Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in the FMC environment Enrique Areizaga

Published byAnnette Eddy Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in the FMC environment Enrique Areizaga"— Presentation transcript:

1 Security in the FMC environment Enrique Areizaga enrique@robotiker.es

2 Security in FMC — 2 MUSE Summer School 2007 AGENDA >S>Some facts on Authentication and access control in Broadband Networks >A>AAA architectures in FMC environments >C>Conclusions

3 Security in FMC — 3 MUSE Summer School 2007 What is authentication in an Access Network > It is the process of controlling, recognizing in a reliable way, the identity claimed by another entity. I want to access a service Who are you? I am...... Authentication Server Authenticator

4 Security in FMC — 4 MUSE Summer School 2007 Why to authenticate? > The network access provider needs to know your profile, your SLAs (Service Level Agreements): What services you have contracted How they have to be provided High Speed Internet AAA server RM

5 Security in FMC — 5 MUSE Summer School 2007 How to authenticate in a BB Access Network? > By means of: An Authenticator -> Collects the authentication credentials from end user's side An Authentication Server -> Determines whether those credentials match a known entity, and deduces the authorization rights related to that entity. > The entity to be authenticated needs to have some credentials (i.e. unique authentication key) provided by the Authentication server. > The credentials will be transmit to the network using devices (i.e. A user giving his/her credentials to a modem). > The combination of the device plus the entity’s credentials determine the rights to use the network.

6 Security in FMC — 6 MUSE Summer School 2007 Network Authentication & Service Authentication ASP Network Regional Network Access Network AAA Server Access Network IPTV Server Service Manager Connectivity Provider Network Proxy AAA Proxy AAA Proxy AAA Manolo Jose ISP Network Network AuthenticationService Authentication

7 Security in FMC — 7 MUSE Summer School 2007 Benefits of Authentication (I) > Protect the network and services against unauthorized usage of resources (Bandwidth, access to service servers, IP addresses). Jose Paco Manolo BW1 BW2 BW_trunk= BW1+2BW2 I am Jose BW1 ¿where is my Connection?

8 Security in FMC — 8 MUSE Summer School 2007 Benefits of Authentication (II) > Support the collection of billing data and to provide traceability in the network. Traceability can be use for legal interception Traceability can be use for forensics in case of a security failure High Speed Internet AAA server RM I am Jose I want to watch TV Jose will use Connection “x” Jose will use IPTV Service

9 Security in FMC — 9 MUSE Summer School 2007 Benefits of Authentication (III) > To authenticate the network connections needed for different services (possible for different service providers) High Speed Internet AAA server RM I am Jose I want to watch TV Jose will use IPTV Service I am Jose I want Internet

10 Security in FMC — 10 MUSE Summer School 2007 Benefits of Authentication (IV) > To support nomadism of subscribers ASP Network Regional Network Access Network AAA Server Access Network IPTV Server Service Manager Connectivity Provider Network Proxy AAA Proxy AAA Proxy AAA Manolo Jose ISP Network I am Jose I want to watch TV Jose I am Jose I want to watch TV

11 Security in FMC — 11 MUSE Summer School 2007 Benefits of Authentication (V) > To automate the Access Node (AN) configuration. Upon authentication the AN will dynamically adapt to the customer needs according to the services he/she has subscribed, making more easy the management of the Access Network. Txema I am Txema Access Node (Authenticator) Is he Txema? Yes AAA Server Edge Node Assing Txema’s profile: BW= green SVLAN= red

12 Security in FMC — 12 MUSE Summer School 2007 Authorization > Is the process of allowing and forbidding an entity to perform a certain set of actions. > When performed by a network operator, it is the process of determining and enforcing different network policies for the different clients of the network. Access Network

13 Security in FMC — 13 MUSE Summer School 2007 Authentication and Authorization relationship >O>Operators implement “Authentication mechanisms” to authorize the authenticated entities the use of its network resources. >A>Authorization take the form of a authorization profile, returned by a policy server to the network node which endorses the role of the authenticator, after the authentication process is completed. >T>The Authorization profile contain a collection of network policies as: Accepted/rejected Access list (list of permitted/forbidden network destinations) Bandwidth for each class of service

14 Security in FMC — 14 MUSE Summer School 2007 What can be authenticated in a BB access network? > Subscriber authentication per-line and per-circuit > Subscriber authentication per-RG and per-device > End-user authentication per device > Physical device authentication and subscriber authentication per–physical-device > Device type authentication Subscriber authentication per-line and per-circuit

15 Security in FMC — 15 MUSE Summer School 2007 Subscriber authentication per-line and per-circuit > This is typically done today for point-to-point connections > The Access Node provides a circuit identifier to the client. > Any device connected to that circuit is authenticated. > Examples of circuit_id: PVCs in ATM or VLANs in Ethernet. Circuit_id =1 > When there is a single circuit per access loop, the identification is per line.

