IPsec Virtual Private Network Fundamentals free download
By admin on April 23, 2009
An introduction to designing and configuring Cisco IPsec VPNs
Understand the basics of the IPsec protocol and learn implementation best practices
Study up-to-date IPsec design, incorporating current Cisco innovations in the security and VPN marketplace
Learn how to avoid common pitfalls related to IPsec deployment
Reinforce theory with case studies, configuration examples showing how IPsec maps to real-world solutions
IPsec Virtual Private Network Fundamentals provides a basic working knowledge of IPsec on various Cisco routing and switching platforms. It provides the foundation necessary to understand the different components of Cisco IPsec implementation and how it can be successfully implemented in a variety of network topologies and markets (service provider, enterprise, financial, government). This book views IPsec as an emerging requirement in most major vertical markets, explaining the need for increased information authentication, confidentiality, and non-repudiation for secure transmission of confidential data. The book is written using a layered approach, starting with basic explanations of why IPsec was developed and the types of organizations relying on IPsec to secure data transmissions. It then outlines the basic IPsec/ISAKMP fundamentals that were developed to meet demand for secure data transmission. The book covers the design and implementation of IPsec VPN architectures using an array of Cisco products, starting with basic concepts and proceeding to more advanced topics including high availability solutions and public key infrastructure (PKI). Sample topology diagrams and configuration examples are provided in each chapter to reinforce the fundamentals expressed in text and to assist readers in translating concepts into practical deployment scenarios. Additionally, comprehensive case studies are incorporated throughout to map topics to real-world solutions.
-
Chapter 1, “Introduction to VPN Technologies” This chapter includes an introduction to various VPN technologies, discusses how VPNs are utilized in today’s networks, and identifies the drivers for business migration to VPN technologies. The discussion in this chapter provides the reader with a high-level overview of VPN, particularly with a comparison between Multiprotocol Label Switching (MPLS), Virtual Private Dialup Network (VPDN), Secure Sockets Layer (SSL), and IPsec VPNs. After a brief comparison of the VPN technologies, the focus turns to the business drivers for VPN, which include both economics and security.
-
Chapter 2, “IPsec Fundamentals” This chapter focuses on the underlying components and mechanics of IPsec, including cryptographic components, Internet Key Exchange (IKE), and IPsec. This chapter includes basic configuration examples (not step-by-step) to demonstrate the concepts.
Topics: Resource sharing, VPN | No Comments »
Network Security Bible free download
By admin on April 23, 2009
Introduction
Network security spans a large number of disciplines, ranging from management
and policy topics to operating system kernel fundamentals.
Historically, the coverage of these and the other network security areas was presented
in multiple, specialized publications or given a high-level treatment that was
not suited to the practitioner. Network Security Bible approaches network security
from the view of the individual who wants to learn and apply the associated network
security best practices without having to sort through a myriad of extraneous
material from multiple sources. The information provided in this text includes
“secrets” learned by practicing professionals in the field of network security
through many years of real-world experience.
The Goal of This Book
Network Security Bible provides comprehensive coverage of the fundamental concepts
of network security and the processes and means required to implement a
secure network. The goal of this text is to provide the reader with an understanding
of security engineering processes and network security best practices, including
in-depth specifics on the following topics:
✦ Windows
✦ UNIX
✦ Linux
✦ The World Wide Web
✦ E-mail
✦ Risk management
✦ Server applications
✦ Domain Name Systems (DNS)
✦ Communications security
Other topics are aimed at providing the reader with insight into information assurance
through clear and thorough tutorials on the latest information, including security
assessment, evaluation, and testing techniques. This up-to-date and applicable knowledge
will benefit practitioners in the commercial, government, and industrial sectors.
xxviii Introduction
Network Security Bible meets the needs of information security professionals and
other individuals who have to deal with network security in their everyday activities.
It is truly an all-inclusive reference that tells you why and how to achieve a
secure network in clear and concise terms.
