Introduction

There is a revolution going on in enterprise networking. Until very recently, enterprises that needed to link computers in geographically dispersed locations had to build their own wide area networks (WANs). Usually this meant renting expensive and, by today's Internet standard, relatively slow frame relay circuits. A typical 56 Kb/s circuit could cost several hundred, or even over a thousand, dollars a month.

Today, the typical home computer user enjoys a broadband Internet connection having a 5 Mb/s download speed for a cost of about $40 per month. Commercial variants of this service, offering higher speeds and other amenities, are available for between $100 and $200 per month. Obviously, this significant increase in speed and decrease in cost represent a tremendous opportunity for enterprises, but they do introduce new problems.

The Internet is an open environment and, compared to leased lines, dreadfully insecure. Increases in bandwidth and decreases in cost are worthless if they mean that an enterprise's vital data can be intercepted by competitors, or that financial transactions are subject to manipulation by outsiders. This book discusses ways to overcome these problems by recreating the security of leased lines in a public medium such as the Internet.

The fundamental mechanism that allows us to have secure communications in the Internet is the notion of a tunnel. As we'll see, tunnels are a way of overlaying a logical or virtual network on top of a physical network. Once we have such a tunnel, we can secure it by encrypting and authenticating the network traffic that flows through it, thus recreating the security of private leased lines.

Of course, this simple description hides a substantial set of details and problems. We'll see that it's actually quite difficult to endow such tunnels with robust security. Much of the book is concerned with exploring solutions to these problems, and seeing why the successful solutions work and where the unsuccessful ones fail.