A Comprehensive Guide to Virtual Private Networks, Volume III: Cross-Platform Key and Policy Management

This redbook closely examines the functionality of the Internet Key Exchange protocol (IKE) - which is derived from the Internet Security Associations Key Management Protocol (ISAKMP) and the Oakley protocol. IKE provides a framework and key exchange protocol for Virtual Private Networks (VPN) that are based on the IP Security Architecture (IPSec) protocols. An overview of VPN technologies based on the latest standards is provided in Part I.

This redbook also helps you understand, install and configure the most current VPN product implementations from IBM, in particular AIX, OS/400, Nways routers, OS/390, and several client and OEM platforms. After reading this redbook, you will be able to use those products to implement different VPN scenarios. An overview of the functions and configuration of the VPN components of those products is provided in Part II.

The main focus of this redbook is on how to implement complete VPN solutions using state-of-the-art VPN technlogoies, and to document IBM product interoperability. This redbook is therefore not meant to be an exhaustive VPN design guide. The authors would like to refer the reader to IBM security and network consulting services for that purpose.

This redbook is a follow-on to the VPN Vol. 1 (SG24-5201) and VPN Vol. 2 (SG24-5234) redbooks. A basic understanding of IP security and cryptographic concepts and network security policies is assumed.

Click to Download

A Comprehensive Guide to Virtual Private Networks, Volume II: IBM Nways Router Solutions

The Internet nowadays is not only a popular vehicle to retrieve and exchange information in traditional ways, such as e-mail, file transfer and Web surfing. It is being used more and more by companies to replace their existing telecommunications infrastructure with virtual private networks by implementing secure IP tunnels across the Internet between corporate sites as well as to business partners and remote locations.

This updated redbook includes the IPSec enhancements provided by Version 3.3 of the IBM Nways Multiprotocol Routing Services (MRS), Nways Multiprotocol Access Services (MAS) and Access Integration Services (AIS) that implement the Internet Key Exchange (IKE) protocol. This redbook also includes other new features, such as the policy engine, digital certificate and LDAP support, and QoS. The VPN scenarios are enhanced to reflect the latest implementation of IPSec and L2-tunneling functionality.

In this redbook we delve further into these scenarios by showing you how to implement solutions that exploit Data Link Switching (DLSw), IP Bridging Tunnels, Enterprise Extender (HPR over IP), APPN DLUR, TN3270, and Tunneling on layer 2 (L2TP, L2F, PPTP) through an IPSec tunnel.

A working knowledge of the IPSec protocols is assumed.

Click to Download

Designing A Wireless Network

By Jeffrey Wheat, Randy Hiser, Jackie Tucker, Alicia Neely and Andy McCullough

Understand How Wireless Communication Works

• Step-by-Step Instructions for Designing a Wireless Project from Inception to Completion
• Everything You Need to Know about Bluetooth,LMDS, 802.11, and Other Popular Standards
• Complete Coverage of Fixed Wireless,Mobile Wireless, and Optical
  Wireless Technology

Introduction

You’ve been on an extended business trip and have spent the long hours of the flight drafting follow-up notes from your trip while connected to the airline’s onboard server. After deplaning, you walk through the gate and continue into the designated public access area. Instantly, your personal area network (PAN) device, which is clipped to your belt, beeps twice announcing that it automatically has retrieved your e-mail, voicemail, and videomail.You stop to view the videomail—a finance meeting—and also excerpts from your children’s school play.

Meanwhile, when you first walked into the public access area, your personal area network device contacted home via the Web pad on your refrigerator and posted a message to alert the family of your arrival.Your spouse will know you’ll be home from the airport shortly.

You check the shuttlebus schedule from your PAN device and catch the next convenient ride to long-term parking.You also see an e-mail from your MP3 group showing the latest selections, so you download the latest MP3 play list to listen to on the way home.

As you pass through another public access area, an e-mail comes in from your spouse.The Web pad for the refrigerator inventory has noted that you’re out of milk, so could you pick some up on the way home? You write your spouse back and say you will stop at the store.When you get to the car, you plug your PAN device into the car stereo input port.With new music playing from your car stereo’s MP3 player, you drive home, with a slight detour to buy milk at the nearest store that the car’s navigation system can find.

The minute you arrive home, your PAN device is at work, downloading information to various devices.The data stored on your PAN device is sent to your personal computer (PC) and your voicemail is sent to the Bluetooth playback unit on the telephone-answering device.The PAN device sends all video to the television, stored as personal files for playback. As you place the milk in the refrigerator, the Web pad updates to show that milk is currently in inventory and is no longer needed.The kids bring you the television remote and you check out possible movies
together to download later that night.

