< Day Day Up >
MPLS VPN Security
By
Michael H. Behringer
,
Monique J. Morrow
...............................................
Publisher:
Cisco Press
Pub Date:
June 08, 2005
ISBN:
1-58705-183-4
Pages:
312
Table of Contents
|
Index
Copyright
About the Authors
About the Technical Reviewers
Acknowledgments
Foreword
Icons Used in This Book
Command Syntax Conventions
Introduction
Who Should Read This Book
How This Book Is Organized
Part I. MPLS VPN and Security Fundamentals
Chapter 1. MPLS VPN Security: An Overview
Key Security Concepts
Other Important Security Concepts
Overview of VPN Technologies
Fundamentals of MPLS VPNs
A Security Reference Model for MPLS VPNs
Summary
Chapter 2. A Threat Model for MPLS VPNs
Threats Against a VPN
Threats Against an Extranet Site
Threats Against the Core
Threats Against the Internet
Threats from Within a Zone of Trust
Reconnaissance Attacks
Summary
Part II. Advanced MPLS VPN Security Issues
Chapter 3. MPLS Security Analysis
VPN Separation
Robustness Against Attacks
Hiding the Core Infrastructure
Protection Against Spoofing
Specific Inter-AS Considerations
Specific Carrier's Carrier Considerations
Security Issues Not Addressed by the MPLS Architecture
Comparison to ATM/FR Security
Summary
Footnotes
Chapter 4. Secure MPLS VPN Designs
Internet Access
Extranet Access
MPLS VPNs and Firewalling
Designing DoS-Resistant Networks
Inter-AS Recommendations and Traversing Multiple Provider Trust Model Issues
Carriers' Carrier
Layer 2 Security Considerations
Multicast VPN Security
Summary
Footnotes
Chapter 5. Security Recommendations
General Router Security
CE-Specific Router Security and Topology Design Considerations
PE-Specific Router Security
PE Data Plane Security
PE-CE Connectivity Security Issues
P-Specific Router Security
Securing the Core
Routing Security
CE-PE Routing Security Best Practices
Internet Access
Sharing End-to-End Resources
LAN Security Issues
IPsec: CE to CE
MPLS over IP Operational Considerations: L2TPv3
Securing Core and Routing Check List
Summary
Part III. Practical Guidelines to MPLS VPN Security
Chapter 6. How IPsec Complements MPLS
IPsec Overview
Location of the IPsec Termination Points
Deploying IPsec on MPLS
Using Other Encryption Techniques
Summary
Chapter 7. Security of MPLS Layer 2 VPNs
Generic Layer 2 Security Considerations
C2 Ethernet Topologies
C3 VPLS Overview
C4 VPWS Overview
C5 VPLS and VPWS Service Summary and Metro Ethernet Architecture Overview
C6 VPLS and VPWS Security Overview
Customer Edge
Summary
Chapter 8. Secure Operation and Maintenance of an MPLS Core
Management Network Security
Securely Managing CE Devices
Securely Managing the Core Network
Summary
Part IV. Case Studies and Appendixes
Chapter 9. Case Studies
Internet Access
Multi-Lite VRF Mechanisms
Layer 2 LAN Access
Summary
Appendix A. Detailed Configuration Example for a PE
Appendix B. Reference List
Cisco Press Books
IETF
ITU-T
Index
< Day Day Up >