16 Security in FMC — 16 MUSE Summer School 2007 What can be authenticated in a BB access network? > Subscriber authentication per-line and per-circuit > Subscriber authentication per-RG and per-device > End-user authentication per device > Physical device authentication and subscriber authentication per–physical-device > Device type authentication Subscriber authentication per-RG and per-device

17 Security in FMC — 17 MUSE Summer School 2007 Subscriber authentication per-RG and per-device > The device which exchanges its credentials with the network is controlled by the subscriber. > If the device is the Residential Gateway the effect is the same as with per-line identification (no distinction between devices) > The subscriber can change the credentials in the device corresponding to his service subscriptions. BRAS > If multiple devices at home exchange individually their credentials with the network, they will be identified individually. ISP Network PPP connection: Login + password

18 Security in FMC — 18 MUSE Summer School 2007 What can be authenticated in a BB access network? > Subscriber authentication per-line and per-circuit > Subscriber authentication per-RG and per-device > End-user authentication per device > Physical device authentication and subscriber authentication per–physical-device > Device type authentication End-user authentication per device

19 Security in FMC — 19 MUSE Summer School 2007 End-user authentication per-device > An end-user can enter his/her credentials into a device by means of an smart card, dongle or even manually. > Those credentials belong to the users, and they do not leave them permanently on a device, quite the opposite the user carries the credentials with him/her. Thus, the end-user is always authenticated per device. > In other words, when the credentials can be entered by the temporary user of a terminal the entity authenticated is the end-user. > However, when the device which exchanges its credentials with the network is a given terminal in the home network, the authentication is per-device.

20 Security in FMC — 20 MUSE Summer School 2007 End-user authentication per-device Start surfing

21 Security in FMC — 21 MUSE Summer School 2007 What can be authenticated in a BB access network? > Subscriber authentication per-line and per-circuit > Subscriber authentication per-RG and per-device > End-user authentication per device > Physical device authentication and subscriber authentication per–physical-device > Device type authentication Physical device authentication and subscriber authentication per–physical-device

22 Security in FMC — 22 MUSE Summer School 2007 CPN Physical device authentication and subscriber authentication per-physical-device > The entity authenticated can be the physical device if there are unique credentials hard-coded into the Residential Gateway. > From the point of view of a network operator, authenticating the physical device does not replace a subscriber or an end-user authentication. > If the operator trust the associations between each physical device and subscriber, then the subscriber can be authenticated per-physical-device. Credentials hard coded

23 Security in FMC — 23 MUSE Summer School 2007 What can be authenticated in a BB access network? > Subscriber authentication per-line and per-circuit > Subscriber authentication per-RG and per-device > End-user authentication per device > Physical device authentication and subscriber authentication per–physical-device > Device type authentication Device type authentication

24 Security in FMC — 24 MUSE Summer School 2007 Device type authentication > If the intention is to authenticate a device as pertaining to a particular type of devices, not to authenticate the individual physical device itself, then the entity authenticated is the device type. > The device type can be part of the credential which are provided by the device to the authenticator. > The device type must be hard-coded or only configurable by operator. > Example, an operator may want to restrict access to a premium VoD service only to a STB of a certified type and block the service from being provide to a PC.

25 Security in FMC — 25 MUSE Summer School 2007 Device type authentication client certificate Device type= STB I am a STB I want VoD I am a PC I want VoD OK Not OK Rejected

26 Security in FMC — 26 MUSE Summer School 2007 Summary of the factors impacting the authenticated entities 1/ What is the device which provides the credentials to the network ? Access NodeResidential GatewayIndividual device behind RG 2/ How are the credentials provided to that device ? Hard coded in factory or Configurable by the operator only Subscriber per line or Subscriber per circuit Physical RG ; Type of RG ; Subscriber per physical RG ; Physical device ; Type of device ; Subscriber per physical device ; Configurable by the subscriber or From a smart card per subscriber N/ASubscriber per RGSubscriber per device Configurable by individual end users or From a smart card per end user N/A End user per device  What entity can a network operator authenticate from the credentials ?

