PACE-IT: Networking Services and Applications (part 1) - N10 006

Networking
services and
applications I.

Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certification
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

The basics of the virtual private
network.
– Protocols used by the virtual private
network.
PACE-IT.

Networking services and applications I.

A virtual private network
(VPN) is used by remote hosts
to access a private network
through an encrypted tunnel
through a public network.
Once the VPN connection is made, the remote host is no
longer considered remote. It is actually seen by the private
network as a local host. Even though the network traffic may
pass through many different routers or systems, it is seen by
both ends as a direct connection.
The use of the VPN can help to reduce networking costs for
organizations and businesses. The cost reduction is partially
achieved because the VPN doesn’t require the use of a
dedicated leased line to create the connection.

VPN types.
» The site-to-site VPN allows a remote site’s network to connect
to the main site’s network and be seen as a local network
segment.
• VPN concentrators on both ends of the VPN will manage the
connection.
» The remote-access VPN (host-to-site VPN) allows select
remote users to connect to the local network.
• A VPN concentrator on the local network will manage the
connections coming in from the remote users.
• The remote system making the connection uses special
software, called VPN client software, to make the connection.
» The host-to-host VPN (SSL VPN) allows a secure connection
between two systems without the use of VPN client software.
• A VPN concentrator on the local network manages the
connections.
• The host seeking to connect uses a Web browser that
supports the correct encryption technology (either SSL or
TLS) to make the connection to the VPN concentrator.

Internet Protocol security (IPsec).
» Works at Layer 3 of the OSI model and above.
» The most common suite of protocols to secure a VPN
connection.
» Can be used with the Authentication Header (AH) protocol.
• AH only offers authentication services, no encryption.
» Can be used with Encapsulating Security Payload (ESP).
• ESP both authenticates and encrypts packets (the most
popular method).
» Both AH and ESP will operate in one of two modes.
• Can be used in transport mode—between two devices (e.g.,
the host-to-host VPN).
• Can be used in tunnel mode—between two endpoints (e.g.,
the site-to-site VPN).
» IPSec implements Internet Security Association and Key
Management (ISAKMP) by default.
• ISAKMP provides a method for transferring security key and
authentication data between systems, outside of the security
key generating process (a much more secure process).

Generic Routing Encapsulation (GRE).
» GRE is a tunneling protocol that is capable of encapsulating a
wide variety of network layer protocols.
» It is often used to create a sub-tunnel within an IPSec
connection.
• IPSec will only transmit unicast packets (one-to-one
communication). In many cases, there is a need to transmit
multicast (one-to-some communication) or broadcast (one-to-
many communication) packets across an IPsec connection.
By using GRE, this can be accomplished.
– Point-to-Point Tunneling Protocol (PPTP).
» An older VPN technology that supports dial-up VPN
connections. On its own, it lacked native security features.
• Microsoft’s implementation included additional security by
adding GRE.

Transport Layer Security (TLS) protocol.
» TLS is a cryptographic protocol used to create a secure
encrypted connection between two end devices or applications.
• It uses asymmetrical cryptography to authenticate end points,
and then negotiate a symmetrical security key, which is used
to encrypt the session.
» TLS has largely replaced the Secure Socket Layer protocol.
» It works at Layer 5 and above of the OSI model.
» The most common use is in creating a secure encrypted
Internet session (SSL VPN).
• All modern Web browsers support TLS.
– Secure Socket Layer (SSL) protocol.
» SSL is an older cryptographic protocol that is very similar to
TLS.
» The most common use is in Internet transactions.
• All modern Web browsers support SSL.
» Due to issues with earlier versions of the protocol, it has largely
been replaced by TLS protocol.
• SSL v.3.3 has been developed to address the weaknesses of
the earlier versions.

A VPN connection is used to allow remote sites or users to access a private
network and to function as a local segment. A site-to-site VPN connects two
sites together. A remote-access VPN allows select users to connect, but
requires those users to have preconfigured VPN clients installed on their
systems. A host-to-host VPN allows users to connect to the private network
without the use of VPN client software.
Topic
The basics of the virtual
private network.
Summary
IPsec is the most common protocol suite used to secure VPN connections. It
works at Layer 3 and above of the OSI model. GRE is a tunneling protocol
that can encapsulate a wide variety of other network layer protocols. It is
used in conjunction with IPsec to allow for multicast and broadcast packet
transmissions. PPTP is an older VPN technology that supports dial-up VPN
connections. TLS is a cryptographic protocol that provides authentication
services; it is commonly used in Web based transactions and has largely
replaced SSL. SSL is similar to TLS and has largely been replaced by it.
Protocols used by the virtual
private network.

This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.

PACE-IT: Networking Services and Applications (part 1) - N10 006

More Related Content

What's hot

Similar to PACE-IT: Networking Services and Applications (part 1) - N10 006

More from Pace IT at Edmonds Community College

Recently uploaded

PACE-IT: Networking Services and Applications (part 1) - N10 006