SSL Remote Access VPNs (Network Security)

SSL Remote Access VPNs (Network Security)

4 (5 ratings by Goodreads)
By (author)  , By (author)  , By (author) 

List price: US$60.00

Currently unavailable

We can notify you when this item is back in stock

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

SSL Remote Access VPNs An introduction to designing and configuring SSL virtual private networks Jazib Frahim, CCIE (R) No. 5459Qiang Huang, CCIE No. 4937 Cisco (R) SSL VPN solutions (formerly known as Cisco WebVPN solutions) give you a flexible and secure way to extend networking resources to virtually any remote user with access to the Internet and a web browser. Remote access based on SSL VPN delivers secure access to network resources by establishing an encrypted tunnel across the Internet using a broadband (cable or DSL) or ISP dialup connection. SSL Remote Access VPNs provides you with a basic working knowledge of SSL virtual private networks on Cisco SSL VPN-capable devices. Design guidance is provided to assist you in implementing SSL VPN in existing network infrastructures. This includes examining existing hardware and software to determine whether they are SSL VPN capable, providing design recommendations, and guiding you on setting up the Cisco SSL VPN devices. Common deployment scenarios are covered to assist you in deploying an SSL VPN in your network. SSL Remote Access VPNs gives you everything you need to know to understand, design, install, configure, and troubleshoot all the components that make up an effective, secure SSL VPN solution. Jazib Frahim, CCIE (R) No. 5459, is currently working as a technical leader in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks, with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security. Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for market-leading modular Ethernet switching platforms. During his time at Cisco, Qiang has played an important role in a number of technology groups, including the Cisco TAC security and VPN team, where he was responsible for trouble-shooting complicated customer deployments in security and VPN solutions. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and ISP Dial. Understand remote access VPN technologies, such as Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPsec), Layer 2 Forwarding (L2F), Layer 2 Tunneling (L2TP) over IPsec, and SSL VPNLearn about the building blocks of SSL VPN, including cryptographic algorithms and SSL and Transport Layer Security (TLS)Evaluate common design best practices for planning and designing an SSL VPN solutionGain insight into SSL VPN functionality on Cisco Adaptive Security Appliance (ASA) and Cisco IOS (R) routers Install and configure SSL VPNs on Cisco ASA and Cisco IOS routers Manage your SSL VPN deployment using Cisco Security Manager This security book is part of the Cisco Press (R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: SecurityCovers: SSL VPNsshow more

Product details

  • Paperback | 384 pages
  • 185.42 x 228.6 x 20.32mm | 635.03g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587052423
  • 9781587052422
  • 1,583,913

About Qiang Huang

Jazib Frahim, CCIE No. 5459, has been with Cisco for more than nine years. Having a bachelor's degree in computer engineering from Illinois Institute of Technology, he started out as a TAC engineer in the LAN Switching team. He then moved to the TAC Security team, where he acted as a technical leader for the security products. He led a team of 20 engineers in resolving complicated security and VPN technologies. He is currently working as a technical leader in the Worldwide Security Services Practice of Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security. He has written numerous Cisco online technical documents and has been an active member on the Cisco online forum NetPro. He has presented at Networkers on multiple occasions and has taught many on-site and online courses to Cisco customers, partners, and employees. He has recently received his master of business administration (MBA) degree from North Carolina State University. He is also an author of the following Cisco Press books: Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting, and Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance. Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Systems Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for Cisco marketleading modular Ethernet switching platforms. He has been with Cisco for almost ten years. During his time at Cisco, Qiang played an important role in a number of technology groups including the following: technical lead in the Cisco TAC security and VPN team, where he was responsible for troubleshooting complicated customer deployments in security and VPN solutions; a security consulting engineer in the Cisco Advanced Service Group, providing security posture assessment and consulting services to customers; a technical marketing engineer focusing on competitive analysis and market intelligence in network security with specialization in the emerging SSL VPN technology. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and ISP dial. He is also one of the contributing authors of Internetworking Technologies Handbook, Fourth Edition. Qiang received a master's degree in electrical engineering from Colorado State University.show more

