E-Book
139,99 €

Network Security E-Book

Andre Perez

0,0

139,99 €

oder

Leseprobe lesen

Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.
Mehr erfahren.

Herausgeber: John Wiley & Sons
Kategorie: Wissenschaft und neue Technologien
Sprache: Englisch

Beschreibung

This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring.

Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying rules to data in order to authorize its transfer or detect attacks.

The chapters of the book cover cryptography, 802.1x mechanism, WPA mechanisms, IPSec mechanism, SSL/TLS/DTLS protocols, network management, MPLS technology, Ethernet VPN, firewalls and intrusion detection.

Details

Sie lesen das E-Book in den Legimi-Apps auf:

Android

iOS

von Legimi
zertifizierten E-Readern

Seitenzahl: 252

Veröffentlichungsjahr: 2014

Bewertungen

0,0

Rezensionen(0 Rezensionen)

Leseprobe

Contents

Preface

Abbreviations

1 Introduction to Cryptography

1.1. The encryption function

1.2. Hash function

1.3. Key exchange

2 802.1x Mechanism

2.1. General introduction

2.2. EAPOL protocol

2.3. EAP protocol

2.4. RADIUS protocol

2.5. Authentication procedures

3 WPA Mechanisms

3.1. Introduction to Wi-Fi technology

3.2. Security mechanisms

3.3. Security policies

3.4. Key management

3.5. WEP protocol

3.6. TKIP protocol

3.7. CCMP protocol

4 IPSec Mechanism

4.1. Review of IP protocols

4.2. IPSec architecture

4.3. IKEv2 protocol

5 SSL, TLS and DTLS Protocols

5.1. Introduction

5.2. SSL/TLS protocols

5.3. DTLS protocol

6 Network Management

6.1. SNMPv3 management

6.2. SSH protocol

7 MPLS Technology

7.1. MPLS overview

7.2. LDP protocol

7.3. VPN construction

7.4. Network interconnection

8 Ethernet VPN

8.1. Ethernet technology

8.2. PBT technology

8.3. VPLS technology

8.4. L2TPv3 technology

9 Firewalls

9.1. Technologies

9.2. NAT/NAPT device crossing

10 Intrusion Detection

10.1. Typology of attacks

10.2. Methods of detection

10.3. Technologies

Bibliography

Index

First published 2014 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:

ISTE Ltd

27-37 St George’s Road

London SW19 4EU

www.iste.co.uk

John Wiley & Sons, Inc.

111 River Street

Hoboken, NJ 07030

USA

www.wiley.com

Library of Congress Control Number: 2014945531

British Library Cataloguing-in-Publication DataA CIP record for this book is available from the British LibraryISBN 978-1-84821-758-4

Preface

This book introduces the security mechanisms deployed in Ethernet, wireless-fidelity (Wi-Fi), Internet Protocol (IP) and Multi-Protocol Label Switching (MPLS) networks. These mechanisms are grouped according to the four functions below:

– data protection;

– access control;

– network isolation;

– data monitoring.

Data protection is supplied by data confidentiality and integrity control services:

– confidentiality consists of ensuring that data can only be read by authorized individuals. This service is obtained using a mechanism that encrypts the relevant data;

– integrity control consists of detecting modifications in transferred data. This service is obtained via a hash function or an encryption algorithm that generates a seal.

Access control is provided by a third-party authentication service. This service consists of verifying the identity of the person wishing to access a network. This service is generally obtained with a hash function, as for integrity control.

Network isolation is supplied by the Virtual Private Network (VPN) service. This service makes it possible to create closed user groups and authorize communication solely between users belonging to the same group. Note that access control also implicitly enables network isolation.

Data monitoring consists of applying rules to data in order to authorize its transfer or detect attacks. The service is supplied by analyzing the fields of the various protocols making up the data structure.

Network

The role of the network is to transport data between two hosts. The network is composed of two entities (Figure P.1):

– the Local Area Network (LAN) is the network on which the hosts connect. This is usually a private network deployed by businesses;

– the Wide Area Network (WAN) is the network that ensures the interconnection of the LAN networks. It is usually a public network deployed by Internet access and transit operators.

Figure P.1.Network architecture

The LAN network is constructed of two types of blocks: the access block and the core block (Figure P.2):

– the access block connects the network’s hosts. Access blocks can be dedicated to different types of hosts:

- computers, telephones,

- application servers,

- network and security management system,

- WAN network;

– the core block enables the networking of access blocks.

The Internet access provider’s WAN network is structured in three units (Figure P.3):

– access network: it corresponds to the connection of the LAN network with the operator’s primary technical site;

– aggregation network: it collects the traffic generated by access networks. It generally has regional coverage;

– core network: this connects the different aggregation networks. It generally has national coverage and also provides the interface between operators.

Figure P.2.Architecture of LAN network

Figure P.3.Architecture of WAN network

The interconnection of the WAN networks of different Internet access providers takes place in the core network, in two different ways:

Lesen Sie weiter in der vollständigen Ausgabe!

Tausende von E-Books und Hörbücher

Ihre Zahl wächst ständig und Sie haben eine Fixpreisgarantie.

Sie haben über uns geschrieben: