Network Security. Rev 1.0.
|
|
- Deborah Hicks
- 5 years ago
- Views:
Transcription
1 Network Security Rev HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
2 Objectives ACL NAT AAA RADIUS + DIAMETER Tunneling (GRE+IPSec) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 2
3 Ethernet Access List Main function: ensure the distributed access security over the whole network. Server Department B Department A Intranet HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 3
4 Filtering Layer 2 header IP header TCP header Application-level header Data The ACL classifies packets according to series matching conditions. The ACL is applied to a switch port to determine whether a packet should be forwarded or discarded. The matching rules defined by the ACL can also be quoted in other occasions needing traffic differentiation, such as, definition of traffic classification rule in QoS. An access control rule can be composed of multiple sub-rules. Time segment control can be defined. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 4
5 ACL Example acl number 3001 rule 10 permit tcp source destination source-port any destination-port 80 rule 20 deny ip source any destination any HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 5
6 Features of ACL Application Traffic Filtering Routes Filtering QoS HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 6
7 Objectives ACL NAT AAA RADIUS + DIAMETER Tunneling (GRE+IPSec) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 7
8 Private Addresses and Public Address / /24 LAN2 LAN1 Internet The range of private address: /24 LAN3 HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 8
9 Why NAT? NAT (Network Address Translation) Why do we use NAT? Increasingly insufficient IP address resources. Multiple hosts in a LAN to access Internet by a public IP address, address translation can be used. Network security protection: Address translation technology can effectively hide the hosts of the internal LAN. To provide such services as FTP, WWW and Telnet of the internal network to external network HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 9
10 Principle of Address Translation IP packet PC Internet PC2 LAN Local Source Destination Outside Source : : : : : :4001 HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 10
11 Address Pool PC Address Pool Internet PC2 LAN Address Pool is the collection of some continuous public IP addresses, identified by a number. NAT process will select an address from the address pool as the source address after the translation. Address pools enable more LAN users to access Internet simultaneously. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 11
12 R Application of Internal Server Internal server private address: port:80 E0 Serial 0 Internet map on router: address: port: public address: port:80 Access the server referring to the map IP: extranet user HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 12
13 Disadvantages of NAT Since the IP address translation is needed for data packets, the header of the data packet related to IP address cannot be encrypted, nor to use encrypted FTP connection in the application protocol. Otherwise, FTP port command cannot be correctly translated. Network debugging becomes more difficult. For instance, while a router in internal network host attempts to attack other networks, it is hard to point out which computer is malicious, for the host IP address is shielded. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 13
14 Objectives ACL NAT AAA RADIUS + DIAMETER Tunneling (GRE+IPSec) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 14
15 Network Architecture and Position of BRAS NMS AAA Platform Service Platform Core Layer Core Network Convergence Layer NAS (BRAS) Access Layer Access Network LAN Switch AP DSLAM Ethernet WLAN ADSL User User User HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 15
16 AAA Authentication Authorization Accounting HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 16
17 Architecture of NAS(BRAS) device DHCP Server Policy Server Address Management Service Control BRAS Connection Management User Packet User Identification AAA&UM AAA Server HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 17
18 User Identification Access types PPP packet EAPoL packet IP/ARP/DHCP packet IP/ARP/DHCP packet PPP User 802.1x User Web User Bind User Portal Protocol Packet NAS Web Server HTTP packet HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 18
19 PPP overview Network Layer Network Protocol IP IPX Network Control Protocol IPCP IPXCP BCP Data Link Layer Authentication Protocol PAP CHAP EAP Link Control Protocol LCP Physical Layer Physical Layer HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 19
20 PPP phase diagram LCP PAP/CHAP Up Opened Dead Establish Authenticate Fail Fail Down Terminate Closing Network IPCP HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 22
