... SUMMARYVPNs do not make use of dedicated leased linesVPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secureVPN componentsVPN serversVPN clientsProtocols39TUNNELING PROTOCOLSLayer 2 Tunneling Protocol (L2TP)Provides better security through IPSecIPSec enables L2TP to performAuthenticationEncapsulationEncryption18TUNNELING PROTOCOLSSecure Shell (SSH)Provides authentication and encryptionWorks with UNIXbased systemsVersions for Windows are also availableUses publickey cryptographySocks V. 5Provides proxy services for applications That do not usually support proxyingSocks version 5 adds encrypted authentication and support for UDP2016ENCRYPTION SCHEMES USED BY VPNS (CONTINUED)Secure Sockets Layer (SSL) (continued)StepsServer uses its private key to decode premaster codeGenerates a master secret keyClient and server use it to generate session keysServer and client exchange messages saying handshake is completedSSL session begins34SUMMARY (CONTINUED)VPN typesSitetositeClienttositeEncapsulation encloses one packet within another Conceals the original informationVPN protocolsSecure Shell (SSH)Socks version 5PointtoPoint Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)40 Virtual PrivateNetwork (VPN) 29BIếN ĐổI ĐÓNG GÓI TRONG VPN (ENCAPSULATION)Các buớc trong tiến trình VPN Đóng gói (Encapsulation)Mã hoá (Encryption)Xác thực (Authentication)EncapsulationĐóng gói dữ liệu và các thông số khác nhauVí dụ như IP headerBảo vệ tính nguyên vẹn dữ liệu153127VPN CORE ACTIVITY 2: ENCRYPTIONEncryptionProcess of rendering information unreadable by all but the intended recipientComponentsKeyDigital certificateCertification Authority (CA)Key exchange methodsSymmetric cryptographyAsymmetric cryptographyInternet Key ExchangeFWZ2812SUMMARY (CONTINUED)IPSec/IKEEncryption makes the contents of the packet unreadableAuthentication ensures participating computers are authorized usersKerberos: strong authentication systemVPN advantagesHigh level of security at low costVPN disadvantagesCan introduce serious security risks412410255ENCRYPTION SCHEMES USED BY VPNSTriple Data Encryption Standard (3DES)Used by many VPN hardware and software3DES is a variation on Data Encryption Standard (DES)DES is not secure3DES is more secureThree separate 64bit keys to process data3DES requires more computer resources than DES30WHY ESTABLISH A VPN?VPN combinationsCombining VPN hardware with software adds layers of network securityOne useful combination is a VPN bundled with a firewallVPNs do not eliminate the need for firewallsProvide flexibility and versatility13FIREWALL CONFIGURATION FOR VPNS37Protocol ... SUMMARYVPNs do not make use of dedicated leased linesVPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secureVPN componentsVPN serversVPN clientsProtocols39TUNNELING PROTOCOLSLayer 2 Tunneling Protocol (L2TP)Provides better security through IPSecIPSec enables L2TP to performAuthenticationEncapsulationEncryption18TUNNELING PROTOCOLSSecure Shell (SSH)Provides authentication and encryptionWorks with UNIXbased systemsVersions for Windows are also availableUses publickey cryptographySocks V. 5Provides proxy services for applications That do not usually support proxyingSocks version 5 adds encrypted authentication and support for UDP2016ENCRYPTION SCHEMES USED BY VPNS (CONTINUED)Secure Sockets Layer (SSL) (continued)StepsServer uses its private key to decode premaster codeGenerates a master secret keyClient and server use it to generate session keysServer and client exchange messages saying handshake is completedSSL session begins34SUMMARY (CONTINUED)VPN typesSitetositeClienttositeEncapsulation encloses one packet within another Conceals the original informationVPN protocolsSecure Shell (SSH)Socks version 5PointtoPoint Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)40 Virtual PrivateNetwork (VPN) 29BIếN ĐổI ĐÓNG GÓI TRONG VPN (ENCAPSULATION)Các buớc trong tiến trình VPN Đóng gói (Encapsulation)Mã hoá (Encryption)Xác thực (Authentication)EncapsulationĐóng gói dữ liệu và các thông số khác nhauVí dụ như IP headerBảo vệ tính nguyên vẹn dữ liệu153127VPN CORE ACTIVITY 2: ENCRYPTIONEncryptionProcess of rendering information unreadable by all but the intended