Dekorationsartikel gehören nicht zum Leistungsumfang.
Sprache:
Englisch
139,50 €*
Versandkostenfrei per Post / DHL
Aktuell nicht verfügbar
Kategorien:
Beschreibung
Rediscover fundamental and advanced topics in IPAM, DNS, DHCP and other core networking technologies with this updated one-stop reference
The thoroughly revised second edition of IP Address Management is the definitive reference for working with core IP management technologies, like address allocation, assignment, and network navigation via DNS. Accomplished professionals and authors Timothy Rooney and Michael Dooley offer readers coverage of recent IPAM developments in the world of cloud computing, Internet of Things (IoT), and security, as well as a comprehensive treatment of foundational concepts in IPAM.
The new edition addresses the way that IPAM needs and methods have evolved since the publication of the first edition. The book covers the impact of mainstream use of private and public cloud services, the maturation of IPv6 implementations, new DNS security approaches, and the proliferation of IoT devices. The authors have also reorganized the flow of the book, with much of the technical reference material appearing at the end and making for a smoother and simpler reading experience.
The 2nd edition of IP Address Management also covers topics like such as:
* Discussions about the fundamentals of Internet Protocol Address Management (IPAM), including IP addressing, address allocation and assignment, DHCP, and DNS
* An examination of IPAM practices, including core processes and tasks, deployment strategies, IPAM security best-practices, and DNS security approaches
* A treatment of IPAM in the modern context, including how to adapt to cloud computing, the Internet of Things, IPv6, and new trends in IPAM
* A one-stop reference for IPAM topics, including IP addressing, DHCP, DNS, IPv6, and DNS security
Perfect for IP network engineers and managers, network planners, network architects, and security engineers, the second edition of IP Address Management also belongs on the bookshelves of senior undergraduate and graduate students studying in networking, information technology, and computer security-related courses and programs.
The thoroughly revised second edition of IP Address Management is the definitive reference for working with core IP management technologies, like address allocation, assignment, and network navigation via DNS. Accomplished professionals and authors Timothy Rooney and Michael Dooley offer readers coverage of recent IPAM developments in the world of cloud computing, Internet of Things (IoT), and security, as well as a comprehensive treatment of foundational concepts in IPAM.
The new edition addresses the way that IPAM needs and methods have evolved since the publication of the first edition. The book covers the impact of mainstream use of private and public cloud services, the maturation of IPv6 implementations, new DNS security approaches, and the proliferation of IoT devices. The authors have also reorganized the flow of the book, with much of the technical reference material appearing at the end and making for a smoother and simpler reading experience.
The 2nd edition of IP Address Management also covers topics like such as:
* Discussions about the fundamentals of Internet Protocol Address Management (IPAM), including IP addressing, address allocation and assignment, DHCP, and DNS
* An examination of IPAM practices, including core processes and tasks, deployment strategies, IPAM security best-practices, and DNS security approaches
* A treatment of IPAM in the modern context, including how to adapt to cloud computing, the Internet of Things, IPv6, and new trends in IPAM
* A one-stop reference for IPAM topics, including IP addressing, DHCP, DNS, IPv6, and DNS security
Perfect for IP network engineers and managers, network planners, network architects, and security engineers, the second edition of IP Address Management also belongs on the bookshelves of senior undergraduate and graduate students studying in networking, information technology, and computer security-related courses and programs.
Rediscover fundamental and advanced topics in IPAM, DNS, DHCP and other core networking technologies with this updated one-stop reference
The thoroughly revised second edition of IP Address Management is the definitive reference for working with core IP management technologies, like address allocation, assignment, and network navigation via DNS. Accomplished professionals and authors Timothy Rooney and Michael Dooley offer readers coverage of recent IPAM developments in the world of cloud computing, Internet of Things (IoT), and security, as well as a comprehensive treatment of foundational concepts in IPAM.
The new edition addresses the way that IPAM needs and methods have evolved since the publication of the first edition. The book covers the impact of mainstream use of private and public cloud services, the maturation of IPv6 implementations, new DNS security approaches, and the proliferation of IoT devices. The authors have also reorganized the flow of the book, with much of the technical reference material appearing at the end and making for a smoother and simpler reading experience.
The 2nd edition of IP Address Management also covers topics like such as:
* Discussions about the fundamentals of Internet Protocol Address Management (IPAM), including IP addressing, address allocation and assignment, DHCP, and DNS
* An examination of IPAM practices, including core processes and tasks, deployment strategies, IPAM security best-practices, and DNS security approaches
* A treatment of IPAM in the modern context, including how to adapt to cloud computing, the Internet of Things, IPv6, and new trends in IPAM
* A one-stop reference for IPAM topics, including IP addressing, DHCP, DNS, IPv6, and DNS security
Perfect for IP network engineers and managers, network planners, network architects, and security engineers, the second edition of IP Address Management also belongs on the bookshelves of senior undergraduate and graduate students studying in networking, information technology, and computer security-related courses and programs.
The thoroughly revised second edition of IP Address Management is the definitive reference for working with core IP management technologies, like address allocation, assignment, and network navigation via DNS. Accomplished professionals and authors Timothy Rooney and Michael Dooley offer readers coverage of recent IPAM developments in the world of cloud computing, Internet of Things (IoT), and security, as well as a comprehensive treatment of foundational concepts in IPAM.
The new edition addresses the way that IPAM needs and methods have evolved since the publication of the first edition. The book covers the impact of mainstream use of private and public cloud services, the maturation of IPv6 implementations, new DNS security approaches, and the proliferation of IoT devices. The authors have also reorganized the flow of the book, with much of the technical reference material appearing at the end and making for a smoother and simpler reading experience.
The 2nd edition of IP Address Management also covers topics like such as:
* Discussions about the fundamentals of Internet Protocol Address Management (IPAM), including IP addressing, address allocation and assignment, DHCP, and DNS
* An examination of IPAM practices, including core processes and tasks, deployment strategies, IPAM security best-practices, and DNS security approaches
* A treatment of IPAM in the modern context, including how to adapt to cloud computing, the Internet of Things, IPv6, and new trends in IPAM
* A one-stop reference for IPAM topics, including IP addressing, DHCP, DNS, IPv6, and DNS security
Perfect for IP network engineers and managers, network planners, network architects, and security engineers, the second edition of IP Address Management also belongs on the bookshelves of senior undergraduate and graduate students studying in networking, information technology, and computer security-related courses and programs.
Über den Autor
Michael Dooley is Vice President of Operations for BT Diamond IP division. He has over 20 years of experience managing and developing enterprise-scale software products. His professional expertise includes IP addressing, DHCP, and DNS. He is co-author of IPv6 Deployment and Management and DNS Security Management.
