Virtual LAN and IPsec - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Virtual LAN and IPsec

Description:

Virtual LAN and IPsec By Nathan Haase What is VLAN? Group of devices on different physical LAN segments that can communicate as if they were on the same LAN segment. – PowerPoint PPT presentation

Number of Views:107
Avg rating:3.0/5.0
Slides: 12
Provided by: ctasEast
Category:
Tags: lan | ipsec | virtual

less

Transcript and Presenter's Notes

Title: Virtual LAN and IPsec


1
Virtual LAN and IPsec
  • By Nathan Haase

2
What is VLAN?
  • Group of devices on different physical LAN
    segments that can communicate as if they were on
    the same LAN segment.
  • Trunks provide the option of having multiple
    VLANs. Use 4-byte tags.

3
Advantages of VLANs
  • Number of devices for a specific network topology
    reduced.
  • Managing of physical devices becomes less
    complex.
  • Increased security options by separation and
    specific frame delivery

4
Disadvantages / Security Issues
  • VLANs rely on switches to do the right thing.
  • Packet leaks from one VLAN to the next.
  • Injected packet meant for an attack.
  • Solved by IPsec

5
Linux and VLAN
  • vconfig add eth0 1
  • vlan_proto_init
  • find_vlan_dev
  • unregister_vlan_device
  • vlan_setup
  • register_vlan_device

6
IPsec
  • Extension of IP protocol Authenticated Header
    (AH) and Encapsulated Security Payload (ESP)
  • Transport Mode and Tunnel Mode
  • Integrity protected by hash message
    authenticating codes (HMAC)
  • Encryption achieved with 3DES and AES
  • VPNs and Road Warriors

7
(No Transcript)
8
IKE
  • Establish Internet Security Association Key
    Management Security Association (ISAKMP SA) using
    Pre-Shared Keys
  • Establish IPsec SA using ISAKMP SA

9
IPsec on Linux (FreeS/WAN)
  • KLIPS (kernal IPsec)
  • PLUTO (IKE daemon)
  • IPv6

10
Interoperability
11
References
  • www.freeswan.org
  • www.linuxjournal.com
  • www.ipsec-howto.org
  • Linux Source Code
Write a Comment
User Comments (0)
About PowerShow.com