售 价:¥
6.2
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
SSL VPN
Table of Contents
SSL VPN
Credits
About the Authors
Introduction
What This Book Covers
Conventions
Reader Feedback
Customer Support
Errata
Questions
1. Introduction to SSL VPN
The Internet
Reference Models
OSI Reference Model
DARPA Model
Introducing Hacker Bob
Trapping Your Data
Basic HTTP Authentication
Keeping Hacker Bob Out of Your Data
VPNs
One Computer to the Corporate Network
Remote Office Network Connected to the Main Office
VPN Examples
IPsec
SSL VPN
IPsec Vs. SSL VPN
Trusted Networks
The DMZ
SSL VPN Scenarios
SSL VPN—Hubs
SSL VPN—Private Network
Summary
2. SSL VPN: The Business Case
SSL VPN: A Historical Background
Remote Access: Measuring Return-on-Investment
So What Does SSL VPN Actually Give Me?
Summary
3. How SSL VPNs Work
Appliances Vs. Software
The SSL Protocol
Background
Overview of SSL Technology
Symmetric Cryptography: Data Confidentiality
Asymmetric Cryptography: Data Confidentiality
Asymmetric Cryptography: Server Authentication
Asymmetric Cryptography: Client Authentication
Key Size
Establishing Secure Tunnels Using SSL
Secure Tunnels
OSI Network Model
Application-Level Communications
Reverse Proxy Technology
SSL Remote Access: Reverse Proxy Technology Plus
Non-Web Traffic over SSL
Establishing Network Connectivity over SSL
Why Different Access Technologies for Web Applications
Applets
Remote Access to Files and Other Resources
Remote Mounting of Network Drives
File Access Interface
Telnet and Host Access
Printers and Other Network Resources
Terminal Services
Internet-Enabling Internal Applications
Web-Based Applications
Remote Access Interface
Login and Single Sign On
Portal Pages
Toolbars
Languages
Multiple Windows Vs. a Single Window
Logout Button
Help
User Interface Based on Browser Type
SSL VPN Status Window
Web Email (WebMail) Interfaces
Administration Tools
Performance
SSL Acceleration
Compression of HTTP Traffic
Caching
Load Balancing: IP Spraying
Access from Older Web Browsers
SSL VPN Sample Session
Summary
4. SSL VPN Security
Authentication and Authorization
Authentication
Passwords
One-Time Passwords
Biometric Information
Client Certificates
Smart Cards or USB Tokens
Two-Factor Authentication
Single Sign On
Authorization
Operating System Permissions
File System Permissions
Native Application Permissions
Restricted Interfaces
Authorization Information Maintained by the SSL VPN
Third-Party Authorization Databases
End Point Security Concerns
The Problem: Sensitive Data in Insecure Locations
Browser Cache Entries
Proprietary Cache Entries
Temporary Files: Viewing E-mail Attachments
Temporary Files: Downloading and other Mechanisms
Form-Field Contents Memorized for AutoComplete
URL Entries Memorized for AutoComplete
Cookies Generated During User Sessions
History Records
User Credentials Memorized by the Browser
The Solution
The Problem: Third Party Search Tools Running on Access Devices
The Solution
Department of Defense (DoD) Requirements
The Problem: Users May Neglect to Log Out
The Solution
Long Timeout Thresholds: Not a Good Idea
Non-Intrusive Timeout Systems
Forced Periodic Re-Authentication
Ignoring Phony Activity
Timeout Thresholds
The Problem: Viruses Enter Corporate Networks via the SSL VPN
The Solution
Check for Anti-Virus Software on the User's Device
Block Uploads
Rely on Internal Network Antivirus
The Problem: Worms Enter Corporate Networks via the SSL VPN
The Solution
Personal Firewalls
Application Firewalls
Negative-Logic-Based Filtering of User Requests
Positive-Logic-Based Filtering
Dynamic-Rules-Based Filtering
Combination of Methods
Problems of Insecure Locations
Spyware
Keystroke Loggers
Hardware Keystroke Loggers
Software Keystroke Loggers
Shoulder Surfing
Video Cameras Aimed at Computers
Emanations
Hackers Bridging to the Corporate Network
The Problem: Internal Networking Information may be Leaked
The Solution
Printing and Faxing
Printers Local to the User
Printers Local to the SSL VPN Server
Deleted Files
Trusted Endpoint