Timothy Rooney is the Product Manager for BT Diamond IP product development and has led the market introduction of NetControl, IPControl, Sapphire Appliances, and ImageControl, four next-gen IP management systems. He is co-author of Introduction to IP Address Management, IP Address Management Principles and Practice, IPv6 Deployment and Management, and DNS Security Management.
Inhaltsverzeichnis
Preface xix
Acknowledgments xxiii
About the Authors xxv
Part I IPAM Introduction 1
1 Introduction 3
IP Networking Overview 3
IP Routing 6
IP Addresses 7
Protocol Layering 12
OSI and TCP/IP Layers 14
TCP/UDP Ports 15
Intra-Link Communications 15
Are We on the Same Link? 17
Limiting Broadcast Domains 18
Interlink Communications 19
Worldwide IP Communications 20
Dynamic Routing 22
Routers and Subnets 24
Assigning IP addresses 25
The Human Element 26
Why Manage IP Space? 26
Basic IPAM Approaches 27
Early History 27
Today's IP Networks and IP Management Challenges 28
2 IP Addressing 31
Internet Protocol History 31
The Internet Protocol, Take 1 32
Class-Based Addressing 32
Internet Growing Pains 35
Private Address Space 38
Classless Addressing 40
Special Use IPv4 Addresses 40
The Internet Protocol, Take 2 41
IPv6 Address Types and Structure 42
IPv6 Address Notation 43
Address Structure 45
IPv6 Address Allocations 46
2000::/3 - Global Unicast Address Space 47
fc00::/7 - Unique Local Address Space 47
fe80::/10 - Link Local Address Space 47
ff00::/8 - Multicast Address Space 48
Special Use IPv6 Addresses 48
IPv4-IPv6 Coexistence 49
3 IP Address Assignment 51
Address Planning 51
Regional Internet Registries 51
RIR Address Allocation 53
Address Allocation Efficiency 54
Multi-Homing and IP Address Space 55
Endpoint Address Allocation 58
Server-based Address Allocation Using DHCP 58
DHCP Servers and Address Assignment 61
Device Identification by Class 62
DHCP Options 62
DHCP for IPv6 (DHCPv6) 62
DHCP Comparison IPv4 vs. IPv6 63
DHCPv6 Address Assignment 64
DHCPv6 Prefix Delegation 65
Device Unique Identifiers (DUIDs) 66
Identity Associations (IAs) 66
DHCPv6 Options 67
IPv6 Address Autoconfiguration 67
Neighbor Discovery 68
Modified EUI-64 Interface Identifiers 69
Opaque Interface IDs 69
Reserved Interface IDs 72
Duplicate Address Detection (DAD) 72
4 Navigating the Internet with DNS 75
Domain Hierarchy 75
Name Resolution 76
Resource Records 80
Zones and Domains 81
Dissemination of Zone Information 83
Reverse Domains 84
IPv6 Reverse Domains 89
Additional Zones 91
Root Hints 91
Localhost Zones 92
DNS Update 92
5 IPAM Technology Applications 93
DHCP Applications 93
Device Type Specific Configuration 94
Broadband Subscriber Provisioning 95
Related Lease Assignment or Limitation Applications 101
Pre-Boot Execution Environment (PXE) clients 102
PPP/RADIUS Environments 103
Mobile IP 104
Popular DNS Applications 105
Host Name and IP Address Resolution 106
A - IPv4 Address Record 107
AAAA - IPv6 address record 107
PTR - Pointer Record 107
Alias Host Name Resolutions 108
CNAME - Canonical Name Record 108
Network Services Location 108
SRV - Services Location Record 109
Textual Information Lookup 110
TXT - Text Record 110
Many More Applications 110
Part II IPAM Mechanics 111
6 IP Management Core Tasks 113
IPAM Is Foundational 113
Impacts of Inadequate IPAM Practice 114
IPAM Is Core to Network Management 115
FCAPS Summary 116
Configuration Management 117
Address Allocation Considerations 118
Address Allocation Tasks 120
IP Address Assignment 133
Address Deletion Tasks 135
Address Renumbering or Movement Tasks 136
Network Services Configuration 140
Fault Management 143
Monitoring and Fault Detection 143
Troubleshooting and Fault Resolution 144
Accounting Management 147
Inventory Assurance 147
Performance Management 151
Services Monitoring 151
Address Capacity Management 152
Auditing and Reporting 152
Security Management 153
ITIL(r) Process Mappings 153
ITIL Practice Areas 154
Conclusion 162
7 IPv6 Deployment 163
IPv6 Deployment Process Overview 164
IPv6
Address Plan Objectives 165
IPv6 Address Plan Examples 166
Case 1 166
Observations 168
Case 2 169
Observations 169
General IPv6 Address Plan Guidelines 170
ULA Considerations 171
Renumbering Impacts 172
IPv4-IPv6 Coexistence Technologies 173
Dual Stack Approach 173
Dual Stack Deployment 174
DNS Considerations 174
DHCP Considerations 175
Tunneling Approaches 176
Tunneling Scenarios for IPv6 Packets over IPv4 Networks 176
Dual-Stack Lite 177
Lightweight 4over6 181
Mapping of Address and Port with Encapsulation (MAP-E) 181
Additional Tunneling Approaches 183
Translation Approaches 184
IP/ICMP Translation 185
Address Translation 186
Packet Fragmentation Considerations 187
IP Header Translation Algorithm 188
Bump in the Host (BIH) 189
Network Address Translation for IPv6-IPv4 (NAT64) 192
NAT64 and DNS64 193
464XLAT 195
Mapping of Address and Port with Translation (MAP-T) 195
Other Translation Techniques 196
Planning Your IPv6 Deployment Process 197
8 IPAM for the Internet of Things 201
IoT Architectures 201
6LoWPAN 203
Summary 209
9 IPAM in the Cloud 211
IPAM VNFs 212
Cloud IPAM Concepts 212
IP Initialization Process 212
IP Initialization Implementation 213
DHCP Method 214
Private Cloud Static Method 216
Public Cloud Static Method 218
Cloud Automation with APIs 218
Multi-Cloud IPAM 220
Private Cloud Automation 221
Public Cloud Automation 223
IPAM Automation Benefits 223
Unifying IPAM Automation 224
Streamlined Subnet Allocation Workflow 226
Workflow Realization 230
Tips for Defining Workflows 233
Automation Scenarios 234
Intra-IPAM Automation 234
DHCP Server Configuration 235
DNS Server Configuration 236
Subnet Assignment 236
IP Address Assignment Request 236
Extra-IPAM Workflow Examples 237
Regional Internet Registry Reporting 237
Router Configuration Provisioning 238
Customer Provisioning 238
Asset Inventory Integration 238
Trouble Ticket Creation 239
Summary 239
Part III IPAM and Security 241
10 IPAM Services Security 243
Securing DHCP 244
DHCP Service Availability 244
DHCP Server/OS Attacks 244
DHCP Server/OS Attack Mitigation 245
DHCP Service Threats 245
DHCP Threat Mitigation 246
