based computing that takes place over the Internet, basically a step on from Utility Computing.

Size: px
Start display at page:

Download "based computing that takes place over the Internet, basically a step on from Utility Computing."

Transcription

1 REVIEW OF LITERATURE Joseph Davies & Elliot Lewis (2003) In this paper Cloud Computing is a general term used to describe a new class of network based computing that takes place over the Internet, basically a step on from Utility Computing. In other words, this is a collection/group of integrated and networked hardware, software and Internet infrastructure (called a platform). Cloud computing is an umbrella term used to refer to Internet based development and services. A cloud client consists of computer hardware and/or computer software that relies on cloud computing for application delivery. William Stallings (2005) This paper is to be considered protected, data from one customer must be properly segregated from that of another; it must be stored securely when at rest and it must be able to move securely from one location to another. Cloud providers have systems in place to prevent data leaks or access by third parties. Proper separation of duties should ensure that auditing and/or monitoring cannot be defeated, even by privileged users at the cloud provider. PLUMMER, D.C. (2005) In this paper Cloud providers ensure that applications available as a service via the cloud are secure by implementing testing and acceptance procedures for outsourced or packaged application code. It also requires application security measures (application-level firewalls) be in place in the production environment.finally, providers ensure that all critical data (credit card numbers, for example) are masked and that only authorized users have access to data in its

2 entirety. Moreover, digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud. Charles P. Pfleeger (2006) In this paper a VPN is the extension of a private network that encompasses links across shared or public networks such as the Internet. A VPN enables us to send data between two computers across a shared or public inter network in a manner that emulates the properties of a point-to-point private link. In essence, it makes the remote computer virtually part of the private network by making an encrypted tunnel through the public Internet. The act of configuring and creating a VPN is known as virtual private networking. MEI and L.CHAN (2008) This paper describes tunneling is a method of using an intermediate network infrastructure to transfer data for one network over another network while maintaining privacy and control over the original data. The data to be transferred (the payload) can be the frames (or packets) of another protocol. Instead of sending a frame as the originating node produces it, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate network. SUN, W., ZHANG, K., CHEN, S.-K., ZHANG, X. and LIANG (2007) In this paper PPTP and L2TP depend heavily on the features originally specified for PPP. PPP was designed to send data across dial-up or dedicated point-to-point connections. For IP, PPP encapsulates IP packets within PPP frames, and then transmits the PPP-encapsulated

3 packets across a point-to-point link. PPP was originally defined as the protocol to use between a dial-up client and a NAS. There are four distinct phases of negotiation in a PPP connection. Each of these four phases must complete successfully before the PPP connection is ready to transfer user data. HARMER, T., WRIGHT, P., CUNNINGHAM, C. and PERROTT, R. (2007) In this paper PPP uses the Link Control Protocol (LCP) to establish, maintain, and terminate the logical point-to-point connection. During Phase 1, basic communication options are selected. For example, authentication protocols are selected, but they are not actually implemented until the user authentication phase (Phase 2). Similarly, during Phase 1, a decision is made as to whether the two peers will negotiate the use of compression and/or encryption. The actual choice of compression and encryption algorithms and other details occurs during Phase 4. In the second phase, the client computer sends the user s qualifications to the remote access server. A secure authentication scheme provides protection against repeat attacks and remote client impression. A replay attack occurs when a third party monitors a successful connection and uses captured packets to play back the remote client s response so that it can gain an authenticated connection. During Phase 2 of PPP link configuration, the NAS collects the authentication data and then validates the data against its own user database or a central authentication database server, such as one maintained by a Windows domain controller, or the authentication data is sent to a RADIUS server.

