Network Services—VPN and VoIP Chapter 11
Knowledge Concepts <ul><li>Understanding VPN technology </li></ul><ul><li>Getting a grip on encryption  </li></ul><ul><li>...
Important Terms <ul><li>VPN </li></ul><ul><li>RADIUS </li></ul><ul><li>Authentication </li></ul><ul><li>Provisioned </li><...
Tunneling with a VPN
Why VPNs? <ul><li>Improves ability to communicate outside of a company  </li></ul><ul><li>Enables secure access </li></ul>...
How Remote Access Via a VPN Works
VPN Characteristics <ul><li>Logical network  </li></ul><ul><li>Isolates customer traffic on shared provider facilities </l...
Deployment Models <ul><li>Customer-based </li></ul><ul><ul><li>Carriers install gateways, routers and hardware on customer...
VPN Frameworks <ul><li>Internet based </li></ul><ul><ul><li>Small ISPs provide local access services in a region </li></ul...
Provisioned VPNs <ul><li>Packet-switched VPN that runs across ISP backbone using Frame Relay or ATM </li></ul><ul><li>Supp...
VPN Applications <ul><li>VPN is an architecture tied together and calibrated </li></ul><ul><li>Goals are to manage securit...
3 Major VPN Applications <ul><li>Intranets </li></ul><ul><ul><li>Sit-to-site connections </li></ul></ul><ul><li>Remote Acc...
VPN Gateway Functions <ul><li>Maintenance of a secure logical connection as a tunnel </li></ul><ul><li>Tunneling is encaps...
Key Tunneling Protocols  <ul><li>PPTP—Layer 2 in MS products </li></ul><ul><li>L2TP –used by ISPs on backbone </li></ul><u...
VPN Security <ul><li>Firewalls are used to control policies for data exchange between 2 networks </li></ul><ul><li>Routers...
Basic Encryption Terminology <ul><li>Plaintext ( aka  cleartext) :  original, readable data </li></ul><ul><li>Ciphertext :...
Basic Encryption Terminology (cont’d) <ul><li>Key :  secret allowing encryption and decryption to be restricted to possess...
Encryption <ul><li>Encoding plain text data to hide contents with cipher text </li></ul><ul><li>Symmetric </li></ul><ul><u...
US Digital Signature Law <ul><li>USA:  15 USC §7006 </li></ul><ul><li>Title 15:  Commerce and Trade </li></ul><ul><ul><li>...
Electronic Payments <ul><li>Credit card transactions </li></ul><ul><li>Digital cash </li></ul><ul><li>Micropayments </li><...
Credit Card Transactions <ul><li>No documented case of interception of credit-card data while in transit through the Inter...
Credit Cards & Escrow <ul><li>Allow buyer to register credit-card data with reputable firm </li></ul><ul><ul><li>Merchant ...
Digital Cash <ul><li>All credit-card transactions result in electronic audit trail </li></ul><ul><li>Digital cash  (aka  e...
Digital Cash (cont’d) <ul><li>Mechanisms depend on  smart cards </li></ul><ul><ul><li>Devices size of credit card </li></u...
Expensive Leased Lines
VPN Access as an Intranet
VPNs and Business Before a VPN— Point-to-Point After a VPN— Tunneled
Encryption and VPNs
Evaluating a VPN Solution
VoIP <ul><li>Not yet a big player with less than 5% of market </li></ul><ul><li>Cost savings, enhanced voice services and ...
VoIP Hardware <ul><li>Enterprise gateway </li></ul><ul><ul><li>Deployed between PBX and WAN device (router) for call set-u...
VoIP Infrastructure
VoIP Architecture
Implementing VoIP
VoIP Standards <ul><li>H.323 </li></ul><ul><ul><li>Based on ISDN and limited to point-to-point applications </li></ul></ul...
Important Figures <ul><li>Figure 11.1 & 11.2  p.332-333 </li></ul><ul><li>Figure 11.3 & 11.4  p. 334-335 </li></ul><ul><li...