21 PAP & CHAP Authentication Process Client BRAS PAP ChallengePwd generation Authentication_Req (username, password) Accept/Reject CHAP Challenge Authentication_Req (username, ChallengePwd) Accept/Reject Passwords comparing Challenge generation ChallengePwds comparing HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 24
22 Why we need PPPoE? Subscriber Access Network Subscriber ETH IP DATA Can identify device, not user ETH PPP IP DATA Can identify subscriber HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 26
23 Discovery and Session Stages Discovery stage Discover the AC (Access Concentrator) and acquiring AC s MAC Allocate Session ID Session stage PPP parameters negotiation Data transmission Maintain session HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 27
24 PPPoE Discovery phase diagram Client AC PADI (Service-Name, Session-ID=0x0000) PADO (Service-Name, AC-Name, Session-ID=0x0000) PADR (Service-Name, AC-Name, Session-ID=0x0000) PADS (Service-Name, AC-Name, Session-ID=0x055A) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 28
25 DHCP Address allocation modes Automatic allocation DHCP server assign a permanent address to a client Dynamic allocation DHCP server assign an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address) Manual allocation a client's IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the client HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 29
26 DHCP Working Flow DHCP Client DHCPDICOVER DHCPOFFER DHCPREQUEST DHCPACK or NAK DHCP Server (selected) DHCPRELEASE HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 30
27 Packet format op (1) htype (1) hlen (1) hops (1) xid (4) secs (2) flags (2) ciaddr (4) yiaddr (4) siaddr (4) giaddr (4) chaddr (16) sname (64) file (128) options (variable) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 31
28 Option 82 Preventing IP address from exhausting by DHCP requests Realizing static allocation of IP address by DHCP Preventing static IP address cheating Option 82: Agent Circuit ID {atm eth} frame/slot/subslot/port[:vpi.vci outer_vlan.inner_vlan] Agent Remote ID AccessNodeIdentifier Example: Quidway Eth 0/1/0/1:0.0 HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 32
29 Option 82 PC DSLAM NAS DHCP Server DISCOVER DISCOVER DISCOVER Option 82 Option 82 OFFER REQUEST ACK OFFER Option 82 REQUEST Option 82 ACK Option 82 OFFER Option 82 REQUEST Option 82 ACK Option 82 HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 33
30 Objectives ACL NAT AAA RADIUS + DIAMETER Tunneling (GRE+IPSec) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 34
31 Networking Application of RADIUS NAS AAA Server Core Network (Internet) NAS DSLAM Access Networks LAN Switch User User HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 35
32 Architecture of NAS device DHCP Server Policy Server Address Management Service Control NAS Connection Management User Packet User Identification AAA&UM AAA Server HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 36
33 Client-Server Model AAA Server User NAS (RADIUS Client) RADIUS Server RADIUS = Remote Authentication Dial-In User Service HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 37
34 Key features Network security Shared secret Flexible Authentication Mechanism PAP CHAP Extensible Protocol Attribute-Length-Value format HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 38
35 Radius Packet Format Packet : Code Identifier Length Authenticator Attributes Attribute : Type Length Value HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 39
36 Authentication and Accounting Procedure User NAS RADIUS Server User request access Configure user Access-Request Access-Accept Access-Reject Accounting-Request (start) Accounting-Response Authentication Accounting start User request termination Accounting-Request (Interim update) Accounting-Response Accounting-Request (stop) Accounting-Response Interim Accounting Accounting stop HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 40
37 PAP and CHAP Interoperation PAP RADIUS User NAS Server Username Access-Request Password Username, Password Access-Accept Configure user Access-Reject Check Challenge CHAP Username Encrypted challenge Configure user Access-Request Username, Challenge, Encrypted Challenge Access-Accept Access-Reject HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 41
38 Why UDP? 1. If the request to a primary Authentication server fails, a secondary server must be queried 2. The timing requirements of this particular protocol are significantly different than TCP provides 3. The stateless nature of this protocol simplifies the use of UDP 4. UDP simplifies the server implementation HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 42
39 What s Diameter? Diameter protocol An AAA protocol, provide Authentication, Authorization and Accounting (AAA) function Advanced than radius, so it is called diameter AAA server NAS Radius Diameter AAA server AAA client PPP Traditional network DSL 3G Future network WLAN HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page43
