Your SlideShare is downloading. ×
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Chapter 11
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
257
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Network Services—VPN and VoIP Chapter 11
  • 2. Knowledge Concepts
    • Understanding VPN technology
    • Getting a grip on encryption
    • The business application of VoIP and VPNs
    • How VoIP works
  • 3. Important Terms
    • VPN
    • RADIUS
    • Authentication
    • Provisioned
    • Encryption
    • PPTP, L2TP,IPSec
    • Firewall
    • Proxy server
    • PKI
    • DES
    • Symmetric and asymmetric encryption
    • VoIP
    • H.323, SIP, LDAP
  • 4. Tunneling with a VPN
  • 5. Why VPNs?
    • Improves ability to communicate outside of a company
    • Enables secure access
    • Provides rapid provisioning of capacity as needed
  • 6. How Remote Access Via a VPN Works
  • 7. VPN Characteristics
    • Logical network
    • Isolates customer traffic on shared provider facilities
    • Looks like a private network
    • Runs on either packet switched data network or circuit-switched public network
    • Can be deployed over a wide range of network technologies
    • Uses shared carrier infrastructure
  • 8. Deployment Models
    • Customer-based
      • Carriers install gateways, routers and hardware on customer premises
      • Customer manages security
    • Network-based
      • Carrier houses all equipment at POP near customer location
  • 9. VPN Frameworks
    • Internet based
      • Small ISPs provide local access services in a region
      • Business users get end-to-end services from a variety of suppliers
      • Encryption used to isolate traffic and provide security
      • Customer provides servers wit applications/content
      • A RADIUS server is used to authenticate traffic for access to application/Content servers
      • RADIUS server is connected to a firewall
  • 10. Provisioned VPNs
    • Packet-switched VPN that runs across ISP backbone using Frame Relay or ATM
    • Supports multiple protocols
    • Provisioned services improve performance by enabling guarantees of service (QoS)
  • 11. VPN Applications
    • VPN is an architecture tied together and calibrated
    • Goals are to manage security and deliver applications with minimal latency
    • Save money by
      • Substituting leased lines for Internet connectivity
      • Reducing dial up costs
  • 12. 3 Major VPN Applications
    • Intranets
      • Sit-to-site connections
    • Remote Access
      • Remote workers and outside customers
      • Eliminates modems & remote access routers
    • Extranets
      • Suppliers have specific access
  • 13. VPN Gateway Functions
    • Maintenance of a secure logical connection as a tunnel
    • Tunneling is encapsulation of a data packet within an IP packet
    • Remote ends of tunnel can be at edges of ISP or corporate boundary router
    • Traffic is routed as encyrpted
  • 14. Key Tunneling Protocols
    • PPTP—Layer 2 in MS products
    • L2TP –used by ISPs on backbone
    • IPSec –covers encryption at 168 bit and authenticated both ends of tunnel connection
      • Works only in IP environment
  • 15. VPN Security
    • Firewalls are used to control policies for data exchange between 2 networks
    • Routers can act as a firewall by managing packet traffic (filter)
    • Proxy servers used to separate internal network from public services
    • Authentication provided by RADIUS servers
      • Uses CHAP (Challenge Handshake Authentication Protocol) to authenticate
      • Tokens issued with user password to server to verify user access
      • New tokens generated each time a user connects
  • 16. Basic Encryption Terminology
    • Plaintext ( aka cleartext) : original, readable data
    • Ciphertext : scrambled form of plaintext
    • Encryption : reversible conversion of plaintext into ciphertext
    • Decryption : conversion of ciphertext back into plaintext
    • Crack ( aka break) code : decrypt ciphertext without knowing key
  • 17. Basic Encryption Terminology (cont’d)
    • Key : secret allowing encryption and decryption to be restricted to possessors of key
    • Symmetric encryption: encryption requiring a shared key for both encryption and decryption
    • Asymmetric encryption: algorithm using a different key for decryption than for encryption
  • 18. Encryption
