Cantitate/Preț
Produs

SSL Remote Access VPNs: Cisco Press Networking Technology

Autor Jazib Frahim, Qiang Huang
en Limba Engleză Paperback – feb 2008
An introduction to designing and configuring SSL Virtual Private Networks (VPNs)
  • Enables you to understand the benefits and disadvantages of the various types of remote access VPNs and to choose the appropriate technology for their environment
  • Helps network administrators deploy SSL VPNs independently or as an integrated solution
  • Provides detailed configuration advice across all Cisco platforms that support VPNs
SSL Remote Access VPNs provides you with a basic working knowledge of SSL on various Cisco platforms - ASA appliance, router, or firewall. The book's target audience includes beginner to intermediate level network professionals and IT managers who desire to build a basic foundation of SSL understanding. It aims to provide the you with the information necessary to understand the different components of these Remote access VPN solutions. Advantages and disadvantages of each type of VPN are discussed along with guidelines on when to choose one technology over another and how to deploy and manage the solutions independently and as an integrated solution.
This book is structured in three main parts. Section I covers the Introduction of Secure Sockets Layer (SSL) as a protocol, and then explains what elements make up an SSL VPN. Section II covers the SSL VPN design considerations and how readers can address concerns for endpoint security, device placement, integrated security services, high availability, scalability and performance, application support, virtualization and auditing. The final section ends with the configuration on ASA appliances and on IOS routers. The book concludes by showing readers how to manage and monitor their SSL VPN solution.
Citește tot Restrânge

Preț: 29438 lei

Preț vechi: 36800 lei
-20%

Puncte Express: 442

Preț estimativ în valută:
5640 6109$ 4837£

Cartea nu se mai tipărește

Doresc să fiu notificat când acest titlu va fi disponibil:

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9781587052422
ISBN-10: 1587052423
Pagini: 349
Dimensiuni: 186 x 229 x 21 mm
Greutate: 0.63 kg
Ediția:1
Editura: Cisco Press
Seria Cisco Press Networking Technology

Locul publicării:Indianapolis, United States

Descriere

SSL Remote Access VPNs
 
An introduction to designing and configuring SSL virtual private networks
 
Jazib Frahim, CCIE® No. 5459
Qiang Huang, CCIE No. 4937
 
Cisco® SSL VPN solutions (formerly known as Cisco WebVPN solutions) give you a flexible and secure way to extend networking resources to virtually any remote user with access to the Internet and a web browser. Remote access based on SSL VPN delivers secure access to network resources by establishing an encrypted tunnel across the Internet using a broadband (cable or DSL) or ISP dialup connection.
 
SSL Remote Access VPNs provides you with a basic working knowledge of SSL virtual private networks on Cisco SSL VPN-capable devices. Design guidance is provided to assist you in implementing SSL VPN in existing network infrastructures. This includes examining existing hardware and software to determine whether they are SSL VPN capable, providing design recommendations, and guiding you on setting up the Cisco SSL VPN devices. Common deployment scenarios are covered to assist you in deploying an SSL VPN in your network.
 
SSL Remote Access VPNs gives you everything you need to know to understand, design, install, configure, and troubleshoot all the components that make up an effective, secure SSL VPN solution.
 
Jazib Frahim, CCIE® No. 5459, is currently working as a technical leader in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks, with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security.
 
Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for market-leading modular Ethernet switching platforms. During his time at Cisco, Qiang has played an important role in a number of technology groups, including the Cisco TAC security and VPN team, where he was responsible for trouble-shooting complicated customer deployments in security and VPN solutions. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and
ISP Dial.
 
  • Understand remote access VPN technologies, such as Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPsec), Layer 2 Forwarding (L2F), Layer 2 Tunneling (L2TP) over IPsec, and SSL VPN
  • Learn about the building blocks of SSL VPN, including cryptographic algorithms and SSL and Transport Layer Security (TLS)
  • Evaluate common design best practices for planning and designing an SSL VPN solution
  • Gain insight into SSL VPN functionality on Cisco Adaptive Security Appliance (ASA) and Cisco IOS® routers
  • Install and configure SSL VPNs on Cisco ASA and Cisco IOS routers
  • Manage your SSL VPN deployment using Cisco Security Manager
 
