142,50 €*
Versandkostenfrei per Post / DHL
Aktuell nicht verfügbar
The thoroughly revised second edition of IP Address Management is the definitive reference for working with core IP management technologies, like address allocation, assignment, and network navigation via DNS. Accomplished professionals and authors Timothy Rooney and Michael Dooley offer readers coverage of recent IPAM developments in the world of cloud computing, Internet of Things (IoT), and security, as well as a comprehensive treatment of foundational concepts in IPAM.
The new edition addresses the way that IPAM needs and methods have evolved since the publication of the first edition. The book covers the impact of mainstream use of private and public cloud services, the maturation of IPv6 implementations, new DNS security approaches, and the proliferation of IoT devices. The authors have also reorganized the flow of the book, with much of the technical reference material appearing at the end and making for a smoother and simpler reading experience.
The 2nd edition of IP Address Management also covers topics like such as:
* Discussions about the fundamentals of Internet Protocol Address Management (IPAM), including IP addressing, address allocation and assignment, DHCP, and DNS
* An examination of IPAM practices, including core processes and tasks, deployment strategies, IPAM security best-practices, and DNS security approaches
* A treatment of IPAM in the modern context, including how to adapt to cloud computing, the Internet of Things, IPv6, and new trends in IPAM
* A one-stop reference for IPAM topics, including IP addressing, DHCP, DNS, IPv6, and DNS security
Perfect for IP network engineers and managers, network planners, network architects, and security engineers, the second edition of IP Address Management also belongs on the bookshelves of senior undergraduate and graduate students studying in networking, information technology, and computer security-related courses and programs.
The thoroughly revised second edition of IP Address Management is the definitive reference for working with core IP management technologies, like address allocation, assignment, and network navigation via DNS. Accomplished professionals and authors Timothy Rooney and Michael Dooley offer readers coverage of recent IPAM developments in the world of cloud computing, Internet of Things (IoT), and security, as well as a comprehensive treatment of foundational concepts in IPAM.
The new edition addresses the way that IPAM needs and methods have evolved since the publication of the first edition. The book covers the impact of mainstream use of private and public cloud services, the maturation of IPv6 implementations, new DNS security approaches, and the proliferation of IoT devices. The authors have also reorganized the flow of the book, with much of the technical reference material appearing at the end and making for a smoother and simpler reading experience.
The 2nd edition of IP Address Management also covers topics like such as:
* Discussions about the fundamentals of Internet Protocol Address Management (IPAM), including IP addressing, address allocation and assignment, DHCP, and DNS
* An examination of IPAM practices, including core processes and tasks, deployment strategies, IPAM security best-practices, and DNS security approaches
* A treatment of IPAM in the modern context, including how to adapt to cloud computing, the Internet of Things, IPv6, and new trends in IPAM
* A one-stop reference for IPAM topics, including IP addressing, DHCP, DNS, IPv6, and DNS security
Perfect for IP network engineers and managers, network planners, network architects, and security engineers, the second edition of IP Address Management also belongs on the bookshelves of senior undergraduate and graduate students studying in networking, information technology, and computer security-related courses and programs.
Michael Dooley is Vice President of Operations for BT Diamond IP division. He has over 20 years of experience managing and developing enterprise-scale software products. His professional expertise includes IP addressing, DHCP, and DNS. He is co-author of IPv6 Deployment and Management and DNS Security Management.
Timothy Rooney is the Product Manager for BT Diamond IP product development and has led the market introduction of NetControl, IPControl, Sapphire Appliances, and ImageControl, four next-gen IP management systems. He is co-author of Introduction to IP Address Management, IP Address Management Principles and Practice, IPv6 Deployment and Management, and DNS Security Management.
