万本电子书0元读

万本电子书0元读

顶部广告

SSL VPN : Understanding, evaluating and planning secure, web-based remote access电子书

售       价:¥

7人正在读 | 0人评论 9.8

作       者:Joseph Steinberg

出  版  社:Packt Publishing

出版时间:2005-03-09

字       数:437.0万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
The book blends technically rigorous de*ions with a friendly approach based on practical examples and scenarios. The authors write in clear, informal language and make extensive use of diagrams and images. The book begins with an overview of SSL VPN?s purpose, and the technical and business trends that are making it popular today. It then looks at how SSL VPNs work and how they fit into existing network plans. The effect of SSL VPN on the wider business environment is then considered, before looking at how SSL VPN technology is likely to develop in the future. This book aimed at IT network professionals and managers who are currently evaluating SSL VPN technologies. It requires a broad understanding of networking concepts, but does not require specific and detailed technical knowledge of protocols or vendor implementations.
目录展开

SSL VPN

Table of Contents

SSL VPN

Credits

About the Authors

Introduction

What This Book Covers

Conventions

Reader Feedback

Customer Support

Errata

Questions

1. Introduction to SSL VPN

The Internet

Reference Models

OSI Reference Model

DARPA Model

Introducing Hacker Bob

Trapping Your Data

Basic HTTP Authentication

Keeping Hacker Bob Out of Your Data

VPNs

One Computer to the Corporate Network

Remote Office Network Connected to the Main Office

VPN Examples

IPsec

SSL VPN

IPsec Vs. SSL VPN

Trusted Networks

The DMZ

SSL VPN Scenarios

SSL VPN—Hubs

SSL VPN—Private Network

Summary

2. SSL VPN: The Business Case

SSL VPN: A Historical Background

Remote Access: Measuring Return-on-Investment

So What Does SSL VPN Actually Give Me?

