Computer Security - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Computer Security

Description:

2. They encrypt the IP packet they are given and send it to the other gateway as ... Lucent, Indus Rivers, Xedia, VPNet Technologies, ... c) Software-based ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 12
Provided by: Burro
Category:

less

Transcript and Presenter's Notes

Title: Computer Security


1
Virtual Private Networks
http//www.cisco.com/warp/public/cc/techno/network
/osi/novell/tech/novl_pc.htm
2
Virtual Private Networks
1. Gateways have a "permanent" TCP connection
Server
Hub
VPN Tunnel
Gateway (router, firewall, combo)
Workstations
2. They encrypt the IP packet they are given and
send it to the other gateway as the payload in
another IP packet
Network 10.0.10.0
Network 10.1.10.0
3. The target gateway decrypts the IP packet and
sends the result to the correct address.
3
Virtual Private Networks
4
Virtual Private Networks
Original Src/Dst IP addresses
Original Src/Dest Ports
Payload (original, unencrypted)
Entire IP packet encrypted by one end of VPN
Revised Src/Dest IP addresses
5
Virtual Private Networks
VPN advantages
1. Replaces dedicated point-to-point line (why
is this an advantage?) 2. Provides C I and
Authentication (how?) 3. Solves "road warrior"
problems and expenses (problems?) (expenses?) 4.
Can secure all traffic between two networks
transparently 5. Can use private address space
in station-to-station chatter 6. Can deploy
quickly (compare with renting a private line or
pulling a cable) 7. Can choose level of
encryption
6
Virtual Private Networks
VPN disadvantages
1. Encryption/decryption processing burden may
require an additional box or hardware
accelerators ("offload cards"). 2. Will need to
buy VPN software for gateways and for road
warriors. Proprietary solutions. 3. Does not
defend against a back door on a road warrior
computer 4. Encapsulation means additional
bandwidth 5. Encapsulation may mean
fragmentation 6. VPN configuration (with MTU,
with NAT, etc) may be difficult 7.
Troubleshooting is more difficult (why) 8.
Depends on Internet availability
7
Virtual Private Networks
  • VPN-capable device on the network
  • Setup to agree on
  • IP subnet addresses on far side
  • authentication scheme, including dig. sig.
    exchange if desired
  • encryption scheme and key exchange
  •  
  • multiple VPNs must use multiple "encryption
    domains"

8
Virtual Private Networks
Road warrior
W. Stallings, Network Security, Fig 6.1
9
Virtual Private Networks
Road warrior
Each security gateway has ??? Security
Associations?
10
Virtual Private Networks
  • 8. VPN products
  • Strong authentication
  • Adequate encryption
  • Adherence to standards
  • Integration with other services (NAT, firewalls,
    LDAP, monitoring software)
  •  

Road warrior
11
Virtual Private Networks
VPN vendors a) add software to existing
routers 3COM, BayNetworks, Cisco, b) install
"stand-alone" boxes Lucent, Indus Rivers, Xedia,
VPNet Technologies, c) Software-based Raptor,
V-1, Trusted Info. Systems, d) Internet
Service Providers ATT, MCI, IBM, Sprint,
http//www.internetwk.com/VPN/VPNchart-1.htm
Road warrior
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Computer Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!