School of Computer Sciences Universiti Sains Malaysia Pulau Pinang
|
|
- Myra Clarke
- 5 years ago
- Views:
Transcription
1 School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1
2 Table of Content Introduction 3 What is Virtual Private Network (VPN) 3 Why VPN 4 Categories of VPN 5 VPN Topology 7 Type of VPN 8 Internet Protocol Security (IPsec) 12 Two Modes in IPsec 15 Risk and Limitation of VPN 17 Conclusion 18 References 18 Page 2
3 Introduction In this new high technology digital world, the usage of internet is increase rapidly. A lot of data or information may obtain from the internet. However, there is a problem for the usage of internet. That is the privacy. Data or information may be stealing or attacked by hacker in the process of transmission. There are various ways to protect our data. One of the examples is by using Virtual Private Network (VPN). VPN is a secure and private network connection between the system that use the data communication capability of an unsecured and public network. What is Virtual Private Network (VPN) Virtual mean in a different state of being or mean not real. In a VPN, private communication between two devices is achieved through a public network but the communication is virtually. Private mean that to keep the information or the communication between two users in secret. Network is a medium which consist of two or more devices which can communicate with each other via cable or wire. Therefore, a VPN is a secure and private network connection between the system that use the data communication capability of an unsecured and public network. In other word, VPN is a communications environment where the access is controlled to perform peer connections only within a trusted network and is constructed through some of the common underlying communication medium with the aim to maintaining privacy through the use of tunneling protocol and security procedures. [1] Page 3
4 VPN are commonly used to extend the intranets worldwide to disseminate information and news to a wide user base. There are three types of VPN which are Trusted VPN, Secure VPN and Hybrid VPN. Besides that, there are two mode of VPN which are Tunnel Mode and the Transport Mode. Why VPN? When we talk about Virtual Private Network (VPN), the key word private is the main issues. VPN is the best technology in the recent time to protect our data as it completely secures our data through military grade encryption in the transmission of important data. It creates a tunnel for the transmission and therefore not outsiders are allowed to view the data except the receiver. Hence, it is secure and privacy is protected. Besides that, VPN services will conceal the real IP and replace it with one of the IP of the services provider. In doing so, the connection or internet activity is anonymous and therefore prevent the attack from attacker or hacker to tracking your IP address. In addition, information transfer through public Wi-Fi is unsecure. There are a sentences that saying using Public Wi-Fi is like you are walking naked on the road but you don t want anyone to see you naked. The uses of VPN will ensure the public Wi-Fi connection in a secure mode. VPN will form tunnel around the connection that cannot be intercepted by any hacker or attacker. [2] Page 4
5 Categories of VPN There are three main categories of VPN which are Trusted VPN, Secure VPN and Hybrid VPN. Trusted VPN Trusted VPN uses leased circuit from services provider and conducts packet switching over there leased circuit. The privacy afforded by Trusted VPN or also known as legacy VPN was only the communications provider assured the customer that no one else would use the same circuit. This allows customer who use it to have its own IP addressing and their own security policies. In addition, the VPN customer trusted the VPN services provider to maintain the integrity of the circuits and to use the best available business practices to avoid snooping of the network traffic. [1][5] Secure VPN Secure VPN are the network or the communication environment is constructed using encryption. It use security protocol and encrypt traffic transmitted across the communication network. Secure VPN will encrypt the traffic or data at the edge of one network or the sender and moved over the internet like any other data. Data will decrypt when it reached the receiver. This encrypt traffic will act like a secure Page 5
6 tunnel between the two network (sender and receiver). Even if there are any attacker can see the traffic, they cannot read it or change the direction of the traffic. Hence the communication is secure. [1][5] Hybrid VPN A Secure VPN can be run as a part of a Trusted VPN as well and this created the third type of VPN in the market which is Hybrid VPN. Hybrid VPN is the VPN that combine the characteristic of the two VPN discussed before which are Trusted VPN and Secure VPN. It provides the encrypted traffic or transmissions as in the Secure VPN over the entire Trusted VPN network. The secure part of the Hybrid VPN might be controlled by the customer or by the VPN services provider that provide Trusted VPN. [1][5] Page 6