Summary

3. How SSL VPNs Work

Appliances Vs. Software

The SSL Protocol

Background

Overview of SSL Technology

Symmetric Cryptography: Data Confidentiality

Asymmetric Cryptography: Data Confidentiality

Asymmetric Cryptography: Server Authentication

Asymmetric Cryptography: Client Authentication

Key Size

Establishing Secure Tunnels Using SSL

Secure Tunnels

OSI Network Model

Application-Level Communications

Reverse Proxy Technology

SSL Remote Access: Reverse Proxy Technology Plus

Non-Web Traffic over SSL

Establishing Network Connectivity over SSL

Why Different Access Technologies for Web Applications

Applets

Remote Access to Files and Other Resources

Remote Mounting of Network Drives

File Access Interface

Telnet and Host Access

Printers and Other Network Resources

Terminal Services

Internet-Enabling Internal Applications

Web-Based Applications

Remote Access Interface

Login and Single Sign On

Portal Pages

Toolbars

Languages

Multiple Windows Vs. a Single Window

Logout Button

Help

User Interface Based on Browser Type

SSL VPN Status Window

Web Email (WebMail) Interfaces

Administration Tools

Performance

SSL Acceleration

Compression of HTTP Traffic

Caching

Load Balancing: IP Spraying

Access from Older Web Browsers

SSL VPN Sample Session

Summary

4. SSL VPN Security

Authentication and Authorization

Authentication

Passwords

One-Time Passwords

Biometric Information

Client Certificates

Smart Cards or USB Tokens

Two-Factor Authentication

Single Sign On

Authorization

Operating System Permissions

File System Permissions

Native Application Permissions

Restricted Interfaces

Authorization Information Maintained by the SSL VPN

Third-Party Authorization Databases

End Point Security Concerns

The Problem: Sensitive Data in Insecure Locations

Browser Cache Entries

Proprietary Cache Entries

Temporary Files: Viewing E-mail Attachments

Temporary Files: Downloading and other Mechanisms

Form-Field Contents Memorized for AutoComplete

URL Entries Memorized for AutoComplete

Cookies Generated During User Sessions

History Records

User Credentials Memorized by the Browser

The Solution

The Problem: Third Party Search Tools Running on Access Devices

The Solution

Department of Defense (DoD) Requirements

The Problem: Users May Neglect to Log Out

The Solution

Long Timeout Thresholds: Not a Good Idea

Non-Intrusive Timeout Systems

Forced Periodic Re-Authentication

Ignoring Phony Activity

Timeout Thresholds

The Problem: Viruses Enter Corporate Networks via the SSL VPN

The Solution

Check for Anti-Virus Software on the User's Device

Block Uploads

Rely on Internal Network Antivirus

The Problem: Worms Enter Corporate Networks via the SSL VPN

The Solution

Personal Firewalls

Application Firewalls

Negative-Logic-Based Filtering of User Requests

Positive-Logic-Based Filtering

Dynamic-Rules-Based Filtering

Combination of Methods

Problems of Insecure Locations

Spyware

Keystroke Loggers

Hardware Keystroke Loggers

Software Keystroke Loggers

Shoulder Surfing

Video Cameras Aimed at Computers

Emanations

Hackers Bridging to the Corporate Network

The Problem: Internal Networking Information may be Leaked

The Solution

Printing and Faxing

Printers Local to the User

Printers Local to the SSL VPN Server

Deleted Files

Trusted Endpoint

Tiers of Access Based on Endpoint Situation

Internet Provider Controls

Server-Side Security Issues

The Problem: Firewalls and Other Security Technologies may be Undermined

SSL VPN in a DMZ

SSL VPN on the Internal Network

The Solution

The Problem: Application-Level Vulnerabilities

The Solution

Encryption

Patching of SSL VPN Servers

Linux versus Windows

Some Other SSL VPN Appliance Security Concepts

Hardening

Air Gap

Protection from Internal Systems and the Internal Network

ASIC

Summary

5. Planning for an SSL VPN

Determining Business Requirements

Remote Access Paradigms

Determining User Needs

Different Scenarios

Selecting an Appropriate SSL VPN

Ensuring Proper Level of Access

Proper User Interface and Experience

Remote Password Management

Adherence to Security Standards

Platform

Hardware

Operating System

Network Connectivity

Determining which SSL VPN Functions to Use

Where to Deploy the SSL VPN server

Back Office

Pros

Cons

DMZ

Pros

Cons

Outside the Perimeter Firewall

Pros

Cons

Air Gap

Pros

Cons

Offloaded SSL

Pros

Cons

Planning for Deployment

User and Administrator Training

Summary

6. Educating the User

Building an Education Plan

Education Plan: Start the Process

Vision

High-Level Training Plan

The Agreement

The Use Case

Education Plan: Finalize the Plan

Final Training Plan

Include Incident Handling Policies in your Training Plan

The Money

Creating Educational Materials

Reusing the Use Cases

Executing the Test Plan

Education Plan: Testing and Pilots

Unit Tests

Process Tests

Technical Pilots

Production Pilot 1

Production Pilot 2

Implementation

Education Plan: Production

Specific Training for SSL VPNs

Training the Masses

How to use an SSL VPN

Social Engineering

Phishing

Sharing Credentials

Single Sign On (SSO)

SSL Locks and Dialog Boxes: One More Note about Phishing

E-Commerce Scenario

Phishing and the SSL Lock

Summary

7. Legacy Data Access

Computing Elements

Applications

Commercial Off-The-Shelf (COTS)

Custom Programs

Legacy Applications

The Web Challenge

Direct Access

Scrape the Screen

Awareness

SSL VPN with Middleware Access

Meeting the Challenge

Secure Access

Tunneling to the Other Side

Tunneling Techniques

Lotus Notes Tunnel

Tunneling Steps

Other Applications

Summary

8. The Future of SSL VPN Technology

Standardized Feature Sets

Interfaces

Third-Party Security System Interfaces

Authentication Systems

Authorization Systems

Endpoint Security Systems

Application Firewalling Interfaces

Application Interfaces

Logging, Reporting, and Management Interfaces

SSL VPN Products for Small, Medium, and Large Organizations

Application-Specific SSL VPNs

Merging with IPSec VPN and Firewall Technology

SSL Access Platforms

Support for More Diverse Computers

Macintosh

Linux and Other Variants of UNIX

Handheld Devices

Improved Performance and Reliability

Voice-Over-IP

Two "Business Developments"

Summary

A. A Review of TCP, IP, and Ports

DARPA and OSI

Network Interface

Packets

Packet Routing

TCP Ports

B. SSL VPN Gateways

SSL VPN Offerings

AEP Systems

Company Information

Product Information

Array Networks

Company Information

Product Information

Aventail

Company Information

Product Information

Check Point Software Technologies

Company Information

Product Information

Cisco Systems

Company Information

Product Information

Citrix Systems

Company Information

Product Information

EnKoo

Company Information

Product Information

F5 Networks

Company Information

Product Information

Juniper Networks

Company Information

Product Information

NetScaler

Company Information

Product Information

NetSilica

Company Information

Product Information

Netilla Networks

Company Information

Product Information

Nokia

Company Information

Product Information

Nortel Networks

Company Information

Product Information

Permeo Technologies

Company Information

Product Information

PortWise

Company Information

Product Information

SafeNet

Company Information

Product Information

Symantec

Company Information

Product Information

Whale Communications

Company Information

Product Information

Index

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部