Back cover copy

"SSL Remote Access VPNs" An introduction to designing and configuring SSL virtual private networks Jazib Frahim, CCIE(R) No. 5459 Qiang Huang, CCIE No. 4937 Cisco(R) SSL VPN solutions (formerly known as Cisco WebVPN solutions) give you a flexible and secure way to extend networking resources to virtually any remote user with access to the Internet and a web browser. Remote access based on SSL VPN delivers secure access to network resources by establishing an encrypted tunnel across the Internet using a broadband (cable or DSL) or ISP dialup connection. "SSL Remote Access VPNs" provides you with a basic working knowledge of SSL virtual private networks on Cisco SSL VPN-capable devices. Design guidance is provided to assist you in implementing SSL VPN in existing network infrastructures. This includes examining existing hardware and software to determine whether they are SSL VPN capable, providing design recommendations, and guiding you on setting up the Cisco SSL VPN devices. Common deployment scenarios are covered to assist you in deploying an SSL VPN in your network. "SSL Remote Access VPNs" gives you everything you need to know to understand, design, install, configure, and troubleshoot all the components that make up an effective, secure SSL VPN solution. Jazib Frahim, CCIE(R) No. 5459, is currently working as a technical leader in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks, with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security. Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for market-leading modular Ethernet switching platforms. During his time at Cisco, Qiang has played an important role in a number of technology groups, including the Cisco TAC security and VPN team, where he was responsible for trouble-shooting complicated customer deployments in security and VPN solutions. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and ISP Dial. Understand remote access VPN technologies, such as Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPsec), Layer 2 Forwarding (L2F), Layer 2 Tunneling (L2TP) over IPsec, and SSL VPN Learn about the building blocks of SSL VPN, including cryptographic algorithms and SSL and Transport Layer Security (TLS) Evaluate common design best practices for planning and designing an SSL VPN solution Gain insight into SSL VPN functionality on Cisco Adaptive Security Appliance (ASA) and Cisco IOS(R) routers Install and configure SSL VPNs on Cisco ASA and Cisco IOS routers Manage your SSL VPN deployment using Cisco Security Manager This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: Security Covers: SSL VPNsshow more