The Five Parts of This Book
Network Security Bible is organized into the following five parts:
✦ Part I: Security Principles and Practices
✦ Part II: Operating Systems and Applications
✦ Part III: Network Security Fundamentals
✦ Part IV: Communications
✦ Part V: The Security Threat and Response
Topics: 350-018-Written | No Comments »
OpenVPN free download
By admin on April 23, 2009
Building and Integrating Virtual Private Networks 
Copyright © 2006 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, Packt Publishing, nor its dealers or distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Table of Contents
Preface 1
Chapter 1: VPN-Virtual Private Network 5
Branches Connected by Dedicated Lines 5
Broadband Internet Access and VPNs 6
How Does a VPN Work? 7
What are VPNs Used For? 9
Networking Concepts-Protocols and Layers 10
Tunneling and Overhead 11
VPN Concepts-Overview 13
A Proposed Standard for Tunneling 13
Protocols Implemented on OSI Layer 2 13
Protocols Implemented on OSI Layer 3 14
Protocols Implemented on OSI Layer 4 15
OpenVPN-An SSL/TLS-Based Solution 15
Summary 15
Chapter 2: VPN Security 17
VPN Security 17
Privacy-Encrypting the Traffic 18
Symmetric Encryption and Pre-Shared Keys 18
Reliability and Authentication 19
The Problem of Complexity in Classic VPNs 19
Asymmetric Encryption with SSL/TLS 20
SSL/TLS Security 20
Understanding SSL/TLS Certificates 21
Trusted Certificates 21
Self-Signed Certificates 23
SSL/TLS Certificates and VPNs 25
Summary 25
Topics: Resource sharing | No Comments »
Securing Networks with PIX and ASA free download
By admin on April 23, 2009
Copyright ï›™ 2005, Cisco Systems, Inc. All rights reserved.
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax
numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica
Croatia • Cyprus • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece
Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia
Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania
Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland
Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe
Copyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, the Cisco Square Bridge logo, Follow Me
Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play,
and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX,
Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco
IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the
Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive,
GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard,
LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet,
Topics: PIX, Resource sharing | No Comments »
Router Security Strategies free download
By admin on April 23, 2009
Introduction
The networking world is evolving at an ever-increasing pace. The rapid displacement of legacy, purpose-
built networks based on time-division multiplexing (TDM), Frame Relay, and Asynchronous
Transfer Mode (ATM) technologies to ubiquitous Internet Protocol (IP) packet-based networks capable
of supporting converged network services is well under way. Service providers can no longer afford to
deploy multiple networks, each built to support a single application or service such as voice, businessclass
data, or Internet traffic. The cost of deploying and operating multiple networks in this business
model is not financially sustainable. In addition, customer demand for integrated services and applications,
as well as new services and applications, means service delivery velocity is a critical requirement
of modern network architectures. Leading wireline and wireless service providers worldwide are
already migrating legacy network services onto IP core networks to take advantage of the bandwidth
efficiencies and scalability offered by IP networks, and their ability to enable rapid expansion into new
service markets.
Building and operating IP network infrastructures to meet the same carrier-class requirements that customers
demand, while carrying multiple, diverse services that have different bandwidth, jitter, and
latency requirements, is a challenging task. Single-purpose networks were designed and built to support
specific, tightly controlled operational characteristics. Carrying Internet traffic, voice traffic, cellular
traffic, and private (VPN) business traffic over a common IP backbone has significant implications for
both network design and network security. The loss of integrity through a network attack, for example,
in any one of the traffic services can potentially disrupt the entire “common network,” causing an impact
to the entire revenue base. Further, enterprises are increasingly dependent upon IP networking for
business operations.
Fundamentally, all networks have essentially two kinds of packets: data packets, which belong to customers
and carry customer traffic, and control and management packets, which belong to the network
and are used to create and operate the network. One of the strengths of the IP protocol is that all
packets traverse a “common pipe” (or are “in-band”). Networking professionals coming from the legacy
TDM/ATM network world may be unfamiliar with the concept of a common pipe for data and control
plane traffic, as these legacy systems separate data channels from “out-of-band” control channels.