Upcoming SlideShare
Loading in...5
×

Chapter 11

268

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
268
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Chapter 11

  1. 1. Network Services—VPN and VoIP Chapter 11
  2. 2. Knowledge Concepts <ul><li>Understanding VPN technology </li></ul><ul><li>Getting a grip on encryption </li></ul><ul><li>The business application of VoIP and VPNs </li></ul><ul><li>How VoIP works </li></ul>
  3. 3. Important Terms <ul><li>VPN </li></ul><ul><li>RADIUS </li></ul><ul><li>Authentication </li></ul><ul><li>Provisioned </li></ul><ul><li>Encryption </li></ul><ul><li>PPTP, L2TP,IPSec </li></ul><ul><li>Firewall </li></ul><ul><li>Proxy server </li></ul><ul><li>PKI </li></ul><ul><li>DES </li></ul><ul><li>Symmetric and asymmetric encryption </li></ul><ul><li>VoIP </li></ul><ul><li>H.323, SIP, LDAP </li></ul>
  4. 4. Tunneling with a VPN
  5. 5. Why VPNs? <ul><li>Improves ability to communicate outside of a company </li></ul><ul><li>Enables secure access </li></ul><ul><li>Provides rapid provisioning of capacity as needed </li></ul>
  6. 6. How Remote Access Via a VPN Works
  7. 7. VPN Characteristics <ul><li>Logical network </li></ul><ul><li>Isolates customer traffic on shared provider facilities </li></ul><ul><li>Looks like a private network </li></ul><ul><li>Runs on either packet switched data network or circuit-switched public network </li></ul><ul><li>Can be deployed over a wide range of network technologies </li></ul><ul><li>Uses shared carrier infrastructure </li></ul>
  8. 8. Deployment Models <ul><li>Customer-based </li></ul><ul><ul><li>Carriers install gateways, routers and hardware on customer premises </li></ul></ul><ul><ul><li>Customer manages security </li></ul></ul><ul><li>Network-based </li></ul><ul><ul><li>Carrier houses all equipment at POP near customer location </li></ul></ul>
  9. 9. VPN Frameworks <ul><li>Internet based </li></ul><ul><ul><li>Small ISPs provide local access services in a region </li></ul></ul><ul><ul><li>Business users get end-to-end services from a variety of suppliers </li></ul></ul><ul><ul><li>Encryption used to isolate traffic and provide security </li></ul></ul><ul><ul><li>Customer provides servers wit applications/content </li></ul></ul><ul><ul><li>A RADIUS server is used to authenticate traffic for access to application/Content servers </li></ul></ul><ul><ul><li>RADIUS server is connected to a firewall </li></ul></ul>
  10. 10. Provisioned VPNs <ul><li>Packet-switched VPN that runs across ISP backbone using Frame Relay or ATM </li></ul><ul><li>Supports multiple protocols </li></ul><ul><li>Provisioned services improve performance by enabling guarantees of service (QoS) </li></ul>
  11. 11. VPN Applications <ul><li>VPN is an architecture tied together and calibrated </li></ul><ul><li>Goals are to manage security and deliver applications with minimal latency </li></ul><ul><li>Save money by </li></ul><ul><ul><li>Substituting leased lines for Internet connectivity </li></ul></ul><ul><ul><li>Reducing dial up costs </li></ul></ul>
  12. 12. 3 Major VPN Applications <ul><li>Intranets </li></ul><ul><ul><li>Sit-to-site connections </li></ul></ul><ul><li>Remote Access </li></ul><ul><ul><li>Remote workers and outside customers </li></ul></ul><ul><ul><li>Eliminates modems & remote access routers </li></ul></ul><ul><li>Extranets </li></ul><ul><ul><li>Suppliers have specific access </li></ul></ul>
  13. 13. VPN Gateway Functions <ul><li>Maintenance of a secure logical connection as a tunnel </li></ul><ul><li>Tunneling is encapsulation of a data packet within an IP packet </li></ul><ul><li>Remote ends of tunnel can be at edges of ISP or corporate boundary router </li></ul><ul><li>Traffic is routed as encyrpted </li></ul>