DHCP Authentication and Encryption 247
DNS Infrastructure Risks and Attacks 248
DNS Service Availability 249
DNS Server/OS Attacks 249
DNS Server/OS Attack Mitigation 250
DNS Service Denial 250
Distributed Denial of Service 251
Bogus Domain Queries 251
Pseudorandom Subdomain Attacks 252
Denial of Service Mitigation 253
Reflector Style Attacks 253
Reflector Attack Mitigation 254
Authoritative Poisoning 254
Authoritative Poisoning Mitigation 255
Resolver Redirection Attacks 256
Resolver Attack Defenses 256
Securing DNS Transactions 257
Cache Poisoning Style Attacks 257
Cache Poisoning Mitigation 259
DNSSEC Overview 259
The DNSSEC Resolution Process 260
Negative Trust Anchors 262
DNSSEC Deployment 263
Last Mile Protection 264
DNS Cookies 264
DNS Encryption 264
DNS Over TLS (DoT) 264
DNS Over HTTPS (DoH) 265
Encryption Beyond the Last Mile 267
11 IPAM and Network Security 269
Securing Network Access 269
Discriminatory Address Assignment with DHCP 269
DHCP Lease Query 274
Alternative Access Control Approaches 275
Layer 2 Switch Alerting 275
802.1X 276
Securing the Network Using IPAM 277
IP-Based Security Policies (ACLs, etc.) 277
Malware Detection Using DNS 277
Malware Proliferation Techniques 278
Phishing 279
Spear Phishing 279
Software Downloads 279
File Sharing 279
Email Attachments 280
Watering Hole Attack 280
Replication 280
Brute Force 280
Malware Examples 280
Malware Mitigation 281
DNS Firewall 282
DNS Firewall Policy Precedence 284
Logging Configuration 285
Other Attacks that Leverage DNS 285
Network Reconnaissance 285
Network Reconnaissance Defenses 286
DNS Rebinding Attack 287
Data Exfiltration 287
Data Exfiltration Mitigation 287
DNS as Data Transport (Tunneling) 288
Advanced Persistent Threats 289
Advanced Persistent Threats Mitigation 290
12 IPAM and Your Internet Presence 291
IP Address Space Integrity 291
Publicizing
Your Public Namespace 292
Domain Registries and Registrars 292
DNS Hosting Providers 294
Signing Your Public Namespace 295
DNSSEC Zone Signing 295
Key Rollover 296
Prepublish Rollover 297
Dual Signature Rollover 298
Algorithm Rollover 299
Key Security 301
Enhancing Internet Application Encryption Integrity 302
DNS-Based Authentication of Named Entities (DANE) 303
Securing Email with DNS 305
Email and DNS 305
DNS Block Listing 306
Sender Policy Framework (SPF) 307
Domain Keys Identified Mail (DKIM) 307
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) 308
Part IV IPAM in Practice 311
13 IPAM Use Case 313
Introduction 313
IPv4 Address Allocation 316
First-Level Allocation 317
Second-Layer Allocation 318
Address Allocation Layer 3 320
Core Address Space 323
External Extensions of Address Space 323
Allocation Trade-Offs and Tracking 324
IPAM Worldwide's Public IPv4 Address Space 325
IPAM Worldwide's IPv6 Allocations 326
External Extensions Address Space 329
IP Address Tracking 332
DNS and IP Address Management 334
14 IPAM Deployment Strategies 337
General Deployment Principles for DHCP/DNS 337
Disaster Recovery/Business Continuity 338
DHCP Deployment 339
DHCP Server Platforms 339
DHCP Servers 339
Virtualized DHCP Deployment 339
DHCP Appliances 339
DHCP Deployment Approaches 340
Centralized DHCP Server Deployment 340
Distributed DHCP Server Deployment 342
DHCP Services Deployment Design Considerations 344
DHCP Deployment on Edge Devices 347
DNS Deployment 348
DNS Trust Sectors 349
External DNS Trust Sector 350
Extranet DNS Trust Sector 355
Recursive DNS Trust Sector 357
Internal DNS Trust Sector 361
Deploying DNS Servers with Anycast Addresses 362
Anycast Addressing Benefits 362
Anycast Caveats 364
Configuring Anycast Addressing 365
IPAM Deployment Summary 366
High Availability 366
Multiple Vendors 366
Sizing and Scalability 367
Load Balancers 367
Lab Deployment 367
15 The Business Case for IPAM 369
IPAM Business Benefits 369
Automation 370
Outage Reduction 370
Rapid Trouble Resolution 370
Accurate IPAM Inventory and Reporting 371
Expanded...
Acknowledgments xxiii
About the Authors xxv
Part I IPAM Introduction 1
1 Introduction 3
IP Networking Overview 3
IP Routing 6
IP Addresses 7
Protocol Layering 12
OSI and TCP/IP Layers 14
TCP/UDP Ports 15
Intra-Link Communications 15
Are We on the Same Link? 17
Limiting Broadcast Domains 18
Interlink Communications 19
Worldwide IP Communications 20
Dynamic Routing 22
Routers and Subnets 24
Assigning IP addresses 25
The Human Element 26
Why Manage IP Space? 26
Basic IPAM Approaches 27
Early History 27
Today's IP Networks and IP Management Challenges 28
2 IP Addressing 31
Internet Protocol History 31
The Internet Protocol, Take 1 32
Class-Based Addressing 32
Internet Growing Pains 35
Private Address Space 38
Classless Addressing 40
Special Use IPv4 Addresses 40
The Internet Protocol, Take 2 41
IPv6 Address Types and Structure 42
IPv6 Address Notation 43
Address Structure 45
IPv6 Address Allocations 46
2000::/3 - Global Unicast Address Space 47
fc00::/7 - Unique Local Address Space 47
fe80::/10 - Link Local Address Space 47
ff00::/8 - Multicast Address Space 48
Special Use IPv6 Addresses 48
IPv4-IPv6 Coexistence 49
3 IP Address Assignment 51
Address Planning 51
Regional Internet Registries 51
RIR Address Allocation 53
Address Allocation Efficiency 54
Multi-Homing and IP Address Space 55
Endpoint Address Allocation 58
Server-based Address Allocation Using DHCP 58
DHCP Servers and Address Assignment 61
Device Identification by Class 62
DHCP Options 62
DHCP for IPv6 (DHCPv6) 62
DHCP Comparison IPv4 vs. IPv6 63
DHCPv6 Address Assignment 64
DHCPv6 Prefix Delegation 65
Device Unique Identifiers (DUIDs) 66
Identity Associations (IAs) 66
DHCPv6 Options 67
IPv6 Address Autoconfiguration 67
Neighbor Discovery 68
Modified EUI-64 Interface Identifiers 69
Opaque Interface IDs 69
Reserved Interface IDs 72
Duplicate Address Detection (DAD) 72
4 Navigating the Internet with DNS 75
Domain Hierarchy 75
Name Resolution 76
Resource Records 80
Zones and Domains 81
Dissemination of Zone Information 83
Reverse Domains 84
IPv6 Reverse Domains 89
Additional Zones 91
Root Hints 91
Localhost Zones 92
DNS Update 92
5 IPAM Technology Applications 93
