SlideShare a Scribd company logo

Network security, firewalls, and vp ns week 5&6vpn fundame

Download as DOCX, PDF
J
JUST36

The document discusses virtual private networks (VPNs), including VPN fundamentals, implementation, technologies, and best practices. It covers VPN concepts like encryption modes, endpoints, protocols, architectures, and authentication. The learning objectives are to describe VPN concepts, elements of implementation and management, and common VPN technologies.

1 of 43
Network Security, Firewalls, and VPNs Week 5&6 VPN Fundamentals © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Virtual Labs Configuring a pfSense Firewall for the Server Penetration Testing a pfSense Firewall Chapters 2 & 7 Required Reading From Last Week… Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company www.jblearning.com All rights reserved. 5/31/2020 2 Learning Objectives Describe the foundational concepts of VPNs. Appraise the elements of VPN implementation and management. Describe common VPN technologies. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 3 Key Concepts Virtual private network (VPN) essentials The roles of VPN appliances, edge routers, and corporate firewalls VPN implementation Best practices for implementing and managing VPNs Common network locations where VPNs are deployed VPN deployment planning for the enterprise
VPN policy creation Strategies for overcoming VPN performance and stability issues Software- and hardware-based VPN solutions Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 4 Virtual Private Network (VPN) Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 5 What Is a VPN? Network that uses the public telecom infrastructure (Internet) to provide remote access to secure private networks Allows organizations to privately transmit sensitive data remotely over public networks Secures communication between separate private networks through tunneling
Protects sensitive information transiting the public network Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 6 What Is a VPN? Low-cost alternative to leased-line infrastructure Supports Internet remote access Provide remote access and remote control Employs encryption and authentication for secure transmission Restrictions for mobile users that ensure a baseline level of conformity and security Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 7 VPN Endpoints Host Computer Systems
Edge Routers Corporate Firewalls Dedicated VPN Appliances Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 8 VPN Encryption Modes Tunnel mode Protects packet from header to payload Transport mode Protects only the packet payload Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 9 VPNs Bridge Distant Connections Home and satellite offices
May span separate cities, states, countries, geographic territories, and international borders Provide varying levels of granular network access to separate locations VPNs maintain confidentiality and integrity for users and data (C-I-A triad) Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 10 Drawbacks of VPNs Congestion, latency, fragmentation, and packet loss Difficulties with compliance and troubleshooting Encrypted traffic does not compress Lacks repeating patterns More bandwidth-intensive than clear-text transmission Connectivity requires high availability Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020
11 VPNs Security and Privacy Issues Cannot ensure quality of service (QoS) or complete security Links depend on availability, stability, and throughput of ISP connection Not ideal connection method for dial-up modems or low- bandwidth links Infected mobile users can potentially damage or disrupt the private network Confidential data can be copied outside the boundaries of internal controls Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 12 VPNs Are Not a Cure-all Solution Page ‹#›
Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 13 Upkeep, Updates, and Upgrades Safety and Security Software Fixes Client Compliance Roaming profiles
Tamper with systems Inconsistent Security True VPN Software Updates Careless users Trusted VPN Secure Hybrid VPN Software Patches
Hardware Upgrades Bypass restrictions Defiant users VPN Best Practices: Predeployment Choose a solution that's right for your environment, with proven capabilities Plan to provide redundancy Create a written VPN policy Ensure client security
Vulnerability management Document your VPN implementation plan Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 14 Developing a VPN Policy Restrict remote access to the organization’s VPN solution. Prohibit split tunneling. Define classes of employee that can access the network by VPN. Define types of VPN connections to permit. Define authentication methods permitted. Prohibit sharing of VPN credentials. List configuration requirements for remote hosts, including current virus protection, anti-malware, host-based intrusion detection system (HIDS), and a personal firewall.
Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 15 Developing a VPN Policy (Cont.) Prohibit the use of non-company equipment or, if personal systems may connect to the VPN, define the minimum standards for those connections. Define required encryption levels for VPN connections. If you will be using your VPN for network-to-network connections, define approval process and criteria for establishing a network-to-network connection. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
All rights reserved. 5/31/2020 16 VPN Best Practices: Post Deployment Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 17 Perform Regularly Usage Review
Back Up Patching Types of VPN Implementations Bypass VPN Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020
18 Types of VPN Implementations Internally Connected VPN Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 19 Types of VPN Implementations A VPN in a DMZ Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com All rights reserved. 5/31/2020 20 Internet Protocol Security (IPSec) IPSec VPNs: Support all operating system platforms Provide secure, node-on-the-network connectivity Offer standards-based solution Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 21 Layer 2 Tunneling Protocol (L2TP)
Largely replaced by IPSec and SSL/TLS Is a combination of best features of Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Forwarding (L2F) Protocol Limitation: Provides mechanism for creating tunnels through an IP network but not for encrypting the data being tunneled Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 22 Secure Sockets Layer SSL)/ Transport Layer Security (TLS) Non-IPSec alternative for VPNs SSL/TLS authentication is one-way SSL VPNs: Platform independent Client flexibility Work with NAT
Fewer firewall rules required Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 23 Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) A secure browser session using SSL. A certificate in an HTTPS connection. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
All rights reserved. 5/31/2020 24 Secure Shell (SSH) Protocol Used for: Login to a shell on a remote host (replaces Telnet and rlogin) Executing a single command on a remote host (replaces rsh) File transfers to a remote host In conjunction with the OpenSSH server and client to create a full VPN connection Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 25
Secure Shell (SSH) Protocol An application that uses SSH. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 26 VPN Deployment Models True, Trusted, Secure, and Hybrid Models Tailor VPN security to match organizational and data privacy needs Establish control Components (software and hardware) Conversations (endpoint connections) Communications (network infrastructure) Page ‹#›
Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learni ng Company www.jblearning.com All rights reserved. 5/31/2020 27 VPN Deployment Models Customers and providers may separately manage and maintain devices Customers may outsource different aspects of VPN ownership and operation to service providers Custom tailor ownership and operator responsibilities to budgetary needs Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