  14. 14. Key Tunneling Protocols <ul><li>PPTP—Layer 2 in MS products </li></ul><ul><li>L2TP –used by ISPs on backbone </li></ul><ul><li>IPSec –covers encryption at 168 bit and authenticated both ends of tunnel connection </li></ul><ul><ul><li>Works only in IP environment </li></ul></ul>
  15. 15. VPN Security <ul><li>Firewalls are used to control policies for data exchange between 2 networks </li></ul><ul><li>Routers can act as a firewall by managing packet traffic (filter) </li></ul><ul><li>Proxy servers used to separate internal network from public services </li></ul><ul><li>Authentication provided by RADIUS servers </li></ul><ul><ul><li>Uses CHAP (Challenge Handshake Authentication Protocol) to authenticate </li></ul></ul><ul><ul><li>Tokens issued with user password to server to verify user access </li></ul></ul><ul><ul><li>New tokens generated each time a user connects </li></ul></ul>
  16. 16. Basic Encryption Terminology <ul><li>Plaintext ( aka cleartext) : original, readable data </li></ul><ul><li>Ciphertext : scrambled form of plaintext </li></ul><ul><li>Encryption : reversible conversion of plaintext into ciphertext </li></ul><ul><li>Decryption : conversion of ciphertext back into plaintext </li></ul><ul><li>Crack ( aka break) code : decrypt ciphertext without knowing key </li></ul>
  17. 17. Basic Encryption Terminology (cont’d) <ul><li>Key : secret allowing encryption and decryption to be restricted to possessors of key </li></ul><ul><li>Symmetric encryption: encryption requiring a shared key for both encryption and decryption </li></ul><ul><li>Asymmetric encryption: algorithm using a different key for decryption than for encryption </li></ul>
  18. 18. Encryption <ul><li>Encoding plain text data to hide contents with cipher text </li></ul><ul><li>Symmetric </li></ul><ul><ul><li>Sender and receiver use same key </li></ul></ul><ul><ul><li>Popular algorithms: DES, Triple DES, Blowfish </li></ul></ul><ul><li>Asymmetric (PKI) </li></ul><ul><ul><li>Different keys with one key held publicly </li></ul></ul><ul><ul><li>Verifies message through hashing (MD5) </li></ul></ul><ul><ul><li>Types of public keys are RSA, Diffie-Hellman, PGP </li></ul></ul><ul><ul><li>PKI uses digital certificates to authenticate users and encrypt data </li></ul></ul><ul><ul><li>Verisign and Entrust </li></ul></ul>
  19. 19. US Digital Signature Law <ul><li>USA: 15 USC §7006 </li></ul><ul><li>Title 15: Commerce and Trade </li></ul><ul><ul><li>Chapter 96: Electronic Signatures in Global and National Commerce </li></ul></ul><ul><li>Based on S.761 (Sponsor Sens Abraham & Spencer) </li></ul><ul><ul><li>Introduced 1999-003-25 </li></ul></ul><ul><ul><li>Came into force 2000-06-30 </li></ul></ul><ul><ul><li>See Legal Information Institute entry at </li></ul></ul><ul><ul><li>http://www4.law.cornell.edu/uscode/15/ch96.html#PC96 </li></ul></ul>
  20. 20. Electronic Payments <ul><li>Credit card transactions </li></ul><ul><li>Digital cash </li></ul><ul><li>Micropayments </li></ul>
  21. 21. Credit Card Transactions <ul><li>No documented case of interception of credit-card data while in transit through the Internet </li></ul><ul><ul><li>Most sites use Secure Sockets Layer (SSL) </li></ul></ul><ul><ul><li>Credit-card information theft has occurred from servers </li></ul></ul><ul><ul><li>All sensitive data on Web servers should be encrypted </li></ul></ul><ul><li>Safety of allowing a merchant to use credit-card information depends on the merchant </li></ul><ul><ul><li>No worse to give info to reputable firm via Web than to clerk who takes card away from view </li></ul></ul>