    • Encoding plain text data to hide contents with cipher text
    • Symmetric
      • Sender and receiver use same key
      • Popular algorithms: DES, Triple DES, Blowfish
    • Asymmetric (PKI)
      • Different keys with one key held publicly
      • Verifies message through hashing (MD5)
      • Types of public keys are RSA, Diffie-Hellman, PGP
      • PKI uses digital certificates to authenticate users and encrypt data
      • Verisign and Entrust
  • 19. US Digital Signature Law
    • USA: 15 USC §7006
    • Title 15: Commerce and Trade
      • Chapter 96: Electronic Signatures in Global and National Commerce
    • Based on S.761 (Sponsor Sens Abraham & Spencer)
      • Introduced 1999-003-25
      • Came into force 2000-06-30
      • See Legal Information Institute entry at
      • http://www4.law.cornell.edu/uscode/15/ch96.html#PC96
  • 20. Electronic Payments
    • Credit card transactions
    • Digital cash
    • Micropayments
  • 21. Credit Card Transactions
    • No documented case of interception of credit-card data while in transit through the Internet
      • Most sites use Secure Sockets Layer (SSL)
      • Credit-card information theft has occurred from servers
      • All sensitive data on Web servers should be encrypted
    • Safety of allowing a merchant to use credit-card information depends on the merchant
      • No worse to give info to reputable firm via Web than to clerk who takes card away from view
  • 22. Credit Cards & Escrow
    • Allow buyer to register credit-card data with reputable firm
      • Merchant receives payment from escrow service
      • Escrow service bills client credit card
      • Insulates buyer from seller
    • Examples:
      • VeriSign Cybercash http://www.cybercash.com
      • Escrow.com http://www.escrow.com (for domain name sales)
      • Beseen BuyIt Button http://buyit.beseen.com
      • Tradenable http://www.tradenable.com
      • PayPal www.paypal.com
  • 23. Digital Cash
    • All credit-card transactions result in electronic audit trail
    • Digital cash (aka e-cash ) removes trail
      • Load a device with credits
      • Use device for transactions to transfer credits
    • Requires device that can prevent
      • Counterfeiting (loading credits fraudulently)
      • Theft (removing credits fraudulently)
  • 24. Digital Cash (cont’d)
    • Mechanisms depend on smart cards
      • Devices size of credit card
      • Include microprocessor, RAM, power
      • Programmed with cryptographic tools to prevent unauthorized modification of contents
      • Interface allows merchant to deduct or refund credits
    • Examples include
      • eCash http://www.digiscash.com
      • E-Cash Services http://www.ecashservices.com
  • 25. Expensive Leased Lines
  • 26. VPN Access as an Intranet
  • 27. VPNs and Business Before a VPN— Point-to-Point After a VPN— Tunneled
  • 28. Encryption and VPNs
  • 29. Evaluating a VPN Solution
  • 30. VoIP
    • Not yet a big player with less than 5% of market
    • Cost savings, enhanced voice services and new applications major advantages
    • VoIP gateways bridge circuit-switched PSTN and packet-switched Internet
      • Gateways packetize, and compress voice, route packets, authenticate users, and manage network of gateways
  • 31. VoIP Hardware
    • Enterprise gateway
      • Deployed between PBX and WAN device (router) for call set-up,routing, and conversion
    • VoIP routers
      • Voice cards perform packetization and compression functions in a router
    • IP PBX
      • Distributed telephony servers that operat ein packt-switched mode
    • ISP VoIP gateways
      • Aggregate incoming traffic and routing
  • 32. VoIP Infrastructure
  • 33. VoIP Architecture
  • 34. Implementing VoIP
  • 35. VoIP Standards
    • H.323
      • Based on ISDN and limited to point-to-point applications
    • SIP
      • Application layer (signaling) protocol
      • Establishes temp sessions for multimedia conferences, telephony, mobile phone-to-instant messaging
    • LDAP
      • Standard directory server technology for Internet
      • Enables retrieval of information from multi-vendor directories
      • Used for free phone and Internet phone number hosting
  • 36. Important Figures
    • Figure 11.1 & 11.2 p.332-333
    • Figure 11.3 & 11.4 p. 334-335
    • Figure 11.5 p. 336
    • Figure 11.8 p. 339
    • Figure 11.10 p. 346
    • Figure 11.12 p. 358

×