5/31/2020 28 VPN Architectures Remote access (host-to-site) supports single connections into the LAN LAN-to-LAN and WAN (site-to-site) supports LAN-to-LAN via Internet Client-server (host-to-host) supports direct connections via Internet Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 29 VPN Architectures
A corporation may control different aspects of the network Authentication, Authorization, and Accounting (AAA) server deployment Different technologies for different needs Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 30 VPN to Connect a LAN with Remote Mobile Users Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
VPN Used to Connect Multiple LANs Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Used to Connect Multiple LANs with Remote Mobile Users Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Supporting Services and Protocols Enterprise-class VPNs require enterprise-class security Authentication establishes levels of authorization and access
Cryptographic transport protocols don’t “play well” together Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 34 VPN Protocols IPSec (originally for IPv6 but widely used on IPv4) Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Datagram Transport Layer Security (DTLS) Microsoft Point-to-Point Encryption Secure Socket Tunneling Protocol (SSTP) Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company www.jblearning.com All rights reserved. Network Protocols Tunneling protocols package packets within packets for secure transport Transport protocols package payloads within packets Encapsulating protocols wrap around original passenger protocols Carrier protocols carry the packaged VPN packets Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Tunnel Encapsulates an entire packet within another packet Encrypts payload and header (IP and UDP/TCP) to protect identities Carrier protocol used to transmit the VPN packets Encapsulating protocol packages the original data
Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Tunnel Passenger protocol—original data payload or protocol being carried Encapsulates packets that are not routable through the Internet Routes non-routable address traffic over public infrastructure Ideal for gateway-to-gateway or network-to-network communication Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Transport Encapsulates only the packet payload
Cannot prevent some forms of observation (eavesdropping and alteration) Does not conceal endpoint identity Ideal for direct endpoint-to-endpoint or endpoint-to-gateway communication Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Cryptographic Protocols Ensure confidentiality and non-repudiation Require encryption algorithms, protocols, and authentication methods Endpoints must support identical cryptographic protocols and methods Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
Company www.jblearning.com All rights reserved. 5/31/2020 40 VPN Authentication, Authorization, and Accountability Mechanisms Allow approved external entities to interconnect and interact with private network Use varying methods for authenticating users (passkeys, biometrics, etc.) Track and log user interactions to maintain user accountability Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
VPN Hosts and Trust Trust should vary depending on who is allowed in via the VPN Employee on corporate laptop on managed network Employee on home computer Employee on airport internet (wireless or kiosk) Authorized partner Authorized customer Least Risk Most Risk Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 42 VPNs, NAT, and IPSec Network Address Translation (NAT) Static
Dynamic IPSec (originally for IPv6 but widely used on IPv4) IPSec has issues traversing a translated (NAT) network Run IPSec VPNs on untranslated addresses or Deploy an SSL VPN Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Appliances Dedicated network offload devices Specialized to handle VPN offloading from routers and host systems Can be placed outside corporate firewalls for traffic filtering Supplements existing corporate firewalls that do not support VPN services Page ‹#›
Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Edge Routers Transport VPN over public networks Insures that all traffic complies with firewall Ideal for customer and supplier or business partner access Best suited for controlled access into DMZ Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Corporate Firewall Pass LAN-to-LAN traffic Joined networks are treated as any other LAN route Users don’t have to re-authenticate across segments No additional firewall filtering or restriction applies
Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Implementation Choices A VPN can be implemented as software on the host and gateway A VPN can be implemented as a hardware appliance Both have advantages and disadvantages Both offer cost savings and scalability Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 47
Hardware-Based VPNs Dedicated Resources and Optimized Processing Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 48 Advantages Designed for Routing Sustains Resources
Disadvantages Costs and Compatibility Streamlined for security
Software-Based VPNs Platform-independent SSL/TLS VPNs to connect systems Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 49 Advantages Install and Deploy Rapidly Connection Speed Disadvantages
Complex to Install and Configure Portable and Efficient Server Exposed
Owned and Outsourced VPNs Own or operate telecommunications infrastructure and VPN endpoints Contract maintenance or management Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Deployment Planning Plan the physical location of the VPN Ensure the location meets power and cooling requirements Plan your IP addressing scheme Plan firewall rules for permitting VPN access Configure the VPN server Set up authentication Follow change management policies
Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 51 VPN Deployment Planning Test the deployment Create operations manual, user documentation, etc. Develop support processes Install VPN clients Train users Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com All rights reserved. 5/31/2020 52 Overcoming VPN Performance ChallengesItemConsiderationVPN typeClient or site-to-site connection supportProtocolIPSec VPN or SSL VPNLoadNumber of remote access or site-to-site connectionsClient configurationLegacy hardware, memory-intensive applicationsBandwidthUnreliable connectionsTopologyConnection traverses a firewall or proxy serverEncryption levelHigh encryption necessary but impacts performanceTrafficTraffic spikes, such as from streaming mediaClient versionOlder versions Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
5/31/2020 53 Overcoming VPN Stability ChallengesItemConsiderationConfigurationMission-critical requires high availability or failoverLocationNumber of devices connection must traverse (firewalls, routers, etc.) VPN software versionOlder software may be unstableUnderlying OSOlder versions of OS, or firmware code in hardware VPN Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 54 Summary Virtual private network (VPN) essentials The roles of VPN appliances, edge routers, and corporate
firewalls VPN implementation Best practices for implementing and managing VPNs Common network locations where VPNs are deployed VPN deployment planning for the enterprise VPN policy creation Strategies for overcoming VPN performance and stability issues Software- and hardware-based VPN solutions Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 55 Virtual Lab Using Social Engineering Techniques to Plan an Attack Chapters 3, 11, 12
Midterm Study Guide has been posted. The exam will be available next week and needs to be completed next week as well. Required Reading Midterm Exam Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 56