DHCP Applications 93
Device Type Specific Configuration 94
Broadband Subscriber Provisioning 95
Related Lease Assignment or Limitation Applications 101
Pre-Boot Execution Environment (PXE) clients 102
PPP/RADIUS Environments 103
Mobile IP 104
Popular DNS Applications 105
Host Name and IP Address Resolution 106
A - IPv4 Address Record 107
AAAA - IPv6 address record 107
PTR - Pointer Record 107
Alias Host Name Resolutions 108
CNAME - Canonical Name Record 108
Network Services Location 108
SRV - Services Location Record 109
Textual Information Lookup 110
TXT - Text Record 110
Many More Applications 110
Part II IPAM Mechanics 111
6 IP Management Core Tasks 113
IPAM Is Foundational 113
Impacts of Inadequate IPAM Practice 114
IPAM Is Core to Network Management 115
FCAPS Summary 116
Configuration Management 117
Address Allocation Considerations 118
Address Allocation Tasks 120
IP Address Assignment 133
Address Deletion Tasks 135
Address Renumbering or Movement Tasks 136
Network Services Configuration 140
Fault Management 143
Monitoring and Fault Detection 143
Troubleshooting and Fault Resolution 144
Accounting Management 147
Inventory Assurance 147
Performance Management 151
Services Monitoring 151
Address Capacity Management 152
Auditing and Reporting 152
Security Management 153
ITIL(r) Process Mappings 153
ITIL Practice Areas 154
Conclusion 162
7 IPv6 Deployment 163
IPv6 Deployment Process Overview 164
IPv6
Address Plan Objectives 165
IPv6 Address Plan Examples 166
Case 1 166
Observations 168
Case 2 169
Observations 169
General IPv6 Address Plan Guidelines 170
ULA Considerations 171
Renumbering Impacts 172
IPv4-IPv6 Coexistence Technologies 173
Dual Stack Approach 173
Dual Stack Deployment 174
DNS Considerations 174
DHCP Considerations 175
Tunneling Approaches 176
Tunneling Scenarios for IPv6 Packets over IPv4 Networks 176
Dual-Stack Lite 177
Lightweight 4over6 181
Mapping of Address and Port with Encapsulation (MAP-E) 181
Additional Tunneling Approaches 183
Translation Approaches 184
IP/ICMP Translation 185
Address Translation 186
Packet Fragmentation Considerations 187
IP Header Translation Algorithm 188
Bump in the Host (BIH) 189
Network Address Translation for IPv6-IPv4 (NAT64) 192
NAT64 and DNS64 193
464XLAT 195
Mapping of Address and Port with Translation (MAP-T) 195
Other Translation Techniques 196
Planning Your IPv6 Deployment Process 197
8 IPAM for the Internet of Things 201
IoT Architectures 201
6LoWPAN 203
Summary 209
9 IPAM in the Cloud 211
IPAM VNFs 212
Cloud IPAM Concepts 212
IP Initialization Process 212
IP Initialization Implementation 213
DHCP Method 214
Private Cloud Static Method 216
Public Cloud Static Method 218
Cloud Automation with APIs 218
Multi-Cloud IPAM 220
Private Cloud Automation 221
Public Cloud Automation 223
IPAM Automation Benefits 223
Unifying IPAM Automation 224
Streamlined Subnet Allocation Workflow 226
Workflow Realization 230
Tips for Defining Workflows 233
Automation Scenarios 234
Intra-IPAM Automation 234
DHCP Server Configuration 235
DNS Server Configuration 236
Subnet Assignment 236
IP Address Assignment Request 236
Extra-IPAM Workflow Examples 237
Regional Internet Registry Reporting 237
Router Configuration Provisioning 238
Customer Provisioning 238
Asset Inventory Integration 238
Trouble Ticket Creation 239
Summary 239
Part III IPAM and Security 241
10 IPAM Services Security 243
Securing DHCP 244
DHCP Service Availability 244
DHCP Server/OS Attacks 244
DHCP Server/OS Attack Mitigation 245
DHCP Service Threats 245
DHCP Threat Mitigation 246
DHCP Authentication and Encryption 247
DNS Infrastructure Risks and Attacks 248
DNS Service Availability 249
DNS Server/OS Attacks 249
DNS Server/OS Attack Mitigation 250
DNS Service Denial 250
Distributed Denial of Service 251
Bogus Domain Queries 251
Pseudorandom Subdomain Attacks 252
Denial of Service Mitigation 253
Reflector Style Attacks 253
Reflector Attack Mitigation 254
Authoritative Poisoning 254
Authoritative Poisoning Mitigation 255
Resolver Redirection Attacks 256
Resolver Attack Defenses 256
Securing DNS Transactions 257
Cache Poisoning Style Attacks 257
Cache Poisoning Mitigation 259
DNSSEC Overview 259
The DNSSEC Resolution Process 260
Negative Trust Anchors 262
DNSSEC Deployment 263
Last Mile Protection 264
DNS Cookies 264
DNS Encryption 264
DNS Over TLS (DoT) 264
DNS Over HTTPS (DoH) 265
Encryption Beyond the Last Mile 267
11 IPAM and Network Security 269
Securing Network Access 269
Discriminatory Address Assignment with DHCP 269
DHCP Lease Query 274
Alternative Access Control Approaches 275
Layer 2 Switch Alerting 275
802.1X 276
Securing the Network Using IPAM 277
IP-Based Security Policies (ACLs, etc.) 277
Malware Detection Using DNS 277
Malware Proliferation Techniques 278
Phishing 279
Spear Phishing 279
Software Downloads 279
File Sharing 279
Email Attachments 280
Watering Hole Attack 280
Replication 280
Brute Force 280
Malware Examples 280
Malware Mitigation 281
DNS Firewall 282
DNS Firewall Policy Precedence 284
Logging Configuration 285
Other Attacks that Leverage DNS 285
Network Reconnaissance 285
Network Reconnaissance Defenses 286
DNS Rebinding Attack 287
Data Exfiltration 287
Data Exfiltration Mitigation 287
DNS as Data Transport (Tunneling) 288
Advanced Persistent Threats 289
Advanced Persistent Threats Mitigation 290
12 IPAM and Your Internet Presence 291
IP Address Space Integrity 291
Publicizing
Your Public Namespace 292
Domain Registries and Registrars 292
DNS Hosting Providers 294
Signing Your Public Namespace 295
DNSSEC Zone Signing 295
Key Rollover 296
Prepublish Rollover 297
Dual Signature Rollover 298
Algorithm Rollover 299
Key Security 301
Enhancing Internet Application Encryption Integrity 302
DNS-Based Authentication of Named Entities (DANE) 303
Securing Email with DNS 305
Email and DNS 305
DNS Block Listing 306
Sender Policy Framework (SPF) 307
Domain Keys Identified Mail (DKIM) 307
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) 308
Part IV IPAM in Practice 311
13 IPAM Use Case 313
Introduction 313
IPv4 Address Allocation 316
First-Level Allocation 317
Second-Layer Allocation 318