7 VPN Topology In this section, we will discuss about how a VPN work. To begin using VPN, first we may need an internet connection which can be leashed from an Internet Services Provider (ISP). Then a specially designed router or switch is needed for each Internet access circuit to provide access from the origin network to the VPN. A virtual circuit that resembles a leashed line is created through tunnels which allow the sender to encrypt their data in an IP packet that hide the underlying routing and switching infrastructure of the internet from both the senders and receiver is created. This circuit is known as Permanent Virtual Circuit (PVCs). The sender devices will then take the outgoing packet and encapsulates it to move through the VPN tunnel across the Internet to the receiver. This transmission of packet form the sender to the receiver is transparent to both of the sender and the receiver and even transparent to the ISP and the whole internet user. When it reached to the receiver, the receiver will strip off the VPN frame and deliver the original packet to the destination network. [3] Figure 1 show the two networks connected over an intranet. Figure 1 VPN of two networks connected over an intranet. [3] Page 7
8 Types of VPN VPN are traditionally used for the three main purposes: Intranets, Remote Access and Extranets. Intranet VPN Intranets are used for the connection within an organization. The connection normally is created between the headquarters offices and its branch office. VPN is created within this location to protect the information of the organization from being stolen or attacked by any outsider. The connection within this organization is often used for some or file sharing. Intranet provides a virtual circuit between the organizations over the Internet. Figure 2 show the intranet VPN within organizations. The advantage of using Intranet VPN is it will reduce the WAN bandwidth cost of the organization. Intranet VPN allow the organization to use the WAN bandwidth efficiency and hence congestion avoidance with the use of bandwidth management traffic shaping. [3][5] Page 8
9 Figure 2 Intranet VPN [3] Remote Access VPN Remote Access through VPN enables telecommuters and mobile workers to access e- mail and business application. Although a dial-up connection enable the user to do so, but the cost for the dial-up connection is much higher than the Remote Access VPN. Remote Access VPN enable the mobile worker to connect to the local internet connection and the set up a secure IPsec-based BPN communication to their organization. The user connect to a local ISP that support VPN using plain old line (DSL) or etc. the VPN devices at the ISP accept the user s login and then will establishes the tunnel to the VPN device at the organization s office. Then the tunnel will beginning forward packet over the Internet. The advantage of using Remote Access VPN is it will reduce the capital cost associated with connection if using dial-up connection as discuss before. Besides that, these techniques allow the organization to add new user easily and have a Page 9
10 greater scalability. Figure 3 show the Remote Access VPN implemented in an organization. [3][5] Figure 3 Remote Accesses VPN [3] There are two types of Access VPS which are Client-Initiated VPN and NAS-Initiated Access VPN. In the Client-Initiated VPN, the business operation initiate the VPN task by manage the client software to initiate the tunnel. This also ensures end-to-end security between the client and the host. Besides that, the client software will also be installed at the remote site which can terminate into a firewall for termination into the corporate network. The biggest advantage of this type of VPN is the service provider access network used for dialing to the point of presence is much more secured. In a NAS-Initiated VPN, the client software element is eliminated. The remote access user starts the connection by dialing to the services provider and obtains the Page 10
11 authentication from the services provider and in turn, initiates a secure, encrypted tunnel to the corporate network. This will then eliminated the client software issue and hence reduce the client management burden associated with the remote access VPN. In the other word, there is no end user client software for the corporate to maintain. Extranet VPN Extranet are secure connection between two or more organization. Due to the connection cost, time delays and access availability, IPsec-based VPN are ideal for extranet connection that connects two organizations. The concept of setting up an extranet VPN is similar to the intranet VPN. The only different is the user which is within an organization and one is between two or more organization. Figure 4 show the implementation of an Extranet VPN. [3][5] Figure 4 Extranet VPN [3] Page 11
12 Internet Protocol Security (IPsec) IPsec is a set of protocol developed by the IETF to support the exchange of secure packet or to protect the communication at the IP layer. It is also a standard suite of protocol that provides data integrity, confidentiality and authentication along the transmission of data between the communication points in the IP network. IPsec is then deployed widely and contribute in the implementation of VPN. [5] There are three main components in IPsec which are Encapsulating Security Payload (ESP), Authentication Header (AH) and Internet Key Exchange (IKE). Encapsulating Security Payload (ESP) Encapsulating Security Payload (ESP) provide the authentication, integrity and confidentiality of data. It protects the data and provides message content protection. Besides that, ESP also provides the encryption services in IPsec. First, ESP will translate the message into some secret code or unreadable message with the aim that to hide the content of the message. This will prevent the unauthorized user from viewing the content of the message. ESP will also provide ESP authentication which will provide authentication for the payload and not the IP header. The ESP header is inserted into the package. Due to the encryption done by ESP, the payload changed. [5] Page 12