Recommended

Juniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheetJuniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheet
Shaikh Danial
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Canada
 
A Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNA Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPN
ijtsrd
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
DAVID RAUDALES
 
F5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionF5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transition
Dmitry Tikhovich
 
Vyatta 3500 Datasheet
Vyatta 3500 DatasheetVyatta 3500 Datasheet
Vyatta 3500 DatasheetAbdelkarim Benabdallah
 
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Cisco Russia
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Cisco Russia
 

Recommended

Juniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheetJuniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheet
Shaikh Danial
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Canada
 
A Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPNA Comparative Research on SSL VPN and IPSec VPN
A Comparative Research on SSL VPN and IPSec VPN
ijtsrd
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
DAVID RAUDALES
 
F5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionF5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transition
Dmitry Tikhovich
 
Vyatta 3500 Datasheet
Vyatta 3500 DatasheetVyatta 3500 Datasheet
Vyatta 3500 DatasheetAbdelkarim Benabdallah
 
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Cisco Russia
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Cisco Russia
 
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
Alexander Kravchenko
 
Vpn
Vpn Vpn
Vpn
Vikram Rathore
 
Deployment guide c07_554713
Deployment guide c07_554713Deployment guide c07_554713
Deployment guide c07_554713John Yu
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
Alexander Kravchenko
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
Alexander Kravchenko
 
BlockchainLAB Hackathon
BlockchainLAB HackathonBlockchainLAB Hackathon
BlockchainLAB Hackathon
Aleksandr Kopnin
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Frank Lesniak
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
Rony Melo
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
Alfredo Boiero Sanders
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
eyad alaa
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
Hussein Elmenshawy
 
TechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsTechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICs
Robb Boyd
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Canada
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Rajendra Dangwal
 
VPN
VPNVPN
VPN
Kuldeep Padhiyar
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotik
Aldi Nor Fahrudin
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
Mike Thompson
 
VPN In Details
VPN In DetailsVPN In Details
VPN In Details
Humza Sajid
 
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
KdpKumar
 

More Related Content

What's hot

CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
Alexander Kravchenko
 
Vpn
Vpn Vpn
Vpn
Vikram Rathore
 
Deployment guide c07_554713
Deployment guide c07_554713Deployment guide c07_554713
Deployment guide c07_554713John Yu
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
Alexander Kravchenko
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
Alexander Kravchenko
 
BlockchainLAB Hackathon
BlockchainLAB HackathonBlockchainLAB Hackathon
BlockchainLAB Hackathon
Aleksandr Kopnin
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Frank Lesniak
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
Rony Melo
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
Alfredo Boiero Sanders
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
eyad alaa
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
Hussein Elmenshawy
 
TechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsTechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICs
Robb Boyd
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Canada
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Rajendra Dangwal
 
VPN
VPNVPN
VPN
Kuldeep Padhiyar
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotik
Aldi Nor Fahrudin
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
Mike Thompson
 

What's hot (20)

CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISECHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
CHECK POINT 5900 NEXT GENERATION SECURITY GATEWAY FOR THE MID-SIZE ENTERPRISE
 
Vpn
Vpn Vpn
Vpn
 
Deployment guide c07_554713
Deployment guide c07_554713Deployment guide c07_554713
Deployment guide c07_554713
 
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
CHECK POINT 5100 NEXT GENERATION SECURITY GATEWAY FOR THE SMALL ENTERPRISE AN...
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
 
BlockchainLAB Hackathon
BlockchainLAB HackathonBlockchainLAB Hackathon
BlockchainLAB Hackathon
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
Deployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_applianceDeployment of cisco_iron_portweb_security_appliance
Deployment of cisco_iron_portweb_security_appliance
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
 
TechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICsTechWiseTV Workshop: Programmable ASICs
TechWiseTV Workshop: Programmable ASICs
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle Database
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
VPN
VPNVPN
VPN
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotik
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
 