Address Allocation Layer 3 320
Core Address Space 323
External Extensions of Address Space 323
Allocation Trade-Offs and Tracking 324
IPAM Worldwide's Public IPv4 Address Space 325
IPAM Worldwide's IPv6 Allocations 326
External Extensions Address Space 329
IP Address Tracking 332
DNS and IP Address Management 334
14 IPAM Deployment Strategies 337
General Deployment Principles for DHCP/DNS 337
Disaster Recovery/Business Continuity 338
DHCP Deployment 339
DHCP Server Platforms 339
DHCP Servers 339
Virtualized DHCP Deployment 339
DHCP Appliances 339
DHCP Deployment Approaches 340
Centralized DHCP Server Deployment 340
Distributed DHCP Server Deployment 342
DHCP Services Deployment Design Considerations 344
DHCP Deployment on Edge Devices 347
DNS Deployment 348
DNS Trust Sectors 349
External DNS Trust Sector 350
Extranet DNS Trust Sector 355
Recursive DNS Trust Sector 357
Internal DNS Trust Sector 361
Deploying DNS Servers with Anycast Addresses 362
Anycast Addressing Benefits 362
Anycast Caveats 364
Configuring Anycast Addressing 365
IPAM Deployment Summary 366
High Availability 366
Multiple Vendors 366
Sizing and Scalability 367
Load Balancers 367
Lab Deployment 367
15 The Business Case for IPAM 369
IPAM Business Benefits 369
Automation 370
Outage Reduction 370
Rapid Trouble Resolution 370
Accurate IPAM Inventory and Reporting 371
Expanded...
Details
| Erscheinungsjahr: | 2021 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| Seiten: | 640 |
| Inhalt: | 640 S. |
| ISBN-13: | 9781119692270 |
| ISBN-10: | 111969227X |
| Sprache: | Englisch |
| Einband: | Gebunden |
| Autor: |
Rooney, Timothy
Dooley, Michael |
| Auflage: | 2nd edition |
| Hersteller: | Wiley |
| Maße: | 235 x 157 x 38 mm |
| Von/Mit: | Timothy Rooney (u. a.) |
| Erscheinungsdatum: | 13.01.2021 |
| Gewicht: | 1,06 kg |
Über den Autor
Michael Dooley is Vice President of Operations for BT Diamond IP division. He has over 20 years of experience managing and developing enterprise-scale software products. His professional expertise includes IP addressing, DHCP, and DNS. He is co-author of IPv6 Deployment and Management and DNS Security Management.
Timothy Rooney is the Product Manager for BT Diamond IP product development and has led the market introduction of NetControl, IPControl, Sapphire Appliances, and ImageControl, four next-gen IP management systems. He is co-author of Introduction to IP Address Management, IP Address Management Principles and Practice, IPv6 Deployment and Management, and DNS Security Management.
Inhaltsverzeichnis
Preface xix
Acknowledgments xxiii
About the Authors xxv
Part I IPAM Introduction 1
1 Introduction 3
IP Networking Overview 3
IP Routing 6
IP Addresses 7
Protocol Layering 12
OSI and TCP/IP Layers 14
TCP/UDP Ports 15
Intra-Link Communications 15
Are We on the Same Link? 17
Limiting Broadcast Domains 18
Interlink Communications 19
Worldwide IP Communications 20
Dynamic Routing 22
Routers and Subnets 24
Assigning IP addresses 25
The Human Element 26
Why Manage IP Space? 26
Basic IPAM Approaches 27
Early History 27
Today's IP Networks and IP Management Challenges 28
2 IP Addressing 31
Internet Protocol History 31
The Internet Protocol, Take 1 32
Class-Based Addressing 32
Internet Growing Pains 35
Private Address Space 38
Classless Addressing 40
Special Use IPv4 Addresses 40
The Internet Protocol, Take 2 41
IPv6 Address Types and Structure 42
IPv6 Address Notation 43
Address Structure 45
IPv6 Address Allocations 46
2000::/3 - Global Unicast Address Space 47
fc00::/7 - Unique Local Address Space 47
fe80::/10 - Link Local Address Space 47
ff00::/8 - Multicast Address Space 48
Special Use IPv6 Addresses 48
IPv4-IPv6 Coexistence 49
3 IP Address Assignment 51
Address Planning 51
Regional Internet Registries 51
RIR Address Allocation 53
Address Allocation Efficiency 54
Multi-Homing and IP Address Space 55
Endpoint Address Allocation 58
Server-based Address Allocation Using DHCP 58
DHCP Servers and Address Assignment 61
Device Identification by Class 62
DHCP Options 62
DHCP for IPv6 (DHCPv6) 62
DHCP Comparison IPv4 vs. IPv6 63
DHCPv6 Address Assignment 64
DHCPv6 Prefix Delegation 65
Device Unique Identifiers (DUIDs) 66
Identity Associations (IAs) 66
DHCPv6 Options 67
IPv6 Address Autoconfiguration 67
Neighbor Discovery 68
Modified EUI-64 Interface Identifiers 69
Opaque Interface IDs 69
Reserved Interface IDs 72
Duplicate Address Detection (DAD) 72
4 Navigating the Internet with DNS 75
Domain Hierarchy 75
Name Resolution 76
Resource Records 80
Zones and Domains 81
Dissemination of Zone Information 83
Reverse Domains 84
IPv6 Reverse Domains 89
Additional Zones 91
Root Hints 91
Localhost Zones 92
DNS Update 92
5 IPAM Technology Applications 93
DHCP Applications 93
Device Type Specific Configuration 94
Broadband Subscriber Provisioning 95
Related Lease Assignment or Limitation Applications 101
Pre-Boot Execution Environment (PXE) clients 102
PPP/RADIUS Environments 103
Mobile IP 104
Popular DNS Applications 105
Host Name and IP Address Resolution 106
A - IPv4 Address Record 107
AAAA - IPv6 address record 107
PTR - Pointer Record 107
Alias Host Name Resolutions 108
CNAME - Canonical Name Record 108
Network Services Location 108
SRV - Services Location Record 109
Textual Information Lookup 110
TXT - Text Record 110
Many More Applications 110
Part II IPAM Mechanics 111
6 IP Management Core Tasks 113
IPAM Is Foundational 113
Impacts of Inadequate IPAM Practice 114
IPAM Is Core to Network Management 115
FCAPS Summary 116
Configuration Management 117
Address Allocation Considerations 118
Address Allocation Tasks 120
IP Address Assignment 133
Address Deletion Tasks 135
Address Renumbering or Movement Tasks 136
Network Services Configuration 140
Fault Management 143
Monitoring and Fault Detection 143
Troubleshooting and Fault Resolution 144
Accounting Management 147
Inventory Assurance 147
Performance Management 151
Services Monitoring 151
Address Capacity Management 152
Auditing and Reporting 152
Security Management 153
ITIL(r) Process Mappings 153
ITIL Practice Areas 154
Conclusion 162
7 IPv6 Deployment 163