27 Security in FMC — 27 MUSE Summer School 2007 AGENDA >S>Some facts on Authentication and access control in Broadband Networks >A>AAA architectures in FMC environments >C>Conclusions

28 Security in FMC — 28 MUSE Summer School 2007 Some Acronyms

29 Security in FMC — 29 MUSE Summer School 2007 Different alternatives to provide “AA” > Some comparisons: > EAP as framework for performing AA EAP-SIM, EAP-AKA, EAP-TTLS,...

30 Security in FMC — 30 MUSE Summer School 2007 Extensible Authentication Protocol (EAP) AAA server returns keys to AP/AC/BS Authentication Center (AuC)

31 Security in FMC — 31 MUSE Summer School 2007 IEEE 802.1X – Everything together

32 Security in FMC — 32 MUSE Summer School 2007 IEEE 802.1X – Authentication protocol stack Example

33 Security in FMC — 33 MUSE Summer School 2007 > Characteristics of PANA Purpose : – PANA is a link-layer agnostic network access authentication protocol that runs between a node that wants to gain access to the network and a server on the network side. – PANA is defined as a network-layer transport for EAP. – authentication and generation of cryptographic keying material are achieved by EAP methods – keys can be used for per packet authentication (link layer mechanisms or IPsec, additional protocols necessary, e.g. IKE) PANA vs. IEEE 802.1x – 802.1X provides EAP authentication limited to IEEE 802 link layers – PANA provides AAA mechanisms independent of the underlying L2 access technology (nomadism, FMC) PANA (Protocol for carrying Autentication for Network Access)

34 Security in FMC — 34 MUSE Summer School 2007 PANA client (PaC) PANA authentication agent (PAA) authentication server (AS) enforcement point (EP) architectural issues – PaCs can be end hosts or routers (home gateway) – PaC needs a temporary IP address prior to PANA authentication – The PAA can be hosted on any IP-enabled node on the same IP subnet as the PaC – AS might be hosted on the same node as the PAA, on a dedicated node on the access network, or on a central server somewhere in the Internet PANA PaCPAA EP AS PANA Radius / Diameter / LDAP / API IKE / 4 way handshake SNMP / API

35 Security in FMC — 35 MUSE Summer School 2007 > RFC 3118 describes a usage of DHCP option 90, i.e. – How DHCP clients with proper authorization can be automatically configured from an authenticated DHCP server – Authentication (HMAC-MD5) of the source and contents of DHCP messages > To secure DHCP messages a number of parameters including the key that is shared between the DHCP client and the DHCP server have to be established (these parameters are called DHCP security association – DHCP SA) – RFC 3118 specifies this as “out-of-band” (or manual) key exchange, therefore limiting the solution to intra-domain only > Problem – How to generate fresh and unique DHCP keys in order to secure DHCP messages DHCP Opt 90

36 Security in FMC — 36 MUSE Summer School 2007 1.802.1X (e.g., EAPoL) is used to carry EAP messages 2.Routing or Bridged RGW 3.The RGW is trusted and is delegated to enfoced to authenticate (extended AN) 4.RGW hosts Authenticator and Radius client 5.End users equipments configured with RGWs’ MAC address Example of an Authentication process

37 Security in FMC — 37 MUSE Summer School 2007 The RGW is Authenticated and Authorized within the Access Network Access Edge Site L2Aggregation Data Plane Control Plane Mgmt VR Default VR AUTHDDHCPD Step 1- The RGW is Authenticated and Authorized within the Access Network 1 EAPOL-Start 2 EAP-Request/Identity 3 EAP-Response 4 EAP-Request/OTP (One Time Password) 5 EAP-Response/OTP RADIUS Client 802.1x Supplicant 802.1x AUTHD Radius access_request 6 EAP-Success Radius access_challenge Radius access_accept

38 Security in FMC — 38 MUSE Summer School 2007 The RGW gets its IP address Access Edge Site L2Aggregation Data Plane Control Plane Mgmt VR Default VR AUTHDDHCPD Step 2- The RGW gets its IP address 1 DHCP-Discover 2 DHCP-Offer 3 DHCP-Request 4 DHCP-ACK/NACK The RGW gets Its IP address