4 Once the previous phases have been completed, PPP invokes the various network control protocols (NCPs) that were selected during the link-establishment phase (Phase 1) to configure protocols used by the remote client. For example, during this phase, IPCP is used to assign a dynamic address to the PPP client. Once the four phases of PPP negotiation have been completed, PPP begins to forward data across the tunnel. Each transmitted data packet is wrapped in a PPP header that is removed by the receiving system when it reaches the far destination. If data compression was selected in Phase 1 and negotiated in Phase 4, data is compressed before transmission. If data encryption is selected and negotiated, data is encrypted before transmission. If both encryption and compression are negotiated, the data is compressed first and then encrypted. De-encryption and decompression occur once the packets reach the far end of the tunnel. BERNSTEIN, D., LUDVIGSON, E., SANKAR, K., DIAMOND, S. and MORROW (2007) This paper PPTP encapsulates PPP frames in IP datagrams for transmission over an IP inter network, such as the Internet. PPTP can be used for remote access and site-to-site VPN connections. PPTP uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted, compressed, or both. OHLMAN, B., ERIKSSON, A. and REMBARZ (2008) In this paper L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology proposed by Cisco Systems, Inc. L2TP represents the best features of PPTP and L2F. L2TP encapsulates PPP frames to be sent over IP, X.25, frame relay, or ATM networks. When

5 configured to use IP as its datagram transport, L2TP can be used as a tunneling protocol over the Internet. L2TP is documented in RFC J. Appavoo, V. Uhlig, and A. Waterland (2008) This paper describes Security credentials take the form of either a user name and password or a certificate. If we use the proper authentication security protocol, we can ensure that the confidential portions of the credentials (such as the password or the private key for a certificate) are never sent. Rather, the connecting VPN client provides proof of knowledge of the confidential credentials. LIM, H., BABU, S., CHASE, J. and PAREKH (2009) In this paper authorization security ensures that the VPN client is allowed to make a VPN connection, and can provide a set of connection constraints such as maximum connection time, idle timeout, required authentication method, and so on. This allows for administrators to add extra security to remote-based users. Before the data between a VPN client and VPN server is sent over the VPN connection, it is encrypted using an encryption algorithm and a secret key, which is known only to the VPN client and VPN server. BITTMAN, T.J., AUSTIN, T. (2009) In this paper encryption provides data confidentiality; even if a copy of the packet is captured, it is not readable (except for the IP header) without the knowledge of the secret key. When using PPTP, the encryption is done with a password-based hash algorithm. When using L2TP/IPSec, certificates are used to set up an IPSec encrypted tunnel that all authentication and

6 authorization processes can take place in. This is one of the advantages to using L2TP/IPSec the entire transaction even before authentication happens occurs in an encrypted state. CEARLEY, D.W., and SMITH D.M. (2009) In this paper when we connect a VPN server to the Internet, the server and your private intranet are now exposed to attack. An Internet based attacker can try to attack the VPN server by flooding it with various types of packets or try to access your intranet by using your VPN server as a router. To combat both of types of attacks, the Internet interface of the VPN server is configured with a series of IP packet filters that only allow VPN traffic. This is different than the internal IP filters that apply to a user s authentication this process makes sure that only authorized conversations will be accepted by the VPN server. This will ensure that Denial-of- Service attacks and internet hacks cannot affect operations. DODDA, R., SMITH, C., and MOORSEL (2009) In this paper user authentication for both Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP) connections is based on Point-to-Point Protocol (PPP) authentication protocols. Windows Server 2003 and Windows XP support the following PPP authentication protocols: PAP is a simple, clear-text authentication scheme. The NAS requests the user name and password, and PAP returns them in clear text (unencrypted). Obviously, this authentication scheme is not secure because a third party could capture the user s name and password and use it to get subsequent access to the NAS and all of the resources provided by the NAS. PAP provides no protection against replay attacks or remote client impersonation once the user s password is compromised.

