Menu

mon compte Connexion

mon panier 0 article

Vous avez entre 15 et 18 ans ? Profitez du Pass Culture à la librairie Eyrolles !
Tous nos rayons
Aucun résultat pour ""

Rayons

Graphisme & Photo Informatique Construction Entreprise & Droit Sciences Littérature Arts & Loisirs Vie pratique Voyage et Tourisme BD et Jeunesse

Déjà client ? Identifiez-vous

Mot de passe oublié ?

Nouveau client ?

CRÉER VOTRE COMPTE
Internet Security Protocols
Ajouter à une liste

Librairie Eyrolles - Paris 5e
Indisponible

Internet Security Protocols

Internet Security Protocols

Protecting IP Traffic

Uyless Black

(0 avis) Donner votre avis
283 pages, parution le 01/07/2000
Ajouter à une liste
Indisponible

Résumé

Implement end-to-end and gateway security for IP networks.

Internet Security Protocols: Protecting IP Traffic is a complete networking professional's guide to providing end-to-end and gateway Internet security for the user's information. World-renowned consultant Uyless Black covers the essential Internet security protocols designed to protect IP traffic. The book's coverage includes:

  • Key Internet security challenges: privacy, secrecy, confidentiality, integrity of information, authentication, access control, non-repudiation, denial of service attacks
  • Dial-in authentication with CHAP, RADIUS, and DIAMETER
  • The role of IPSec in acquiring privacy and authentication services
  • The Internet Key Distribution, Certification, and Management Systems (ISAKMP and IKE)
  • Security in mobile Internet applications

From the basics of firewalls to the latest public key distribution systems, Uyless Black reviews the alternatives for securing Internet traffic. If you're responsible for securing information traveling on IP networks, Internet Security Protocols is a fine source for the authoritative answers you're looking for.


Contents

1. Introduction.

Security Problems. How Pervasive Are Security Attacks? Types of Security Services. Introduction to the Firewall. The Security Policy. Trusted and Untrusted Networks. Security and Risk Management. Virtual Private Networks (VPNs). The Modern VPN. VPNs and SLAs. The Debate of Privacy vs Law Enforcement.

2. Types of Security Violations.
Types of Security Problems. Denial of Service: Attacks and Counter-attacks. Virus. Worm. Clogging or Flooding. Trojan Horse. Bomb. Trap Door. Salami. Replay Violations. Cookies. Applets and Sandboxes. Other Problems. Summary.

3. Basic Security Concepts.
How Secure is Secure? Definitions. Encryption and Decryption. Basic Encryption and Decryption Methods. The German Enigma Machine. Substitution and Transposition. One-way Functions and Modular Arithmetic. Example of a One-way Function. The Diffie-Hellman Idea Using Modular Arithmetic. The Hash Function. Use of a One-way Hash Function. Randomness of Keys. Randomness or Lack Thereof Equals the Demise of a Crypto System. Key Problem: Exchanging Keys. Awkwardness of Key Distribution. The Asymmetric Key. Use of the Asymmetric Keys in Reverse Order. Asymmetric Keys for Privacy. Asymmetric Keys for Authentication: The Digital Signature. The Next Step: RSA. The RSA Key Pairs. Key Transport and Key Generation. Message Authentication Code (MAC) and Key Hashing. Putting Together the Security Functions. Paul Zimmerman and Pretty Good Privacy (PGP). PGP's Use of Key Certificates. Example of a PGP Public Key. OpenPGP. Perfect Forward Secrecy (PFS). Man-in-the-Middle Attack. Certification. The Certification Procedure. Anti-Replay Measures. Security in a Mobile Network. Authentication. Privacy Operations. Summary.

4. Firewalls.
What is a Firewall? Protection from Untrusted Networks. Permitting and Denying Services. What Firewalls Can Do and Cannot Do. Packet Filtering. Proxy or Application Firewalls. NCSA Guidance. Managed Firewall Services (MFWS). Evaluating a Firewall Service Provider. Firewalls with Internet Security Protocols (IPSec). SOCKS. Summary.