39 Security in FMC — 39 MUSE Summer School 2007 The User needs to be authenticated by the RGW Access Edge Site L2Aggregation Data Plane Control Plane Mgmt VR Default VR AUTHDDHCPD Step 3- The User needs to be authenticated by the RGW 1 EAPOL-Start 2 EAP-Request-Identity 3 EAP-Response 4 EAP-Request/OTP 5 EAP-Response/OTP RADIUS PROXY RADIUS CLIENT 802.1x AUTHD 802.1x Supplicant 6 EAP-Success Radius access_accept Radius access_request Radius access_challenge

40 Security in FMC — 40 MUSE Summer School 2007 Authentication Message Flow (example) EAPOL-Start EAP-Request/OTP EAP-Response/Identity RADIUS Proxy (NAP) RADIUS Server (NSP) Access-Request Access-Challenge RGW Supplicant 802.1X Authenticator 802.1X RADIUS Client DHCP Relay Access-Challenge Access-Request EAP-Request/Identity Access-Request Access-Accept EAP-Response/OTP EAP-Success Port Authorised Accounting request (Start) DHCP Server Accounting response DHCP DISCOVER DHCP OFFER DHCP REQUEST DHCP ACK/NACK RADIUS access request message: Attribute #4: NAS-IP-Address Attribute #5:NAS- port Attribute #32: NAS-identifier RADIUS access accept message: Attribute #8: Framed IP-Address (255.255.255.254) Attribute #9:Framed IP-mask (255.255.255.255) Attribute #22: Framed route (EN IP Address) RADIUS Framed IP-Address= DHCP “yiaddrr” field and DHCP option #50 RADIUS Framed IP-mask = DHCP option #1 RADIUS Framed route = DHCP option #3

41 Security in FMC — 41 MUSE Summer School 2007 Nomadism Use Case (e-Health) MPLS VPN Health Information Network HospitalImaging lab lab PharmacyInsurance Doctor’s Office Regional Network Access Network Patient 1. Request access to service 2. Request User credentials 3. User Authentication RM 4. Resources available? Service Manager AAA

42 Security in FMC — 42 MUSE Summer School 2007 Nomadism Use Case (e-Health) Packager-h CP-h RNP-h NAP-h1 Access EN NSP-h NSP-v Service EN ASP (single ASP in overlay to NSP) Peering points between NSP Service EN Packager-v Service EN CP-v RNP-v NAP-v Access EN Connectivity AAA server Service AAA proxy Service AAA server Connectivity AAA proxy Service AAA server Connectivity AAA proxy Connectivity AAA server Service AAA proxy NAP-h2 Access EN Connectivity AAA proxy

43 Security in FMC — 43 MUSE Summer School 2007 Session continuity Use Case (WLAN hopping) Jose

44 Security in FMC — 44 MUSE Summer School 2007 Session continuity Use Case (WLAN hopping) Jose Packager-h CP-h RNP-h NAP-h1 Access EN NSP-h NSP-v Service EN ASP (single ASP in overlay to NSP) Peering points between NSP Service EN Packager-v Service EN CP-v RNP-v NAP-v Access EN Connectivity AAA server Service AAA proxy Service AAA server Connectivity AAA proxy Service AAA server Connectivity AAA proxy Connectivity AAA server Service AAA proxy NAP-h2 Access EN Connectivity AAA proxy

45 Security in FMC — 45 MUSE Summer School 2007 Session continuity Use Case (WLAN-3GPP) Jose

46 Security in FMC — 46 MUSE Summer School 2007 Session continuity Use Case (WLAN-3GPP) Jose Packager-h CP-h RNP-h NAP-h1 Access EN NSP-h NSP-v Service EN ASP (single ASP in overlay to NSP) Peering points between NSP Service EN Packager-v Service EN CP-v RNP-v NAP-v Access EN Connectivity AAA server Service AAA proxy Service AAA server Connectivity AAA proxy Service AAA server Connectivity AAA proxy Connectivity AAA server Service AAA proxy NAP-h2 Access EN Connectivity AAA proxy

47 Security in FMC — 47 MUSE Summer School 2007 AGENDA >S>Some facts on Authentication and access control in Broadband Networks >A>AAA architectures in FMC environments >C>Conclusions

48 Security in FMC — 48 MUSE Summer School 2007 Conclusions > Authentication in access networks is a must in order to setup correctly the connections to the subscribers. > Authentication can be done in different ways, depending on the granularity required and the services provided. > The trend in broadband networks towards multiservice multiprovider access networks makes authentication per circuit not sufficient and requiring an identification of the end user. > The trend towards the separation between the Service providers and Connectivity providers requires a correct accounting of the resources consumed.