13 Figure 5 show the example of a packet of ESP. Figure 5 Packet with IPsec Encapsulated Security Payload [5] Authentication Header (AH) Authentication Header (AH) provides the same authentication and integrity like ESP. Besides that, AH also provides optional anti-replay protection which is a services that protect against the retransmission of packet of unauthorized user. However, AH does not protect the data confidentiality. This means that the identity of the sender and the receiver can be known and the content of the message can be viewed. Therefore, to increase the security of data, both ESP and AH can be used at the same time. Figure 6 show the example of packet of AH. [5] Page 13
14 Figure 6 Packets with IPsec Authentication Header [5] Internet Key Exchange (IKE) Internet Key Exchange (IKE) provides the key management and the Security Association (SA). IPsec introduce the concept of SA which is a connection between two devices. An SA provides a data protection for the traffic between two devices. In addition, SA also enables an enterprise to control the usage of resources that may communicate securely. Hence, multiple SA is set up to enable multiple secure VPN. [5] Page 14
15 Two Modes in IPsec There are two modes in IPsec which are the Transport Mode and the Tunnel Mode. Transport Mode In transport mode, the data is encrypted except the header information. Therefore, the IP packet can directly to be transmitting to the remote host by create a secure link between the sender and the receiver. The content of the packet is encrypted and protected. Transport mode VPN eliminates the need for special servers and tunneling software. Since the header of the packet is not encrypted in Transport mode, the destination of the packet may be known. Figure 7 show the package in Transport Mode. [1][6] Figure 7 Packets in Transport Mode [6] Transport Mode is normally to be used in the end-to-end transport of encrypted data. Figure 8 show the Transport Mode VPN Page 15
16 Figure 8 Transport Mode VPN [1] Tunnel Mode In Tunnel Mode, the entire packet is encrypted and protected. The original IP packet with its header or destination address is inserted into a new IP packet. ESP and AH are then applied to the new packet. It will then establish two perimeter tunnel server and the new IP header is pointed to the end point of the tunnel. Once the packet reach the destination point, the end point of the tunnel will then decrypt the packet. The advantage of using tunnel mode is the entire packet is protected and secure. The sender and the receiver location are not viewed by attacker. Figure 9 show the packet in Tunnel Mode. [1][6] Figure 9 Packets in Tunnel Mode [6] Figure 10 show the Tunnel Mode VPN Page 16
17 Figure 10 Tunnel Mode VPN [1] Risk and Limitation of VPN Although there are lot of benefit in using VPN to provide a secure connection between the sender and the receiver, there are some limitation and risk for using VPN. The first limitation and risk is the general attack from hacker. The client of VPN may become the target of an attack. Those attacks are like VPN hijacking or man-inthe-middle attack. Besides that, if the authentication of the VPN is not strong enough to restrict those unauthorized user, this could be vulnerable to the unauthorized third party to access to the connection between the VPN users. This is due to the default VPN setting like PAP used in PPTP which transport both of the user name and password in a clear text without any encryption. The third party then could capture this information and use it to gain access to the connected network. In addition, a client machine in VPN network sometime will also be shared with some third party users which are not aware of the security implementation. They may use the machine to connect to other network like wireless LAN in hotel or restaurant. Page 17
18 This will then explore the vulnerability of the machine. If the client machine is compromised without the knowledge of the owner, and the owner connect his machine to the secure VPN network, finally this will poses a risk to the connecting network. Conclusion VPN is an emerging technology that has come a long way. VPN s technology is still developing, and this is a great advantage to businesses, which need to have technology that is able to scale and grow along with them. With VPN businesses now have alternative benefits to offer to their employees, employees can work from home, take care of children while still doing productive, and have access work related information at any time. In conclusion, VPN did contribute to the security field and protect the communication between two networks. Page 18
19 References 1. Michael E. Whitman, Herbert J. Mattord: Principles of Information Security, 2 nd Edition, Thomson Course Technology, reason VPN is a must taken from reasons-why-use-a-vpn 3. Virtual Private Network by Germaine Bacon, Lizzi Beduya, Jun Mitsuka, Betty Huang, Juliet Polintan in November 19, Virtual Private Network Architecture by T. Braun, M. Günter, M. Kasumi, I. Khalil 5. 1Introduction to VPN VPN Concepts, Tips, and Techniques Version 1.0, July VPN SECURITY February 2008 by The Government of the Hong Kong Special Administrative Region 7. What is a VPN? by Paul Ferguson, Geoff Huston published on April 1998 Page 19
Virtual private networks
Technical papers Virtual private networks Virtual private networks Virtual private networks (VPNs) offer low-cost, secure, dynamic access to private networks. Such access would otherwise only be possible