40 New demands on AAA protocols Network access requirements for AAA protocols Failover Transmission-level security Reliable transport Agent support Server-initiated messages Capability negotiation Peer discovery and configuration HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page44
41 Diameter Framework The Diameter protocol consists of the Diameter base protocol and the Diameter application protocol. Diameter base protocol: Provides a secure, reliable, and extensible framework for various authentication, authorization, and accounting services. Diameter application protocol: Defines functional and data units for particular applications. MIP Diameter Application Diameter Stack SCTP TCP application NASREQ application SIP application EAP Diameter base protocol application HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 45
42 Diameter node type Diameter node type Client A Diameter Client is a device at the edge of the network that performs access control. An example of a Diameter client is a Network Access Server (NAS) or a Foreign Agent (FA). Server A Diameter Server is one that handles authentication, authorization and accounting requests for a particular realm. By its very nature, a Diameter Server MUST support Diameter applications in addition to the base protocol. Agent HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page46
43 Role of Diameter Agents There are four kinds of Diameter Agents Relay Agent or Relay Proxy Agent or Proxy Redirect Agent Translation Agent HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page47
44 Relay/Proxy Agent HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 48
45 Relay/Proxy Agent HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 49
46 Redirect Agent HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 50
47 Redirect Agent HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 51
48 Translation Agent HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 52
49 Diameter Message Structure The Diameter message structure consists of two parts: Diameter message head Diameter AVP Message head Message body version command flags R P E T r r r r Message Length Command-Code Application-ID Hop-by-Hop Identifier End-to-End Identifier AVPs HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 53
50 Diameter PDU Command code Command-Name Abbrev Code Abort-Session-Request ASR 274 Abort-Session-Answer ASA 274 Accounting-Request ACR 271 Accounting-Answer ACA 271 Capabilities-Exchange-Request CER 257 Capabilities-Exchange- Answer CEA 257 Device-Watchdog-Request DWR 280 Device-Watchdog-Answer DWA 280 Session-Termination- Request STR 275 Session-Termination- Answer STA 275 HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page54
51 Diameter AVP AVP (attribute-value pair) The Diameter message body is composed of Diameter AVPs. Each AVP carries a specific message parameter value, and contains an AVP head and data. The AVP carries the authentication information, authorization information, charging information, routing information, security information, and the request and response configuration information. AVP structure AVP flags V M P r r r r r AVP Code Vendor-ID (opt) AVP data AVP Length HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 58
52 Example Use Cx message as an example I-CSCF Diameter message: UAA HSS Diameter header AVPs Command code UAA AVP header AVP data AVP code AVP length : server capabilities HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page60
53 Diameter Link Establishment- Capability Exchange Client Connection Establish CER Server CEA CER / CEA (Capabilities-Exchange-Request / Answer) When the two Diameter peers creates the connection, they need to perform capability exchange. CER/CEA capability exchange is used to notify the capability (such as protocol version, diameter application, and security mechanism). If the peer receives CER from the unknown peer, it will discard the message or return the result code DIAMETER_UNKNOWN_PEER. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page61
54 Diameter Link Heartbeat Message Node1 Node2 DWR DWA DWR/DWA (Device-Watchdog-Request / Answer) DWR command code is 280. It is used to detect link, also called heartbeat message or shake hand message. If the Node sends several DWR messages continuously, but the peer Node will not return DWA, the status of the link will be set down. (not release the link). HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page62
55 Diameter Link Disconnection Message Node1 DPR Node2 DPA Connection Release DPR/DPA (Disconnect-Peer-Request / Answer) Command code is 282. DPR is used to notify the peer Node to disconnect the link, and the peer Node return the DPA and then the link is disconnected. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page63