Preface xix
Acknowledgments xxiii
About the Authors xxv
Part I IPAM Introduction 1
1 Introduction 3
IP Networking Overview 3
IP Routing 6
IP Addresses 7
Protocol Layering 12
OSI and TCP/IP Layers 14
TCP/UDP Ports 15
Intra-Link Communications 15
Are We on the Same Link? 17
Limiting Broadcast Domains 18
Interlink Communications 19
Worldwide IP Communications 20
Dynamic Routing 22
Routers and Subnets 24
Assigning IP addresses 25
The Human Element 26
Why Manage IP Space? 26
Basic IPAM Approaches 27
Early History 27
Today's IP Networks and IP Management Challenges 28
2 IP Addressing 31
Internet Protocol History 31
The Internet Protocol, Take 1 32
Class-Based Addressing 32
Internet Growing Pains 35
Private Address Space 38
Classless Addressing 40
Special Use IPv4 Addresses 40
The Internet Protocol, Take 2 41
IPv6 Address Types and Structure 42
IPv6 Address Notation 43
Address Structure 45
IPv6 Address Allocations 46
2000::/3 - Global Unicast Address Space 47
fc00::/7 - Unique Local Address Space 47
fe80::/10 - Link Local Address Space 47
ff00::/8 - Multicast Address Space 48
Special Use IPv6 Addresses 48
IPv4-IPv6 Coexistence 49
3 IP Address Assignment 51
Address Planning 51
Regional Internet Registries 51
RIR Address Allocation 53
Address Allocation Efficiency 54
Multi-Homing and IP Address Space 55
Endpoint Address Allocation 58
Server-based Address Allocation Using DHCP 58
DHCP Servers and Address Assignment 61
Device Identification by Class 62
DHCP Options 62
DHCP for IPv6 (DHCPv6) 62
DHCP Comparison IPv4 vs. IPv6 63
DHCPv6 Address Assignment 64
DHCPv6 Prefix Delegation 65
Device Unique Identifiers (DUIDs) 66
Identity Associations (IAs) 66
DHCPv6 Options 67
IPv6 Address Autoconfiguration 67
Neighbor Discovery 68
Modified EUI-64 Interface Identifiers 69
Opaque Interface IDs 69
Reserved Interface IDs 72
Duplicate Address Detection (DAD) 72
4 Navigating the Internet with DNS 75
Domain Hierarchy 75
Name Resolution 76
Resource Records 80
Zones and Domains 81
Dissemination of Zone Information 83
Reverse Domains 84
IPv6 Reverse Domains 89
Additional Zones 91
Root Hints 91
Localhost Zones 92
DNS Update 92
5 IPAM Technology Applications 93
DHCP Applications 93
Device Type Specific Configuration 94
Broadband Subscriber Provisioning 95
Related Lease Assignment or Limitation Applications 101
Pre-Boot Execution Environment (PXE) clients 102
PPP/RADIUS Environments 103
Mobile IP 104
Popular DNS Applications 105
Host Name and IP Address Resolution 106
A - IPv4 Address Record 107
AAAA - IPv6 address record 107
PTR - Pointer Record 107
Alias Host Name Resolutions 108
CNAME - Canonical Name Record 108
Network Services Location 108
SRV - Services Location Record 109
Textual Information Lookup 110
TXT - Text Record 110
Many More Applications 110
Part II IPAM Mechanics 111
6 IP Management Core Tasks 113
IPAM Is Foundational 113
Impacts of Inadequate IPAM Practice 114
IPAM Is Core to Network Management 115
FCAPS Summary 116
Configuration Management 117
Address Allocation Considerations 118
Address Allocation Tasks 120
IP Address Assignment 133
Address Deletion Tasks 135
Address Renumbering or Movement Tasks 136
Network Services Configuration 140
Fault Management 143
Monitoring and Fault Detection 143
Troubleshooting and Fault Resolution 144
Accounting Management 147
Inventory Assurance 147
Performance Management 151
Services Monitoring 151
Address Capacity Management 152
Auditing and Reporting 152
Security Management 153
ITIL® Process Mappings 153
ITIL Practice Areas 154
Conclusion 162
7 IPv6 Deployment 163
IPv6 Deployment Process Overview 164
IPv6
Address Plan Objectives 165
IPv6 Address Plan Examples 166
Case 1 166
Observations 168
Case 2 169
Observations 169
General IPv6 Address Plan Guidelines 170
ULA Considerations 171
Renumbering Impacts 172
IPv4-IPv6 Coexistence Technologies 173
Dual Stack Approach 173
Dual Stack Deployment 174
DNS Considerations 174
DHCP Considerations 175