IPv6 Deployment Process Overview 164
IPv6
Address Plan Objectives 165
IPv6 Address Plan Examples 166
Case 1 166
Observations 168
Case 2 169
Observations 169
General IPv6 Address Plan Guidelines 170
ULA Considerations 171
Renumbering Impacts 172
IPv4-IPv6 Coexistence Technologies 173
Dual Stack Approach 173
Dual Stack Deployment 174
DNS Considerations 174
DHCP Considerations 175
Tunneling Approaches 176
Tunneling Scenarios for IPv6 Packets over IPv4 Networks 176
Dual-Stack Lite 177
Lightweight 4over6 181
Mapping of Address and Port with Encapsulation (MAP-E) 181
Additional Tunneling Approaches 183
Translation Approaches 184
IP/ICMP Translation 185
Address Translation 186
Packet Fragmentation Considerations 187
IP Header Translation Algorithm 188
Bump in the Host (BIH) 189
Network Address Translation for IPv6-IPv4 (NAT64) 192
NAT64 and DNS64 193
464XLAT 195
Mapping of Address and Port with Translation (MAP-T) 195
Other Translation Techniques 196
Planning Your IPv6 Deployment Process 197
8 IPAM for the Internet of Things 201
IoT Architectures 201
6LoWPAN 203
Summary 209
9 IPAM in the Cloud 211
IPAM VNFs 212
Cloud IPAM Concepts 212
IP Initialization Process 212
IP Initialization Implementation 213
DHCP Method 214
Private Cloud Static Method 216
Public Cloud Static Method 218
Cloud Automation with APIs 218
Multi-Cloud IPAM 220
Private Cloud Automation 221
Public Cloud Automation 223
IPAM Automation Benefits 223
Unifying IPAM Automation 224
Streamlined Subnet Allocation Workflow 226
Workflow Realization 230
Tips for Defining Workflows 233
Automation Scenarios 234
Intra-IPAM Automation 234
DHCP Server Configuration 235
DNS Server Configuration 236
Subnet Assignment 236
IP Address Assignment Request 236
Extra-IPAM Workflow Examples 237
Regional Internet Registry Reporting 237
Router Configuration Provisioning 238
Customer Provisioning 238
Asset Inventory Integration 238
Trouble Ticket Creation 239
Summary 239
Part III IPAM and Security 241
10 IPAM Services Security 243
Securing DHCP 244
DHCP Service Availability 244
DHCP Server/OS Attacks 244
DHCP Server/OS Attack Mitigation 245
DHCP Service Threats 245
DHCP Threat Mitigation 246
DHCP Authentication and Encryption 247
DNS Infrastructure Risks and Attacks 248
DNS Service Availability 249
DNS Server/OS Attacks 249
DNS Server/OS Attack Mitigation 250
DNS Service Denial 250
Distributed Denial of Service 251
Bogus Domain Queries 251
Pseudorandom Subdomain Attacks 252
Denial of Service Mitigation 253
Reflector Style Attacks 253
Reflector Attack Mitigation 254
Authoritative Poisoning 254
Authoritative Poisoning Mitigation 255
Resolver Redirection Attacks 256
Resolver Attack Defenses 256
Securing DNS Transactions 257
Cache Poisoning Style Attacks 257
Cache Poisoning Mitigation 259
DNSSEC Overview 259
The DNSSEC Resolution Process 260
Negative Trust Anchors 262
DNSSEC Deployment 263
Last Mile Protection 264
DNS Cookies 264
DNS Encryption 264
DNS Over TLS (DoT) 264
DNS Over HTTPS (DoH) 265
Encryption Beyond the Last Mile 267
11 IPAM and Network Security 269
Securing Network Access 269
Discriminatory Address Assignment with DHCP 269
DHCP Lease Query 274
Alternative Access Control Approaches 275
Layer 2 Switch Alerting 275
802.1X 276
Securing the Network Using IPAM 277
IP-Based Security Policies (ACLs, etc.) 277
Malware Detection Using DNS 277
Malware Proliferation Techniques 278
Phishing 279
Spear Phishing 279
Software Downloads 279
File Sharing 279
Email Attachments 280
Watering Hole Attack 280
Replication 280
Brute Force 280
Malware Examples 280
Malware Mitigation 281
DNS Firewall 282
DNS Firewall Policy Precedence 284
Logging Configuration 285
Other Attacks that Leverage DNS 285
Network Reconnaissance 285
Network Reconnaissance Defenses 286
DNS Rebinding Attack 287
Data Exfiltration 287
Data Exfiltration Mitigation 287
DNS as Data Transport (Tunneling) 288
Advanced Persistent Threats 289
Advanced Persistent Threats Mitigation 290
12 IPAM and Your Internet Presence 291
IP Address Space Integrity 291
Publicizing
Your Public Namespace 292
Domain Registries and Registrars 292
DNS Hosting Providers 294
Signing Your Public Namespace 295
DNSSEC Zone Signing 295
Key Rollover 296
Prepublish Rollover 297
Dual Signature Rollover 298
Algorithm Rollover 299
Key Security 301
Enhancing Internet Application Encryption Integrity 302
DNS-Based Authentication of Named Entities (DANE) 303
Securing Email with DNS 305
Email and DNS 305
DNS Block Listing 306
Sender Policy Framework (SPF) 307
Domain Keys Identified Mail (DKIM) 307
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) 308
Part IV IPAM in Practice 311
13 IPAM Use Case 313
Introduction 313
IPv4 Address Allocation 316
First-Level Allocation 317
Second-Layer Allocation 318
Address Allocation Layer 3 320
Core Address Space 323
External Extensions of Address Space 323
Allocation Trade-Offs and Tracking 324
IPAM Worldwide's Public IPv4 Address Space 325
IPAM Worldwide's IPv6 Allocations 326
External Extensions Address Space 329
IP Address Tracking 332
DNS and IP Address Management 334
14 IPAM Deployment Strategies 337
General Deployment Principles for DHCP/DNS 337
Disaster Recovery/Business Continuity 338
DHCP Deployment 339
DHCP Server Platforms 339
DHCP Servers 339
Virtualized DHCP Deployment 339
DHCP Appliances 339
DHCP Deployment Approaches 340
Centralized DHCP Server Deployment 340
Distributed DHCP Server Deployment 342
DHCP Services Deployment Design Considerations 344
DHCP Deployment on Edge Devices 347
DNS Deployment 348
DNS Trust Sectors 349
External DNS Trust Sector 350
Extranet DNS Trust Sector 355
Recursive DNS Trust Sector 357
Internal DNS Trust Sector 361
Deploying DNS Servers with Anycast Addresses 362
Anycast Addressing Benefits 362
Anycast Caveats 364
Configuring Anycast Addressing 365
IPAM Deployment Summary 366
High Availability 366
Multiple Vendors 366
Sizing and Scalability 367
Load Balancers 367
Lab Deployment 367
15 The Business Case for IPAM 369
IPAM Business Benefits 369
Automation 370
Outage Reduction 370
Rapid Trouble Resolution 370
Accurate IPAM Inventory and Reporting 371
Expanded...