56 Diameter Link Management Process DA PEER DA PEER Capability exchange is successful and link is normal. SCTP association establishment CER CEA DA initiate to disconnect link DPR DPA SCTP association disconnect Sends heartbeat message periodically to maintain the link status DWR DWA The peer initiate to disconnect link DPR DPA SCTP association disconnect 1. Diameter link establishment process 2.Diameter link disconnection process Diameter connection is established through the capability exchange with the peer; When DA or the peer want to release the diameter link, it need to send the DPR message initially to disconnect the link. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page64
57 Diameter Message Routing Function Diameter basic protocol layer Check the routing table based on the D-Realm and forward the mesage N N Check the adjacent peer device based on the D-Host? Y Whether carry the D-Host? Y Choose the route and forward M s g D-Host= D-Realm= HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page67
58 Diameter Message Routing Function (Cont.) Request (ApplicationID, DestRealm= RealmB, DestHost=Server.RealmB 2.Routing Request ( ) 5.Response( ) DA2 RealmB 3.Forwarding Request ( ) Server 4.Response ( ) Hostname=Server.RealmB Client Hostname=Client.RealmA RealmA 1.Routing Request ( ) 6.Respons e ( ) IETF RFC3588 Diameter Base Protocol DA1 Routing:message routing based on the Realm-Based Routing Table. Forwarding:message forwarding based on the peer device table. The response message does not carry the target address information, it is returned according to the path of the corresponding request message. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
59 2.Request 5.Response Switchover T bit is set to 1, the message is a retransmission message DA2 Request Queue Server Diameter cache for each request message, its purpose is to retransmit the message when the link is fault, to ensure that the message can be sent to the destination as soon as possible, to reduce delay. Client Request Queue 1.Request 6.Response DA1 Request Queue Due to link failure, Request message is not sent to the peer or did not receive the response message HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
60 Objectives ACL NAT Access Methods (PPP, PPPoE, DHCP) AAA RADIUS + DIAMETER Tunneling (GRE+IPSec) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 72
61 VPN Definition Remote office Partner Headquarter Tunnel Internet Leased line Branch Employees in business trips Office VPN Virtual Private Network HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 73
62 Classification of VPN Based on the applications: Access VPN Intranet VPN Extranet VPN Based on Realization Layer : Layer 2 VPN Layer 3 VPN HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 74
63 Access VPN Tunnel Originated by ISP POP POP POP HQ Originated by user Dial network expansion: Employees on errands Remote small office HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 75
64 Intranet VPN HQ Research Institute Internet/ ISP IP ATM/FR Branch Office Tunnel HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 76
65 Extranet VPN HQ Remote Office Internet/ ISP IP ATM/FR Branch Partner HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 77
66 Classification Based on Realization Layer Layer 2 VPN L2TP: Layer 2 Tunnel Protocol (RFC 2661) PPTP: Point To Point Tunnel Protocol L2F: Layer 2 Forwarding Layer 3 VPN GRE : General Routing Encapsulation IPSEC : IP Security Protocol HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 78
67 Principle of VPN Design Security Tunnel and Encryption Data Authentication User Authentication Fire Wall and Attack Examination Reliability Economical Efficiency Expansibility HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 79
68 GRE Overview GRE is generic routing encapsulation protocol. It will encapsulate datagram of some network layer protocol (e.g. IP, IPX, AppleTalk, etc.) and enable these datagram to transmit on IP network GRE is the layer 3 tunnel protocol of VPN (Virtual Private Network), that is, a technique called as Tunnel is adopted between protocol layers HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 80
69 GRE Protocol Stack IP/IPX GRE IP Link Layer Passenger Protocol Encapsulation Protocol Transmission Protocol GRE Protocol Stack Data Link Layer IP GRE IP/IPX Payload Tunnel Interface Message Format HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 81
70 GRE Build VPN Original Data Packet GRE Header Transfer Protocol Header Tunnel Internet Branch HQ HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 82
71 IPSec Overview IPSec(IP Security) is a framework of open standards developed by the Internet Engineering Task Force (IETF) IPSec include two protocol: AH (Authentication Header ) protocol and ESP (Encapsulating Security Payload ) protocol IPSec provides security services at the IP layer, there are two types of work mode: tunnel mode and transport mode HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 83