Tunneling Approaches 176
Tunneling Scenarios for IPv6 Packets over IPv4 Networks 176
Dual-Stack Lite 177
Lightweight 4over6 181
Mapping of Address and Port with Encapsulation (MAP-E) 181
Additional Tunneling Approaches 183
Translation Approaches 184
IP/ICMP Translation 185
Address Translation 186
Packet Fragmentation Considerations 187
IP Header Translation Algorithm 188
Bump in the Host (BIH) 189
Network Address Translation for IPv6-IPv4 (NAT64) 192
NAT64 and DNS64 193
464XLAT 195
Mapping of Address and Port with Translation (MAP-T) 195
Other Translation Techniques 196
Planning Your IPv6 Deployment Process 197
8 IPAM for the Internet of Things 201
IoT Architectures 201
6LoWPAN 203
Summary 209
9 IPAM in the Cloud 211
IPAM VNFs 212
Cloud IPAM Concepts 212
IP Initialization Process 212
IP Initialization Implementation 213
DHCP Method 214
Private Cloud Static Method 216
Public Cloud Static Method 218
Cloud Automation with APIs 218
Multi-Cloud IPAM 220
Private Cloud Automation 221
Public Cloud Automation 223
IPAM Automation Benefits 223
Unifying IPAM Automation 224
Streamlined Subnet Allocation Workflow 226
Workflow Realization 230
Tips for Defining Workflows 233
Automation Scenarios 234
Intra-IPAM Automation 234
DHCP Server Configuration 235
DNS Server Configuration 236
Subnet Assignment 236
IP Address Assignment Request 236
Extra-IPAM Workflow Examples 237
Regional Internet Registry Reporting 237
Router Configuration Provisioning 238
Customer Provisioning 238
Asset Inventory Integration 238
Trouble Ticket Creation 239
Summary 239
Part III IPAM and Security 241
10 IPAM Services Security 243
Securing DHCP 244
DHCP Service Availability 244
DHCP Server/OS Attacks 244
DHCP Server/OS Attack Mitigation 245
DHCP Service Threats 245
DHCP Threat Mitigation 246
DHCP Authentication and Encryption 247
DNS Infrastructure Risks and Attacks 248
DNS Service Availability 249
DNS Server/OS Attacks 249
DNS Server/OS Attack Mitigation 250
DNS Service Denial 250
Distributed Denial of Service 251
Bogus Domain Queries 251
Pseudorandom Subdomain Attacks 252
Denial of Service Mitigation 253
Reflector Style Attacks 253
Reflector Attack Mitigation 254
Authoritative Poisoning 254
Authoritative Poisoning Mitigation 255
Resolver Redirection Attacks 256
Resolver Attack Defenses 256
Securing DNS Transactions 257
Cache Poisoning Style Attacks 257
Cache Poisoning Mitigation 259
DNSSEC Overview 259
The DNSSEC Resolution Process 260
Negative Trust Anchors 262
DNSSEC Deployment 263
Last Mile Protection 264
DNS Cookies 264
DNS Encryption 264
DNS Over TLS (DoT) 264
DNS Over HTTPS (DoH) 265
Encryption Beyond the Last Mile 267
11 IPAM and Network Security 269
Securing Network Access 269
Discriminatory Address Assignment with DHCP 269
DHCP Lease Query 274
Alternative Access Control Approaches 275
Layer 2 Switch Alerting 275
802.1X 276
Securing the Network Using IPAM 277
IP-Based Security Policies (ACLs, etc.) 277
Malware Detection Using DNS 277
Malware Proliferation Techniques 278
Phishing 279
Spear Phishing 279
Software Downloads 279
File Sharing 279
Email Attachments 280
Watering Hole Attack 280
Replication 280
Brute Force 280
Malware Examples 280
Malware Mitigation 281
DNS Firewall 282
DNS Firewall Policy Precedence 284
Logging Configuration 285
Other Attacks that Leverage DNS 285
Network Reconnaissance 285
Network Reconnaissance Defenses 286
DNS Rebinding Attack 287
Data Exfiltration 287
Data Exfiltration Mitigation 287
DNS as Data Transport (Tunneling) 288
Advanced Persistent Threats 289
Advanced Persistent Threats Mitigation 290
12 IPAM and Your Internet Presence 291
IP Address Space Integrity 291
Publicizing
Your Public Namespace 292
Domain Registries and Registrars 292
DNS Hosting Providers 294
Signing Your Public Namespace 295
DNSSEC Zone Signing 295
Key Rollover 296
Prepublish Rollover 297
Dual Signature Rollover 298
Algorithm Rollover 299
Key Security 301
Enhancing Internet Application Encryption...