Misunderstanding and trepidation often exist about how data packets and control packets can be
segmented and secured in a common network.
Even though IP networks carry all packets in-band, it is possible and, now more than ever, critical to
distinguish between the various types of packets being transported. Separating traffic into data, control,
management, and services planes (referred to as traffic planes) and properly segmenting and protecting
these traffic planes are required tasks to secure today’s highly converged IP networks. This book is the
first to cover IP network traffic plane separation and security in a formal and thorough manner.
Topics: Resource sharing | No Comments »
Info security2008 Threat Analysis free download
By admin on April 22, 2009
Foreword
The expression tempus fugit (essentially, time flies) brings to my mind vivid memories of
studying Latin at school twenty-something years ago.The very fact that these memories are
over two decades old is a perfect illustration: time really does fly.Thinking back to that class,
the idea that a book on computer security would ever make it to a general bookstore would
have brought amazement to my classmates. Zombie computers attacking businesses? Science
fiction! A popular book that teaches how to handle credit cards securely? Who could ever
need such a thing!
Of course, from the fact that you’re reading this, you understand who needs it.You do.
If you’ve already purchased this book, congratulations - you’ve taken a critical step
toward staying current in an endlessly-churning environment. If you’re leafing through the
ever-expanding “security” or “web” section of your local bookstore wondering if this book
is for you, please read on. Put into practice, the information here could save your business,
your money, or (last but not least) your reputation.
E-commerce, the ubiquity of the Internet, and the World Wide Web have changed
society in ways in which we are only just beginning to quantify. In today’s world, not only is
time money, but information is, too. Even as I write this, goods ordered online are on their
way to me from locations unknown; money and materials have changed hands - all I needed
was a few short numbers to make it happen. Information is the key, but as our information
systems evolve so do the threats they face.
If there is anything predictable about computing, it is that the electronic world is constantly
off-balance. In a scant handful of years, technology has become an enabler for businesses,
services and communities that would have seemed like pure fantasy two decades ago.
These innovations are exciting; they shape society and groups. However, as they have grown
so has their darker, malevolent twin: for every development, there exist those who seek to
Topics: Resource sharing | No Comments »
Security Monitoring with Cisco Security MARS free download
By admin on April 22, 2009
Introduction
Security Event Management (SEM) systems, Security Information Management (SIM) systems, and
Security Threat Mitigation (STM) systems are all solutions with a primary goal of making it easier to
determine when bad things are happening on your network. Ideally, the tools we use to correlate events
between various network and security devices or software will detect malicious behavior before damage
is done, rather than letting us know when we’ve already been compromised.
This book is intended to describe how a third-generation tool, the Cisco Security Monitoring, Analysis,
and Response System (CS-MARS), performs as an STM solution.
Goals and Methods
The goal of this book is to provide the information you need to successfully use the CS-MARS appliances
in a real network, on a day-to-day basis. No SIM or STM solution, out of the box, is a perfect fit
for every network. As you read through the chapters, we hope you find tidbits that help you make the
most of your investment. We also hope you learn enough to avoid some of the common mistakes and
misconfigurations.
CS-MARS is a powerful tool that can dramatically increase your knowledge of activity, whether malicious
or not, on your network. There are many case studies and other examples throughout the book that
show you how this STM functions in a real-world network. Hopefully, some of these examples will bear
a resemblance to your own network.
By the time your finish this book, you should have a good understanding of the overall operations and
maintenance tasks involved with a CS-MARS deployment. Some of the things you will learn include:
• How to properly design and size a CS-MARS deployment
• Protection of the information contained with CS-MARS
• Incident investigation techniques
• Customization features to allow support of applications and devices that aren’t natively
supported
• Creation of custom reports and queries
Topics: Resource sharing | No Comments »