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationVPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009
VPN and IPsec Network Administration Using Linux Virtual Private Network and IPSec 04/2009 What is VPN? VPN is an emulation of a private Wide Area Network (WAN) using shared or public IP facilities. A
More informationSecure VPNs for Enterprise Networks
Secure Virtual Private Networks for Enterprise February 1999 Secure VPNs for Enterprise Networks This document provides an overview of Virtual Private Network (VPN) concepts using the. Benefits of using
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationService Managed Gateway TM. Configuring IPSec VPN
Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling
More informationCreating VPN s with IPsec
2014 Creating VPN s with IPsec SPRING ENTERPRISE INFO SECURITY 4040/601 WILSON CHANCE HINCHMAN This paper will define the term VPN, explain for what and why VPNs are used. IPsec, which is vital to the
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationVirtual Private Networks
Chapter 12 Virtual Private Networks Introduction Business has changed in the last couple of decades. Companies now have to think about having a global presence, global marketing, and logistics. Most of
More informationIntranets and Virtual Private Networks (VPNs)
Intranets and Virtual Private Networks (VPNs) Definition Private networking involves securely transmitting corporate data across multiple sites throughout an entire enterprise. Creating a truly private
More informationCisco How Virtual Private Networks Work
Table of Contents How Virtual Private Networks Work...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 Background Information...1 What Makes a VPN?...2 Analogy:
More informationThe Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,
1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets
More informationHUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date
HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN Issue 1.1 Date 2014-03-14 HUAWEI TECHNOLOGIES CO., LTD. 2014. All rights reserved. No part of this document may be reproduced or
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationSample excerpt. Virtual Private Networks. Contents
Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................
More informationVirtual Private Networks
EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,
More informationAutomating VPN Management
Automating VPN Management By Scott Hilton, Vice President Product Management Assured Digital, Inc. Although many network managers, users and executives agree on the benefits of virtual private networking,
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationExpected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy
CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design
More informationCIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec
CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality
More informationIP Security. Have a range of application specific security mechanisms
IP Security IP Security Have a range of application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS However there are security concerns that cut across protocol layers Would like security
More informationVirtual Private Networks.
Virtual Private Networks thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Virtual Private Networks VPN Basics Protocols (IPSec, PPTP, L2TP) Objectives of VPNs Earlier Companies
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationSonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide
SonicWALL 6.2.0.0 Addendum A Supplement to the SonicWALL Internet Security Appliance User's Guide Contents SonicWALL Addendum 6.2.0.0... 3 New Network Features... 3 NAT with L2TP Client... 3 New Tools
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationVirtual Private Networks
NEXTEP Broadband White Paper Virtual Private Networks Solutions for cost-effective, high-speed corporate extranets and wide-area networks. A Nextep Broadband White Paper May 2001 Broadband Networks Group
More informationNetwork Security Protocols NET 412D
Kingdome of Saudi Arabia Ministry of Higher Education Princess Nora Bint Abdul Rahman University Faculty of Computer & Information Science Networking and Communication Systems Department المملكة العربية
More informationProtocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science
Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationNetwork Security - ISA 656 IPsec IPsec Key Management (IKE)
Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating
More informationAnalysis of VPN Protocols
Analysis of VPN Protocols ECE 646 Final Project Presentation Tamer Mabrouk Touhidur Satiar Overview VPN Definitions Emergence of VPN Concept of Tunneling VPN Classification Comparison of Protocols Customer
More informationVPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist
VPN World MENOG 16 Istanbul-Turkey By Ziad Zubidah Network Security Specialist What is this Van used for?! Armed Van It used in secure transporting for valuable goods from one place to another. It is bullet
More informationON-LINE EXPERT SUPPORT THROUGH VPN ACCESS
ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS P. Fidry, V. Rakotomanana, C. Ausanneau Pierre.fidry@alcatel-lucent.fr Alcatel-Lucent, Centre de Villarceaux, 91620, Nozay, France Abstract: As a consequence of
More informationCryptography and Network Security Chapter 16. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,
More informationENSC 427: Communication Networks. Spring Final Report Analysis of Applications Through IP VPN.
