Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hp education services education.hp.com 10 Virtual Private Networks Version B.00 H7076S Module 2 Slides.

Published byGervais Walton Modified over 9 years ago

Similar presentations

Presentation on theme: "Hp education services education.hp.com 10 Virtual Private Networks Version B.00 H7076S Module 2 Slides."— Presentation transcript:

1 hp education services education.hp.com 10 Virtual Private Networks Version B.00 H7076S Module 2 Slides

2 © 2001 Hewlett-Packard Company H7076S B.00 11 The Security Problem with IP Today Users in San Francisco K-CLASS Server in Chicago It is trivial to snoop on Internet traffic, including passwords sent over the network. It is fairly easy to forge IP packets and impersonate another user or machine. Malicious people exist who actually do these things. Bad Guy

3 © 2001 Hewlett-Packard Company H7076S B.00 12 What Is a Virtual Private Network? VPN Server for Site A VPN Server for Site B Non-Encrypted Link Encrypted Link Legend Internet Site A Intranet Site B Intranet This mobile client uses encrypted links when communicating w/ systems in site A and B. The nodes in site A and B use non- encrypted links when performing Intranet communications. The nodes use encrypted links when communicating across the Internet.

4 © 2001 Hewlett-Packard Company H7076S B.00 13 Types of VPNs HP Solution Network-to-Network –Replace expensive dedicated leased line WAN charges for site-to-site data connectivity Network-to-Host (Remote Access) –Replace expensive modem pools, ISDN per-minute charges Host-to-Host –End-to-End security to protect sensitive data for intra- or inter-network communications IPSec/9000 Types of Virtual Private Networks Extranet e-Firewall

5 © 2001 Hewlett-Packard Company H7076S B.00 14 Extranet VPN e-Firewall with Mobile client option K- CLASS The Global Internet Firewall and Encryption Devices Corporate HQ Site Business Partner Branch Host Encrypted “tunnels” Laptop computer e-Firewall HP-UX IPSec/9000 HP Solutions for VPNs

6 © 2001 Hewlett-Packard Company H7076S B.00 15 Value Prop: Low Cost, Quick Setup of WAN Connectivity K- CLASS Firewall and Encryption Devices Corporate Headquarters Business Partner Field Office Overseas Site Multiple Encrypted “tunnels” Network-to-Network VPNs The Global Internet

7 © 2001 Hewlett-Packard Company H7076S B.00 16 Mobile Laptop User K- CLAS S VPN Gateway Device Corporate HQ Site Dialup Line ISDN or DSL Connections All connections initiated by remote user Encryption occurs on Software Client Remote Access VPNs The Global Internet

8 © 2001 Hewlett-Packard Company H7076S B.00 17 DMZ The Global Internet Corporate HQ Site Business Partner End-to-End Security – Within the Enterprise – Through the Internet Host-to-Host VPNs

9 © 2001 Hewlett-Packard Company H7076S B.00 18 Product Advantages Disadvantages Application Level Security Public Domain S/W(socks) hp Extraet VPN Close integration with the application Network Level Security hp IPFilter/9000 hp IPSec/9000 hp e-Firewall No need to modify applications May need to modify firewall configuration Link Level Security PPTP, L2TP Easy to implementNot scalable VPN Software Products May need to modify the application

10 © 2001 Hewlett-Packard Company H7076S B.00 19 K- CLAS S VPN Gateway Device Corporate HQ Site ISDN or DSL or Dial up Connections Hacker If I can get into their host, maybe I can go through their VPN. I wonder which ports are open? They probably have no firewall. The Global Internet System Firewall needed!! Why a System Firewall?

11 © 2001 Hewlett-Packard Company H7076S B.00 20 HP IPFilter/9000 – B9901AA Features supported by Hewlett-Packard: Full-fledged statefull inspection firewall Free product Workstations and servers HP-UX 11.0 and 11i Features not supported by Hewlett-Packard (features supported in public domain): Perimeter firewall Network address translation Hewlett-Packard’s Solution

12 © 2001 Hewlett-Packard Company H7076S B.00 21 Intranet Packets destined for our machine not part of a VPN connection that we initiated. IPFilter rules pass or block depending upon the rules. System Firewall Installed Matched pass rules Matched block rules Bit Bucket How a System Firewall Works

13 © 2001 Hewlett-Packard Company H7076S B.00 22 Hardware and Software Requirements Hewlett-Packard 9000 series 800 or 700 HP-UX 11.0 or 11i operating system Dynamically loadable kernel module support Commands to verify: #uname –a #kmsystem –q dlkm

14 © 2001 Hewlett-Packard Company H7076S B.00 23 Patches Required PHNE_22397 (or newer replacement for 32-bit or 64 bit 11.0) PHCO_22899 (or newer replacement for 32-bit 11.0) PHCO_22989 (or newer replacement for 32-bit 11i) Command to verify: #swlist –l product patch_name

15 © 2001 Hewlett-Packard Company H7076S B.00 24 Installation Use SD-UX to install product number B9901AA Available on application CD AP0301 Command to use: #swinstall Configuration file and start-up scripts installed: /etc/rc.config.d/ipfconf /sbin/init.d/pfilboot /sbin/init.d/ipfboot

16 © 2001 Hewlett-Packard Company H7076S B.00 25 Verification of Installation To verify the product was installed correctly after reboot: #kmadmin –s #ps –ef | grep ipmon Logs to look at if installation unsuccessful: /etc/rc.log /var/adm/sw/swagent.log /var/adm/sw/swinstall.log

17 © 2001 Hewlett-Packard Company H7076S B.00 26 Filter Rules Rules are processed from top to bottom Last match takes effect Installing and Administering IPFilter/9000 or the Public Domain HOWTO document for detailed explanations. Rule File: /etc/opt/ipf/ipf.conf Default file is empty, implied contents: pass in all pass out all

Download ppt "Hp education services education.hp.com 10 Virtual Private Networks Version B.00 H7076S Module 2 Slides."

Similar presentations

Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.

Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.

Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Similar presentations

Ads by Google