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
 
Category: Networking: Security
Covers: SSL VPNs
 

Cuprins

Introduction
Chapter 1: Introduction to Remote Access VPN Technologies
Remote Access Technologies 5
IPsec 5
    Software-Based VPN Clients 7
    Hardware-Based VPN Clients 7
SSL VPN 7
L2TP 9
L2TP over IPsec 11
PPTP 13
Summary 14
Chapter 2: SSL VPN Technology
Cryptographic Building Blocks of SSL VPNs 17
    Hashing and Message Integrity Authentication 17
        Hashing 18
        Message Authentication Code 18
    Encryption 20
        RC4 21
        DES and 3DES 22
        AES 22
        Diffie-Hellman 23
        RSA and DSA 24
    Digital Signatures and Digital Certification 24
        Digital Signatures 24
        Public Key Infrastructure, Digital Certificates, and Certification 25
SSL and TLS 30
    SSL and TLS History 30
    SSL Protocols Overview 31
        OSI Layer Placement and TCP/IP Protocol Support 31
        SSL Record Protocol and Handshake Protocols 33
        SSL Connection Setup 34
        Application Data 42
        Case Study: SSL Connection Setup 43
    DTLS 48
SSL VPN 49
    Reverse Proxy Technology 50
        URL Mangling 52
        Content Rewriting 53
    Port-Forwarding Technology 55
    Terminal Services 58
    SSL VPN Tunnel Client 58
Summary 59
References 60
Chapter 3: SSL VPN Design Considerations
Not All Resource Access Methods Are Equal 63
User Authentication and Access Privilege Management 65
    User Authentication 66
    Choice of Authentication Servers 66
    AAA Server Scalability and High Availability 67
        AAA Server Scalability 67
        AAA Server High Availability and Resiliency 68
        Resource Access Privilege Management 68
Security Considerations 70
    Security Threats 71
        Lack of Security on Unmanaged Computers 71
        Data Theft 71
        Man-in-the-Middle Attacks 72
        Web Application Attack 73
        Spread of Viruses, Worms, and Trojans from Remote Computers to the Internal Network 73
        Split Tunneling 73
        Password Attacks 74
    Security Risk Mitigation 74
Strong User Authentication and Password Policy 75
        Choose Strong Cryptographic Algorithms 75
        Session Timeout and Persistent Sessions 75
        Endpoint Security Posture Assessment and Validation 75
        VPN Session Data Protection 76
        Techniques to Prevent Data Theft 76
        Web Application Firewalls, Intrusion Prevention Systems, and Antivirus and Network Admission Control Technologies 77
Device Placement 78
Platform Options 79
Virtualization 79
High Availability 80
Performance and Scalability 81
Summary 82
References 82
Chapter 4: Cisco SSL VPN Family of Products
Overview of Cisco SSL VPN Product Portfolio 85
Cisco ASA 5500 Series 87
    SSL VPN History on Cisco ASA 87
    SSL VPN Specifications on Cisco ASA 88
    SSL VPN Licenses on Cisco ASA 89
Cisco IOS Routers 90
    SSL VPN History on Cisco IOS Routers 90
    SSL VPN Licenses on Cisco IOS Routers 90
Summary 91
Chapter 5: SSL VPNs on Cisco ASA
SSL VPN Design Considerations 93
SSL VPN Prerequisites 95
    SSL VPN Licenses 95
    Client Operating System and Browser and Software Requirements 96
    Infrastructure Requirements 97
Pre-SSL VPN Configuration Guide 97
    Enrolling Digital Certificates (Recommended) 98
        Step 1: Configuring a Trustpoint 98
        Step 2: Obtaining a CA Certificate 99
        Step 3: Obtaining an Identity Certificate 100
    Setting Up ASDM 101
        Uploading ASDM 102
        Setting Up the Appliance 103
    Accessing ASDM 104
    Setting Up Tunnel and Group Policies 106
        Configuring Group-Policies 107
        Configuring a Tunnel Group 110
    Setting Up User Authentication 110
Clientless SSL VPN Configuration Guide 114
    Enabling Clientless SSL VPN on an Interface 116
    Configuring SSL VPN Portal Customization 117
        Logon Page 118
        Portal Page 123
        Logout Page 125
        Portal Customization and User Group 126
        Full Customization 129
    Configuring Bookmarks 134
        Configuring Websites 135
        Configuring File Servers 137
        Applying a Bookmark List to a Group Policy 139
        Single Sign-On 140
    Configuring Web-Type ACLs 141
    Configuring Application Access 144
        Configuring Port Forwarding 144
        Configuring Smart Tunnels 147
    Configuring Client-Server Plug-Ins 150
AnyConnect VPN Client Configuration Guide 152
    Loading the SVC Package 154
    Defining AnyConnect VPN Client Attributes 155
        Enabling AnyConnect VPN Client Functionality 155