recipientComponentsKeyDigital certificateCertification Authority (CA)Key exchange methodsSymmetric cryptographyAsymmetric cryptographyInternet Key ExchangeFWZ2812SUMMARY (CONTINUED)IPSec/IKEEncryption makes the contents of the packet unreadableAuthentication ensures participating computers are authorized usersKerberos: strong authentication systemVPN advantagesHigh level of security at low costVPN disadvantagesCan introduce serious security risks412410255ENCRYPTION SCHEMES USED BY VPNSTriple Data Encryption Standard (3DES)Used by many VPN hardware and software3DES is a variation on Data Encryption Standard (DES)DES is not secure3DES is more secureThree separate 64bit keys to process data3DES requires more computer resources than DES30WHY ESTABLISH A VPN?VPN combinationsCombining VPN hardware with software adds layers of network securityOne useful combination is a VPN bundled with a firewallVPNs do not eliminate the need for firewallsProvide flexibility and versatility13FIREWALL CONFIGURATION FOR VPNS37Protocol ... SUMMARYVPNs do not make use of dedicated leased linesVPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secureVPN componentsVPN serversVPN clientsProtocols39TUNNELING PROTOCOLSLayer 2 Tunneling Protocol (L2TP)Provides better security through IPSecIPSec enables L2TP to performAuthenticationEncapsulationEncryption18TUNNELING PROTOCOLSSecure Shell (SSH)Provides authentication and encryptionWorks with UNIXbased systemsVersions for Windows are also availableUses publickey cryptographySocks V. 5Provides proxy services for applications That do not usually support proxyingSocks version 5 adds encrypted authentication and support for UDP2016ENCRYPTION SCHEMES USED BY VPNS (CONTINUED)Secure Sockets Layer (SSL) (continued)StepsServer uses its private key to decode premaster codeGenerates a master secret keyClient and server use it to generate session keysServer and client exchange messages saying handshake is completedSSL session begins34SUMMARY (CONTINUED)VPN typesSitetositeClienttositeEncapsulation encloses one packet within another Conceals the original informationVPN protocolsSecure Shell (SSH)Socks version 5PointtoPoint Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)40 Virtual PrivateNetwork (VPN) 29BIếN ĐổI ĐÓNG GÓI TRONG VPN (ENCAPSULATION)Các buớc trong tiến trình VPN Đóng gói (Encapsulation)Mã hoá (Encryption)Xác thực (Authentication)EncapsulationĐóng gói dữ liệu và các thông số khác nhauVí dụ như IP headerBảo vệ tính nguyên vẹn dữ liệu153127VPN CORE ACTIVITY 2: ENCRYPTIONEncryptionProcess of rendering information unreadable by all but the intended recipientComponentsKeyDigital certificateCertification Authority (CA)Key exchange methodsSymmetric cryptographyAsymmetric cryptographyInternet Key ExchangeFWZ2812SUMMARY (CONTINUED)IPSec/IKEEncryption makes the contents of the packet unreadableAuthentication ensures participating computers are authorized usersKerberos: strong authentication systemVPN advantagesHigh level of security at low costVPN disadvantagesCan introduce serious security risks412410255ENCRYPTION SCHEMES USED BY VPNSTriple Data Encryption Standard (3DES)Used by many VPN hardware and software3DES is a variation on Data Encryption Standard (DES)DES is not secure3DES is more secureThree separate 64bit keys to process data3DES requires more computer resources than DES30WHY ESTABLISH A VPN?VPN combinationsCombining VPN hardware with software adds layers of network securityOne useful combination is a VPN bundled with a firewallVPNs do not eliminate the need for firewallsProvide flexibility and versatility13FIREWALL CONFIGURATION FOR VPNS37Protocol...
... header chuẩn phổ biến và ch a đ a chỉ IP c a FA, HA tham gia trong quá trình giao dịch. Tunnel packet header. Phần đầu này ch a 5 phần: - Protocol type. Trường này chỉ ra loại giao thức c a ... Máy chủ AAA. AAA : là viết tắt c a ba chữ Authentication (thẩm định quyền truy cập), Authorization (cho phép) và Accounting (kiểm soát). Các server này được dùng để đảm bảo truy cập an toàn ... clients. - Mã h a IPX, NetBEUI, NetBIOS, TCP/IP datagrams để tạo ra PPP datagrams và bảo mật dữ liệu trao đổi gi a các bên có liên quan. 2.2.1.3 Các thành phần c a quá trình giao dịch PPTP.•...