Acknowledgments xxiii
About the Authors xxv
Part I IPAM Introduction 1
1 Introduction 3
IP Networking Overview 3
IP Routing 6
IP Addresses 7
Protocol Layering 12
OSI and TCP/IP Layers 14
TCP/UDP Ports 15
Intra-Link Communications 15
Are We on the Same Link? 17
Limiting Broadcast Domains 18
Interlink Communications 19
Worldwide IP Communications 20
Dynamic Routing 22
Routers and Subnets 24
Assigning IP addresses 25
The Human Element 26
Why Manage IP Space? 26
Basic IPAM Approaches 27
Early History 27
Today's IP Networks and IP Management Challenges 28
2 IP Addressing 31
Internet Protocol History 31
The Internet Protocol, Take 1 32
Class-Based Addressing 32
Internet Growing Pains 35
Private Address Space 38
Classless Addressing 40
Special Use IPv4 Addresses 40
The Internet Protocol, Take 2 41
IPv6 Address Types and Structure 42
IPv6 Address Notation 43
Address Structure 45
IPv6 Address Allocations 46
2000::/3 - Global Unicast Address Space 47
fc00::/7 - Unique Local Address Space 47
fe80::/10 - Link Local Address Space 47
ff00::/8 - Multicast Address Space 48
Special Use IPv6 Addresses 48
IPv4-IPv6 Coexistence 49
3 IP Address Assignment 51
Address Planning 51
Regional Internet Registries 51
RIR Address Allocation 53
Address Allocation Efficiency 54
Multi-Homing and IP Address Space 55
Endpoint Address Allocation 58
Server-based Address Allocation Using DHCP 58
DHCP Servers and Address Assignment 61
Device Identification by Class 62
DHCP Options 62
DHCP for IPv6 (DHCPv6) 62
DHCP Comparison IPv4 vs. IPv6 63
DHCPv6 Address Assignment 64
DHCPv6 Prefix Delegation 65
Device Unique Identifiers (DUIDs) 66
Identity Associations (IAs) 66
DHCPv6 Options 67
IPv6 Address Autoconfiguration 67
Neighbor Discovery 68
Modified EUI-64 Interface Identifiers 69
Opaque Interface IDs 69
Reserved Interface IDs 72
Duplicate Address Detection (DAD) 72
4 Navigating the Internet with DNS 75
Domain Hierarchy 75
Name Resolution 76
Resource Records 80
Zones and Domains 81
Dissemination of Zone Information 83
Reverse Domains 84
IPv6 Reverse Domains 89
Additional Zones 91
Root Hints 91
Localhost Zones 92
DNS Update 92
5 IPAM Technology Applications 93
DHCP Applications 93
Device Type Specific Configuration 94
Broadband Subscriber Provisioning 95
Related Lease Assignment or Limitation Applications 101
Pre-Boot Execution Environment (PXE) clients 102
PPP/RADIUS Environments 103
Mobile IP 104
Popular DNS Applications 105
Host Name and IP Address Resolution 106
A - IPv4 Address Record 107
AAAA - IPv6 address record 107
PTR - Pointer Record 107
Alias Host Name Resolutions 108
CNAME - Canonical Name Record 108
Network Services Location 108
SRV - Services Location Record 109
Textual Information Lookup 110
TXT - Text Record 110
Many More Applications 110
Part II IPAM Mechanics 111
6 IP Management Core Tasks 113
IPAM Is Foundational 113
Impacts of Inadequate IPAM Practice 114
IPAM Is Core to Network Management 115
FCAPS Summary 116
Configuration Management 117
Address Allocation Considerations 118
Address Allocation Tasks 120
IP Address Assignment 133
Address Deletion Tasks 135
Address Renumbering or Movement Tasks 136
Network Services Configuration 140
Fault Management 143
Monitoring and Fault Detection 143
Troubleshooting and Fault Resolution 144
Accounting Management 147
Inventory Assurance 147
Performance Management 151
Services Monitoring 151
Address Capacity Management 152
Auditing and Reporting 152
Security Management 153
ITIL(r) Process Mappings 153
ITIL Practice Areas 154
Conclusion 162
7 IPv6 Deployment 163
IPv6 Deployment Process Overview 164
IPv6
Address Plan Objectives 165
IPv6 Address Plan Examples 166
Case 1 166
Observations 168
Case 2 169
Observations 169
General IPv6 Address Plan Guidelines 170
ULA Considerations 171
Renumbering Impacts 172
IPv4-IPv6 Coexistence Technologies 173
Dual Stack Approach 173
Dual Stack Deployment 174
DNS Considerations 174
DHCP Considerations 175
Tunneling Approaches 176
Tunneling Scenarios for IPv6 Packets over IPv4 Networks 176
Dual-Stack Lite 177
Lightweight 4over6 181
Mapping of Address and Port with Encapsulation (MAP-E) 181
Additional Tunneling Approaches 183
Translation Approaches 184
IP/ICMP Translation 185
Address Translation 186
Packet Fragmentation Considerations 187
IP Header Translation Algorithm 188
Bump in the Host (BIH) 189
Network Address Translation for IPv6-IPv4 (NAT64) 192
NAT64 and DNS64 193
464XLAT 195
Mapping of Address and Port with Translation (MAP-T) 195
Other Translation Techniques 196
Planning Your IPv6 Deployment Process 197
8 IPAM for the Internet of Things 201
IoT Architectures 201
6LoWPAN 203
Summary 209
9 IPAM in the Cloud 211
IPAM VNFs 212
Cloud IPAM Concepts 212
IP Initialization Process 212
IP Initialization Implementation 213
DHCP Method 214
Private Cloud Static Method 216
Public Cloud Static Method 218
Cloud Automation with APIs 218
Multi-Cloud IPAM 220
Private Cloud Automation 221
Public Cloud Automation 223
IPAM Automation Benefits 223
Unifying IPAM Automation 224
Streamlined Subnet Allocation Workflow 226
Workflow Realization 230
Tips for Defining Workflows 233
Automation Scenarios 234
Intra-IPAM Automation 234
DHCP Server Configuration 235