7 GROSSMAN, R. L. (2009) This paper explains that CHAP is an encrypted authentication mechanism that avoids transmission of the actual password on the connection. The NAS sends a challenge, which consists of a session ID and an arbitrary challenge string, to the remote client. The remote client must use the MD5 one-way hashing algorithm to return the user name and a hash of the challenge, session ID, and the client s password. The user name is sent as plain text. CHAP is an improvement over PAP because the clear-text password is not sent over the link. Instead, the password is used to create a hash from the original challenge. SONG, S., RYU, K. and DA SILVA, (2009) According to this paper EAP is a new PPP authentication protocol that allows for an arbitrary authentication method such as smart cards, token cards, or biometrics such as fingerprint scanners or retinal scanners. EAP is an IETF standard extension to PPP that allows for arbitrary authentication mechanisms for the validation of a PPP connection. EAP was designed to allow the dynamic addition of authentication plug-in modules at both the client and server ends of a connection. This allows vendors to supply a new authentication scheme at any time. EAP provides the highest flexibility in authentication uniqueness and variation. KHAJEH-HOSSEINI, A., SOMMERVILLE, I. and SRIRAM (2010) In this paper encryption for PPTP connections is based on the use of MPPE (Microsoft Point to Point Encryption), we must use an authentication protocol that generates MPPE keys as part of the authentication process: MS-CHAP, MS-CHAP v2, or EAP-TLS. The MPPE key is generated using the password in the MS-CHAP algorithms therefore if you are using PPTP it is highly recommended that you apply strong password policies for the users. In the case of

8 EAP-TLS, the user certificates can be used. EAP-TLS using smart cards or MS-CHAP v2 is highly recommended as they provide mutual authentication and are the most secure methods of exchanging credentials. VISHWANATH, K., GREENBERG, A. and REED (2010) In this paper authentication for L2TP/IPSec connections occurs at two different levels: the computer is authenticated, and then the user is authenticated. This allows for the IPSec tunnel to be established prior to the authentication phase of the connection being made, thus allowing for all communications to happen in an encrypted state. John W. Rittinghouse & James F. Ransome (2010) In this paper authorization is the verification that the connection attempt is allowed. Authorization occurs after successful authentication. For a connection attempt to be accepted, the connection attempt must be both authenticated and authorized. It is possible for the connection attempt to be authenticated by using valid credentials, but not authorized. Usually this is because the Active Directory group that the individual belongs to does not have the right to VPN access of the network. Examples of this can be contractors or part-time employees who should not be accessing information unless they are being monitored by full-time employees. Another example can be with internal implementations for VPN where only members of Human Resources can access information on the protected network. In this case, the connection attempt is denied. In the Windows Server 2003 family, authorization of VPN connections is determined by the dial-in properties on the user account and remote access policies. Judith Hurwitz, Robin Bloor, Marcia Kaufman and Dr. Fern Halper (2011)

9 In this paper symmetric, or private-key, encryption (also known as conventional encryption) is based on a secret key that is shared by both communicating parties. The sending party uses the secret key as part of the mathematical operation to encrypt (or encipher) plain text to cipher text. The receiving party uses the same secret key to decrypt (or decipher) the cipher text to plain text. Examples of symmetric encryption schemes are the RSA RC4 algorithm, which provides the basis for MPPE, and DES, which is used for IPSec encryption. MATHEW, R. and SPRAETZ (2011) According to this paper with symmetric encryption, both sender and receiver have a shared secret key. The distribution of the secret key must occur (with adequate protection) prior to any encrypted communication. With asymmetric encryption, the sender uses a private key to encrypt or digitally sign messages, while the receiver uses a public key to decipher these messages. The public key can be freely distributed to anyone who needs to receive the encrypted or digitally signed messages. The sender needs to carefully protect the private key only. EAP-TLS is an IETF standard (RFC 2716) for a strong authentication method based on public-key certificates. With EAP-TLS, a client presents a user certificate to the dial-in server, and the server presents a server certificate to the client. The first provides strong user authentication to the server; the second provides assurance that the user has reached the server that he or she expected. Both systems rely on a chain of trusted authorities to verify the validity of the offered certificate. The remote access account lockout feature is used to specify how many times a remote access authentication fails against a valid user account before the user is denied remote access. Remote access account lockout is especially important for remote access VPN connections over

10 the Internet. Malicious users on the Internet can attempt to access an organization intranet by sending credentials (valid user name, guessed password) during the VPN connection authentication process. H. AbdelSalam, K. Maly, R. Mukkamala, M. Zubair, and D. Kaminsky (2011) In this paper the user has access to the network via VPN, that does not mean that the user should have access to every resource on the network while accessing from an unsecured location. Remote access policies that define authorization and connection constraints can be used to specify a set of IP packet filters that are applied per user or group to remote access connections. When the connection is accepted, the packet filters define the types of IP traffic that are allowed from and to the VPN client. This feature can be used for extranet connections.

