1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Slides:



Advertisements
Similar presentations
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Advertisements

SCSC 455 Computer Security Virtual Private Network (VPN)
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Guide to Network Defense and Countermeasures Second Edition
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Internet Protocol Security (IPSec)
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
NetComm Wireless VPN Functionality Feature Spotlight.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
Chapter 12 Chapter 12: Remote Access and Virtual Private Networks.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing in an Enterprise Network Introducing Routing and Switching in the.
Chapter 13 – Network Security
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing in an Enterprise Network Introducing Routing and Switching in the.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.
TCP/IP Protocols Contains Five Layers
Page 1 TCP/IP Networking and Remote Access Lecture 9 Hassan Shuja 11/23/2004.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
1 Chapter 3: Multiprotocol Network Design Designs That Include Multiple Protocols IPX Design Concepts AppleTalk Design Concepts SNA Design Concepts.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Using Routing and Remote Access Chapter Five. Exam Objectives in this Chapter:  Plan a routing strategy Identify routing protocols to use in a specified.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Windows Vista Configuration MCTS : Advanced Networking.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
Chapter 18 IP Security  IP Security (IPSec)
Chapter 5: Multiprotocol Routing Designs
Planning the Addressing Structure
Virtual Private Network (VPN)
Security Protocols in the Internet
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Virtual Private Networks (VPN)
Presentation transcript:

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization

2 TCP/IP in the OSI Model

3 TCP/IP Design Requirements and Constraints Data amount and confidentiality Future growth plans Current TCP/IP network characteristics Response times Network availability requirements

4 TCP/IP Design Decisions IP addressing scheme IP subnet mask configuration Variable Length Subnet Mask (VLSM) Classless Interdomain Routing (CIDR) Authentication and encryption TCP/IP filters Availability and performance

5 Network Components That Require TCP/IP

6 Essential IP Configuration Information IP address Subnet mask Default gateway (except for routers and IP switches)

7 Class-Based IP Addresses

8 Public IP Addressing Schemes Obtain a public IP address range. Ensure that the range has enough addresses. Consider cost. Improve performance by excluding Network Address Translation (NAT). Consider security issues in your design.

9 Private IP Addressing Schemes

10 IP Address Ranges for Private Networks

11 Creating a Private Addressing Scheme Obtain the public IP addresses. Select the private IP address range. Reduce the number of Internet-connected devices. Include NAT. Incorporate security.

12 IP Subnet Mask

13 Default Gateway Forwards IP packets to other subnets or routers Is not required on routers, IP switches, or NAT devices Use a router as the default gateway when It is the only router on the subnet Most traffic goes through that router Routers use Internet Group Membership Protocol (IGMP) messages to identify better route paths

14 VLSM Reduces routing table entries Uses address space more efficiently VLSM design considerations Arrange routers hierarchically. Highest-level subnet mask allocates least number of bits. Lower-level subnet masks assign more bits. Lowest-level subnet mask supports maximum number of hosts.

15 Implementing VLSM: An Example

16 CIDR Replaces class-based IP addressing system Adds network prefix to IP address Is similar to VLSM; implemented by ISPs Is flexible Allows routing table aggregation

17 IPSec and VPN in TCP/IP Data Protection Internet Protocol Security (IPSec) Is an extension of TCP/IP Is supported only by Microsoft Windows 2000 Protects specific servers and resources Provides end-to-end encryption

18 IPSec and VPN in TCP/IP Data Protection (Cont.) Virtual private network (VPN) Allows remote access Is supported by many operating systems Protects an entire subnet Provides point-to-point encryption Uses a screened subnet

19 IPSec Connection Process Check IPSec policies Perform Internet Key Exchange (IKE) Establish the security association Exchange encrypted data

20 IPSec Policies Customize IPSec security with policies. Specify other IPSec rules in your policies. Use the default policies as the base for custom policies. Client (Respond Only) Server (Request Security) Secure Server (Require Security)

21 IPSec Modes Transport mode Multiple IPSec-enabled devices End-to-end encryption Tunnel mode One other IPSec-enabled device Point-to-point encryption

22 IPSec Authentication Methods Kerberos v5 X509 certificates version 3 Preshared keys

23 IPSec Integrity Checking and Data Encryption Authentication Headers (AH) protocol Use for integrity checking. Use when not encrypting data. Do not use for packets going through NAT. Encapsulating Security Payloads (ESP) Use for encrypting data. Choose among three encryption algorithms.

24 VPN Data Protection Point-to-Point Tunneling Protocol (PPTP) The industry standard Supported by various operating systems Layer 2 Tunneling Protocol (L2TP) Draft RFC-based protocol Supported by Windows 2000

25 VPN Authentication Protocols Password Authentication Protocol (PAP) Shiva Password Authentication Protocol (SPAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) Extensible Authentication Protocol (EAP)

26 VPN Encryption Protocols Microsoft Point-to-Point Encryption (MPPE) Various IPSec encryption algorithms

27 TCP/IP Filters Filter inbound traffic Work at application layer Provide alternative to Routing and Remote Access or Proxy Server

28 Optimizing TCP/IP Add persistent connections. Add more connections. Add more routers.

29 Chapter Summary TCP/IP designs Design concepts Class-based or CIDR addresses Public or private scheme Subnetting IGMP VLSM and CIDR

30 Chapter Summary (Cont.) TCP/IP data protection IPSec VPN TCP/IP filters

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.