Similar to Network security, firewalls, and vp ns week 5&6vpn fundame

VPN In Details
VPN In DetailsVPN In Details
VPN In Details
Humza Sajid
 
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
KdpKumar
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
Rajesh Porwal
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
Swarup Kumar Mall
 
How to Choose the Right VPN Service
How to Choose the Right VPN ServiceHow to Choose the Right VPN Service
How to Choose the Right VPN Service
JoyPeter12
 
Check Point: From Branch to Data Center
Check Point: From Branch to Data CenterCheck Point: From Branch to Data Center
Check Point: From Branch to Data Center
Group of company MUK
 
Delivering Network Innovation with SDN - Tom Nadeau
Delivering Network Innovation with SDN - Tom Nadeau Delivering Network Innovation with SDN - Tom Nadeau
Delivering Network Innovation with SDN - Tom Nadeau
scoopnewsgroup
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
OECLIB Odisha Electronics Control Library
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdf
HirazNor
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
Shreyank Gupta
 
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco Canada
 
OpenFlow: What is it Good For?
OpenFlow: What is it Good For? OpenFlow: What is it Good For?
OpenFlow: What is it Good For?
APNIC
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
inside-BigData.com
 
Headquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanHeadquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistan
Tariq Mustafa
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02
Skillspire LLC
 

Similar to Network security, firewalls, and vp ns week 5&6vpn fundame (20)

VPN In Details
VPN In DetailsVPN In Details
VPN In Details
 
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
Public Internet WAN
Public Internet WANPublic Internet WAN
Public Internet WAN
 
How to Choose the Right VPN Service
How to Choose the Right VPN ServiceHow to Choose the Right VPN Service
How to Choose the Right VPN Service
 
Check Point: From Branch to Data Center
Check Point: From Branch to Data CenterCheck Point: From Branch to Data Center
Check Point: From Branch to Data Center
 
Delivering Network Innovation with SDN - Tom Nadeau
Delivering Network Innovation with SDN - Tom Nadeau Delivering Network Innovation with SDN - Tom Nadeau
Delivering Network Innovation with SDN - Tom Nadeau
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdf
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 
VPN
VPN VPN
VPN
 
It Infrastructure Management PPT Centurion University of Technology And Manag...
It Infrastructure Management PPT Centurion University of Technology And Manag...It Infrastructure Management PPT Centurion University of Technology And Manag...
It Infrastructure Management PPT Centurion University of Technology And Manag...
 
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
 
OpenFlow: What is it Good For?
OpenFlow: What is it Good For? OpenFlow: What is it Good For?
OpenFlow: What is it Good For?
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
 
Secure sd wan
Secure sd wanSecure sd wan
Secure sd wan
 
Headquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistanHeadquartered at home community publication nx n pakistan
Headquartered at home community publication nx n pakistan
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
 

More from JUST36

Plan of WorkGloria is employed at Jones University, through .docx
Plan of WorkGloria is employed at Jones University, through .docxPlan of WorkGloria is employed at Jones University, through .docx
Plan of WorkGloria is employed at Jones University, through .docx
JUST36
 
Planning, Implementation, and Evaluation Evaluate the importa.docx
Planning, Implementation, and Evaluation Evaluate the importa.docxPlanning, Implementation, and Evaluation Evaluate the importa.docx
Planning, Implementation, and Evaluation Evaluate the importa.docx
JUST36
 
Planet of the Apes (1974) (Race relations and slavery—turnabout is .docx
Planet of the Apes (1974) (Race relations and slavery—turnabout is .docxPlanet of the Apes (1974) (Race relations and slavery—turnabout is .docx
Planet of the Apes (1974) (Race relations and slavery—turnabout is .docx
JUST36
 
Planning effective English language arts lessons many times incl.docx
Planning effective English language arts lessons many times incl.docxPlanning effective English language arts lessons many times incl.docx
Planning effective English language arts lessons many times incl.docx
JUST36
 
PKI Submission RequirementsFormat Microsoft WordFon.docx
PKI Submission RequirementsFormat Microsoft WordFon.docxPKI Submission RequirementsFormat Microsoft WordFon.docx
PKI Submission RequirementsFormat Microsoft WordFon.docx
JUST36
 
PLAGIARISM SCAN REPORTDate 2020-04-12Words 161Char.docx
PLAGIARISM SCAN REPORTDate 2020-04-12Words 161Char.docxPLAGIARISM SCAN REPORTDate 2020-04-12Words 161Char.docx
PLAGIARISM SCAN REPORTDate 2020-04-12Words 161Char.docx
JUST36
 
Plato’s Apology The Trial of SocratesSocrates in the trial .docx
Plato’s Apology The Trial of SocratesSocrates in the trial .docxPlato’s Apology The Trial of SocratesSocrates in the trial .docx
Plato’s Apology The Trial of SocratesSocrates in the trial .docx
JUST36
 
Pine tree tops” by Gary SnyderIn the blue night frost haze,.docx
Pine tree tops” by Gary SnyderIn the blue night frost haze,.docxPine tree tops” by Gary SnyderIn the blue night frost haze,.docx
Pine tree tops” by Gary SnyderIn the blue night frost haze,.docx
JUST36
 
