June 2005
Intermediate to advanced
312 pages
11h 13m
English
Overview
A practical guide to hardening MPLS networks
Define "zones of trust" for your MPLS VPN environment
Understand fundamental security principles and how MPLS VPNs work
Build an MPLS VPN threat model that defines attack points, such as VPN separation, VPN spoofing, DoS against the network’s backbone, misconfigurations, sniffing, and inside attack forms
Identify VPN security requirements, including robustness against attacks, hiding of the core infrastructure, protection against spoofing, and ATM/Frame Relay security comparisons
Interpret complex architectures such as extranet access with recommendations of Inter-AS, carrier-supporting carriers, Layer 2 security considerations, and multiple provider trust model issues
Operate and maintain a secure MPLS core with industry best practices
Integrate IPsec into your MPLS VPN for extra security in encryption and data origin verification
Build VPNs by interconnecting Layer 2 networks with new available architectures such as virtual private wire service (VPWS) and virtual private LAN service (VPLS)
Protect your core network from attack by considering Operations, Administration, and Management (OAM) and MPLS backbone security incidents
Multiprotocol Label Switching (MPLS) is becoming a widely deployed technology, specifically for providing virtual private network (VPN) services. Security is a major concern for companies migrating to MPLS VPNs from existing VPN technologies such as ATM. Organizations deploying MPLS VPNs need security best practices for protecting their networks, specifically for the more complex deployment models such as inter-provider networks and Internet provisioning on the network.
MPLS VPN Security is the first book to address the security features of MPLS VPN networks and to show you how to harden and securely operate an MPLS network. Divided into four parts, the book begins with an overview of security and VPN technology. A chapter on threats and attack points provides a foundation for the discussion in later chapters. Part II addresses overall security from various perspectives, including architectural, design, and operation components. Part III provides practical guidelines for implementing MPLS VPN security. Part IV presents real-world case studies that encompass details from all the previous chapters to provide examples of overall secure solutions.
Drawing upon the authors’ considerable experience in attack mitigation and infrastructure security, MPLS VPN Security is your practical guide to understanding how to effectively secure communications in an MPLS environment.
"The authors of this book, Michael Behringer and Monique Morrow, have a deep and rich understanding of security issues, such as denial-of-service attack prevention and infrastructure protection from network vulnerabilities. They offer a very practical perspective on the deployment scenarios, thereby demystifying a complex topic. I hope you enjoy their insights into the design of self-defending networks."
—Jayshree V. Ullal, Senior VP/GM Security Technology Group, Cisco Systems®
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.