MPLS VPN Security
10%
off

MPLS VPN Security

3 (1 rating by Goodreads)
By (author)  , By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 10 business days
When will my order arrive?

Description

A practical guide to hardening MPLS networks Define "zones of trust" for your MPLS VPN environment Understand fundamental security principles and how MPLS VPNs work Build an MPLS VPN threat model that defines attack points, such as VPN separation, VPN spoofing, DoS against the network's backbone, misconfigurations, sniffing, and inside attack forms Identify VPN security requirements, including robustness against attacks, hiding of the core infrastructure, protection against spoofing, and ATM/Frame Relay security comparisons Interpret complex architectures such as extranet access with recommendations of Inter-AS, carrier-supporting carriers, Layer 2 security considerations, and multiple provider trust model issues Operate and maintain a secure MPLS core with industry best practices Integrate IPsec into your MPLS VPN for extra security in encryption and data origin verification Build VPNs by interconnecting Layer 2 networks with new available architectures such as virtual private wire service (VPWS) and virtual private LAN service (VPLS) Protect your core network from attack by considering Operations, Administration, and Management (OAM) and MPLS backbone security incidents Multiprotocol Label Switching (MPLS) is becoming a widely deployed technology, specifically for providing virtual private network (VPN) services. Security is a major concern for companies migrating to MPLS VPNs from existing VPN technologies such as ATM. Organizations deploying MPLS VPNs need security best practices for protecting their networks, specifically for the more complex deployment models such as inter-provider networks and Internet provisioning on the network. MPLS VPN Security is the first book to address the security features of MPLS VPN networks and to show you how to harden and securely operate an MPLS network. Divided into four parts, the book begins with an overview of security and VPN technology. A chapter on threats and attack points provides a foundation for the discussion in later chapters. Part II addresses overall security from various perspectives, including architectural, design, and operation components. Part III provides practical guidelines for implementing MPLS VPN security. Part IV presents real-world case studies that encompass details from all the previous chapters to provide examples of overall secure solutions. Drawing upon the authors' considerable experience in attack mitigation and infrastructure security, MPLS VPN Security is your practical guide to understanding how to effectively secure communications in an MPLS environment. "The authors of this book, Michael Behringer and Monique Morrow, have a deep and rich understanding of security issues, such as denial-of-service attack prevention and infrastructure protection from network vulnerabilities. They offer a very practical perspective on the deployment scenarios, thereby demystifying a complex topic. I hope you enjoy their insights into the design of self-defending networks."-Jayshree V. Ullal, Senior VP/GM Security Technology Group, Cisco Systems (R)show more

Product details

  • Paperback | 312 pages
  • 188 x 228.6 x 20.3mm | 521.64g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587051834
  • 9781587051838

Back cover copy

A practical guide to hardening MPLS networks Define "zones of trust" for your MPLS VPN environment Understand fundamental security principles and how MPLS VPNs work Build an MPLS VPN threat model that defines attack points, such as VPN separation, VPN spoofing, DoS against the network's backbone, misconfigurations, sniffing, and inside attack forms Identify VPN security requirements, including robustness against attacks, hiding of the core infrastructure, protection against spoofing, and ATM/Frame Relay security comparisons Interpret complex architectures such as extranet access with recommendations of Inter-AS, carrier-supporting carriers, Layer 2 security considerations, and multiple provider trust model issues Operate and maintain a secure MPLS core with industry best practices Integrate IPsec into your MPLS VPN for extra security in encryption and data origin verification Build VPNs by interconnecting Layer 2 networks with new available architectures such as virtual private wire service (VPWS) and virtual private LAN service (VPLS) Protect your core network from attack by considering Operations, Administration, and Management (OAM) and MPLS backbone security incidents Multiprotocol Label Switching (MPLS) is becoming a widely deployed technology, specifically for providing virtual private network (VPN) services. Security is a major concern for companies migrating to MPLS VPNs from existing VPN technologies such as ATM. Organizations deploying MPLS VPNs need security best practices for protecting their networks, specifically for the more complex deployment models such as inter-provider networks and Internet provisioning on the network. "MPLS VPN Security "is the first book to address the security features of MPLS VPN networks and to show you how to harden and securely operate an MPLS network. Divided into four parts, the book begins with an overview of security and VPN technology. A chapter on threats and attack points provides a foundation for the discussion in later chapters. Part II addresses overall security from various perspectives, including architectural, design, and operation components. Part III provides practical guidelines for implementing MPLS VPN security. Part IV presents real-world case studies that encompass details from all the previous chapters to provide examples of overall secure solutions. Drawing upon the authors' considerable experience in attack mitigation and infrastructure security, "MPLS VPN Security" is your practical guide to understanding how to effectively secure communications in an MPLS environment. "The authors of this book, Michael Behringer and Monique Morrow, have a deep and rich understanding of security issues, such as denial-of-service attack prevention and infrastructure protection from network vulnerabilities. They offer a very practical perspective on the deployment scenarios, thereby demystifying a complex topic. I hope you enjoy their insights into the design of self-defending networks." -Jayshree V. Ullal, Senior VP/GM Security Technology Group, Cisco Systems(R)show more

