© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

Internet Protocol Security (IP Sec)

Guide to Network Defense and Countermeasures Second Edition

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Agenda VPN tunnels Configuration of basic core network components Maintenance of Cisco devices Exercises & troubleshooting.

© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.

Kapitel 7: Securing Site-to-Site Connectivity

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 2: Teleworker Connectivity.

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

Internet Protocol Security (IPSec)

Chapter 7: Securing Site-to-Site Connectivity

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Virtual Private Network

© 2012 Cisco and/or its affiliates. All rights reserved. 1 Implementing Virtual Private Networks.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

RE © 2003, Cisco Systems, Inc. All rights reserved.

1 © 2002, Cisco Systems, Inc. All rights reserved. SEC-210 Deploying and Managing Enterprise IPsec VPNs Ken Kaminski Cisco Systems Consulting Systems Engineer.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.

Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

© 2003, Cisco Systems, Inc. All rights reserved. FNS 1.0— © 2003, Cisco Systems, Inc. All rights reserved.

Agenda 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

Chapter 8: Implementing Virtual Private Networks

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

Providing Teleworker Services

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.

Potential vulnerabilities of IPsec-based VPN

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

Virtual Private Network (VPN)

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN.

Virtual Private Network Configuration

VPN: Virtual Private Network Presented By: Wesam Shuldhum ID:

IS3220 Information Technology Infrastructure Security

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Confidential New OnCell Features VPN & GuaranLink.

CERTIFICATION EXAM QUESTIONS DESIGNING CISCO NETWORK SERVICE ARCHITECTURE (ARCH) V 2.1 Presented By : com.

Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.

Module 4: Configuring Site to Site VPN with Pre-shared keys

Virtual Private Networks (VPN)

VCE Questions Dumps -VceTests

Presentation transcript:

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Controlling Network Boundaries

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Current security architectures (such as site to site VPNs and tunnels) present scalability and management problems Presents significant challenges for customers when they are expanding (e.g. adding new branches on their network) The security landscape presents new challenges in terms of hackers etc. The network of the future has to be secured by a new architecture that is not only secure but scalable and resilient Examples of these new types of VPN architectures include GetVPN and FlexVPN

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Communications and IT infrastructures must be defended against attack and exploitation Attackers are persistent and well- funded Computing advances are driving a move to higher cryptographic strengths Future Ready – meets security and scalability requirements for 20 years Efficiency Cybersecurity Cost-Effective

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Cisco has Industry-Leading VPN Solutions Flexible for site-to-site and remote-access VPNs Centralized Policy Management with AAA Latest IKEv2 Protocol 3 rd Party Compatible FlexVPN Converged Site to Site and Remote Access Simplifies branch-to- branch instantaneous communications Maximizes security Government compliance and privacy Flexible management Lowered CAPEX and OPEX Simplified branch communications Simplified Deployment Improved business resiliency Public Internet Transport Hub-Spoke, Spoke-Spoke Public Internet Transport Hub-Spoke, Spoke-Spoke DMVPN Private IP Transport Any-to-Any Connectivity Private IP Transport Any-to-Any Connectivity GETVPN

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 5 New/Upgraded algorithms, key sizes, protocols and entropy Compatible with existing security architectures, e.g., GETVPN, DMVPN Cryptographic Technologies Algorithm efficiency enabling increased security Scales well to high/low throughput Secure and Efficient Suite B (US) FIPS-140 (US/Canada) NATO Compatible with Government Standards

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 DH, RSA Significant risk RSA Significant risk MD5, SHA1 Collision attacks 3DES 1GB encryption limit HMAC-MD5 Theoretical weaknesses Entropy Significant risk TLS1.0, IKEv1 TLS1.0, IKEv1 Known flaws, lack of Authenticated Encryption P

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Key Establishment ECDH-P256 Digital Signatures ECDSA-P256 Hashing SHA-256 Authenticated Encryption Authenticated Encryption AES-128-GCM Authentication HMAC-SHA-256 Entropy SP Protocols TLSv1.2, IKEv2, SRTP P Suite B

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Performance and Scalability WAN/Campus EdgeBranch OfficeSOHOInternet Edge ASR 1006/1013 (40 Gbps, 200K cps) ASR 1002/1004 (10-40 Gbps, 200K cps) ISR 2900/3900, ASR 1001 (Up to 2.5Gbps,100K cps) ISR 8xx/1900 VPN, Zone Based Firewall, Integrated Threat Defense ISR / ASR Secure Routers Secure WAN Aggregation Integrated Threat Control Application Intelligence, Control, & Routing

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 VPN Interop Dynamic Routing IPsec Routing Spoke-Spoke Direct (shortcut) Remote Access Simple Failover Source Failover Config. Push Per-Peer Config Per-Peer QoS Full AAA Management Easy VPN NO YESNOYES NOYES DMVPNNOYESNOYESNOSOMENO GROUPNO Crypto Map YESNOYESNOYESPOORNO FLEX VPN YES Unifies all overlay VPN’s under a single umbrella Simplifies deployment and configuration Simplifies positioning Phase1 Shipping Nov’11

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 DMVPNFlexVPNGET VPN Network Style  Large Scale Hub and Spoke  Converged Site to Site and Remote Access  Any-to-Any; (Site-to-Site) Failover Redundancy  A/A based on Dynamic Routing  Dyn Routing or IKEv2 Route Distribution  Server Clustering  Stateful Failover *  Transport Routing  COOP Based on GDOI 3 rd Party Compatibility  No  Yes – up to 3 rd party implementation  No IP Multicast  Multicast replication at hub  Multicast replication in IP WAN network *  Multicast replication in IP WAN network QoS  Per Tunnel QoS, Hub to Spoke  Per SA QoS, Hub to Spoke  Per SA QoS, Spoke to Spoke*  Transport QoS Policy Control  Locally Managed  AAA Integrated  Locally Managed Technology  Tunneled VPN  Multi-Point GRE Tunnel  IKEv1 and IKEv2  Tunneled VPN  Point to Point Tunnels  IKEv2 Only  Tunnel-less VPN  Group Protection  G-IKEv2 * Infrastructure Network  Public or Private Transport  Overlay Routing  Public or Private Transport  Overlay Routing  Private IP Transport  Flat/Non-Overlay IP Routing * Roadmap Item

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Thank you.Thank you.