Download presentation
Presentation is loading. Please wait.
Published byErica Wynn Modified over 9 years ago
1
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization
2
2 TCP/IP in the OSI Model
3
3 TCP/IP Design Requirements and Constraints Data amount and confidentiality Future growth plans Current TCP/IP network characteristics Response times Network availability requirements
4
4 TCP/IP Design Decisions IP addressing scheme IP subnet mask configuration Variable Length Subnet Mask (VLSM) Classless Interdomain Routing (CIDR) Authentication and encryption TCP/IP filters Availability and performance
5
5 Network Components That Require TCP/IP
6
6 Essential IP Configuration Information IP address Subnet mask Default gateway (except for routers and IP switches)
7
7 Class-Based IP Addresses
8
8 Public IP Addressing Schemes Obtain a public IP address range. Ensure that the range has enough addresses. Consider cost. Improve performance by excluding Network Address Translation (NAT). Consider security issues in your design.
9
9 Private IP Addressing Schemes
10
10 IP Address Ranges for Private Networks
11
11 Creating a Private Addressing Scheme Obtain the public IP addresses. Select the private IP address range. Reduce the number of Internet-connected devices. Include NAT. Incorporate security.
12
12 IP Subnet Mask
13
13 Default Gateway Forwards IP packets to other subnets or routers Is not required on routers, IP switches, or NAT devices Use a router as the default gateway when It is the only router on the subnet Most traffic goes through that router Routers use Internet Group Membership Protocol (IGMP) messages to identify better route paths
14
14 VLSM Reduces routing table entries Uses address space more efficiently VLSM design considerations Arrange routers hierarchically. Highest-level subnet mask allocates least number of bits. Lower-level subnet masks assign more bits. Lowest-level subnet mask supports maximum number of hosts.
15
15 Implementing VLSM: An Example
16
16 CIDR Replaces class-based IP addressing system Adds network prefix to IP address Is similar to VLSM; implemented by ISPs Is flexible Allows routing table aggregation
17
17 IPSec and VPN in TCP/IP Data Protection Internet Protocol Security (IPSec) Is an extension of TCP/IP Is supported only by Microsoft Windows 2000 Protects specific servers and resources Provides end-to-end encryption
18
18 IPSec and VPN in TCP/IP Data Protection (Cont.) Virtual private network (VPN) Allows remote access Is supported by many operating systems Protects an entire subnet Provides point-to-point encryption Uses a screened subnet
19
19 IPSec Connection Process Check IPSec policies Perform Internet Key Exchange (IKE) Establish the security association Exchange encrypted data
20
20 IPSec Policies Customize IPSec security with policies. Specify other IPSec rules in your policies. Use the default policies as the base for custom policies. Client (Respond Only) Server (Request Security) Secure Server (Require Security)
21
21 IPSec Modes Transport mode Multiple IPSec-enabled devices End-to-end encryption Tunnel mode One other IPSec-enabled device Point-to-point encryption
22
22 IPSec Authentication Methods Kerberos v5 X509 certificates version 3 Preshared keys
23
23 IPSec Integrity Checking and Data Encryption Authentication Headers (AH) protocol Use for integrity checking. Use when not encrypting data. Do not use for packets going through NAT. Encapsulating Security Payloads (ESP) Use for encrypting data. Choose among three encryption algorithms.
24
24 VPN Data Protection Point-to-Point Tunneling Protocol (PPTP) The industry standard Supported by various operating systems Layer 2 Tunneling Protocol (L2TP) Draft RFC-based protocol Supported by Windows 2000
25
25 VPN Authentication Protocols Password Authentication Protocol (PAP) Shiva Password Authentication Protocol (SPAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) Extensible Authentication Protocol (EAP)
26
26 VPN Encryption Protocols Microsoft Point-to-Point Encryption (MPPE) Various IPSec encryption algorithms
27
27 TCP/IP Filters Filter inbound traffic Work at application layer Provide alternative to Routing and Remote Access or Proxy Server
28
28 Optimizing TCP/IP Add persistent connections. Add more connections. Add more routers.
29
29 Chapter Summary TCP/IP designs Design concepts Class-based or CIDR addresses Public or private scheme Subnetting IGMP VLSM and CIDR
30
30 Chapter Summary (Cont.) TCP/IP data protection IPSec VPN TCP/IP filters
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.