... gi a NAS và một thiết bị VPN Getway để truyền cácFrame, người sử dụng từ xa có thể kết nối đến NAS và truyền Frame PPP từ remoteuser đến VPN Getway trong đường hầm được tạo ra.1.3 L2TP (Layer ... về bảo mật c a công ty.Chính sách này bao gồm: qui trình (procedure), kỹ thuật, server (such as RemoteAuthentication Dial-In User Service [RADIUS], Terminal Access Controller AccessControl ... Tunnel, thay vì dùng GRE, đôi khi lại đóng vai_________________________________________________________________________ VIRTUAL PRIVATENETWORK (VPN)Nhóm 18Lớp: DHTH3GV: Th.s Nguyễn H a Danh sách:1....
... dạng, mã h a và lọc gói dữ liệu. Nhận dạng c a PPTP cũng sử dụng EAP (Extensible Authentication Protocol), CHAP (Challenge Hanhdshake Authentication), PAP (Password Authentication Protocol). ... Máy chủ AAA AAA là viết tắt c a ba chữ Authentication (thẩm định quyền truy cập), Authorization (cho phép) và Accounting (kiểm soát). Các server này được dùng để đảm bảo truy cập an toàn hơn. ... name vpn_hcm là account mà dùng để quay số vào LAN c a Hà nội. Do LAN Hà nội không dùng domain active nên bỏ trống mục Domain 13. Nhấn Next. Trên trang Completing the Demand-Dial Interface...
... inexpensive and easy to install, but they permit collisions to occur. They are appropriate for a small LAN with light traffic. In addition to the physical and data link connections, which are Layers ... following IP address. 2 - 4 CCNA 1: Networking Basics v 3.0 - Lab 5.1.1 3a Copyright 2003, Cisco Systems, Inc. Lab 5.1.1 3a Buildinga Hub-based Network Objective • Create a simple network ... patch cable. Locate two cables that are long enough to reach from each PC to the hub. Attach one end to the NIC and the other end to a port on the hub. Be sure to examine the cable ends carefully...
... dedicated bandwidth to workstations. Switches eliminate collisions by creating microsegments between ports to which the two workstations are attached. They are appropriate for small to large LANs ... Layer 3, so that they can communicate. Since this lab uses a switch, a basic Category 5/5e UTP straight-through cable is needed to connect each PC to the switch. This is referred to as a patch ... information in the table. b. Note that the default gateway IP address is not required, since these computers are directly connected. The default gateway is only required on local area networks...
... creating 2-workstation microsegments between ports. They are appropriate for small to large LANs with moderate to heavy traffic. In addition to the physical and data link connections, which are ... and the switch will be accomplished using a cat 5 or 5e straight-through patch cable. Locate two cables that are long enough to reach from each PC to the switch. Attach one end to the NIC and ... straight-through cable is needed to connect each PC to the switch. This is referred to as a patch cable or horizontal cabling, which is used to connect workstations and a typical LAN. Start...
... with an RJ-45 Ethernet or Fast Ethernet interface (or an AUI interface) and at least one serial interface. • 10BASE-T AUI transceiver (DB-15 to RJ-45) for a router with an AUI Ethernet interface, ... Ethernet interface of the connected router. The default gateway is required on local area networks that are connected to a router. Computer IP Address Subnet mask Default Gateway PC – A 192.168.1.2 ... the example below. Set the IP address information for each PC according to the information in the table. Note that the IP address of each PC is on the same network as the default gateway, which...
... overlay or peer-to-peer VPN model.San Jose A AmsterdamWashingtonAtlantaParis A LondonInternational VCs(FR or ATM)San Jose BSanta ClaraSan MateoRedwoodsSanta CruzParis BNantesLyonMarseilleRegional ... Information Rate or CIR) and maximum bandwidth available on a certain VC (Peak Information Rate or PIR). The committed bandwidth guarantee usually is provided through the statistical nature ... mostly exchange data with the central sites and not with each other, as the data exchanged between the remote offices always gets transported via the central site. If the amount of data exchanged...
... my grandfather, Arthur Conat, drove a carriage with horses when he was a teenager. He didn’t have a TV,or a telephone, or a car, or a refrigerator, or a washing machine, orrunning water aside ... vision remains worldwide in scope.Annabel Dent, Anneka Baeten, Clare MacKenzie, and Laurie Giles of HarcourtAustralia for all their help.David Buckland, Wendi Wong, David Loh, Marie Chieng, ... are placing their bets that DEN will leadthe future of global internetworking. Now, any organization can takeadvantage of the benefits that DEN offers through the implementation of a combination...