CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

IPSec.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.
Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VLANs.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Karlstad University IP security Ge Zhang
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
FINAL YEAR PROJECT. FINAL YEAR PROJECT IMPLEMENTATION OF VPN USING IPSEC.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Network Access for Remote Users Dr John S. Graham ULCC
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
CSCI 465 Data Communications and Networks Lecture 26
Virtual Private Networks
IPSec Detailed Description and VPN
Virtual Private Networks
Chapter 18 IP Security  IP Security (IPSec)
CIT 480: Securing Computer Systems
Virtual Private Network zswu
Chapter 6 IP Security.
Presentation transcript:

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs

CIT 384: Network AdministrationSlide #2 Topics 1.VPNs 2.Tunneling 3.ssh 4.SSL 5.IPsec 6.L2TP

CIT 384: Network AdministrationSlide #3 VPNs VPNs try to provide leased line features Privacy: preventing unauthorized people from being able to read VPN traffic. Authentication: verifying that sender of VPN is an authorized device. Integrity: verifying data is not changed in transit. using a public network at lower cost.

CIT 384: Network AdministrationSlide #4 VPN Example 1.PC1 sends IP packet to S1 2.Router encapsulates IP in VPN+IP headers 3.No one can read packet in the middle 4.ASA-1 checks security and de-encapsulates. 5.S1 receives IP packet from PC1.

CIT 384: Network AdministrationSlide #5 VPN Types Remote Access: individual user to network. Intranet: connect networks of two sites. Extranet: connect networks of two partnering organizations.

CIT 384: Network AdministrationSlide #6 Tunneling Tunneling: Encapsulation of one network protocol in another protocol –Carrier Protocol: protocol used by network through which the information is travelling –Encapsulating Protocol: protocol (GRE, IPsec, L2TP) that is wrapped around original data –Passenger Protocol: protocol carries original data

CIT 384: Network AdministrationSlide #7 Tunneling Protocols by Layer Application Transport Network Data Link ssh, SSL IPsec L2TP, MPLS

CIT 384: Network AdministrationSlide #8 ssh Secure Shell Replaces telnet ftp rlogin rsh rcp

CIT 384: Network AdministrationSlide #9 SSH Security Features

CIT 384: Network AdministrationSlide #10 ssh tunneling.Use ssh tunneling to encrypt TCP connections ssh –L lport:rhost:rport rhost –Carrier Protocol: IP –Encapsulating Protocol: ssh –Passenger Protocol: TCP on a specific port

CIT 384: Network AdministrationSlide #11 SSL/TLS Secure Sockets Layer –Commonly used to encrypt web connections. –Also used for IMAP, LDAP, POP, etc. –Transport Layer Security supersedes SSLv3 Can be used to create tunnels –Configure similarly to ssh tunnels. –Stunnel is open source SSL tunnel software.

CIT 384: Network AdministrationSlide #12 IPsec IPsec includes three major protocols –Internet Key Exchange (IKE) Provides a framework for negotiating security parameters. –Encapsulating Security Payload (ESP) Provides a framework for encrypting, authenticating, and securing data. –Authentication Header (AH) provides a framework for authenticating and securing data.

CIT 384: Network AdministrationSlide #13 IPsec General Operation To communicate with IPsec, devices must –Agree on a set of security protocols. –Agree on an encryption algorithm. –Exchange cryptographic keys. –Use above to encode and decode data.

CIT 384: Network AdministrationSlide #14 IPsec Packet Encapsulation Transport Mode –Original IP header of packet that is being encrypted is used to transport the packet. –ESP or AH header inserted btw IP header and payload. Tunnel Mode –New IP header is added in front of ESP/AH header. This header contains IP addresses of the two IP peers as source + destination.

CIT 384: Network AdministrationSlide #15 IKE IKE handles –Negotiating protocol parameters –Exchanging public keys –Authenticating both sides –Managing keys after exchange IKE is a UDP-based protocol.

CIT 384: Network AdministrationSlide #16 ESP Encapsulates IP packet to provide –Authentication –Encryption –Integrity validation –Anti-replay IP protocol 50, described in RFC 2406

CIT 384: Network AdministrationSlide #17 AH Authentication Header provides auth + integrity –Uses keyed hash algorithm as checksum. –Unlike CRC, cannot be reproduced w/o key. –Also protects against replay attacks. –Does not encrypt packet contents.

CIT 384: Network AdministrationSlide #18 NAT Transparency PAT can’t change encrypted transport header. Solution: add an extra UDP header.

CIT 384: Network AdministrationSlide #19 GRE Generic Routing Encapsulating –Cisco IP tunneling protocol. –Allows use of multicast protocols. –Combine with IPsec to allow routing information to be passed btw networks. IP protocol 47

CIT 384: Network AdministrationSlide #20 L2TP Open successor to –L2F (Cisco) –PPTP (MS) Layer 2 tunnel so it supports any layer 3 protocols. –Encapsulates in UDP datagram to port 1701 Does not provide encryption or authentication. Use with IPsec

CIT 384: Network AdministrationSlide #21 Key Points Tunneling –Carrier Protocol –Encapsulating Protocol –Passenger Protocol VPNs –layer 4: ssh, SSL –layer 3: IPsec –layer 2: L2TP IPsec –ESP –AH –IKE –Tunnel mode vs transport mode

CIT 384: Network AdministrationSlide #22 References 1.Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman, SSH, The Secure Shell, 2 nd edition, O’Reilly, Vijay Bollapragda, IPsec VPN Design, Cisco Press, James Boney, Cisco IOS in a Nutshell, 2 nd edition, O’Reilly, Cisco, Cisco Connection Documentation, Cisco, Internetworking Basics, m m 6.Saadat Malik, Network Security Principles and Practices, Cisco Press, Wendell Odom, CCNA Official Exam Certification Library, 3 rd edition, Cisco Press, 2007.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.