Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM.

Published byCorey Arnold Modified over 9 years ago

Similar presentations

Presentation on theme: "Agenda 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM."— Presentation transcript:

1 Agenda 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM

2 Homework Study For Exam

3 Chapter 10 Data Link Control

4

5 Figure 10-1 Data Link Layer

6 Figure 10-2 Data Link Layer Function

7 Figure 10-3 Line Discipline Categories

8 Figure 10-4 Line Discipline Concept: ENQ/ACK

9 Figure 10-5 ENQ/ACK Line Discipline

10 Figure 10-6 Poll/Select Line Discipline

11 Figure 10-7 Select

12 Figure 10-8 Poll

13 Figure 10-9 Categories of Flow Control

14 Figure 10-10 Stop-and-Wait

15 Figure 10-11 Sliding Window

16 Figure 10-12 Sender Sliding Window

17 Figure 10-13 Receiver Sliding Window

18 Figure 10-14 Example of Sliding Window

19 Figure 10-15 Categories of Error Control

20 Figure 10-16 Stop-and-wait ARQ, Damaged Frame

21 Figure 10-17 Stop-and-wait ARQ, Lost Frame

22 Figure 10-18 Stop-and-wait ARQ, Lost ACK

23 Figure 10-19 Go-Back-n, Damaged Frame

24 Figure 10-20 Go-Back-n, Lost Frame

25 Figure 10-21 Go-Back-n, Lost ACK

26 Figure 10-22 Selective-Reject, Damaged Frame

27 WAN-Virtual Circuits VPN

28 WAN-Virtual Circuits Problems For Management VPN implementation, services & overall utility vary widely--the single complete solution that can meet all your needs does not exist (Depending on your environment) some implementations hold distinct advantages over others

29 WAN-Virtual Circuits Virtual Private Networking Version 2.0 1. What is a VPN? 2. What is a tunnel? 3. What is the relationship between VPNs and multi- system management? 4. What is significance of Service Level Agreements (SLAs)?

30 WAN-Virtual Circuits Virtual Private Networking Enhancers 1. IP Sec: A protocol that authenticates, encapsulates (tunnels) and encrypts traffic across IP networks. It supports key management, the Internet Key Exchange protocol & various encryptions (e.g., DES & Tripple DES) 2. Multiprotocol Label Switching (MPLS): Defines a process in which a label is attached to an IP header to increase routing efficiency and enable routers to forward packets according to specified QoS levels. Uses a tunneling technique.

31 MPLS vs. Circuit Switching MPLS Minimizes changes to hardware by routing and switching functions Will establish pre-hop behavior for delay sensitive traffic Permits bandwidth reservation and flow control over wide range of paths Will permit bandwidth & other constraints to be considered in computes Provides ranking to individual flows so during failure important flows go first Circuit Switching Hardware designs do not need to change Minimizes delay variations Enables accurate bandwidth reservations Can automatically compute routes over known/specified bandwidths Can provide hard guarantees of service and routing

32 VPN Example: Cisco Secure Client CAMPUS X.509 Cert Auth VPN Administrator Cisco Secure Access Control Server-AAA Cisco 7100 Series VPN Router Extranet User with Internet Access Extranet User with Cisco Secure VPN Client InternetVPN and/or IP-VPN Mobile Dial Remote Access User with Cisco Secure VPN Client Mobile Home User with Cisco Secure VPN Client

33 VPN Example: Cisco Secure Client Advertised Features Full compliance with IP Sec and related standards DES, 3DES, MD-5 & SHA-1 algorithms Internet Key Exchange using ISAKMP/Oakley Interoperates with virtually all PC Windows communications devices: LAN adapters, modems, PCMCIA cards, etc. GUI for configuring security policy and managing certificates Easy to install and transparent to use with easy configuration for deployment to end users Security policy can be exported and protected as read only by the VPN administrator

34 VPN Example: Cisco Secure Client Advertised Applications Travelling “Road Warrior” communications (client to gateway) Creation of virtual “secure enclave” on unprotected network X.509 v3 certificates FIPS-46 DES encryption FIPS-180-1 SHA-1 hash FIPS-186 DSS digital signatures CAPI 2.0: Microsoft Crypto API PKCS: Public Key Cryptographic Standards IP Security Standards

35 VPN Example: Cisco Secure Client Internet Protocol Security Standards RFC 2401 Security Architecture for Internet Protocol RFC 2402 IP Authentication Header RFC 2403 Use of HMAC-MD5-96 within ESP & AH RFC 2404 Use of HMAC-SHA-1-96 within ESP & AH RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV RFC 2406 IP Encapsulating Security Payload (ESP) RFC 2407 IP Security Domain of Interpretation for ISAKMP RFC 2408 Internet Security Association & Key Management Protocol (ISAKMP) RFC 2409 Internet Key Exchange (IKE) RFC 2410 NULL Encryption Algorithm & its uses with IP Sec

36 VPN Evaluation: Computer Networks Report Services Wt.GTEIUunetInfonetQuestAT&TPSINet Geogr Coverage25% 5 3 4 2 2 2.5 SLAs25% 4 4.5 3 1.5 3 2.5 Pricing20% 2.5 5 3.5 3.5 1 1 Security20% 4.5 3.5 2 4 3.5 2 QoS Support10% 2 2 2 1 1 2 Total Score 3.85 3.76 3.05 2.46 2.25 2.05 B B C+ D D D Specific Products Evaluated: GTE Internetworking: VPN Advantage Note: Scores weighted 0-5 Uunet: UUsecure VPN Direct Edition Infonet: Private Internet Quest Communications: Quest VPN AT&T: Virtual Private Network Service (VPNS) PSINET: IntraNet

37 Enterprise Firewalls Problems For Management What are you most concerned about? Penetration protection Performance Logging & reporting Data overload Good records Type to use? Hardware (inspection only) Proxy (software processing) Central or Distributed Management?

38 Enterprise Firewalls Potential Contradictory Goals Penetration protection vs. performance Logging & reporting vs. data overload Good records vs. archival costs Central or Distributed management Central management creates security policy & pushes it out (security policy defined once & easier monitor or each firewall is configured separately in one GUI (good for small sites but more overhead) Distributed management takes more people

39 Enterprise Firewall Internet Central Manager

40 Firewall Evaluation: Computer Networks Report Services Wt.VPN-1 SecPIX Raptor NetScreen Sidewinder Management30% 4 5 4 3 2 Reporting30% 5 4 2 2 2 Security Features20% 5 3 5 3 3 Firewall Perform10% 5 5 3 5 3 VPN Perform 10% 3 2 2 5 2 Total Score 4.5 4.0 3.3 3.1 2.3 A- B+ C+ C+ D Compaines: VPN-1 Gateway & VPN-1 Accellerator Card: Check Point Secure PIX: Cisco Raptor: Axent NetScreen 100 1.66: NetScreen Technologies Note: Scores weighted 0-5 Sidewinder: Secure Computing

41 Current Offerings

42

Download ppt "Agenda 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM."

Similar presentations

Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.

Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.

1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Similar presentations

Ads by Google