Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/2 0011 Network Engineering & Telecommunications Section Update Jim Van.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Case Study: Pat Lee’s Home PC Network Chapter 1a Panko’s Business Data Networks and Telecommunications, 6th edition Copyright 2007 Prentice-Hall May only.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Remote Networking Architectures
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Fermilab VPN Service What is a VPN ?.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Virtual Private Network
Case Study: Pat Lee’s Home PC Network Chapter 1a Updated January 2007 Panko’s Business Data Networks and Telecommunications, 6th edition Copyright 2007.
Securing a Wireless Network
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Virtual Private Networks An Economical Option for Broadband Connectivity.
Sarkis Mkoyan *Yerevan Physics Institute. 2 Alikhanyan Brothers St., YerPhI Network Overview.
Doc.: IEEE /743r0 Submission November 2002 Godfrey, IntersilSlide 1 Pluto’s Home Page.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Communications Pool FY ’06 Marla Meehl Friday, 10/21/05 NETS – Network Engineering & Telecommunications Section Enterprise Services Computer Security.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
Module 11: Remote Access Fundamentals
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications ◦The client requested data.
CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
Module 8: Managing Terminal Services. Overview Use and manage Terminal Services RemoteApp programs Use and manage Terminal Services Gateway Optimize and.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.
● Albert Einstein explained it best: ● "You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing.
CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
Virtual Private Networks
SCD Computer Room Networking Basil Irwin (et. al
Getting Connected to NGS while on the Road…
Virtual Private Networks
Network Technology Update
Firewalls Routers, Switches, Hubs VPNs
Getting Connected to NGS while on the Road…
Networking and Security
Chapter 10: Advanced Cisco Adaptive Security Appliance
Virtual Private Networks
Topic 12: Virtual Private Networks
What’s New In WatchGuard Wi-Fi Cloud v8.6
Presentation transcript:

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Network Engineering & Telecommunications Section Update Jim Van Dyke - Asst. Section Manager December 10, 2001

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Topics Introduction to NETS NETS Web Site Network Coordination & Advisor Board Current wireless deployment NCAR VPN NETS Future Projects

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Introduction to NETS Who are we?

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NETS Web Site How to submit a NETS work request httpwww.scd.ucar.edu/nets/forms/

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Network Coordination & Advisor Board Helps define priorities NCAB Policies

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Wireless at NCAR NCAR current wireless projects LAN WAN Details of NCAR wireless work at:

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR’s Wireless LAN Covering all the conference rooms now Cover most office space eventually “NETS is the FCC of NCAR” (no rogue wireless devices) Guest authentication via web page VPN access required in the future

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Old Wireless Model Staff-only network inside the firewall provides access to all the same services that staff have access to in their offices Guest/visitor network outside the firewall only in conference rooms and their immediate vicinity Access to each is controlled via regularly changing encryption keys

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ New Wireless Model One network only Access via VPN for UCAR staff Guest access via web page registration Reason for requirement = WEP is insecure

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR’s Wireless WAN b link between ML and MFS Backed up by a T-1 link Potential backup links to Jeffco, PS and FL

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Futures / other general wireless issues b standard extensions coming will extend b speed to 22Mbps IEEE a operates in the 5-GHz bands data rates up to 54Mbps unlike b DSSS, a uses OFDM

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR’s security perimeter Who is inside? Most users on UCAR campuses Dial-in users connecting to UCAR dialups Who is outside? Users at UCAR divisions that have elected to remain outside the perimeter Dial-in users connecting to external ISPs Anyone else on the Internet at large

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR VPN Solution A conceptual diagram of what we wanted to achieve

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NCAR’s VPN client solutions Windows Cisco IPSec client – W9X-WXP and Linux Linux FreeS/WAN option available Macintosh and Solaris No current solution Cisco client solution supposedly coming soon Obtain software via Greg Woods

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Cisco VPN solution Cisco IPSec client Establishes IPSec tunnel to Cisco VPN Concentrator 3015 (and closes off all other network access when enabled) We require a group ID and password to establish tunnel (can also use certificates) We then validate the user on their UCAR “gatekeeper password” via RADIUS

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Legal issues Cisco VPN client issues From the legal point of view, we have four classes of users: UCAR employees who install the software onsite UCAR employees who download the software to their home systems Remote users within the US Remote users outside the US

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Linux VPN solution FreeS/WAN ( Known to work with Linux and BSD Must recompile the kernel Linux client must comply with CSAC security standards for fully exposed hosts (disabling services or using ipchains to block access; IP firewalling must be enabled in the kernel)

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ VPN and Wireless Addresses the WEP insecurity issue CSAC will require this soon

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NETS Future Projects Voice over IP (VoIP) Routers Upgrade New Connections to FRGP New Building

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Conclusion Details and more information on NETS “Projects page” Questions?

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ NETS