About Michael H. Behringer

Michael H. Behringer is a distinguished engineer at Cisco (R), where his expertise focuses on MPLS VPN security, service provider security, and denial-of-service (DoS) attack prevention. Prior to joining Cisco Systems, he was responsible for the design and implementation of pan-European networks for a major European Internet service provider. Monique J. Morrow is a CTO consulting engineer at Cisco Systems, to which she brings more than 20 years' experience in IP internetworking, design, and service development for service providers. Monique led the engineering project team for one of the first European MPLS VPN deployments for a European Internet service provider.show more

Table of contents

ForewordIntroductionPart I MPLS VPN and Security FundamentalsChapter 1MPLS VPN Security: An OverviewKey Security ConceptsSecurity Differs from Other TechnologiesWhat Is "Secure"?No System Is 100 Percent SecureThree Components of System SecurityPrinciple of the Weakest LinkPrinciple of the Least PrivilegeOther Important Security ConceptsOverview of VPN TechnologiesFundamentals of MPLS VPNsNomenclature of MPLS VPNsThree Planes of an MPLS VPN NetworkSecurity Implications of Connectionless VPNsA Security Reference Model for MPLS VPNsSummaryChapter 2A Threat Model for MPLS VPNsThreats Against a VPNIntrusions into a VPNDenial of Service Against a VPNThreats Against an Extranet SiteThreats Against the CoreMonolithic CoreInter-AS: A Multi-AS CoreCarrier's Carrier: A Hierarchical CoreThreats Against a Network Operations CenterThreats Against the InternetThreats from Within a Zone of TrustReconnaissance AttacksSummaryPart II Advanced MPLS VPN Security IssuesChapter 3MPLS Security AnalysisVPN SeparationAddress Space SeparationTraffic SeparationRobustness Against AttacksWhere an MPLS Core Can Be AttackedHow an MPLS Core Can Be AttackedHow the Core Can Be ProtectedHiding the Core InfrastructureProtection Against SpoofingSpecific Inter-AS ConsiderationsModel A: VRF-to-VRF Connections at the AS Border RoutersModel B: EBGP Redistribution of Labeled VPN-IPv4 Routes from AS to Neighboring ASModel C: Multihop eBGP Redistribution of Labeled VPN-IPv4 Routes Between Source and Destination ASs, with eBGP Redistribution of Labeled IPv4 Routes from AS to Neighboring ASComparison of Inter-AS Security ConsiderationsSpecific Carrier's Carrier ConsiderationsHow CsC WorksSecurity of CsCSecurity Issues Not Addressed by the MPLS ArchitectureComparison to ATM/FR SecurityVPN SeparationRobustness Against AttacksHiding the Core InfrastructureImpossibility of VPN SpoofingCE-CE VisibilityComparison of VPN Security TechnologiesSummaryChapter 4Secure MPLS VPN DesignsInternet AccessMPLS Core Without Internet ConnectivityGeneric Internet Design RecommendationsInternet in a VRFInternet in the Global Routing TableOverview of Internet ProvisioningExtranet AccessMPLS VPNs and FirewallingDesigning DoS-Resistant NetworksOverview of DoSDesigning a DoS-Resistant Provider EdgeTradeoffs Between DoS Resistance and Network CostDoS Resistant RoutersInter-AS Recommendations and Traversing Multiple Provider Trust Model IssuesCase A: VRF-to-VRF Connection on ASBRsCase B: eBGP Redistribution of Labeled VPN-IPv4 RoutesCase C: Multi-Hop eBGP Distribution of Labeled