Platform as a Service (PaaS) and Infrastructure as a Service (I.docx
Platform as a Service (PaaS) and Infrastructure as a Service (I.docxPlatform as a Service (PaaS) and Infrastructure as a Service (I.docx
Platform as a Service (PaaS) and Infrastructure as a Service (I.docx
JUST36
 
plan for your client Eliza. Since the initial treatment plan, severa.docx
plan for your client Eliza. Since the initial treatment plan, severa.docxplan for your client Eliza. Since the initial treatment plan, severa.docx
plan for your client Eliza. Since the initial treatment plan, severa.docx
JUST36
 
Plan a geographic inquiry to investigate the question. In the pl.docx
Plan a geographic inquiry to investigate the question. In the pl.docxPlan a geographic inquiry to investigate the question. In the pl.docx
Plan a geographic inquiry to investigate the question. In the pl.docx
JUST36
 
PLAGIARISMWhat is it Whose Responsibility is It Wha.docx
PLAGIARISMWhat is it Whose Responsibility is It Wha.docxPLAGIARISMWhat is it Whose Responsibility is It Wha.docx
PLAGIARISMWhat is it Whose Responsibility is It Wha.docx
JUST36
 
PKI and Encryption at WorkLearning Objectives and Outcomes· De.docx
PKI and Encryption at WorkLearning Objectives and Outcomes· De.docxPKI and Encryption at WorkLearning Objectives and Outcomes· De.docx
PKI and Encryption at WorkLearning Objectives and Outcomes· De.docx
JUST36
 
Pine Valley Furniture wants to use Internet systems to provide value.docx
Pine Valley Furniture wants to use Internet systems to provide value.docxPine Valley Furniture wants to use Internet systems to provide value.docx
Pine Valley Furniture wants to use Internet systems to provide value.docx
JUST36
 
Pick the form of cultural expression most important to you. It could.docx
Pick the form of cultural expression most important to you. It could.docxPick the form of cultural expression most important to you. It could.docx
Pick the form of cultural expression most important to you. It could.docx
JUST36
 
Pick two diseases from each of the following systems HEENT .docx
Pick two diseases from each of the following systems HEENT .docxPick two diseases from each of the following systems HEENT .docx
Pick two diseases from each of the following systems HEENT .docx
JUST36
 
Pick only one topic!!!!!!!!!!You will need to choose one topic f.docx
Pick only one topic!!!!!!!!!!You will need to choose one topic f.docxPick only one topic!!!!!!!!!!You will need to choose one topic f.docx
Pick only one topic!!!!!!!!!!You will need to choose one topic f.docx
JUST36
 
Pick one organized religion to research. First, describe the religio.docx
Pick one organized religion to research. First, describe the religio.docxPick one organized religion to research. First, describe the religio.docx
Pick one organized religion to research. First, describe the religio.docx
JUST36
 
Pick one of the 2 (Buddhist Syllogism or Meditation)...The B.docx
Pick one of the 2 (Buddhist Syllogism or Meditation)...The B.docxPick one of the 2 (Buddhist Syllogism or Meditation)...The B.docx
Pick one of the 2 (Buddhist Syllogism or Meditation)...The B.docx
JUST36
 
Pick one of the following terms for your research Moral philosophy,.docx
Pick one of the following terms for your research Moral philosophy,.docxPick one of the following terms for your research Moral philosophy,.docx
Pick one of the following terms for your research Moral philosophy,.docx
JUST36
 

More from JUST36 (20)

Plan of WorkGloria is employed at Jones University, through .docx
Plan of WorkGloria is employed at Jones University, through .docxPlan of WorkGloria is employed at Jones University, through .docx
Plan of WorkGloria is employed at Jones University, through .docx
 
Planning, Implementation, and Evaluation Evaluate the importa.docx
Planning, Implementation, and Evaluation Evaluate the importa.docxPlanning, Implementation, and Evaluation Evaluate the importa.docx
Planning, Implementation, and Evaluation Evaluate the importa.docx
 
Planet of the Apes (1974) (Race relations and slavery—turnabout is .docx
Planet of the Apes (1974) (Race relations and slavery—turnabout is .docxPlanet of the Apes (1974) (Race relations and slavery—turnabout is .docx
Planet of the Apes (1974) (Race relations and slavery—turnabout is .docx
 
Planning effective English language arts lessons many times incl.docx
Planning effective English language arts lessons many times incl.docxPlanning effective English language arts lessons many times incl.docx
Planning effective English language arts lessons many times incl.docx
 
PKI Submission RequirementsFormat Microsoft WordFon.docx
PKI Submission RequirementsFormat Microsoft WordFon.docxPKI Submission RequirementsFormat Microsoft WordFon.docx
PKI Submission RequirementsFormat Microsoft WordFon.docx
 
PLAGIARISM SCAN REPORTDate 2020-04-12Words 161Char.docx
PLAGIARISM SCAN REPORTDate 2020-04-12Words 161Char.docxPLAGIARISM SCAN REPORTDate 2020-04-12Words 161Char.docx
PLAGIARISM SCAN REPORTDate 2020-04-12Words 161Char.docx
 
Plato’s Apology The Trial of SocratesSocrates in the trial .docx
Plato’s Apology The Trial of SocratesSocrates in the trial .docxPlato’s Apology The Trial of SocratesSocrates in the trial .docx
Plato’s Apology The Trial of SocratesSocrates in the trial .docx
 