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks CS 393 Network Security Nasir Memon Polytechnic University Module 13 Virtual Private Networks Course Logistics HW due Monday. HW 6 posted. Due in a week. Questions regarding homework are best answered

More information

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security Operating System Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security White Paper Abstract The Microsoft Windows operating system includes technology to secure communications

More information

Configuring L2TP over IPsec

Configuring L2TP over IPsec CHAPTER 62 This chapter describes how to configure L2TP over IPsec on the ASA. This chapter includes the following topics: Information About L2TP over IPsec, page 62-1 Licensing Requirements for L2TP over

More information

Review on protocols of Virtual Private Network

Review on protocols of Virtual Private Network Review on protocols of Virtual Private Network Shaikh Shahebaz 1, Sujay Madan 2, Sujata Magare 3 1 Student, Dept. Of MCA [JNEC College] Cidoco N-6, Aurangabad, Maharashtra, India 2 Student Dept. of MCA

More information

Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs) CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure

More information

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009 VPN and IPsec Network Administration Using Linux Virtual Private Network and IPSec 04/2009 What is VPN? VPN is an emulation of a private Wide Area Network (WAN) using shared or public IP facilities. A

More information

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1 IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service

More information

Virtual Private Networks

Virtual Private Networks Chapter 12 Virtual Private Networks Introduction Business has changed in the last couple of decades. Companies now have to think about having a global presence, global marketing, and logistics. Most of

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

Virtual Private Networks.

Virtual Private Networks. Virtual Private Networks thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Virtual Private Networks VPN Basics Protocols (IPSec, PPTP, L2TP) Objectives of VPNs Earlier Companies

More information

Sample excerpt. Virtual Private Networks. Contents

Sample excerpt. Virtual Private Networks. Contents Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................

More information

Network Security and Cryptography. 2 September Marking Scheme

Network Security and Cryptography. 2 September Marking Scheme Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,

More information

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security and Cryptography. December Sample Exam Marking Scheme Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers

More information

Chapter 10 Security Protocols of the Data Link Layer

Chapter 10 Security Protocols of the Data Link Layer Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2005/06 10.1 Scope of Link Layer Security Protocols

More information

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content

More information

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN

More information

L2TP over IPsec. About L2TP over IPsec/IKEv1 VPN

L2TP over IPsec. About L2TP over IPsec/IKEv1 VPN This chapter describes how to configure /IKEv1 on the ASA. About /IKEv1 VPN, on page 1 Licensing Requirements for, on page 3 Prerequisites for Configuring, on page 4 Guidelines and Limitations, on page

More information

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application Table of Contents L2TP Configuration 1 L2TP Overview 1 Introduction 1 Typical L2TP Networking Application 1 Basic Concepts of L2TP 2 L2TP Tunneling Modes and Tunnel Establishment Process 4 L2TP Features

More information

Network Access Flows APPENDIXB

Network Access Flows APPENDIXB APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies

More information

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

Network Security 1. Module 7 Configure Trust and Identity at Layer 2 Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure

More information

PPP Configuration Options

PPP Configuration Options PPP Configuration Options 1 PPP Configuration Options PPP can be configured to support various functions including: Authentication using either PAP or CHAP Compression using either Stacker or Predictor

More information

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide SonicWALL 6.2.0.0 Addendum A Supplement to the SonicWALL Internet Security Appliance User's Guide Contents SonicWALL Addendum 6.2.0.0... 3 New Network Features... 3 NAT with L2TP Client... 3 New Tools

More information

Virtual Private Network

Virtual Private Network VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Network Security. Chapter 11 Security Protocols of the Data Link Layer. Scope of Link Layer Security Protocols

