p. 188
Windows 2000 Serverp. 194
Lock Down Your DNS Serverp. 197
Application-Specific Hardeningp. 198
UNIX / Linux Systemsp. 198
Tweak Your Network Configurations for Securityp. 208
Remote Log Serverp. 210
UNIX / Linuxp. 211
Windows NT and 2000p. 211
EventLogsp. 211
Sample Packet Filter Router Onlyp. 212
Sample Packet Filter Router with a DMZp. 214
Sample Packet Filter Router with a Firewall and DMZp. 217
Minimal Router Filteringp. 219
Starting Free and Clearp. 220
Allow Internal Network Traffic Outbound to the Internetp. 222
Protect the Firewallp. 226
Allow Only Internal Admin Access to the Firewallp. 228
Drop Traffic You Do Not Want Loggedp. 229
Services Provided to the Internetp. 230
Drop DMZ Initiated Trafficp. 233
Default Policy of Drop Everythingp. 234
Sample Packet Filter Router with a Firewall, DMZ, and VPN Security Gatewayp. 241
Bringing It All Togetherp. 236
Check Point FireWall-1 on Windows NTp. 242
Linux 2.2 and ipchainsp. 242
OpenBSD 2.7 and IP Filterp. 244
11 Testing and Validationp. 245
Is Your Network Working Properly?p. 245
Assembling the Toolsp. 245
Software Utilitiesp. 246
Hardware Sniffersp. 250
Network Analyzers/Protocol Analyzersp. 250
Testing Your Routingp. 251
Using ARPp. 251
Default Routep. 251
Testing Your Required Servicesp. 253
Testing Your Exposed Servicesp. 253
Testing Your Securityp. 253
12 Managing Your Internet Connectionp. 255
Evaluating New Servicesp. 255
Sign Up for BUGTRAQp. 256
Sign Up for NTBUGTRAQp. 257
Checking for Security Breachesp. 258
Periodic Vulnerability Assessmentp. 258
Tools for Simple Intrusion Detectionp. 258
Monitoring and Baseliningp. 262
What to Baselinep. 263
How Long Should Baselining Last?p. 263
Peaks Versus Averagesp. 263
Identify the Sources of Peaksp. 263
Log Monitoringp. 263
Monitoring Usagep. 267
Planning for the Futurep. 268
What's Going to Break First?p. 269
Appraising New Technologiesp. 269
13 Moving to a New ISPp. 271
Equipment Returnp. 271
IP Addressing--The Return of Leased Numbersp. 272
DNS Modificationsp. 272
New Equipment Purchasesp. 272
Transition Periodp. 272
Securityp. 273
Mail Serversp. 273
Upgradesp. 273
Indexp. 275