5. Prominent Internet Security Procedures.
Diffie-Hellman. Diffie-Hellman and RFC 2631. Rivest, Shamir, and Adleman (RSA). RSA in RFC 2437. MD5. MD5 Vulnerabilities? RFC 2537: RSA, MD5, and DNS. RSA Public KEY Resource Records. RSA/MD5 SIG Resource Records. Performance Considerations. The Secure Hash Standard (SHA-1) and The Secure Hash Algorithm (SHA). RIPEMD-160. Comparisons of MD5, SHA-1, RIPEMD-160, and MD5-HMAC. HMAC. Performance and Security of HMAC. HMAC with IPSec. The OAKLEY Key Determination Protocol. Beyond Diffie-Hellman and STS. OAKLEY Key Exchange Processing. The Essential Key Exchange Message Fields. Summary.

6. PPP, ECP, TLS, EAP, DESE-bis, and 3DESE.
PPP and HDLC. LCP. General Example of PPP Operations. PPP Phase Diagram. Link Dead (Physical Layer Not Ready). Link Establishment Phase. Authentication Phase. Network Layer Protocol Phase. Link Termination Phase. LCP Packets. Configure-Request. Configure-Ack. Configure-Nak. Configure-Reject. Terminate-Request and Terminate-Ack. Code-Reject. Protocol-Reject. Echo-Request and Echo-Reply. Discard-Request. Other Supporting Cast Members for PPP Security Services. Transport Layer Security Protocol (TLS). Goals of TLS. PPP Encryption Control Protocol (ECP). PPP Extensible Authentication Protocol (EAP). PPP DES Encryption Protocol, Version 2 (DESE-bis). Configuration Option for ECP. Packet Format for DESE. PPP Triple-DES Encryption Protocol (3DESE). The Algorithm. Keys. 3DESE Configuration Option for ECP. Packet Format for 3DESE. Summary.

7. Dial-in Operations with PAP, CHAP, RADIUS and DIAMETER.
PAP and CHAP. PAP. Key Aspects of PAP. CHAP. CHAP Messages. RADIUS. RADIUS Configuration. Example of a RADIUS Message Exchange. Use of UDP. RADIUS Message Format. RADIUS Attributes. Examples of RADIUS Operations. Problems with RADIUS. DIAMETER. DIAMETER Message Formats. Message Header. Message Body for the AVP. DIAMETER-Command AVP. Message-Reject-Ind Command. Approach to the Remainder of Message Descriptions. Basic Operations. DIAMETER Support of Dial-Ins To/From SS7. Session Setup Messages Signaling Gateway/ NAS Controller Interaction. Message Exchanges Examples. Summary.

8. IPSec Architecture.
Basics of IPSec. IPSec Services. IPSec Traffic Security Protocols. Security Association (SA) Databases. The IPSec Tunnel. The Security Association (SA). Cases of Security Associations: A General View. Types of SAs: Transport Mode and Tunnel Mode. Combining Security Associations: A More Detailed View. Placements of IPSec. The IPSec Databases. Selectors and SAD/SPD Operations. Destination IP Address. Source IP Address. Name. Transport Layer Protocol. Source and Destination Ports. Selectors and SAD/SPD Entries. Looking Up the SA in the SAD. Examples of IPSec Sending and Receiving Operations. Selecting and Using an SA or SA Bundle. Summary.

9. The IPSec AH and ESP Protocols.
Services of the IPSec Protocols. Integrity Check Value (ICV). Relationships of AH, ESP, and the Transport and Tunnel Modes. Handling Mutable Fields. Protection Coverage of the AH and ESP Packets. AH Protection. Services and Operations of AH. RFC 1826. RFC 2402. Integrity Check Value (ICV) for Outbound Packets. Integrity Check Value (ICV) for Inbound Packets. Services and Operations of ESP. ESP Protection. RFC 1827. RFC 2406. Outbound Packet Processing. Inbound Packet Processing. AH and ESP and the “Cases”. IP Addressing in the Headers. Construction of the ESP Packet. Header Construction for Tunnel Mode. HMAC Applied to AH and ESP. MD5-HMAC-96 Within ESP and AH. MHAC-SHA-1-96 Within ESP and AH. IPSec and NAT. Summary.