VPN-IPv4 Routes with eBGP Redistribution of IP4 RoutesCarriers' CarrierLayer 2 Security ConsiderationsMulticast VPN SecuritySummaryChapter 5Security RecommendationsGeneral Router SecuritySecure Access to RoutersDisabling Unnecessary Services for SecurityIP Source Address Verification12000 Protection and Receive ACLs (rACLs)Control Plane PolicingAutoSecureCE-Specific Router Security and Topology Design ConsiderationsManaged CE Security ConsiderationsUnmanaged CE Security ConsiderationsCE Data Plane SecurityPE-Specific Router SecurityPE Data Plane SecurityPE-CE Connectivity Security IssuesP-Specific Router SecuritySecuring the CoreInfrastructure Access Lists (iACLs)Routing SecurityNeighbor Router AuthenticationMD5 for Label Distribution ProtocolCE-PE Routing Security Best PracticesPE-CE AddressingStatic RoutingDynamic RoutingeBGP PE-CE RoutingEIGRP PE-CE RoutingOSPF PE-CE RoutingRIPv2 PE-CE RoutingPE-CE Routing SummaryPrevention of Routes from Being Accepted by Nonrecognized NeighborsBGP Maximum-Prefix MechanismInternet AccessResource Sharing: Internet and IntranetSharing End-to-End ResourcesAdditional SecurityAddressing ConsiderationsLAN Security IssuesLAN Factors for Peering ConstructsIPsec: CE to CEIPsec PE-PEMPLS over IP Operational Considerations: L2TPv3MPLS over L2TPv3Securing Core and Routing Check ListSummaryPart III Practical Guidelines to MPLS VPN SecurityChapter 6How IPsec Complements MPLSIPsec OverviewLocation of the IPsec Termination PointsCE-CE IPsecPE-PE IPsecRemote Access IPsec into an MPLS VPNDeploying IPsec on MPLSUsing Other Encryption TechniquesSummaryChapter 7Security of MPLS Layer 2 VPNsGeneric Layer 2 Security ConsiderationsC2 Ethernet TopologiesC3 VPLS OverviewC4 VPWS OverviewC5 VPLS and VPWS Service Summary and Metro Ethernet Architecture OverviewC6 VPLS and VPWS Security OverviewPhysical Interconnection Option DetailsD1 SP Interconnect ModelsD3 Metro Ethernet ModelCustomer EdgeCE Interconnection Service Is a Layer 3 DeviceCustomer Edge Interconnection Service Is a Layer 2 DeviceHijack Management SecurityDisable Password RecoveryU-PE STP PriorityApply Broadcast LimitersDisable/Block Layer 2 Control TrafficVTP Transparent OperationMAC Address Limits and Port SecurityControlling Reserved VLANsRemoving Unused VLANsHard-Code Physical Port AttributesEstablish Network ReportingEnable 802.1xSummaryChapter 8Secure Operation and Maintenance of an MPLS CoreManagement Network SecuritySecurely Managing CE DevicesManagement VRF OverviewManagement VRF DetailsSecurely Managing the Core NetworkSummaryPart IV Case Studies and AppendixesChapter 9Case StudiesInternet AccessNAT Via Common GatewaysPE to Multiple Internet GatewaysNAT via a Single Common GatewayRegistered NAT by CEInternet Access via Customer-Controlled NATInternet Access Using Global Routing TableBGP Internet Routing Table from the Service Provider of an ISPTier 3 ISP Connecting to an Upstream Tier via a Service ProviderHybrid ModelMulti-Lite VRF MechanismsConfiguration Example for Internet and VPN Service Using the Same CELayer 2 LAN AccessSummaryAppendix ADetailed Configuration Example for a PEAppendix BReference ListIndexshow more

Rating details

1 ratings
3 out of 5 stars
5 0% (0)
4 0% (0)
3 100% (1)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X