Pine tree tops” by Gary SnyderIn the blue night frost haze,.docx
Pine tree tops” by Gary SnyderIn the blue night frost haze,.docxPine tree tops” by Gary SnyderIn the blue night frost haze,.docx
Pine tree tops” by Gary SnyderIn the blue night frost haze,.docx
 
Platform as a Service (PaaS) and Infrastructure as a Service (I.docx
Platform as a Service (PaaS) and Infrastructure as a Service (I.docxPlatform as a Service (PaaS) and Infrastructure as a Service (I.docx
Platform as a Service (PaaS) and Infrastructure as a Service (I.docx
 
plan for your client Eliza. Since the initial treatment plan, severa.docx
plan for your client Eliza. Since the initial treatment plan, severa.docxplan for your client Eliza. Since the initial treatment plan, severa.docx
plan for your client Eliza. Since the initial treatment plan, severa.docx
 
Plan a geographic inquiry to investigate the question. In the pl.docx
Plan a geographic inquiry to investigate the question. In the pl.docxPlan a geographic inquiry to investigate the question. In the pl.docx
Plan a geographic inquiry to investigate the question. In the pl.docx
 
PLAGIARISMWhat is it Whose Responsibility is It Wha.docx
PLAGIARISMWhat is it Whose Responsibility is It Wha.docxPLAGIARISMWhat is it Whose Responsibility is It Wha.docx
PLAGIARISMWhat is it Whose Responsibility is It Wha.docx
 
PKI and Encryption at WorkLearning Objectives and Outcomes· De.docx
PKI and Encryption at WorkLearning Objectives and Outcomes· De.docxPKI and Encryption at WorkLearning Objectives and Outcomes· De.docx
PKI and Encryption at WorkLearning Objectives and Outcomes· De.docx
 
Pine Valley Furniture wants to use Internet systems to provide value.docx
Pine Valley Furniture wants to use Internet systems to provide value.docxPine Valley Furniture wants to use Internet systems to provide value.docx
Pine Valley Furniture wants to use Internet systems to provide value.docx
 
Pick the form of cultural expression most important to you. It could.docx
Pick the form of cultural expression most important to you. It could.docxPick the form of cultural expression most important to you. It could.docx
Pick the form of cultural expression most important to you. It could.docx
 
Pick two diseases from each of the following systems HEENT .docx
Pick two diseases from each of the following systems HEENT .docxPick two diseases from each of the following systems HEENT .docx
Pick two diseases from each of the following systems HEENT .docx
 
Pick only one topic!!!!!!!!!!You will need to choose one topic f.docx
Pick only one topic!!!!!!!!!!You will need to choose one topic f.docxPick only one topic!!!!!!!!!!You will need to choose one topic f.docx
Pick only one topic!!!!!!!!!!You will need to choose one topic f.docx
 
Pick one organized religion to research. First, describe the religio.docx
Pick one organized religion to research. First, describe the religio.docxPick one organized religion to research. First, describe the religio.docx
Pick one organized religion to research. First, describe the religio.docx
 
Pick one of the 2 (Buddhist Syllogism or Meditation)...The B.docx
Pick one of the 2 (Buddhist Syllogism or Meditation)...The B.docxPick one of the 2 (Buddhist Syllogism or Meditation)...The B.docx
Pick one of the 2 (Buddhist Syllogism or Meditation)...The B.docx
 
Pick one of the following terms for your research Moral philosophy,.docx
Pick one of the following terms for your research Moral philosophy,.docxPick one of the following terms for your research Moral philosophy,.docx
Pick one of the following terms for your research Moral philosophy,.docx
 

Recently uploaded

BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
DhatriParmar
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 

Recently uploaded (20)

BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 

Network security, firewalls, and vp ns week 5&6vpn fundame

  • 1. Network Security, Firewalls, and VPNs Week 5&6 VPN Fundamentals © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 1 Virtual Labs Configuring a pfSense Firewall for the Server Penetration Testing a pfSense Firewall Chapters 2 & 7 Required Reading From Last Week… Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
  • 2. Company www.jblearning.com All rights reserved. 5/31/2020 2 Learning Objectives Describe the foundational concepts of VPNs. Appraise the elements of VPN implementation and management. Describe common VPN technologies. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 3 Key Concepts Virtual private network (VPN) essentials The roles of VPN appliances, edge routers, and corporate firewalls VPN implementation Best practices for implementing and managing VPNs Common network locations where VPNs are deployed VPN deployment planning for the enterprise
  • 3. VPN policy creation Strategies for overcoming VPN performance and stability issues Software- and hardware-based VPN solutions Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 4 Virtual Private Network (VPN) Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 5 What Is a VPN? Network that uses the public telecom infrastructure (Internet) to provide remote access to secure private networks Allows organizations to privately transmit sensitive data remotely over public networks Secures communication between separate private networks through tunneling
  • 4. Protects sensitive information transiting the public network Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 6 What Is a VPN? Low-cost alternative to leased-line infrastructure Supports Internet remote access Provide remote access and remote control Employs encryption and authentication for secure transmission Restrictions for mobile users that ensure a baseline level of conformity and security Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 7 VPN Endpoints Host Computer Systems
  • 5. Edge Routers Corporate Firewalls Dedicated VPN Appliances Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 8 VPN Encryption Modes Tunnel mode Protects packet from header to payload Transport mode Protects only the packet payload Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 9 VPNs Bridge Distant Connections Home and satellite offices
  • 6. May span separate cities, states, countries, geographic territories, and international borders Provide varying levels of granular network access to separate locations VPNs maintain confidentiality and integrity for users and data (C-I-A triad) Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 10 Drawbacks of VPNs Congestion, latency, fragmentation, and packet loss Difficulties with compliance and troubleshooting Encrypted traffic does not compress Lacks repeating patterns More bandwidth-intensive than clear-text transmission Connectivity requires high availability Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020
  • 7. 11 VPNs Security and Privacy Issues Cannot ensure quality of service (QoS) or complete security Links depend on availability, stability, and throughput of ISP connection Not ideal connection method for dial-up modems or low- bandwidth links Infected mobile users can potentially damage or disrupt the private network Confidential data can be copied outside the boundaries of internal controls Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 12 VPNs Are Not a Cure-all Solution Page ‹#›
  • 8. Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 13 Upkeep, Updates, and Upgrades Safety and Security Software Fixes Client Compliance Roaming profiles
  • 9. Tamper with systems Inconsistent Security True VPN Software Updates Careless users Trusted VPN Secure Hybrid VPN Software Patches
  • 10. Hardware Upgrades Bypass restrictions Defiant users VPN Best Practices: Predeployment Choose a solution that's right for your environment, with proven capabilities Plan to provide redundancy Create a written VPN policy Ensure client security
  • 11. Vulnerability management Document your VPN implementation plan Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 14 Developing a VPN Policy Restrict remote access to the organization’s VPN solution. Prohibit split tunneling. Define classes of employee that can access the network by VPN. Define types of VPN connections to permit. Define authentication methods permitted. Prohibit sharing of VPN credentials. List configuration requirements for remote hosts, including current virus protection, anti-malware, host-based intrusion detection system (HIDS), and a personal firewall.
  • 12. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 15 Developing a VPN Policy (Cont.) Prohibit the use of non-company equipment or, if personal systems may connect to the VPN, define the minimum standards for those connections. Define required encryption levels for VPN connections. If you will be using your VPN for network-to-network connections, define approval process and criteria for establishing a network-to-network connection. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
  • 13. All rights reserved. 5/31/2020 16 VPN Best Practices: Post Deployment Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 17 Perform Regularly Usage Review
  • 14. Back Up Patching Types of VPN Implementations Bypass VPN Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020
  • 15. 18 Types of VPN Implementations Internally Connected VPN Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 19 Types of VPN Implementations A VPN in a DMZ Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
  • 16. www.jblearning.com All rights reserved. 5/31/2020 20 Internet Protocol Security (IPSec) IPSec VPNs: Support all operating system platforms Provide secure, node-on-the-network connectivity Offer standards-based solution Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 21 Layer 2 Tunneling Protocol (L2TP)
  • 17. Largely replaced by IPSec and SSL/TLS Is a combination of best features of Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Forwarding (L2F) Protocol Limitation: Provides mechanism for creating tunnels through an IP network but not for encrypting the data being tunneled Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 22 Secure Sockets Layer SSL)/ Transport Layer Security (TLS) Non-IPSec alternative for VPNs SSL/TLS authentication is one-way SSL VPNs: Platform independent Client flexibility Work with NAT
  • 18. Fewer firewall rules required Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 23 Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) A secure browser session using SSL. A certificate in an HTTPS connection. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com
  • 19. All rights reserved. 5/31/2020 24 Secure Shell (SSH) Protocol Used for: Login to a shell on a remote host (replaces Telnet and rlogin) Executing a single command on a remote host (replaces rsh) File transfers to a remote host In conjunction with the OpenSSH server and client to create a full VPN connection Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 25
  • 20. Secure Shell (SSH) Protocol An application that uses SSH. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 26 VPN Deployment Models True, Trusted, Secure, and Hybrid Models Tailor VPN security to match organizational and data privacy needs Establish control Components (software and hardware) Conversations (endpoint connections) Communications (network infrastructure) Page ‹#›
  • 21. Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learni ng Company www.jblearning.com All rights reserved. 5/31/2020 27 VPN Deployment Models Customers and providers may separately manage and maintain devices Customers may outsource different aspects of VPN ownership and operation to service providers Custom tailor ownership and operator responsibilities to budgetary needs Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 22. 5/31/2020 28 VPN Architectures Remote access (host-to-site) supports single connections into the LAN LAN-to-LAN and WAN (site-to-site) supports LAN-to-LAN via Internet Client-server (host-to-host) supports direct connections via Internet Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 29 VPN Architectures