        Defining a Pool of Addresses 156
        Configuring Traffic Filters 159
        Configuring a Tunnel Group 159
    Advanced Full Tunnel Features 159
        Split Tunneling 159
        DNS and WINS Assignment 161
        Keeping the SSL VPN Client Installed 162
        Configuring DTLS 163
Cisco Secure Desktop 164
    CSD Components 165
        Secure Desktop Manager 165
        Secure Desktop 165
        Cache Cleaner 166
    CSD Requirements 166
        Supported Operating Systems 166
        User Privileges 167
        Supported Internet Browsers 167
        Internet Browser Settings 167
    CSD Architecture 168
    Configuring CSD 169
        Loading the CSD Package 169
        Defining Prelogin Sequences 170
Host Scan 182
    Host Scan Modules 183
        Basic Host Scan 183
        Endpoint Assessment 183
        Advanced Endpoint Assessment 184
    Configuring Host Scan 184
        Setting Up Basic Host Scan 184
        Enabling Endpoint Host Scan 186
        Setting Up an Advanced Endpoint Host Scan 187
Dynamic Access Policies 189
    DAP Architecture 190
        DAP Records 191
        DAP Selection Rules 191
        DAP Configuration File 191
    DAP Sequence of Events 191
    Configuring DAP 192
        Selecting a AAA Attribute 193
        Selecting Endpoint Attributes 195
        Defining Access Policies 197
Deployment Scenarios 205
    AnyConnect Client with CSD and External Authentication 206
        Step 1: Set Up CSD 207
        Step 2: Set Up RADIUS for Authentication 207
        Step 3: Configure AnyConnect SSL VPN 208
    Clientless Connections with DAP 209
        Step 1: Define Clientless Connections 210
        Step 2: Configuring DAP 211
Monitoring and Troubleshooting SSL VPN 212
    Monitoring SSL VPN 212
    Troubleshooting SSL VPN 215
        Troubleshooting SSL Negotiations 215
        Troubleshooting AnyConnect Client Issues 215
        Troubleshooting Clientless Issues 217
        Troubleshooting CSD 219
        Troubleshooting DAP 219
Summary 220
Chapter 6: SSL VPNs on Cisco IOS Routers
SSL VPN Design Considerations 223
IOS SSL VPN Prerequisites 225
IOS SSL VPN Configuration Guide 226
    Configuring Pre-SSL VPN Setup 226
        Setting Up User Authentication 226
        Enrolling Digital Certificates (Recommended) 229
        Loading SDM (Recommended) 232
    Initial SSL VPN Configuration 235
        Step 1: Setting Up an SSL VPN Gateway 237
        Step 2: Setting Up an SSL VPN Context 239
        Step 3: Configuring SSL VPN Look and Feel 241
        Step 4: Configuring SSL VPN Group Policies 245
Advanced SSL VPN Features 247
    Configuring Clientless SSL VPNs 247
    Windows File Sharing 253
    Configuring Application ACL 257
    Thin Client SSL VPNs 259
        Step 1: Defining Port-Forwarding Lists 261
        Step 2: Mapping Port-Forwarding Lists to a Group Policy 262
    AnyConnect SSL VPN Client 264
        Step 1: Loading the AnyConnect Package 264
        Step 2: Defining AnyConnect VPN Client Attributes 266
Cisco Secure Desktop 276
    CSD Components 277
        Secure Desktop Manager 277
        Secure Desktop 277
        Cache Cleaner 278
    CSD Requirements 278
        Supported Operating Systems 278
        User Privileges 279
        Supported Internet Browsers 279
        Internet Browser Settings 279
    CSD Architecture 280
    Configuring CSD 281
        Step 1: Loading the CSD Package 282
        Step 2: Launching the CSD Package 283
        Step 3: Defining Policies for Windows-Based Clients 283
        Defining Policies for Windows CE 298
        Defining Policies for the Mac and Linux Cache Cleaner 298
Deployment Scenarios 301
    Clientless Connections with CSD 301
        Step 1: User Authentication and DNS 302
        Step 2: Set Up CSD 303
        Step 3: Define Clientless Connections 303
    AnyConnect Client and External Authentication 304
        Step 1: Set Up RADIUS for Authentication 305
        Step 2: Install the AnyConnect SSL VPN 306
        Step 3: Configure AnyConnect SSL VPN Properties 306
Monitoring an SSL VPN in Cisco IOS 307
Summary 311
Chapter 7: Management of SSL VPNs
Multidevice Policy Provisioning 314
    Device View and Policy View 314
        Device View 314
        Policy View 318
    Use of Common Objects for Multidevice Management 320
Workflow Control and Role-Based Access Control 322
    Workflow Control 323
    Workflow Mode 324
    Role-Based Administration 326
        Native Mode 326
        Cisco Secure ACS Integration Mode 327
Summary 331
References 331
 