49 Security in FMC — 49 MUSE Summer School 2007

50 Security in FMC — 50 MUSE Summer School 2007 BACKUP SLIDES

51 Security in FMC — 51 MUSE Summer School 2007 Use cases where authentication is needed (I) >U>Use Case 1: Dynamic configuration of the access network according to the subscriber profile. Use case 1.1: Subscriber dynamic authentication to allow dynamic configuration of the Access Node, and ease the provisioning of triple play services. Use case 1.2: Subscriber authentication to allow nomadism. If not done dynamically it will take too long to reconfigure the network. Use case 1.3: End-user authentication to allow Network-level Parental control. Different members of the family can have different policies to access the network (i.e. restriction in some network destinations).

52 Security in FMC — 52 MUSE Summer School 2007 Use cases where authentication is needed (II) > Use Case 2: Denying access to stolen or hacked devices, or allowing only certain device type. Use case 2.1: Device type authentication to allow only a device type (i.e. an specific STB) or to only trusted network entities (i.e. check that the RG is the one provided by the operator) Use case 2.2: Physical device authentication denying access to stole RG/devices. Checking if the credentials provided by the RG/device authenticate an authorized equipment or not.

53 Security in FMC — 53 MUSE Summer School 2007 Use cases where authentication is needed (III) > Use Case 3: Authentication used for accounting. Use case 3.1: Subscriber authentication to allow charging on their use of the network (per GB, time, traffic,..) Use case 3.2: End-user authentication to allow charging per user (i.e. to differentiate between business use and private, or to charge nomadic or visiting users). Use case 3.3: Subscriber authentication to allow charging other Service subscribers. To allow the network provider to charge the Service providers for the use of the network.

54 Security in FMC — 54 MUSE Summer School 2007 Use cases where authentication is needed (IV) > Use Case 4: Authentication used for other reasons. Use case 4.1: Subscriber authentication is mandatory for ISPs, who must be able to know and to remember at all time what IP address was allocated to what subscriber at what time. Use case 4.2: Subscriber authentication: Legal interceptions. The authorities may request to intercept or duplicate traffic originating from or destined to some particular subscribers, and thus subscriber authentication is required.

55 Security in FMC — 55 MUSE Summer School 2007 Use cases classification Use cases 1.1 Dynamic network provisionin g 1.2 Allow nomadis m 1.3 Parental control 2.1 Device type (trusted) 2.2 Stolen device 3 Charge subscriber 4 ISP Legal intercept Deduction over the levels of importance Entities required to be Authentic ated Subscriber per line Required 1 Subscriber per circuit RequiredOptional 1 Subscriber per RG RequiredOptionalRequired 1 Subscriber per device OptionalRequired 2 End user per device Optional RequiredOptional 3 Physical deviceOptionalRequiredOptional4 Device typeRequired2 Order of priorities 1232411 Order of priorities: probability to be deploy by network operators in the short term

Download ppt "Security in the FMC environment Enrique Areizaga"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.

BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
PPPoE Last Update 2011.07.21 1.4.0 Copyright 2000-2011 Kenneth M. Chipps Ph.D. www.chipps.com 1.

PPPoE Last Update Copyright Kenneth M. Chipps Ph.D. 1.
Omniran-13-0040-00-0000 1 3GPP Trusted WLAN Access to EPC Use Case Analysis Date: 2013-05-15 Authors: NameAffiliationPhoneEmail Max RiegelNSN+49 173 293.

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN
Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP)
BroadBand Europe 2007, Antwerp, December 2-5, 2007 Roaming in an Unbundled Fixed-Mobile Convergent World Pieter Nooren, Iko Keesmaat, Bob Melander, Karsten.

BroadBand Europe 2007, Antwerp, December 2-5, 2007 Roaming in an Unbundled Fixed-Mobile Convergent World Pieter Nooren, Iko Keesmaat, Bob Melander, Karsten.
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.

IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
DSL Access Architectures and Protocols. xDSL Architecture.

DSL Access Architectures and Protocols. xDSL Architecture.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Similar presentations

Ads by Google