ENSC 427: Communication Networks Spring 2014 0 Final Report Analysis of Applications Through IP VPN www.sfu.ca/~leetonyl/ensc427group12.html Group 12 Lee, Tony Nguyen, Anthony Truong, Henson 301111050
More informationCSC 6575: Internet Security Fall 2017
CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationStandard For IIUM Wireless Networking
INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version
More informationVirtual Private Network
Running head: Virtual Private Network Virtual Private Network Ann Funk ICTN 6870 ADVANCED NETWORK SECURITY Virtual Private Network Page 1 of 13 Table of Contents Abstract... 2 Introduction... 3 What is
More information31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers
31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers CONTENTS Focus Questions... 2 Chapter 1: Explore the Network... 2 Chapter 2: Configure a Network Operating System... 5 Chapter 3: Network
More informationCustom Connect. All Area Networks. customer s guide to how it works version 1.0
All Area Networks Custom Connect customer s guide to how it works version 1.0 The information in this technical user guide and the glossary of terms has been prepared in good faith and is correct at the
More informationTABLE OF CONTENTS CHAPTER TITLE PAGE
vii TABLE OF CONTENTS CHAPTER TITLE PAGE DECLARATION ACKNOWLEDGMENT ABSTRACT ABSTRAK TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF APPENDICES ii iv v vi vii xiii xiv xvi 1 OVERVIEW 1 1.1 Introducation
More informationWireless technology Principles of Security
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
More informationIP Mobility vs. Session Mobility
IP Mobility vs. Session Mobility Securing wireless communication is a formidable task, something that many companies are rapidly learning the hard way. IP level solutions become extremely cumbersome when
More informationINTERNET PROTOCOL SECURITY (IPSEC) GUIDE.
INTERNET PROTOCOL SECURITY (IPSEC) GUIDE www.insidesecure.com INTRODUCING IPSEC NETWORK LAYER PACKET SECURITY With the explosive growth of the Internet, more and more enterprises are looking towards building
More informationbased computing that takes place over the Internet, basically a step on from Utility Computing.
REVIEW OF LITERATURE Joseph Davies & Elliot Lewis (2003) In this paper Cloud Computing is a general term used to describe a new class of network based computing that takes place over the Internet, basically
More informationChildren s Health System. Remote User Policy
Children s Health System Remote User Policy July 28, 2008 Reason for this Policy This policy defines standards for connecting to the Children s Health System (CHS) network from any remote host. These standards
More informationMicrosoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security
Operating System Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security White Paper Abstract The Microsoft Windows operating system includes technology to secure communications
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks
CS 393 Network Security Nasir Memon Polytechnic University Module 13 Virtual Private Networks Course Logistics HW due Monday. HW 6 posted. Due in a week. Questions regarding homework are best answered
More informationMTA_98-366_Vindicator930
MTA_98-366_Vindicator930 Number: 98-366 Passing Score: 700 Time Limit: 45 min File Version: 1.0 http://www.gratisexam.com/ Microsoft Technology Associate Networking Fundamentals MTA 98-366 Exam A QUESTION
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationCLIENT SERVER SYNERGY USING VPN
CLIENT SERVER SYNERGY USING VPN 1 CHETAN S MORE, 2 AMAN ANNAD, 3 KUSHAGRA RAIZADA, 4 MANUJ SRIVASTAVA 1,2,3,4 Department of Electronics and Telecommunication Engineering, Bharati Vidyapeeth (Deemed To
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Tunneling and VPNs CIT 480: Securing Computer Systems Slide #1 Topics 1. Tunneling 1. Encapsulation 2. Security 3. SSH 2. Virtual Private Networks 1. Site-to-site 2.
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationVPN Overview. VPN Types
VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationWhat is Eavedropping?
WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks
More informationINTRODUCTION TO ICT.