| Erscheinungsjahr: | 2021 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Importe, Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| Inhalt: | 640 S. |
| ISBN-13: | 9781119692270 |
| ISBN-10: | 111969227X |
| Sprache: | Englisch |
| Einband: | Gebunden |
| Autor: |
Rooney, Timothy
Dooley, Michael |
| Auflage: | 2nd edition |
| Hersteller: | Wiley |
| Maße: | 235 x 157 x 38 mm |
| Von/Mit: | Timothy Rooney (u. a.) |
| Erscheinungsdatum: | 13.01.2021 |
| Gewicht: | 1,06 kg |
Michael Dooley is Vice President of Operations for BT Diamond IP division. He has over 20 years of experience managing and developing enterprise-scale software products. His professional expertise includes IP addressing, DHCP, and DNS. He is co-author of IPv6 Deployment and Management and DNS Security Management.
Timothy Rooney is the Product Manager for BT Diamond IP product development and has led the market introduction of NetControl, IPControl, Sapphire Appliances, and ImageControl, four next-gen IP management systems. He is co-author of Introduction to IP Address Management, IP Address Management Principles and Practice, IPv6 Deployment and Management, and DNS Security Management.
Preface xix
Acknowledgments xxiii
About the Authors xxv
Part I IPAM Introduction 1
1 Introduction 3
IP Networking Overview 3
IP Routing 6
IP Addresses 7
Protocol Layering 12
OSI and TCP/IP Layers 14
TCP/UDP Ports 15
Intra-Link Communications 15
Are We on the Same Link? 17
Limiting Broadcast Domains 18
Interlink Communications 19
Worldwide IP Communications 20
Dynamic Routing 22
Routers and Subnets 24
Assigning IP addresses 25
The Human Element 26
Why Manage IP Space? 26
Basic IPAM Approaches 27
Early History 27
Today's IP Networks and IP Management Challenges 28
2 IP Addressing 31
Internet Protocol History 31
The Internet Protocol, Take 1 32
Class-Based Addressing 32
Internet Growing Pains 35
Private Address Space 38
Classless Addressing 40
Special Use IPv4 Addresses 40
The Internet Protocol, Take 2 41
IPv6 Address Types and Structure 42
IPv6 Address Notation 43
Address Structure 45
IPv6 Address Allocations 46
2000::/3 - Global Unicast Address Space 47
fc00::/7 - Unique Local Address Space 47
fe80::/10 - Link Local Address Space 47
ff00::/8 - Multicast Address Space 48
Special Use IPv6 Addresses 48
IPv4-IPv6 Coexistence 49
3 IP Address Assignment 51
Address Planning 51
Regional Internet Registries 51
RIR Address Allocation 53
Address Allocation Efficiency 54
Multi-Homing and IP Address Space 55
Endpoint Address Allocation 58
Server-based Address Allocation Using DHCP 58
DHCP Servers and Address Assignment 61
Device Identification by Class 62
DHCP Options 62
DHCP for IPv6 (DHCPv6) 62
DHCP Comparison IPv4 vs. IPv6 63
DHCPv6 Address Assignment 64
DHCPv6 Prefix Delegation 65
Device Unique Identifiers (DUIDs) 66
Identity Associations (IAs) 66
DHCPv6 Options 67
IPv6 Address Autoconfiguration 67
Neighbor Discovery 68
Modified EUI-64 Interface Identifiers 69
Opaque Interface IDs 69
Reserved Interface IDs 72
Duplicate Address Detection (DAD) 72
4 Navigating the Internet with DNS 75
Domain Hierarchy 75
Name Resolution 76
Resource Records 80
Zones and Domains 81
Dissemination of Zone Information 83
Reverse Domains 84
IPv6 Reverse Domains 89
