The Concise Guide to Enterprise Internetworking and Security

The Concise Guide to Enterprise Internetworking and Security

By (author) 

List price: US$42.99

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

An Internetwork is a collection of individual networks, connected by networking devices, that functions as a single large network. This text considers the demands placed on the netwwork infrastructure and changes in software.
show more

Product details

  • Paperback | 316 pages
  • 187.96 x 228.6 x 20.32mm | 521.63g
  • Que Corporation,U.S.
  • United States
  • English
  • w. figs.
  • 0789724200
  • 9780789724205

Table of contents

Introduction.


About Security. Layout of This Book. Where to Go for More Information.



1. TCP/IP and Related Protocols.


How Data Travels Across Networks. The Monolithic Versus Layered Method of ApplicationDesign. The OSIModel.



The Physical Layer. The Data Link Layer. The Network Layer. The Transport Layer. The Session Layer. The Presentation Layer. The Application Layer.



TCP/IP and the Internet Layer Model. Mapping TCP/IP to the OSIModel. The Basics of Layer. Address Resolution Protocol. Connection Versus Connectionless Communication. TCP/IP.



Making TCPConnections. IPAddressing. IPAddress Classes. Routing.



User Datagram Protocol. IPPacket Headers.



Telnet. HTTP. SMTP. FTP. DNS. Internet Control Message Protocol (ICMP). Ping.



Internet Protocol Version 6 (IPv6) and ICMPv6.



2. Understanding WAN Bandwidth Delivery.


Introduction to Bandwidth Delivery: How the Computer Crashed into the Telephone.



Packet Switched Versus Circuit Switched Networks. The Telco Engineers Versus the Network Engineers.



Analog Modems. Hierarchy of Dedicated Digital Services.



Physical Properties. Signal Encoding. DS0: The One True Standard. DS1: the Ever Popular.



The T1 Frame.



Fractional. T3.



Fractional. SONET. ISDN.



Basic Rate Interface (BRI). Primary Rate Interface (PRI). ISDN Layer 1-Physical. ISDN Layer 2-Data Link. ISDN Layer 3-Network. Digital Subscriber Line (XDSL, aDSL, sDSL). ADSL. R-ADSL. HDSL. IDSL. VDSL. SDSL. Splitterless DSL or DSL-Lite. Loading Coils.



Cable Modems.



Shared Network Technologies. More on Sharing.



Frame Relay.



Circuit Switched Versus Packet Switched. Advantages of Frame Relay. Components of Frame Relay. Congestion and Delay.



Asynchronous Transfer Mode (ATM).



It's All About Timing. Mitosis. Why 53 Octets? ATM OSI Layers. ATM Adaptation Layers. Guaranteed Service Levels.



Wireless. Hardware Requirements for Different Networks.



3. Security Concepts.


Who Is Threatening Your Data? Common Types of Attacks.



Web Defacement. Unsolicited Commercial Email (UCE or Spam). Spoofing. Denial of Service (DoS).



Important Security Terminology.



Authentication. Authorization. Integrity. Encryption.



Of Public Keys and Private Washrooms.



X.509 Certificates. Pretty Good Privacy (PGP) Keys.



Public Key Infrastructure (PKI). Security Hardware.



Token-Based Cards. Smart Cards.



Security Through Obscurity.



World View Versus Internal View.



Different Layers of Security.



No Security. Hardened Security. Firewalls. Demilitarized Zone. Intrusion Detection Systems.



Different Kinds of Access Control.



Packet Screening. Circuit Proxies. Application Gateways. Stateful Inspection.



Network Address Translation.



4. Defining Connection Requirements.


Getting an Idea of What Your Users Need. Internet Applications Provided to the Internet. Sizing Your Internet Connection.



Buying the Skills. Hiring the Skills. Earning the Skills. Bandwidth Doesn't Always Mean Performance.



Criticality of Internet Connection.



Hosting All Servers On-Site. Critical Outbound Access, No Critical On-Site Servers. Bandwidth-on-Demand: Out of Speed.



Additional Services.



Virtual Private Networks. Remote Access. Multimedia, Multicasting, and the MBONE.



Security. Cost.



Customer Premises Equipment. Firewalls and Servers. Where to Cut Corners.



Reiteration Is Your Constant Companion. Connection Requirements Checklist.



5. Choosing an ISP.


Selecting the Right ISP Is a Critical Decision. NSP or ISP?



Network Access Point (NAP). Metropolitan Area Exchange (MAE). The Tiers of Babel.



Cost.



Paying by Bandwidth. Paying by Usage. Extras. Reimbursements for Network Downtime.



Reliability/Reputation.



Peer Survey.



Capacity (Can Your ISP Meet Your Needs?). Installation and Setup Services ISPs Offer.