INTRODUCTION TO ICT. (Introducing Basic Network Concepts) Lecture # 24-25 By: M.Nadeem Akhtar. Department of CS & IT. URL: https://sites.google.com/site/nadeemcsuoliict/home/lectures 1 INTRODUCTION TO
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More information1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood
TM 1100 Dexter Avenue N Seattle, WA 98109 206.691.5555 www.netmotionwireless.com NetMotion Mobility Architecture A Look Under the Hood NetMotion Mobility Architecture A Look Under the Hood Wireless networking
More informationBy VPNet Technologies. What s a VPN Anyway? A Virtual Private Networking Primer
By VPNet Technologies What s a VPN Anyway? A Virtual Private Networking Primer What s a VPN Anyway? What s a VPN Anyway? or The Cloud s Silver Lining Is Your Net 1998 VPNet Technologies Inc. All rights
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationNumerics I N D E X. 3DES (Triple Data Encryption Standard), 48
I N D E X Numerics A 3DES (Triple Data Encryption Standard), 48 Access Rights screen (VPN 3000 Series Concentrator), administration, 316 322 Action options, applying to filter rules, 273 adding filter
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationFirewall-Friendly VoIP Secure Gateway and VoIP Security Issues
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
More informationArea Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low
Chapter 15 Networking Concepts 1. Define networking. It is the interconnection of independent computing devices for sharing of information over shared medium. 2. What is the need for networking? / What
More informationVirtual Dispersive Networking Spread Spectrum IP
Virtual Dispersive Networking Spread Spectrum IP DSI Proprietary 1 DSI Proprietary 2 Problem Lies Outside of Existing Security: On the Internet Internet Routers Virus Software Phishing Software etc POLICY
More informationVPN Auto Provisioning
VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds
More informationChapter 6/8. IP Security
Chapter 6/8 IP Security Prof. Bhargavi H Goswami Department of MCA, Sunshine Group of Institutes, Rajkot, Gujarat, India. Mob: +918140099018. Email: bhargavigoswami@gmail.com Topic List 1. IP Security
More informationSECURE DATA EXCHANGE
POLICY-DRIVEN SOLUTIONS FOR SECURE DATA EXCHANGE Sending and receiving data is a fundamental part of daily business for nearly every organization. Companies need to share financial transaction details,
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any
More informationThe EN-4000 in Virtual Private Networks
EN-4000 Reference Manual Document 8 The EN-4000 in Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission
More informationSet Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers
Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually
More informationThe IPsec protocols. Overview
The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview
More informationGrandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide
Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN
More informationInternet security and privacy
Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
More informationChapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University
Chapter 6 IP Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. IP Security Overview 2. IP Security Architecture 3.
More informationIndustrial Control System Security white paper
Industrial Control System Security white paper The top 10 threats to automation and process control systems and their countermeasures with INSYS routers Introduction With the advent of M2M (machine to
More informationTime Synchronization Security using IPsec and MACsec
Time Synchronization using IPsec and MACsec Appeared in ISPCS 2011 Tal Mizrahi Israel ing Seminar May 2012 Time Synchronization Time synchronization is used for various applications. Securing the time
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationComplete B-2: Comparing firewall-based secure topologies, complete questions 1 through 3 on
COT410 LAN Fundamentals Week 5 Worksheet (WS5) Unit 8 / Unit 9 Assignments Name: Kevin Comer Unit 8 Security Practices Unit time: 180 minutes Read pages 8-1 through 8-48 Complete B-1: Examining firewalls
More informationUsing Mobile Computers Lesson 12
Using Mobile Computers Lesson 12 Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data Use BitLocker Drive Encryption Use remote network connections
More informationMaking life simpler for remote and mobile workers
: Technology GoToMyPC Technology Making life simpler for remote and mobile workers Learn why GoToMyPC is the most secure, cost-effective and easy-to-use solution for providing remote access to the desktop.
More informationVPN. The Remote Access Solution. A Comprehensive Guide to Evaluating: Security Administration Implementation. the virtual leader
VPN The Remote Access Solution A Comprehensive Guide to Evaluating: Security Administration Implementation the virtual leader www.compatible.com VPN: The Remote Access Solution Contents The Promise of
More informationIP Security. Cunsheng Ding HKUST, Kong Kong, China
IP Security Cunsheng Ding HKUST, Kong Kong, China Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database Building
More informationWireless LAN, WLAN Security, and VPN
Wireless LAN, WLAN Security, and VPN 麟瑞科技台南辦事處技術經理張晃崚 WLAN & VPN FAQ What is WLAN?802.11a?802.11b?802.11g? Which standard (product) should we use? How to deploy WLAN? How to block intruders? How to authenticate
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationRemote Connectivity for SAP Solutions over the Internet Technical Specification
Remote Connectivity for SAP Solutions over the Technical Specification June 2006 Remote Connectivity for SAP Solutions over the page 2 1 Introduction SAP offers secure connections over the for support
More informationGHz. VPN Router with RangeBooster User Guide WRV200 WIRELESS. Model No.
GHz 2.4 802.11g Wireless-G VPN Router with RangeBooster User Guide WIRELESS Model No. WRV200 Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered trademark
More information