Additional Zones 91
Root Hints 91
Localhost Zones 92
DNS Update 92
5 IPAM Technology Applications 93
DHCP Applications 93
Device Type Specific Configuration 94
Broadband Subscriber Provisioning 95
Related Lease Assignment or Limitation Applications 101
Pre-Boot Execution Environment (PXE) clients 102
PPP/RADIUS Environments 103
Mobile IP 104
Popular DNS Applications 105
Host Name and IP Address Resolution 106
A - IPv4 Address Record 107
AAAA - IPv6 address record 107
PTR - Pointer Record 107
Alias Host Name Resolutions 108
CNAME - Canonical Name Record 108
Network Services Location 108
SRV - Services Location Record 109
Textual Information Lookup 110
TXT - Text Record 110
Many More Applications 110
Part II IPAM Mechanics 111
6 IP Management Core Tasks 113
IPAM Is Foundational 113
Impacts of Inadequate IPAM Practice 114
IPAM Is Core to Network Management 115
FCAPS Summary 116
Configuration Management 117
Address Allocation Considerations 118
Address Allocation Tasks 120
IP Address Assignment 133
Address Deletion Tasks 135
Address Renumbering or Movement Tasks 136
Network Services Configuration 140
Fault Management 143
Monitoring and Fault Detection 143
Troubleshooting and Fault Resolution 144
Accounting Management 147
Inventory Assurance 147
Performance Management 151
Services Monitoring 151
Address Capacity Management 152
Auditing and Reporting 152
Security Management 153
ITIL® Process Mappings 153
ITIL Practice Areas 154
Conclusion 162
7 IPv6 Deployment 163
IPv6 Deployment Process Overview 164
IPv6
Address Plan Objectives 165
IPv6 Address Plan Examples 166
Case 1 166
Observations 168
Case 2 169
Observations 169
General IPv6 Address Plan Guidelines 170
ULA Considerations 171
Renumbering Impacts 172
IPv4-IPv6 Coexistence Technologies 173
Dual Stack Approach 173
Dual Stack Deployment 174
DNS Considerations 174
DHCP Considerations 175
Tunneling Approaches 176
Tunneling Scenarios for IPv6 Packets over IPv4 Networks 176
Dual-Stack Lite 177
Lightweight 4over6 181
Mapping of Address and Port with Encapsulation (MAP-E) 181
Additional Tunneling Approaches 183
Translation Approaches 184
IP/ICMP Translation 185
Address Translation 186
Packet Fragmentation Considerations 187
IP Header Translation Algorithm 188
Bump in the Host (BIH) 189
Network Address Translation for IPv6-IPv4 (NAT64) 192
NAT64 and DNS64 193
464XLAT 195
Mapping of Address and Port with Translation (MAP-T) 195
Other Translation Techniques 196
Planning Your IPv6 Deployment Process 197
8 IPAM for the Internet of Things 201
IoT Architectures 201
6LoWPAN 203
Summary 209
9 IPAM in the Cloud 211
IPAM VNFs 212
Cloud IPAM Concepts 212
IP Initialization Process 212
IP Initialization Implementation 213
DHCP Method 214
Private Cloud Static Method 216
Public Cloud Static Method 218
Cloud Automation with APIs 218
Multi-Cloud IPAM 220
Private Cloud Automation 221
Public Cloud Automation 223
IPAM Automation Benefits 223
Unifying IPAM Automation 224
Streamlined Subnet Allocation Workflow 226
Workflow Realization 230
Tips for Defining Workflows 233
Automation Scenarios 234
Intra-IPAM Automation 234
DHCP Server Configuration 235
DNS Server Configuration 236
Subnet Assignment 236
IP Address Assignment Request 236
Extra-IPAM Workflow Examples 237