  22. 22. Credit Cards & Escrow <ul><li>Allow buyer to register credit-card data with reputable firm </li></ul><ul><ul><li>Merchant receives payment from escrow service </li></ul></ul><ul><ul><li>Escrow service bills client credit card </li></ul></ul><ul><ul><li>Insulates buyer from seller </li></ul></ul><ul><li>Examples: </li></ul><ul><ul><li>VeriSign Cybercash http://www.cybercash.com </li></ul></ul><ul><ul><li>Escrow.com http://www.escrow.com (for domain name sales) </li></ul></ul><ul><ul><li>Beseen BuyIt Button http://buyit.beseen.com </li></ul></ul><ul><ul><li>Tradenable http://www.tradenable.com </li></ul></ul><ul><ul><li>PayPal www.paypal.com </li></ul></ul>
  23. 23. Digital Cash <ul><li>All credit-card transactions result in electronic audit trail </li></ul><ul><li>Digital cash (aka e-cash ) removes trail </li></ul><ul><ul><li>Load a device with credits </li></ul></ul><ul><ul><li>Use device for transactions to transfer credits </li></ul></ul><ul><li>Requires device that can prevent </li></ul><ul><ul><li>Counterfeiting (loading credits fraudulently) </li></ul></ul><ul><ul><li>Theft (removing credits fraudulently) </li></ul></ul>
  24. 24. Digital Cash (cont’d) <ul><li>Mechanisms depend on smart cards </li></ul><ul><ul><li>Devices size of credit card </li></ul></ul><ul><ul><li>Include microprocessor, RAM, power </li></ul></ul><ul><ul><li>Programmed with cryptographic tools to prevent unauthorized modification of contents </li></ul></ul><ul><ul><li>Interface allows merchant to deduct or refund credits </li></ul></ul><ul><li>Examples include </li></ul><ul><ul><li>eCash http://www.digiscash.com </li></ul></ul><ul><ul><li>E-Cash Services http://www.ecashservices.com </li></ul></ul>
  25. 25. Expensive Leased Lines
  26. 26. VPN Access as an Intranet
  27. 27. VPNs and Business Before a VPN— Point-to-Point After a VPN— Tunneled
  28. 28. Encryption and VPNs
  29. 29. Evaluating a VPN Solution
  30. 30. VoIP <ul><li>Not yet a big player with less than 5% of market </li></ul><ul><li>Cost savings, enhanced voice services and new applications major advantages </li></ul><ul><li>VoIP gateways bridge circuit-switched PSTN and packet-switched Internet </li></ul><ul><ul><li>Gateways packetize, and compress voice, route packets, authenticate users, and manage network of gateways </li></ul></ul>
  31. 31. VoIP Hardware <ul><li>Enterprise gateway </li></ul><ul><ul><li>Deployed between PBX and WAN device (router) for call set-up,routing, and conversion </li></ul></ul><ul><li>VoIP routers </li></ul><ul><ul><li>Voice cards perform packetization and compression functions in a router </li></ul></ul><ul><li>IP PBX </li></ul><ul><ul><li>Distributed telephony servers that operat ein packt-switched mode </li></ul></ul><ul><li>ISP VoIP gateways </li></ul><ul><ul><li>Aggregate incoming traffic and routing </li></ul></ul>
  32. 32. VoIP Infrastructure
  33. 33. VoIP Architecture
  34. 34. Implementing VoIP
  35. 35. VoIP Standards <ul><li>H.323 </li></ul><ul><ul><li>Based on ISDN and limited to point-to-point applications </li></ul></ul><ul><li>SIP </li></ul><ul><ul><li>Application layer (signaling) protocol </li></ul></ul><ul><ul><li>Establishes temp sessions for multimedia conferences, telephony, mobile phone-to-instant messaging </li></ul></ul><ul><li>LDAP </li></ul><ul><ul><li>Standard directory server technology for Internet </li></ul></ul><ul><ul><li>Enables retrieval of information from multi-vendor directories </li></ul></ul><ul><ul><li>Used for free phone and Internet phone number hosting </li></ul></ul>
  36. 36. Important Figures <ul><li>Figure 11.1 & 11.2 p.332-333 </li></ul><ul><li>Figure 11.3 & 11.4 p. 334-335 </li></ul><ul><li>Figure 11.5 p. 336 </li></ul><ul><li>Figure 11.8 p. 339 </li></ul><ul><li>Figure 11.10 p. 346 </li></ul><ul><li>Figure 11.12 p. 358 </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×