10. The Internet Key Distribution, Certification, and Management.
What is Public Key Infrastructure (PKI)? Certificates and Certification Authorities (CAs). Support for Non-repudiation. Key Backup and Recovery. Using Two Key Pairs. Key Update and Management of Key Histories. Certificate Repositories and Certificate Distribution. Cross-certification. ISAKMP, ISAKMP DOI, and IKE. ISAKMP. The “Protection Suite”. Other Thoughts on Key Exchange. ISAKMP Negotiation Phases. Messages. The Generic Header. Data Attributes. The Payloads. OAKLEY and ISAKMP. Examples of ISAKMP Negotiations. The Base Exchange. The Identity Protection Exchange. Authentication Only Exchange. The Aggressive Exchange. ISAKMP Domain of Interpretation (DOI). IPSec/ISAKMP Payloads. Summary.

11. Internet Key Exchange (IKE).
IKE Basics. Definitions. Perfect Forward Secrecy. Aspects of IKE and ISAKMP. Modes to Establish Authenticated Key Exchange. Main Mode. Aggressive Mode. Quick Mode and New Group Mode. Four Methods Used with Main or Aggressive Mode. Examples of IKE Message Exchanges. Phase One: Authenticated with Signatures. Phase One: Authenticated with Public Key Encryption. Phase One: Authenticated with a Revised Mode of Public Key Encryption. Phase One: Authenticated With a Pre-Shared Key. Phase Two: Quick Mode. New Group Mode. ISAKMP Informational Exchanges. Oakley Groups. Messages for a Complete IKE Exchange. Phase Two Using Quick Mode. IPSec, NAT, and IKE. Examples of PKI Vendors. Summary.

12. Security Operations in a Mobile Network.
The IS-41-C Specification. The IS-41-C Model. The Five Security/Privacy Operations. Authentication Parameters. Authentication of Mobile Station Registration Procedures. The Parameters. At the Air Interface. On the Network Side. Unique Challenge-Response Procedures. The Parameters. At the Air Interface. On the Network Side. Authentication of Mobile Station Originating a Call. The Parameters. At the Air Interface. On the Network Side. Authentication of Call to a Terminating Mobile Station. The Parameters. At the Air Interface. On the Network Side. Updating the Shared Secret Data (SSD). The Parameters. At the Air Interface and on the Network Side. Summary. ChapterE13 Follow-ups to This Book.

Appendix A: Coding for Prominant Security Functions.
Appendix B: Network Address Translation (NAT).
Abbreviations.
Index.

L'auteur - Uyless Black

Uyless Black est l'auteur de 35 livres sur les réseaux informatiques, dont le best-seller Voice over IP (VoIP). Il a travaillé pendant des années comme programmeur et possède une grande expérience de la création et de la gestion des réseaux de communication de données. Il est diplômé de l'université du Nouveau-Mexique, titulaire d'une maîtrise en informatique de l'American University, ainsi que d'une licence de la Stonier Graduate School of Banking de l'université Rutgers.

En savoir plus

Caractéristiques techniques

  PAPIER
Éditeur(s) Prentice Hall
Auteur(s) Uyless Black
Parution 01/07/2000
Nb. de pages 283
Format 18 x 24
Couverture Relié
Poids 796g
Intérieur Noir et Blanc
EAN13 9780130142498

Avantages Eyrolles.com

Livraison à partir de 0,01 en France métropolitaine
Paiement en ligne SÉCURISÉ
Livraison dans le monde
Retour sous 15 jours
+ d'un million et demi de livres disponibles

Consultez aussi

satisfait ou remboursé
Satisfait ou remboursé
Paiement sécurisé
modes de paiement
Paiement à l'expédition
partout dans le monde
Livraison partout dans le monde
Service clients sav@commande.eyrolles.com
librairie française
Librairie française depuis 1925
Recevez nos newsletters
Vous serez régulièrement informé(e) de toutes nos actualités.
Inscription