Table of contents

Introduction Chapter 1: Introduction to Remote Access VPN TechnologiesRemote Access Technologies 5IPsec 5 Software-Based VPN Clients 7 Hardware-Based VPN Clients 7SSL VPN 7L2TP 9L2TP over IPsec 11PPTP 13Summary 14Chapter 2: SSL VPN TechnologyCryptographic Building Blocks of SSL VPNs 17 Hashing and Message Integrity Authentication 17 Hashing 18 Message Authentication Code 18 Encryption 20 RC4 21 DES and 3DES 22 AES 22 Diffie-Hellman 23 RSA and DSA 24 Digital Signatures and Digital Certification 24 Digital Signatures 24 Public Key Infrastructure, Digital Certificates, and Certification 25SSL and TLS 30 SSL and TLS History 30 SSL Protocols Overview 31 OSI Layer Placement and TCP/IP Protocol Support 31 SSL Record Protocol and Handshake Protocols 33 SSL Connection Setup 34 Application Data 42 Case Study: SSL Connection Setup 43 DTLS 48SSL VPN 49 Reverse Proxy Technology 50 URL Mangling 52 Content Rewriting 53 Port-Forwarding Technology 55 Terminal Services 58 SSL VPN Tunnel Client 58Summary 59References 60Chapter 3: SSL VPN Design ConsiderationsNot All Resource Access Methods Are Equal 63User Authentication and Access Privilege Management 65 User Authentication 66 Choice of Authentication Servers 66 AAA Server Scalability and High Availability 67 AAA Server Scalability 67 AAA Server High Availability and Resiliency 68 Resource Access Privilege Management 68Security Considerations 70 Security Threats 71 Lack of Security on Unmanaged Computers 71 Data Theft 71 Man-in-the-Middle Attacks 72 Web Application Attack 73 Spread of Viruses, Worms, and Trojans from Remote Computers to the Internal Network 73 Split Tunneling 73 Password Attacks 74 Security Risk Mitigation 74Strong User Authentication and Password Policy 75 Choose Strong Cryptographic Algorithms 75 Session Timeout and Persistent Sessions 75 Endpoint Security Posture Assessment and Validation 75 VPN Session Data Protection 76 Techniques to Prevent Data Theft 76 Web Application Firewalls, Intrusion Prevention Systems, and Antivirus and Network Admission Control Technologies 77Device Placement 78Platform Options 79Virtualization 79High Availability 80Performance and Scalability 81Summary 82References 82Chapter 4: Cisco SSL VPN Family of ProductsOverview of Cisco SSL VPN Product Portfolio 85Cisco ASA 5500 Series 87 SSL VPN History on Cisco ASA 87 SSL VPN Specifications on Cisco ASA 88 SSL VPN Licenses on Cisco ASA 89Cisco IOS Routers 90 SSL VPN History on Cisco IOS Routers 90 SSL VPN Licenses on Cisco IOS Routers 90Summary 91Chapter 5: SSL VPNs on Cisco ASASSL VPN Design Considerations 93SSL VPN Prerequisites 95 SSL VPN Licenses 95 Client Operating System and Browser and Software Requirements 96 Infrastructure Requirements 97Pre-SSL VPN Configuration Guide 97 Enrolling Digital Certificates (Recommended) 98 Step 1: Configuring a Trustpoint 98 Step 2: Obtaining a CA Certificate 99 Step 3: Obtaining an Identity Certificate 100 Setting Up ASDM 101 Uploading ASDM 102 Setting Up the Appliance 103 Accessing ASDM 104 Setting Up Tunnel and Group Policies 106 Configuring Group-Policies 107 Configuring a Tunnel Group 110 Setting Up User Authentication 110Clientless SSL VPN Configuration Guide 114 Enabling Clientless SSL VPN on an Interface 116 Configuring SSL VPN Portal Customization 117 Logon Page 118 Portal Page 123 Logout Page 125 Portal Customization and User Group 126 Full Customization 129 Configuring Bookmarks 134 Configuring Websites 135 Configuring File Servers 137 Applying a Bookmark List to a Group Policy 139 Single Sign-On 140 Configuring Web-Type ACLs 141 Configuring Application Access 144 Configuring Port Forwarding 144 Configuring Smart Tunnels 147 Configuring Client-Server Plug-Ins 150AnyConnect VPN Client Configuration Guide 152 Loading the SVC Package 154 Defining AnyConnect VPN Client Attributes 155 Enabling AnyConnect VPN Client Functionality 155 Defining a Pool of Addresses 156 Configuring Traffic Filters 159 Configuring a Tunnel Group 159 Advanced Full Tunnel Features 159 Split Tunneling 159 DNS and WINS Assignment 161 Keeping the SSL VPN Client Installed 162 Configuring DTLS 163Cisco Secure Desktop 164 CSD Components 165 Secure Desktop Manager 165 Secure Desktop 165 Cache Cleaner 166 CSD Requirements 166 Supported Operating Systems 166 User Privileges 167 Supported Internet Browsers 167 Internet Browser Settings 167 CSD Architecture 168 Configuring CSD 169 Loading the CSD Package 169 Defining Prelogin Sequences 170Host Scan 182 Host Scan Modules 183 Basic Host Scan 183 Endpoint Assessment 183 Advanced Endpoint Assessment 184 Configuring Host Scan 184 Setting Up Basic Host Scan 184 Enabling Endpoint Host Scan 186 Setting Up an Advanced Endpoint Host Scan 187Dynamic Access Policies 189 DAP Architecture 190 DAP Records 191 DAP Selection Rules 191 DAP Configuration File 191 DAP Sequence of Events 191 Configuring DAP 192 Selecting a AAA Attribute 193 Selecting Endpoint Attributes 195 Defining Access Policies 197Deployment Scenarios 205 AnyConnect Client with CSD and External Authentication 206 Step 1: Set Up CSD 207 Step 2: Set Up RADIUS for Authentication 207 Step 3: Configure AnyConnect SSL VPN 208 Clientless Connections with DAP 209 Step 1: Define Clientless Connections 210 Step 2: Configuring DAP 211Monitoring and Troubleshooting SSL VPN 212 Monitoring SSL VPN 212 Troubleshooting SSL VPN 215 Troubleshooting SSL Negotiations 215 Troubleshooting AnyConnect Client Issues 215 Troubleshooting Clientless Issues 217 Troubleshooting CSD 219 Troubleshooting DAP 219Summary 220Chapter 6: SSL VPNs on Cisco IOS Routers SSL VPN Design Considerations 223IOS SSL VPN Prerequisites 225IOS SSL VPN Configuration Guide 226 Configuring Pre-SSL VPN Setup 226 Setting Up User Authentication 226 Enrolling Digital Certificates (Recommended) 229 Loading SDM (Recommended) 232 Initial SSL VPN Configuration 235 Step 1: Setting Up an SSL VPN Gateway 237 Step 2: Setting Up an SSL VPN Context 239 Step 3: Configuring SSL VPN Look and Feel 241 Step 4: Configuring SSL VPN Group Policies 245Advanced SSL VPN Features 247 Configuring Clientless SSL VPNs 247 Windows File Sharing 253 Configuring Application ACL 257 Thin Client SSL VPNs 259 Step 1: Defining Port-Forwarding Lists 261 Step 2: Mapping Port-Forwarding Lists to a Group Policy 262 AnyConnect SSL VPN Client 264 Step 1: Loading the AnyConnect Package 264 Step 2: Defining AnyConnect VPN Client Attributes 266Cisco Secure Desktop 276 CSD Components 277 Secure Desktop Manager 277 Secure Desktop 277 Cache Cleaner 278 CSD Requirements 278 Supported Operating Systems 278 User Privileges 279 Supported Internet Browsers 279 Internet Browser Settings 279 CSD Architecture 280 Configuring CSD 281 Step 1: Loading the CSD Package 282 Step 2: Launching the CSD Package 283 Step 3: Defining Policies for Windows-Based Clients 283 Defining Policies for Windows CE 298 Defining Policies for the Mac and Linux Cache Cleaner 298Deployment Scenarios 301 Clientless Connections with CSD 301 Step 1: User Authentication and DNS 302 Step 2: Set Up CSD 303 Step 3: Define Clientless Connections 303 AnyConnect Client and External Authentication 304 Step 1: Set Up RADIUS for Authentication 305 Step 2: Install the AnyConnect SSL VPN 306 Step 3: Configure AnyConnect SSL VPN Properties 306Monitoring an SSL VPN in Cisco IOS 307Summary 311Chapter 7: Management of SSL VPNs Multidevice Policy Provisioning 314 Device View and Policy View 314 Device View 314 Policy View 318 Use of Common Objects for Multidevice Management 320Workflow Control and Role-Based Access Control 322 Workflow Control 323 Workflow Mode 324 Role-Based Administration 326 Native Mode 326 Cisco Secure ACS Integration Mode 327Summary 331References 331 1587052423 TOC 5/13/2008show more

Rating details

5 ratings
4 out of 5 stars
5 40% (2)
4 20% (1)
3 40% (2)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X