Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.

Published byAdam Shepherd Modified over 8 years ago

Similar presentations

Presentation on theme: "CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs."— Presentation transcript:

1 CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs

2 CIT 384: Network AdministrationSlide #2 Topics 1.VPNs 2.Tunneling 3.ssh 4.SSL 5.IPsec 6.L2TP

3 CIT 384: Network AdministrationSlide #3 VPNs VPNs try to provide leased line features Privacy: preventing unauthorized people from being able to read VPN traffic. Authentication: verifying that sender of VPN is an authorized device. Integrity: verifying data is not changed in transit. using a public network at lower cost.

4 CIT 384: Network AdministrationSlide #4 VPN Example 1.PC1 sends IP packet to S1 2.Router encapsulates IP in VPN+IP headers 3.No one can read packet in the middle 4.ASA-1 checks security and de-encapsulates. 5.S1 receives IP packet from PC1.

5 CIT 384: Network AdministrationSlide #5 VPN Types Remote Access: individual user to network. Intranet: connect networks of two sites. Extranet: connect networks of two partnering organizations.

6 CIT 384: Network AdministrationSlide #6 Tunneling Tunneling: Encapsulation of one network protocol in another protocol –Carrier Protocol: protocol used by network through which the information is travelling –Encapsulating Protocol: protocol (GRE, IPsec, L2TP) that is wrapped around original data –Passenger Protocol: protocol carries original data

7 CIT 384: Network AdministrationSlide #7 Tunneling Protocols by Layer Application Transport Network Data Link ssh, SSL IPsec L2TP, MPLS

8 CIT 384: Network AdministrationSlide #8 ssh Secure Shell Replaces telnet ftp rlogin rsh rcp

9 CIT 384: Network AdministrationSlide #9 SSH Security Features

10 CIT 384: Network AdministrationSlide #10 ssh tunneling.Use ssh tunneling to encrypt TCP connections ssh –L lport:rhost:rport rhost –Carrier Protocol: IP –Encapsulating Protocol: ssh –Passenger Protocol: TCP on a specific port

11 CIT 384: Network AdministrationSlide #11 SSL/TLS Secure Sockets Layer –Commonly used to encrypt web connections. –Also used for IMAP, LDAP, POP, etc. –Transport Layer Security supersedes SSLv3 Can be used to create tunnels –Configure similarly to ssh tunnels. –Stunnel is open source SSL tunnel software.

12 CIT 384: Network AdministrationSlide #12 IPsec IPsec includes three major protocols –Internet Key Exchange (IKE) Provides a framework for negotiating security parameters. –Encapsulating Security Payload (ESP) Provides a framework for encrypting, authenticating, and securing data. –Authentication Header (AH) provides a framework for authenticating and securing data.

13 CIT 384: Network AdministrationSlide #13 IPsec General Operation To communicate with IPsec, devices must –Agree on a set of security protocols. –Agree on an encryption algorithm. –Exchange cryptographic keys. –Use above to encode and decode data.

14 CIT 384: Network AdministrationSlide #14 IPsec Packet Encapsulation Transport Mode –Original IP header of packet that is being encrypted is used to transport the packet. –ESP or AH header inserted btw IP header and payload. Tunnel Mode –New IP header is added in front of ESP/AH header. This header contains IP addresses of the two IP peers as source + destination.

15 CIT 384: Network AdministrationSlide #15 IKE IKE handles –Negotiating protocol parameters –Exchanging public keys –Authenticating both sides –Managing keys after exchange IKE is a UDP-based protocol.

16 CIT 384: Network AdministrationSlide #16 ESP Encapsulates IP packet to provide –Authentication –Encryption –Integrity validation –Anti-replay IP protocol 50, described in RFC 2406

17 CIT 384: Network AdministrationSlide #17 AH Authentication Header provides auth + integrity –Uses keyed hash algorithm as checksum. –Unlike CRC, cannot be reproduced w/o key. –Also protects against replay attacks. –Does not encrypt packet contents.

18 CIT 384: Network AdministrationSlide #18 NAT Transparency PAT can’t change encrypted transport header. Solution: add an extra UDP header.

19 CIT 384: Network AdministrationSlide #19 GRE Generic Routing Encapsulating –Cisco IP tunneling protocol. –Allows use of multicast protocols. –Combine with IPsec to allow routing information to be passed btw networks. IP protocol 47

20 CIT 384: Network AdministrationSlide #20 L2TP Open successor to –L2F (Cisco) –PPTP (MS) Layer 2 tunnel so it supports any layer 3 protocols. –Encapsulates in UDP datagram to port 1701 Does not provide encryption or authentication. Use with IPsec

21 CIT 384: Network AdministrationSlide #21 Key Points Tunneling –Carrier Protocol –Encapsulating Protocol –Passenger Protocol VPNs –layer 4: ssh, SSL –layer 3: IPsec –layer 2: L2TP IPsec –ESP –AH –IKE –Tunnel mode vs transport mode

22 CIT 384: Network AdministrationSlide #22 References 1.Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman, SSH, The Secure Shell, 2 nd edition, O’Reilly, 2005. 2.Vijay Bollapragda, IPsec VPN Design, Cisco Press, 2005. 3.James Boney, Cisco IOS in a Nutshell, 2 nd edition, O’Reilly, 2005. 4.Cisco, Cisco Connection Documentation, http://www.cisco.com/univercd/home/home.htm http://www.cisco.com/univercd/home/home.htm 5.Cisco, Internetworking Basics, http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introint.ht m http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introint.ht m 6.Saadat Malik, Network Security Principles and Practices, Cisco Press, 2002. 7.Wendell Odom, CCNA Official Exam Certification Library, 3 rd edition, Cisco Press, 2007.

Download ppt "CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IPSec.

IPSec.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.

1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Ads by Google