Tiers of Access Based on Endpoint Situation
Internet Provider Controls
Server-Side Security Issues
The Problem: Firewalls and Other Security Technologies may be Undermined
SSL VPN in a DMZ
SSL VPN on the Internal Network
The Solution
The Problem: Application-Level Vulnerabilities
The Solution
Encryption
Patching of SSL VPN Servers
Linux versus Windows
Some Other SSL VPN Appliance Security Concepts
Hardening
Air Gap
Protection from Internal Systems and the Internal Network
ASIC
Summary
5. Planning for an SSL VPN
Determining Business Requirements
Remote Access Paradigms
Determining User Needs
Different Scenarios
Selecting an Appropriate SSL VPN
Ensuring Proper Level of Access
Proper User Interface and Experience
Remote Password Management
Adherence to Security Standards
Platform
Hardware
Operating System
Network Connectivity
Determining which SSL VPN Functions to Use
Where to Deploy the SSL VPN server
Back Office
Pros
Cons
DMZ
Pros
Cons
Outside the Perimeter Firewall
Pros
Cons
Air Gap
Pros
Cons
Offloaded SSL
Pros
Cons
Planning for Deployment
User and Administrator Training
Summary
6. Educating the User
Building an Education Plan
Education Plan: Start the Process
Vision
High-Level Training Plan
The Agreement
The Use Case
Education Plan: Finalize the Plan
Final Training Plan
Include Incident Handling Policies in your Training Plan
The Money
Creating Educational Materials
Reusing the Use Cases
Executing the Test Plan
Education Plan: Testing and Pilots
Unit Tests
Process Tests
Technical Pilots
Production Pilot 1
Production Pilot 2
Implementation
Education Plan: Production
Specific Training for SSL VPNs
Training the Masses
How to use an SSL VPN
Social Engineering
Phishing
Sharing Credentials
Single Sign On (SSO)
SSL Locks and Dialog Boxes: One More Note about Phishing
E-Commerce Scenario
Phishing and the SSL Lock
Summary
7. Legacy Data Access
Computing Elements
Applications
Commercial Off-The-Shelf (COTS)
Custom Programs
Legacy Applications
The Web Challenge
Direct Access
Scrape the Screen
Awareness
SSL VPN with Middleware Access
Meeting the Challenge
Secure Access
Tunneling to the Other Side
Tunneling Techniques
Lotus Notes Tunnel
Tunneling Steps
Other Applications
Summary
8. The Future of SSL VPN Technology
Standardized Feature Sets
Interfaces
Third-Party Security System Interfaces
Authentication Systems
Authorization Systems
Endpoint Security Systems
Application Firewalling Interfaces
Application Interfaces
Logging, Reporting, and Management Interfaces
SSL VPN Products for Small, Medium, and Large Organizations
Application-Specific SSL VPNs
Merging with IPSec VPN and Firewall Technology
SSL Access Platforms
Support for More Diverse Computers
Macintosh
Linux and Other Variants of UNIX
Handheld Devices
Improved Performance and Reliability
Voice-Over-IP
Two "Business Developments"
Summary
A. A Review of TCP, IP, and Ports
DARPA and OSI
Network Interface
Packets
Packet Routing
TCP Ports
B. SSL VPN Gateways
SSL VPN Offerings
AEP Systems
Company Information
Product Information
Array Networks
Company Information
Product Information
Aventail
Company Information
Product Information
Check Point Software Technologies
Company Information
Product Information
Cisco Systems
Company Information
Product Information
Citrix Systems
Company Information
Product Information
EnKoo
Company Information
Product Information
F5 Networks
Company Information
Product Information
Juniper Networks
Company Information
Product Information
NetScaler
Company Information
Product Information
NetSilica
Company Information
Product Information
Netilla Networks
Company Information
Product Information
Nokia
Company Information
Product Information
Nortel Networks
Company Information
Product Information
Permeo Technologies
Company Information
Product Information
PortWise
Company Information
Product Information
SafeNet
Company Information
Product Information
Symantec
Company Information
Product Information
Whale Communications
Company Information
Product Information
Index
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜
购物车
个人中心