Bandwidth Options. Web Hosting. Mail Hosting. Knowledge Services (Help Desk/Consulting). Managing Equipment Lease. IP Address Blocks. Co-locate: Your Equipment, the ISP's Building. Co-Location Considerations. Extended Protocols and Services.



Provisioning a WAN. Customer Premises Equipment. Managed Services.



Managing Your Router. Managing Your Firewall. Managing VPN Connectivity. Offering Proxy Services. Domain Name Registration. DNS Mail Exchanger Records.



6. Consulting, Consultants, and Contractors.


Consultants, Contractors, and Projects. Can You Do It All Yourself? From the Inside.



Before You Hire a Consultant. Before You Hire a Contractor. What Tasks Should You Farm Out? Questions You Should Ask Your Hired Help. Bonding and Insurance.



The Request For Proposal.



Agreeing Parties. Stated Objectives. Deliverables. Scope of Services. Risks. Requirements. Coordinators. Issues and Change Management. Timeline and Costs. Additional Costs. Defining a Statement of Work.



Segment the Project into Stages.



Information Collection. Analysis and Evaluation. Recommendation. Implementation. Acceptance and Transition.



7. Design Considerations.


Before Building Your Network. Getting Your Service from the Wall Through Hall.



Terminating the Telecom Demarcation. Wiring Contractors.



Configuring Clients for a New Connection.



Proxy Configuration. IP Addressing. Internet Software. Standard Build Process.



Defining IPArchitecture. Multi-Protocol Network Requirements.



Tunneling of Protocols Within IP. Tunneling IPv6 in IPv4.



Availability, Capacity, and Reliability.



Bandwidth, Latency, and Throughput. Backup Circuits. On-Demand Circuits.



Remote Access Policy.



Doing Away with Dialups.



8. Assessing Your Security Needs.


Build an Adaptable Infrastructure. The Tao of Security: Simplicity. Service Assessment.



Serving the World. Services Allowed from the Internet. The Special Case of FTP.



Rules, Rulesets, and Rulebases.



Rule Order. Performance-Tuning Your Firewall.



Turning Security Policy into Security.



Security Policy. Default Stance. Security Architecture. Security Architecture to Rulebase. Change Management. Harden All Your Servers. Drop Source Routed Traffic. Drop Directed Broadcast Traffic. Lock Down Your DNS Servers. Disable Relaying and Other Information Features on Your SMTP Server.



Sample Prototype Designs.



Packet Filter Router Only. Packet Filter Router with a DMZ. Router/Firewall and DMZ Revisited with VPN.



9. Getting Connected.


Equipment Selection.



Router Selection. CSU/DSU Selection.



Staging the Hardware.



Setting Up the Hardware: Out of the Box and Onto the Wall. Connect and Configure the CSU/DSU. B8ZS. Connect and Configure the Router. Burn In.



10. Implementing Security.


Setting Proper Expectations. Hardening Systems.



Windows NT 4.0. Windows 2000 Server. Lock Down Your DNS Server. Application-Specific Hardening. UNIX/Linux Systems. Tweak Your Network Configurations for Security.



Remote Log Server.



UNIX/Linux. Windows NT and 2000. EventLogs.



Sample Packet Filter Router Only. Sample Packet Filter Router with a DMZ. Sample Packet Filter Router with a Firewall and DMZ.



Minimal Router Filtering. Starting Free and Clear. Allow Internal Network Traffic Outbound to the Internet. Protect the Firewall. Allow Only Internal Admin Access to the Firewall. Drop Traffic You Do Not Want Logged. Services Provided to the Internet. Drop DMZ Initiated Traffic. Default Policy of Drop Everything.



Sample Packet Filter Router with a Firewall, DMZ, and VPN Security Gateway.



Bringing It All Together. Check Point FireWall-1 on Windows NT. Linux 2.2 and ipchains. OpenBSD 2.7 and IP Filter.



11. Testing and Validation.


Is Your Network Working Properly? Assembling the Tools.



Software Utilities. Hardware Sniffers. Network Analyzers/Protocol Analyzers.



Testing Your Routing.



Using ARP. Default Route.



Testing Your Required Services. Testing Your Exposed Services. Testing Your Security.



12. Managing Your Internet Connection.


Evaluating New Services.



Sign Up for BUGTRAQ. Sign Up for NTBUGTRAQ.



Checking for Security Breaches.



Periodic Vulnerability Assessment. Tools for Simple Intrusion Detection.



Monitoring and Baselining.



What to Baseline. How Long Should Baselining Last? Peaks Versus Averages. Identify the Sources of Peaks. Log Monitoring. Monitoring Usage.



Planning for the Future.



What's Going to Break First? Appraising New Technologies.



13. Moving to a New ISP.


Equipment Return. IPAddressing-The Return of Leased Numbers. DNS Modifications. New Equipment Purchases. Transition Period. Security Mail Servers. Upgrades.



Index.
show more