eBook
Available on Compatible NOOK devices, the free NOOK App and in My Digital Library.
Related collections and offers
Overview
Product Details
| ISBN-13: | 9781135516680 |
|---|---|
| Publisher: | CRC Press |
| Publication date: | 07/27/2017 |
| Sold by: | Barnes & Noble |
| Format: | eBook |
| Pages: | 376 |
| File size: | 12 MB |
| Note: | This product may take a few minutes to download. |
About the Author
Read an Excerpt
1. Getting Started
The Internet, its speed, reliability, and the access to it have all expanded beyond every expectation set in the early years. The Internet has fueled the changes one sees in telecommunications, and the interaction between people, organizations, and countries has been affected.During the explosive growth, many were asking how they could exploit the Internet and the timeless communication it provides. First, the baby steps were Web pages and e-mail. Then, as people gained interest in what was being sold through these virtual displays, it expanded into providing access to the commodity for the customer. The simple commerce soon expanded into sharing information for vendor interaction to provide virtual warehousing and reduced time to market for new merchandise.
To accomplish the development and dependency that organizations have on Internet communications, a new form of connectivity was required that could provide confidence in privacy, and remain inexpensive and scalable to accommodate the foreseeable future requirements.
Virtual private networks (VPNs) were developed to fill this gap and provide for secure communications over the Internet, or any untrusted network. The result was a process that required few system or communication modifications and promised to protect communication to anywhere in the world.
Information Age
The introduction of the computer into everyday activities was the turning point of the 20th century. Throughout history, there have been decisive milestones in the advancement of human society. The ability to create and use tools, then metallurgy and chemistry, and soon the industrial revolution solidified aworking social environment.
The computer, at least the personal computer, opened a window of new opportunities to individuals to accomplish things never really considered before. By the time personal computers became a reality, computers were already being used for collective processing and huge number crunching. Only the guys with white jackets were allowed to watch all the lights. The PC made the computer accessible to people, and those people who were exposed included entrepreneurs that saw opportunity.
Nearly overnight, computers were at people's desks, instead of typewriters, using them to accomplish complicated tasks in a reduced amount of time and with increased accuracy. Tasks that seemed out of reach for small businesses just a short time earlier were now attainable. Soon, the data became increasingly more complex and large, requiring more computers and educated people to operate and manage them. As this expanded, the information became an integral part of the business success, and the protection of that data soon became a focal point for some organizations.
It was at this point, when assets veered away from machines, widgets, and warehouses to data, that the information age was born. Data is nearly everything. This seems logical - data is knowledge, and knowledge typically equates to money. Anything from a new drug formula, or the research that founded its production, to a set of architectural plans for a new house or a fighter wing, to the daily news or the stock value of a remote company in the China highlands - information has become the universal ether that surrounds us. People no longer simply work with it; they react to it and base nearly everything on it.
For society to operate and use the information, it must be communicated and controlled. The communication of information has advanced very rapidly over the last few years. Technological advancements, used to feed the desire to move information faster today than yesterday, matched with massive amounts of money to create larger and farther reaching information communications than ever before. However, during this same timeframe, but unfortunately not nearly as fast, the security of the communications was questioned. This is reminiscent of an old TV commercial where the formula for Coke passes the formula for Pepsi in a cloud of digital communications. The poetic truth is now realized, many years after the airing of that commercial: information can be very valuable.
The Internet
Since the first browser was used to provide a graphical interface for obtaining information from the Internet, the number of users and services has exploded. The Internet moved quickly and people and businesses realized the opportunities and potential of the Internet. Today, the Internet is firmly established as a basic requirement for business and social interaction; much like the telephone, it is expected almost anywhere one goes. Opportunities became very evident and opened an infinite variety of applications for business and personal endeavors.
The information coursing through the Internet evolved, seemingly overnight, from e-mail and basic Web browsing to much more sophisticated applications. Data that was being passed was becoming increasingly private and sensitive to the well-being of the original communication parties. Data that used to appear only on certain servers residing on internal networks was being accessed from across the country, moving through completely unknown territory.
As with any positive, there must be a negative. As technology increased and the use of the Internet for private interaction proliferated, criminals grew with than technology. Soon it was evident that deliberate abuse of the Internet could become a powerful weapon to cause disruption or increase personal wealth. A relationship developed between the development of technology to increase communication possibilities and the criminal's ability to take advantage of them. Criminals discovered vulnerabilities at an astounding rate. As processes and applications were implemented to mitigate the new threats, new ones would be discovered and those too would require steps to protect information from the new vulnerability. This process of findand-fix-and-find-again has not stopped. The constant pushing toward ultimate communication and discoveries of new technologies will certainly breed a continuous flow of unforeseen weaknesses.
However, the vulnerabilities can be reduced with certain technologies that address one aspect of the communication. A well-defined set of protection measures can provide enough defense against theoretical types of attack to carry into the next form of technology. IPSec is a perfect example of protection measures that can remain applied at a certain level within the communication and allow other aspects of the communication to evolve. IPSec has become a robust foundation that appears to be applicable for many years to come.
Security Considerations
Communication technology has eliminated the basic level of interaction between individuals. For two people talking in a room, it can be assured - to a degree that the information from one individual has not been altered prior to meeting the listener's ears. It can be also assumed that the person who is seen talking is the originator of the voice that is being heard. This example is basic, assumed, and never questioned - it is trusted. However, the same type of communication over alternate media must be closely scrutinized due to the massive numbers of vulnerabilities to which the session is exposed.
Computers have added several layers of complexity to the trusting process, and the Internet has introduced some very interesting vulnerabilities. With a theoretically unlimited number of people on a network, the options for attacks are similarly unlimited. As soon as a message takes advantage of the Internet for a communication medium without several layers of protection, all bets are off.
Authentication
Authentication is a service that allows a system to determine the identity of another entity that has presented its credentials. Authentication is the basis of many security mechanisms and some designs authenticate both parties in the communication.
Authentication is based on factors, such as 1, 2, or 3. The mantra of authentication is that it is based on something the user knows, something the user has, and something the user is. A good example of two-factor authentication is where users have something they know and something they have, such as a token. Users provide what they know, a username and password, combined with something they have, such as a number generated from a token. The number validates the possession of the token, which further validates the user with the name and password supplied.
The something the user knows is typically a password, pass phrase, or a Personal Identification Number (PIN) that only that person should know the value. Combine the personal knowledge of a private number or word with something the user has. This is typically associated with a token. Either one of these can be used in conjunction with something the user is. This is referred to as biometrics, the identification based on physical attributes. Biometrics can operate in many ways that range from entering a username or code in combination with a scan, or it can include something the user has, such as an access card.
There are several forms of authentication mechanisms used in nearly every aspect in system access. In the realm of IPSec and VPNs, the highest level currently being used is two-factor authentication. With most solutions, the protocol to include a tokengenerated number is nothing more than an extended use of CHAP or PAP, which are well-suited for remote access. However, in investigating IPSec remote access solutions more closely, one sees that there is absolutely no standard that provides for these extended authentication mechanisms. What is available today is simply what the vendor felt was the best technology that fit the proposed solution. In the absence of a standard, anything is fair game...