Regional Internet Registry Reporting 237
Router Configuration Provisioning 238
Customer Provisioning 238
Asset Inventory Integration 238
Trouble Ticket Creation 239
Summary 239
Part III IPAM and Security 241
10 IPAM Services Security 243
Securing DHCP 244
DHCP Service Availability 244
DHCP Server/OS Attacks 244
DHCP Server/OS Attack Mitigation 245
DHCP Service Threats 245
DHCP Threat Mitigation 246
DHCP Authentication and Encryption 247
DNS Infrastructure Risks and Attacks 248
DNS Service Availability 249
DNS Server/OS Attacks 249
DNS Server/OS Attack Mitigation 250
DNS Service Denial 250
Distributed Denial of Service 251
Bogus Domain Queries 251
Pseudorandom Subdomain Attacks 252
Denial of Service Mitigation 253
Reflector Style Attacks 253
Reflector Attack Mitigation 254
Authoritative Poisoning 254
Authoritative Poisoning Mitigation 255
Resolver Redirection Attacks 256
Resolver Attack Defenses 256
Securing DNS Transactions 257
Cache Poisoning Style Attacks 257
Cache Poisoning Mitigation 259
DNSSEC Overview 259
The DNSSEC Resolution Process 260
Negative Trust Anchors 262
DNSSEC Deployment 263
Last Mile Protection 264
DNS Cookies 264
DNS Encryption 264
DNS Over TLS (DoT) 264
DNS Over HTTPS (DoH) 265
Encryption Beyond the Last Mile 267
11 IPAM and Network Security 269
Securing Network Access 269
Discriminatory Address Assignment with DHCP 269
DHCP Lease Query 274
Alternative Access Control Approaches 275
Layer 2 Switch Alerting 275
802.1X 276
Securing the Network Using IPAM 277
IP-Based Security Policies (ACLs, etc.) 277
Malware Detection Using DNS 277
Malware Proliferation Techniques 278
Phishing 279
Spear Phishing 279
Software Downloads 279
File Sharing 279
Email Attachments 280
Watering Hole Attack 280
Replication 280
Brute Force 280
Malware Examples 280
Malware Mitigation 281
DNS Firewall 282
DNS Firewall Policy Precedence 284
Logging Configuration 285
Other Attacks that Leverage DNS 285
Network Reconnaissance 285
Network Reconnaissance Defenses 286
DNS Rebinding Attack 287
Data Exfiltration 287
Data Exfiltration Mitigation 287
DNS as Data Transport (Tunneling) 288
Advanced Persistent Threats 289
Advanced Persistent Threats Mitigation 290
12 IPAM and Your Internet Presence 291
IP Address Space Integrity 291
Publicizing
Your Public Namespace 292
Domain Registries and Registrars 292
DNS Hosting Providers 294
Signing Your Public Namespace 295
DNSSEC Zone Signing 295
Key Rollover 296
Prepublish Rollover 297
Dual Signature Rollover 298
Algorithm Rollover 299
Key Security 301
Enhancing Internet Application Encryption...
| Erscheinungsjahr: | 2021 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Importe, Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| Inhalt: | 640 S. |
| ISBN-13: | 9781119692270 |
| ISBN-10: | 111969227X |
| Sprache: | Englisch |
| Einband: | Gebunden |
| Autor: |
Rooney, Timothy
Dooley, Michael |
| Auflage: | 2nd edition |
| Hersteller: | Wiley |
| Maße: | 235 x 157 x 38 mm |
| Von/Mit: | Timothy Rooney (u. a.) |
| Erscheinungsdatum: | 13.01.2021 |
| Gewicht: | 1,06 kg |
Ähnliche Produkte
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Wochen
Lieferzeit 4-7 Werktage
Aktuell nicht verfügbar
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Werktage
Lieferzeit 4-7 Werktage