DNS Server Configuration 236
Subnet Assignment 236
IP Address Assignment Request 236
Extra-IPAM Workflow Examples 237
Regional Internet Registry Reporting 237
Router Configuration Provisioning 238
Customer Provisioning 238
Asset Inventory Integration 238
Trouble Ticket Creation 239
Summary 239
Part III IPAM and Security 241
10 IPAM Services Security 243
Securing DHCP 244
DHCP Service Availability 244
DHCP Server/OS Attacks 244
DHCP Server/OS Attack Mitigation 245
DHCP Service Threats 245
DHCP Threat Mitigation 246
DHCP Authentication and Encryption 247
DNS Infrastructure Risks and Attacks 248
DNS Service Availability 249
DNS Server/OS Attacks 249
DNS Server/OS Attack Mitigation 250
DNS Service Denial 250
Distributed Denial of Service 251
Bogus Domain Queries 251
Pseudorandom Subdomain Attacks 252
Denial of Service Mitigation 253
Reflector Style Attacks 253
Reflector Attack Mitigation 254
Authoritative Poisoning 254
Authoritative Poisoning Mitigation 255
Resolver Redirection Attacks 256
Resolver Attack Defenses 256
Securing DNS Transactions 257
Cache Poisoning Style Attacks 257
Cache Poisoning Mitigation 259
DNSSEC Overview 259
The DNSSEC Resolution Process 260
Negative Trust Anchors 262
DNSSEC Deployment 263
Last Mile Protection 264
DNS Cookies 264
DNS Encryption 264
DNS Over TLS (DoT) 264
DNS Over HTTPS (DoH) 265
Encryption Beyond the Last Mile 267
11 IPAM and Network Security 269
Securing Network Access 269
Discriminatory Address Assignment with DHCP 269
DHCP Lease Query 274
Alternative Access Control Approaches 275
Layer 2 Switch Alerting 275
802.1X 276
Securing the Network Using IPAM 277
IP-Based Security Policies (ACLs, etc.) 277
Malware Detection Using DNS 277
Malware Proliferation Techniques 278
Phishing 279
Spear Phishing 279
Software Downloads 279
File Sharing 279
Email Attachments 280
Watering Hole Attack 280
Replication 280
Brute Force 280
Malware Examples 280
Malware Mitigation 281
DNS Firewall 282
DNS Firewall Policy Precedence 284
Logging Configuration 285
Other Attacks that Leverage DNS 285
Network Reconnaissance 285
Network Reconnaissance Defenses 286
DNS Rebinding Attack 287
Data Exfiltration 287
Data Exfiltration Mitigation 287
DNS as Data Transport (Tunneling) 288
Advanced Persistent Threats 289
Advanced Persistent Threats Mitigation 290
12 IPAM and Your Internet Presence 291
IP Address Space Integrity 291
Publicizing
Your Public Namespace 292
Domain Registries and Registrars 292
DNS Hosting Providers 294
Signing Your Public Namespace 295
DNSSEC Zone Signing 295
Key Rollover 296
Prepublish Rollover 297
Dual Signature Rollover 298
Algorithm Rollover 299
Key Security 301
Enhancing Internet Application Encryption Integrity 302
DNS-Based Authentication of Named Entities (DANE) 303
Securing Email with DNS 305
Email and DNS 305
DNS Block Listing 306
Sender Policy Framework (SPF) 307
Domain Keys Identified Mail (DKIM) 307
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) 308
Part IV IPAM in Practice 311
13 IPAM Use Case 313
Introduction 313
IPv4 Address Allocation 316
First-Level Allocation 317
Second-Layer Allocation 318
Address Allocation Layer 3 320
Core Address Space 323
External Extensions of Address Space 323
Allocation Trade-Offs and Tracking 324
IPAM Worldwide's Public IPv4 Address Space 325
IPAM Worldwide's IPv6 Allocations 326
External Extensions Address Space 329
IP Address Tracking 332
DNS and IP Address Management 334
14 IPAM Deployment Strategies 337
General Deployment Principles for DHCP/DNS 337
Disaster Recovery/Business Continuity 338
DHCP Deployment 339
DHCP Server Platforms 339
DHCP Servers 339
Virtualized DHCP Deployment 339
DHCP Appliances 339
DHCP Deployment Approaches 340
Centralized DHCP Server Deployment 340
Distributed DHCP Server Deployment 342
DHCP Services Deployment Design Considerations 344
DHCP Deployment on Edge Devices 347
DNS Deployment 348
DNS Trust Sectors 349
External DNS Trust Sector 350
Extranet DNS Trust Sector 355
Recursive DNS Trust Sector 357
Internal DNS Trust Sector 361
Deploying DNS Servers with Anycast Addresses 362
Anycast Addressing Benefits 362
Anycast Caveats 364
Configuring Anycast Addressing 365
IPAM Deployment Summary 366
High Availability 366
Multiple Vendors 366
Sizing and Scalability 367
Load Balancers 367
Lab Deployment 367
15 The Business Case for IPAM 369
IPAM Business Benefits 369
Automation 370
Outage Reduction 370
Rapid Trouble Resolution 370
Accurate IPAM Inventory and Reporting 371
Expanded...
Details
| Erscheinungsjahr: | 2021 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| Seiten: | 640 |
| Inhalt: | 640 S. |
| ISBN-13: | 9781119692270 |
| ISBN-10: | 111969227X |
| Sprache: | Englisch |
| Einband: | Gebunden |
| Autor: |
Rooney, Timothy
Dooley, Michael |
| Auflage: | 2nd edition |
| Hersteller: | Wiley |
| Maße: | 235 x 157 x 38 mm |
| Von/Mit: | Timothy Rooney (u. a.) |
| Erscheinungsdatum: | 13.01.2021 |
| Gewicht: | 1,06 kg |
Warnhinweis
Ähnliche Produkte
Buch
Lieferzeit 1-2 Werktage
Taschenbuch
Lieferzeit 1-2 Wochen
Bundle
Taschenbuch
Lieferzeit 4-7 Werktage
Taschenbuch
Lieferzeit 4-7 Werktage
Taschenbuch
Lieferzeit 4-7 Werktage
Taschenbuch
Taschenbuch
Taschenbuch