Click to Download

Designing a Wireless Network

Networking with z/OS and Cisco Routers: An Interoperability Guide

The increased popularity of Cisco routers has led to their ubiquitous presence within the network infrastructure of many enterprises. In such large corporations, it is also common for many applications to execute on the z/OS (formerly OS/390) platform. As a result, the interoperation of z/OS-based systems and Cisco network infrastructures is a crucial aspect of many enterprise internetworks.

This IBM Redbook provides a survey of the components necessary to achieve full interoperation between your z/OS-based servers and your Cisco IP routing environment. It may be used as a network design guide for understanding the considerations of the many aspects of interoperation. We divide this discussion into four major components:

• The options and configuration of channel-attached Cisco routers
• The design considerations for combining OSPF-based z/OS systems with Cisco-based EIGRP networks
• A methodology for deploying Quality of Service policies throughout the network
• The implementation of load balancing and high availability using Sysplex Distributor and MNLB (including new z/OS V1R2 support)

We highlight our discussion with a realistic implementation scenario and real configurations that will aid you in the deployment of these solutions. In addition, we provide in-depth discussions, traces, and traffic visualizations to show the technology at work.

Click to Download

Networking Fundamentals, v4.0

Networks are an interconnection of computers. These computers can be linked together using a wide variety of different cabling types, and for a wide variety of different purposes.

The basis reasons why computers are networked are

• to share resources (files, printers, modems, fax machines)
• to share application software (MS Office)
• increase productivity (make it easier to share data amongst users)

Take for example a typical office scenario where a number of users in a small business require access to common information. As long as all user computers are connected via a network, they can share their files, exchange mail, schedule meetings, send faxes and print documents all from any point of the network.

It would not be necessary for users to transfer files via electronic mail or floppy disk, rather, each user could access all the information they require, thus leading to less wasted time and hence greater productivity.

Imagine the benefits of a user being able to directly fax the Word document they are working on, rather than print it out, then feed it into the fax machine, dial the number etc.

Small networks are often called Local Area Networks [LAN]. A LAN is a network allowing easy access to other computers or peripherals. The typical characteristics of a LAN are,

• physically limited ( less than 2km)
• high bandwidth (greater than 1mbps)
• inexpensive cable media (coax or twisted pair)
• data and hardware sharing between users
• owned by the user

Click to Read More about networking

Wireless Network Security 802.11, Bluetooth and Handheld Devices

By Tom Karygiannis and Les Owens

Wireless communications offer organizations and users many benefits such as portability and flexibility, increased productivity, and lower installation costs. Wireless technologies cover a broad range of differing capabilities oriented toward different uses and needs. Wireless local area network (WLAN) devices, for instance, allow users to move their laptops from place to place within their offices without the need for wires and without losing network connectivity. Less wiring means greater flexibility, increased efficiency, and reduced wiring costs. Ad hoc networks, such as those enabled by Bluetooth, allow data synchronization with network systems and application sharing between devices. Bluetooth functionality also eliminates cables for printer and other peripheral device connections. Handheld devices such as personal digital assistants (PDA) and cell phones allow remote users to synchronize personal databases and provide access to network services such as wireless e-mail, Web browsing, and Internet access. Moreover, these technologies can offer dramatic cost savings and new capabilities to diverse applications ranging from retail settings to manufacturing shop floors to first responders.

However, risks are inherent in any wireless technology. Some of these risks are similar to those of wired networks; some are exacerbated by wireless connectivity; some are new. Perhaps the most significant source of risks in wireless networks is that the technology’s underlying communications medium, the airwave, is open to intruders, making it the logical equivalent of an Ethernet port in the parking lot.

The loss of confidentiality and integrity and the threat of denial of service (DoS) attacks are risks typically associated with wireless communications. Unauthorized users may gain access to agency systems and information, corrupt the agency’s data, consume network bandwidth, degrade network performance, launch attacks that prevent authorized users from accessing the network, or use agency resources to launch attacks on other networks.

Click to Download

A Beginner’s Guide to Network Security

An Introduction to the Key Security Issues for the E-Business Economy
With the explosion of the public Internet and e-commerce, private computers, and computer networks, if not adequately secured, are increasingly vulnerable to damaging attacks. Hackers, viruses, vindictive employees and even human error all represent clear and present dangers to networks. And all computer users, from the most casual Internet surfers to large enterprises, could be affected by network security breaches. However, security breaches can often be easily prevented. How? This guide provides you with a general overview of the most common network security threats and the steps you and your organization can take to protect yourselves from threats and ensure that the data traveling across your networks is safe.

Importance of Security
The Internet has undoubtedly become the largest public data network, enabling and facilitating both personal and business communications worldwide. The volume of traffic moving over the Internet, as well as corporate networks, is expanding exponentially every day. More and more communication is taking place via e-mail; mobile workers, telecommuters, and branch offices are using the Internet to remotely connect to their corporate networks; and commercial transactions completed over the Internet, via the World Wide Web, now account for large portions of corporate revenue.

Click to Download