1.6. Road Map

The book comprises three parts: background material (Part 1), a discussion of tunneling and VPN technology (Part 2), and a discussion of IPsec (Part 3). Each part depends to some extent on the material in previous parts, but readers with the appropriate background can read them independently. In particular, readers who are interested only in IPsec can skip directly to Part 3, and use the other two parts to fill in any gaps in their backgrounds as needed.

Background Material

Part 1 provides background material that allows the text to be mostly self-contained. Chapter 2 is a review of the core TCP/IP protocols. It pays particular attention to the notion of encapsulation, an idea that is a central concept in the text. The chapter also has brief discussions of NAT, PPP, and routing.

Chapter 3 is a primer on basic modern cryptography. This chapter covers block and stream symmetric ciphers, such as DES, 3DES, AES, and RC4, and the asymmetric ciphers, such as RSA and ElGamal, which form the basis for public key cryptography.

Next, the chapter discusses message authentication codes, a sort of cryptographic checksum, that can detect tampering with a message by a third party. Particular attention is paid to the class of authentication codes called HMACs.

Finally, the chapter briefly discusses digital signatures and certificates. These ideas play an important role in many of the authentication protocols that we will study.

Chapter 4 focuses on tunnels and tunneling technology. After defining a tunnel as a way of providing a virtual network on top of a real network through encapsulation, the chapter discusses several examples of tunnels and how they are used to solve various networking problems. These tunnels are explored in depth; the chapter examines both their message formats and their on-the-wire behavior.

The chapter concludes with a discussion of gtunnel, a generalized mechanism that allows users to build tunnels with a user-space program. Several VPN technologies use the ideas in gtunnel to build their tunnels.

Tunnels and VPNs

Part 2 focuses on using the tunneling technology from Chapter 4 to build VPNS. Chapter 5 reexamines two of the tunnels from Chapter 4 and observes how encryption is added to the tunnels to make rudimentary VPNs.

Chapter 6 studies the SSL protocol and how it can provide a VPNor at least VPN-like functionalityat the application layer. Although some authorities object to calling SSL a tunneling or VPN technology, we'll see that it can, in fact, be used to build real network-to-network VPNs. Later chapters discuss how the SSL protocol is used in some VPN technologies to provide end-node authentication and key-management functions.

Chapter 7 discusses the two SSH protocols and how they are used as drop-in replacements for telnet, ftp, and the BSD r-commands. Like SSL, SSH operates at the application layer, but can nonetheless be used to build true network-to-network VPNs.

Chapter 8 concludes Part 2 with a discussion of several lightweight VPNsVTun, CIPE, tinc, and Open VPNand examines their strengths and weaknesses. In all but one case, these VPNs are implemented in user space, and so make use of the gtunnel-like capabilities that are examined in Chapter 4.

This chapter is particularly revealing because it exposes many of the security problems that a VPN designer must consider. The four VPNs vary greatly in their security and robustness, and these differences highlight common mistakes in implementing secure software.

IPsec

Part 3 is a detailed examination of IPsec, the IETF standard VPN technology. IPsec operates at the network layer and is thus largely indifferent to the type of traffic it is carrying. IPsec is transparent to applications; they are not aware of its existence.

Chapter 9 provides a brief introduction and road map. Chapter 10 discusses the IPsec architecture: the protocols, modes, and databases that make up the IPsec suite. Each of the following three chapters discusses one of the three protocols that make up IPsec.

Chapter 11 discusses the Authentication Header (AH) protocol and how it provides data origin authentication, message integrity, and protection from replay attacks. The algorithms used to provide replay protection receive detailed attention, as do the two modes of AH encapsulation. Chapter 12 examines the Encapsulating Security Payload (ESP) protocol, which can provide the essentially identical services that AH does, as well as privacy through encryption. Thus although third parties can read but not tamper with messages protected by AH, they can neither read nor tamper with messages protected by ESP. As with AH, the two encapsulation modes receive careful examination.

The Internet Key Exchange (IKE) protocol is the third IPsec protocol. This key-management protocol is examined in Chapter 13. By far the most complicated of the three protocols, IKE is largely responsible for IPsec's reputation as a complicated and difficult protocol. The chapter examines how IKE negotiates security associations between peers, and how it derives the keys used by AH, ESP, and IKE to secure their communications.

Part 3 ends with Chapter 14, which discusses the near-term future of IPsec. First, the chapter examines the new versions of AH, ESP, and IKE that are currently under IETF development. Then it discusses the recently standardized NAT traversal mechanisms that provide IPsec and NAT with some degree of interoperability.