Network Security. Chapter 11 Security Protocols of the Data Link Layer. Scope of Link Layer Security Protocols Network Security Chapter 11 Security Protocols of the Data Link Layer! IEEE 802.1Q, IEEE 802.1X & IEEE 802.1AE! Point-to-Point Protocol (PPP)! Point-to-Point Tunneling Protocol (PPTP)! Layer 2 Tunneling

More information

HP Instant Support Enterprise Edition (ISEE) Security overview

HP Instant Support Enterprise Edition (ISEE) Security overview HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and Network Security. Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with

More information

Analysis of VPN Protocols

Analysis of VPN Protocols Analysis of VPN Protocols ECE 646 Final Project Presentation Tamer Mabrouk Touhidur Satiar Overview VPN Definitions Emergence of VPN Concept of Tunneling VPN Classification Comparison of Protocols Customer

More information

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2. P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and

More information

CSC 6575: Internet Security Fall 2017

CSC 6575: Internet Security Fall 2017 CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality

More information

Authentication. Chapter 2

Authentication. Chapter 2 Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication

More information

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually

More information

Cisco How Virtual Private Networks Work

Cisco How Virtual Private Networks Work Table of Contents How Virtual Private Networks Work...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 Background Information...1 What Makes a VPN?...2 Analogy:

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

Service Managed Gateway TM. Configuring IPSec VPN

Service Managed Gateway TM. Configuring IPSec VPN Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling

More information

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure

More information

Radius, LDAP, Radius, Kerberos used in Authenticating Users

Radius, LDAP, Radius, Kerberos used in Authenticating Users CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization

More information

Virtual Private Networks

Virtual Private Networks EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,

More information

Hardware Management Console External Connectivity Security for IBM POWER5 Processor-based Systems

Hardware Management Console External Connectivity Security for IBM POWER5 Processor-based Systems Hardware Management Console External Connectivity Security for IBM POWER5 Processor-based Systems March 2, 2007 by: Jason Stapels Ann Burkes Brian Myers Table of Contents 1 Introduction...3 1.1 Disclaimer...3

More information

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology Versatile central manageable VPN Client Suite for Linux Central Management and Network Access Control Compatible with VPN gateways (IPsec Standard) Integrated, dynamic personal firewall FIPS Inside Fallback

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

Creating VPN s with IPsec

Creating VPN s with IPsec 2014 Creating VPN s with IPsec SPRING ENTERPRISE INFO SECURITY 4040/601 WILSON CHANCE HINCHMAN This paper will define the term VPN, explain for what and why VPNs are used. IPsec, which is vital to the

More information

IPsec NAT Transparency

IPsec NAT Transparency The feature introduces support for IP Security (IPsec) traffic to travel through Network Address Translation (NAT) or Port Address Translation (PAT) points in the network by addressing many known incompatibilities

More information

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo Secure channel, VPN and IPsec stole some slides from Merike Kaeo 1 HTTP and Secure Channel HTTP HTTP TLS TCP TCP IP IP 2 SSL and TLS SSL/TLS SSL v3.0 specified

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

VPNS BY RICK FREY.

VPNS BY RICK FREY. VPNS BY RICK FREY www.rickfreyconsulting.com WHAT IS A VPN? A Virtual Private Network is a means by which two or more normally non-adjacent networks are connected through virtual wires. www.rickfreyconsulting.com

More information

KALASALINGAM UNIVERSITY

KALASALINGAM UNIVERSITY KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE

More information

Radius, LDAP, Radius used in Authenticating Users

Radius, LDAP, Radius used in Authenticating Users CSCD 303 Lecture 5 Fall 2017 Kerberos Radius, LDAP, Radius used in Authenticating Users Introduction to Centralized Authentication Kerberos is for authentication only and provides Single Sign-on (SSO)

More information

Network Security. Chapter 10 Security Protocols of the Data Link Layer

Network Security. Chapter 10 Security Protocols of the Data Link Layer Network Security Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol () Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Virtual Private Networks

More information

Indicate whether the statement is true or false.

Indicate whether the statement is true or false. Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.