  • 23. A corporation may control different aspects of the network Authentication, Authorization, and Accounting (AAA) server deployment Different technologies for different needs Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 30 VPN to Connect a LAN with Remote Mobile Users Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 24. VPN Used to Connect Multiple LANs Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Used to Connect Multiple LANs with Remote Mobile Users Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Supporting Services and Protocols Enterprise-class VPNs require enterprise-class security Authentication establishes levels of authorization and access
  • 25. Cryptographic transport protocols don’t “play well” together Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 34 VPN Protocols IPSec (originally for IPv6 but widely used on IPv4) Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Datagram Transport Layer Security (DTLS) Microsoft Point-to-Point Encryption Secure Socket Tunneling Protocol (SSTP) Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
  • 26. Company www.jblearning.com All rights reserved. Network Protocols Tunneling protocols package packets within packets for secure transport Transport protocols package payloads within packets Encapsulating protocols wrap around original passenger protocols Carrier protocols carry the packaged VPN packets Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Tunnel Encapsulates an entire packet within another packet Encrypts payload and header (IP and UDP/TCP) to protect identities Carrier protocol used to transmit the VPN packets Encapsulating protocol packages the original data
  • 27. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Tunnel Passenger protocol—original data payload or protocol being carried Encapsulates packets that are not routable through the Internet Routes non-routable address traffic over public infrastructure Ideal for gateway-to-gateway or network-to-network communication Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Transport Encapsulates only the packet payload
  • 28. Cannot prevent some forms of observation (eavesdropping and alteration) Does not conceal endpoint identity Ideal for direct endpoint-to-endpoint or endpoint-to-gateway communication Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Cryptographic Protocols Ensure confidentiality and non-repudiation Require encryption algorithms, protocols, and authentication methods Endpoints must support identical cryptographic protocols and methods Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning
  • 29. Company www.jblearning.com All rights reserved. 5/31/2020 40 VPN Authentication, Authorization, and Accountability Mechanisms Allow approved external entities to interconnect and interact with private network Use varying methods for authenticating users (passkeys, biometrics, etc.) Track and log user interactions to maintain user accountability Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 30. VPN Hosts and Trust Trust should vary depending on who is allowed in via the VPN Employee on corporate laptop on managed network Employee on home computer Employee on airport internet (wireless or kiosk) Authorized partner Authorized customer Least Risk Most Risk Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 42 VPNs, NAT, and IPSec Network Address Translation (NAT) Static
  • 31. Dynamic IPSec (originally for IPv6 but widely used on IPv4) IPSec has issues traversing a translated (NAT) network Run IPSec VPNs on untranslated addresses or Deploy an SSL VPN Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Appliances Dedicated network offload devices Specialized to handle VPN offloading from routers and host systems Can be placed outside corporate firewalls for traffic filtering Supplements existing corporate firewalls that do not support VPN services Page ‹#›
  • 32. Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Edge Routers Transport VPN over public networks Insures that all traffic complies with firewall Ideal for customer and supplier or business partner access Best suited for controlled access into DMZ Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Corporate Firewall Pass LAN-to-LAN traffic Joined networks are treated as any other LAN route Users don’t have to re-authenticate across segments No additional firewall filtering or restriction applies
  • 33. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Implementation Choices A VPN can be implemented as software on the host and gateway A VPN can be implemented as a hardware appliance Both have advantages and disadvantages Both offer cost savings and scalability Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 47
  • 34. Hardware-Based VPNs Dedicated Resources and Optimized Processing Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 48 Advantages Designed for Routing Sustains Resources
  • 36. Software-Based VPNs Platform-independent SSL/TLS VPNs to connect systems Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 49 Advantages Install and Deploy Rapidly Connection Speed Disadvantages
  • 37. Complex to Install and Configure Portable and Efficient Server Exposed
  • 38. Owned and Outsourced VPNs Own or operate telecommunications infrastructure and VPN endpoints Contract maintenance or management Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. VPN Deployment Planning Plan the physical location of the VPN Ensure the location meets power and cooling requirements Plan your IP addressing scheme Plan firewall rules for permitting VPN access Configure the VPN server Set up authentication Follow change management policies
  • 39. Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 51 VPN Deployment Planning Test the deployment Create operations manual, user documentation, etc. Develop support processes Install VPN clients Train users Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
  • 40. www.jblearning.com All rights reserved. 5/31/2020 52 Overcoming VPN Performance ChallengesItemConsiderationVPN typeClient or site-to-site connection supportProtocolIPSec VPN or SSL VPNLoadNumber of remote access or site-to-site connectionsClient configurationLegacy hardware, memory-intensive applicationsBandwidthUnreliable connectionsTopologyConnection traverses a firewall or proxy serverEncryption levelHigh encryption necessary but impacts performanceTrafficTraffic spikes, such as from streaming mediaClient versionOlder versions Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
  • 41. 5/31/2020 53 Overcoming VPN Stability ChallengesItemConsiderationConfigurationMission-critical requires high availability or failoverLocationNumber of devices connection must traverse (firewalls, routers, etc.) VPN software versionOlder software may be unstableUnderlying OSOlder versions of OS, or firmware code in hardware VPN Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 54 Summary Virtual private network (VPN) essentials The roles of VPN appliances, edge routers, and corporate
  • 42. firewalls VPN implementation Best practices for implementing and managing VPNs Common network locations where VPNs are deployed VPN deployment planning for the enterprise VPN policy creation Strategies for overcoming VPN performance and stability issues Software- and hardware-based VPN solutions Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 55 Virtual Lab Using Social Engineering Techniques to Plan an Attack Chapters 3, 11, 12
  • 43. Midterm Study Guide has been posted. The exam will be available next week and needs to be completed next week as well. Required Reading Midterm Exam Page ‹#› Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5/31/2020 56