1587052423   TOC   5/13/2008

Notă biografică

Jazib Frahim, CCIE No. 5459, has been with Cisco for more than nine years. Having a bachelor’s degree in computer engineering from Illinois Institute of Technology, he started out as a TAC engineer in the LAN Switching team. He then moved to the TAC Security team, where he acted as a technical leader for the security products. He led a team of 20 engineers in resolving complicated security and VPN technologies. He is currently working as a technical leader in the Worldwide Security Services Practice of Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security. He has written numerous Cisco online technical documents and has been an active member on the Cisco online forum NetPro. He has presented at Networkers on multiple occasions and has taught many on-site and online courses to Cisco customers, partners, and employees.
 
He has recently received his master of business administration (MBA) degree from North Carolina State University. He is also an author of the following Cisco Press books: Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting, and Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance.
 
Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Systems Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for Cisco marketleading modular Ethernet switching platforms. He has been with Cisco for almost ten years. During his time at Cisco, Qiang played an important role in a number of technology groups including the following: technical lead in the Cisco TAC security and VPN team, where he was responsible for troubleshooting complicated customer deployments in security and VPN solutions; a security consulting engineer in the Cisco Advanced Service Group, providing security posture assessment and consulting services to customers; a technical marketing engineer focusing on competitive analysis and market intelligence in network security with specialization in the emerging SSL VPN technology. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and ISP dial. He is also one of the contributing authors of Internetworking Technologies Handbook, Fourth Edition. Qiang received a master’s degree in electrical engineering from Colorado State University.
 

Textul de pe ultima copertă

"SSL Remote Access VPNs" An introduction to designing and configuring SSL virtual private networks Jazib Frahim, CCIE(R) No. 5459 Qiang Huang, CCIE No. 4937 Cisco(R) SSL VPN solutions (formerly known as Cisco WebVPN solutions) give you a flexible and secure way to extend networking resources to virtually any remote user with access to the Internet and a web browser. Remote access based on SSL VPN delivers secure access to network resources by establishing an encrypted tunnel across the Internet using a broadband (cable or DSL) or ISP dialup connection. "SSL Remote Access VPNs" provides you with a basic working knowledge of SSL virtual private networks on Cisco SSL VPN-capable devices. Design guidance is provided to assist you in implementing SSL VPN in existing network infrastructures. This includes examining existing hardware and software to determine whether they are SSL VPN capable, providing design recommendations, and guiding you on setting up the Cisco SSL VPN devices. Common deployment scenarios are covered to assist you in deploying an SSL VPN in your network. "SSL Remote Access VPNs" gives you everything you need to know to understand, design, install, configure, and troubleshoot all the components that make up an effective, secure SSL VPN solution. Jazib Frahim, CCIE(R) No. 5459, is currently working as a technical leader in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks, with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security. Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for market-leading modular Ethernet switching platforms. During his time at Cisco, Qiang has played an important role in a number of technology groups, including the Cisco TAC security and VPN team, where he was responsible for trouble-shooting complicated customer deployments in security and VPN solutions. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and ISP Dial.
  • Understand remote access VPN technologies, such as Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPsec), Layer 2 Forwarding (L2F), Layer 2 Tunneling (L2TP) over IPsec, and SSL VPN
  • Learn about the building blocks of SSL VPN, including cryptographic algorithms and SSL and Transport Layer Security (TLS)
  • Evaluate common design best practices for planning and designing an SSL VPN solution
  • Gain insight into SSL VPN functionality on Cisco Adaptive Security Appliance (ASA) and Cisco IOS(R) routers
  • Install and configure SSL VPNs on Cisco ASA and Cisco IOS routers
  • Manage your SSL VPN deployment using Cisco Security Manager
This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: Security Covers: SSL VPNs