More information

VPN Virtual Private Networks

VPN Virtual Private Networks VPN Virtual Private Networks Mathias Schäfer WS 2003/2004 Overview 2 Overview Why VPNs VPN-use-cases Requirements Security Performance Conclusion Why VPNs 3 Why VPNs In business-solutions VPN-technology

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Question Number (ID) : 1 (jaamsp_mngnwi-088) You are the administrator for medium-sized network with many users who connect remotely. You have configured a server running Microsoft Windows Server 2003,

More information

VPN. Agenda VPN VPDN. L84 - VPN and VPDN in IP. Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP)

VPN. Agenda VPN VPDN. L84 - VPN and VPDN in IP. Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP) VPN Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP) Agenda VPN Classical Approach Overview IP Based Solutions IP addresses non overlapping IP addresses overlapping MPLS-VPN VPDN RAS

More information

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11 iii PPTP................................................................................ 7 L2TP/IPsec........................................................................... 7 Pre-shared keys (L2TP/IPsec)............................................................

More information

L13. Reviews. Rocky K. C. Chang, April 10, 2015

L13. Reviews. Rocky K. C. Chang, April 10, 2015 L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing

More information

Diameter NASREQ Application. Status of this Memo. This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026.

Diameter NASREQ Application. Status of this Memo. This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. AAA Working Group Pat R. Calhoun Internet-Draft Black Storm Networks Category: Standards Track William Bulley Merit Network, Inc. Allan C. Rubens Tut Systems, Inc.

More information

Chapter 8. User Authentication

Chapter 8. User Authentication Chapter 8. User Authentication This chapter describes how NetDefendOS implements user authentication. Overview, page 220 Authentication Setup, page 221 8.1. Overview In situations where individual users

More information

Network Security. Rev 1.0.

Network Security. Rev 1.0. Network Security Rev 1.0 www.huawei.com HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Objectives ACL NAT AAA RADIUS + DIAMETER Tunneling (GRE+IPSec) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

More information

Configuring Client-Initiated Dial-In VPDN Tunneling

Configuring Client-Initiated Dial-In VPDN Tunneling Configuring Client-Initiated Dial-In VPDN Tunneling Client-initiated dial-in virtual private dialup networking (VPDN) tunneling deployments allow remote users to access a private network over a shared

More information

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist VPN World MENOG 16 Istanbul-Turkey By Ziad Zubidah Network Security Specialist What is this Van used for?! Armed Van It used in secure transporting for valuable goods from one place to another. It is bullet

More information

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1 VPN, IPsec and TLS stole slides from Merike Kaeo apricot2017 1 Virtual Private Network Overlay Network a VPN is built on top of a public network (Internet)

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security

More information

VPN Overview. VPN Types

VPN Overview. VPN Types VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat

More information

Security in IEEE Networks

Security in IEEE Networks Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set

More information

CSE509: (Intro to) Systems Security

CSE509: (Intro to) Systems Security CSE509: (Intro to) Systems Security Fall 2012 Invited Lecture by Vyas Sekar IPSec 2005-12 parts by Matt Bishop, used with permission Security in Real Life: Motivation Site SF Company X $$$ Site NY Site

More information

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security 1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of

More information

14. Internet Security (J. Kurose)

14. Internet Security (J. Kurose) 14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:

More information

Most Common Security Threats (cont.)

Most Common Security Threats (cont.) Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?

More information

HC-711 Q&As. HCNA-CBSN (Constructing Basic Security Network) - CHS. Pass Huawei HC-711 Exam with 100% Guarantee

HC-711 Q&As. HCNA-CBSN (Constructing Basic Security Network) - CHS. Pass Huawei HC-711 Exam with 100% Guarantee HC-711 Q&As HCNA-CBSN (Constructing Basic Security Network) - CHS Pass Huawei HC-711 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money

More information

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design

More information

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT Hüseyin ÇOTUK Information Technologies hcotuk@etu.edu.tr Ahmet ÖMERCİOĞLU Information Technologies omercioglu@etu.edu.tr Nurettin ERGİNÖZ Master Student

More information

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,

More information

Lecture 13 Page 1. Lecture 13 Page 3

Lecture 13 Page 1. Lecture 13 Page 3 IPsec Network Security: IPsec CS 239 Computer Software March 2, 2005 Until recently, the IP protocol had no standards for how to apply security Encryption and authentication layered on top Or provided

More information

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,

More information

CLIENT SERVER SYNERGY USING VPN

CLIENT SERVER SYNERGY USING VPN CLIENT SERVER SYNERGY USING VPN 1 CHETAN S MORE, 2 AMAN ANNAD, 3 KUSHAGRA RAIZADA, 4 MANUJ SRIVASTAVA 1,2,3,4 Department of Electronics and Telecommunication Engineering, Bharati Vidyapeeth (Deemed To

More information

CSC 4900 Computer Networks: Security Protocols (2)

CSC 4900 Computer Networks: Security Protocols (2) CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication

More information

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Exam : Title : Security Solutions for Systems Engineers. Version : Demo Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized

More information

Virtual private networks

Virtual private networks Technical papers Virtual private networks Virtual private networks Virtual private networks (VPNs) offer low-cost, secure, dynamic access to private networks. Such access would otherwise only be possible

More information

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. Distributed Systems 1 06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

Use Shrew Soft VPN Client to Connect with IPSec VPN Server on RV130 and RV130W

Use Shrew Soft VPN Client to Connect with IPSec VPN Server on RV130 and RV130W Use Shrew Soft VPN Client to Connect with IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote resources by establishing an encrypted

More information

isco Cisco PPPoE Baseline Architecture for the Cisco UAC

isco Cisco PPPoE Baseline Architecture for the Cisco UAC isco Cisco PPPoE Baseline Architecture for the Cisco UAC Table of Contents Cisco PPPoE Baseline Architecture for the Cisco UAC 6400...1...1 Introduction...1 Assumption...1 Technology Brief...2 Advantages

More information

Distributed Systems. Lecture 14: Security. 5 March,

Distributed Systems. Lecture 14: Security. 5 March, 06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a

More information

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations 98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low

More information

Securing Remote Access

Securing Remote Access Information Security for Technical Staff Module 12: Securing Remote Access Networked Systems Survivability CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh,

More information

CYBER SECURITY MADE SIMPLE

CYBER SECURITY MADE SIMPLE CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published

More information

Network Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol

Network Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol Bibliography General principles about Radius server Bibliography Network System Radius Protocol Claude Duvallet University of Le Havre Faculty of Sciences and Technology 25 rue Philippe Lebon - BP 540

More information

Cisco PPPoE Baseline Architecture for the Cisco UAC 6400

Cisco PPPoE Baseline Architecture for the Cisco UAC 6400 Cisco PPPoE Baseline Architecture for the Cisco UAC 6400 Document ID: 12915 Contents Introduction Assumption Technology Brief Advantages and Disadvantages of PPPoE Architecture Advantages Disadvantages

More information

Configuring Security for VPNs with IPsec

Configuring Security for VPNs with IPsec This module describes how to configure basic IPsec VPNs. IPsec is a framework of open standards developed by the IETF. It provides security for the transmission of sensitive information over unprotected

More information

TSIN02 - Internetworking

TSIN02 - Internetworking TSIN02 - Internetworking Literature: Lecture 11: SNMP and AAA Forouzan, chapter 21 Diameter next generation's AAA protocol by Håkan Ventura, sections 2-3.3.6 RFC2881 (optional extra material) Outline:

More information

Lecture 12 Page 1. Lecture 12 Page 3

Lecture 12 Page 1. Lecture 12 Page 3 IPsec Network Security: IPsec CS 239 Computer Software February 26, 2003 Until recently, the IP protocol had no standards for how to apply security Encryption and authentication layered on top Or provided

More information

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II Hello and welcome to today's lecture on secured communication.

More information

QNAP VPN (Virtual Private Network) Secure network experience

QNAP VPN (Virtual Private Network) Secure network experience QNAP VPN (Virtual Private Network) Secure network experience What is VPN (Virtual Private Network) The general Internet style Internet What is VPN? UNENCRYPTED ENCRYPTED ANONYMOUS When you connect through

More information

Networking interview questions

Networking interview questions Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected

More information