72 Compose of IPSec Protocol IPSec provides two security protocols AH (Authentication Header) MD5(Message Digest 5) SHA1(Secure Hash Algorithm) ESP (Encapsulation Security Payload) DES (Data Encryption Standard) 3DES The other algorithm: Blowfish, cast... HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 84
73 Security Feature of IPSec Confidentiality: encrypt a client data and then transmit it in cipher text. Data Integrity: authenticate the received data so as to determine whether the packet has been modified. Data Authentication: to authenticate the data source to make sure that the data is sent from a real sender. Data integrity Data origin authentication Anti-Replay : prevent some malicious client from repeatedly sending a data packet. In other words, the receiver will deny old or repeated data packets. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 85
74 Basic Concept of IPSec Security Association Security Parameter Index Sequence Number Life Time Data Flow Security Proposal HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 86
75 AH Protocol IP HDR Data Transport mode IP HDR AH Data Tunnel mode New IP HDR AH Org IP HDR Data AH Format Next Header Payload Len RESERVED Security Parameters Index (SPI) Sequence Number Field Authentication Data (variable) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 87
76 ESP Protocol Transport mode IP HDR Data IP HDR ESP Hdr Encryption Data ESP Trailer ESP Auth Tunnel mode Encryption part New IP HDR ESP Hdr Org IP HDR Data ESP Trailer ESP Auth ESP format Security Parameters Index (SPI) Sequence Number Payload Data* (variable) Padding (0-255 bytes) Pad Length Next Header Authentication Data (variable) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 88
77 IKE IKE (Internet Key Exchange), an Internet key exchange protocol, implements hybrid protocol of both Oakley and SKEME key exchanges This protocol defines standards for automatically authenticating IPSec peer end, negotiating security service and generating shared key IKE calculate the key, not transmit the key HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 89
78 IKE Security Mechanism Perfect Forward Security Authentication Identity Authentication Identity protection DH Exchange and key distribute HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 90
79 IKE Exchange Process Peer1 Peer2 Send local IKE strategy Strategy of sender Strategy of receiver conformed Search the Matched strategy Confirm the algorithm used by both sides SA Exchange Strategy confirmed The key information of sender Generate Key Key Key Exchange ID Exchange and authentication Key Generation ID and Exchange auth The key information of receiver The ID and auth data of sender The ID and auth data of receiver generation ID and Exchange auth Authentication Peer Identity HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 91
80 DH Exchange and Key Product peer1 a c=g a modp (g,p) peer2 b d=g b modp d a modp c b modp d a modp= c b modp=g ab modp HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 92
81 The Function of IKE in IPSec Reduce the complex of configuration by manual Update the IPSec SA after an Interval time Update the encryption key after an Interval time Permit IPSec to provide anti-replay Permit dynamic authentication between the Peers HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 93
82 Relation Between IPSec and IKE IKE IKE SA negotiation IKE TCP UDP SA SA TCP UDP IPSec IPSec IP Encrypted IP Packet HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 94
83 Thank you
L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application
Table of Contents L2TP Configuration 1 L2TP Overview 1 Introduction 1 Typical L2TP Networking Application 1 Basic Concepts of L2TP 2 L2TP Tunneling Modes and Tunnel Establishment Process 4 L2TP Features
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationTable of Contents. Diameter Base Protocol -- Pocket Guide 1
Table of Contents Diameter Protocol Definition............................... 3 Diameter to RADIUS Comparison...........................3 Diameter Sessions vs. Connections......................... 3 Diameter
More informationPPPoE Technology White Paper
PPPoE Technology White Paper Keywords: PPP, Ethernet, PPPoE Abstract: Point-to-Point Protocol over Ethernet (PPPoE) provides access to the Internet for hosts on an Ethernet through a remote access device
More informationOpen Diameter Conformance Testing
Open Diameter Conformance Testing Dario Djuric *, Ognjen Dobrijevic *, Darko Huljenic ** and Maja Matijasevic * * University of Zagreb Faculty of Electrical Engineering and Computing, Unska 3, HR-10000
More informationHUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date
HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN Issue 1.1 Date 2014-03-14 HUAWEI TECHNOLOGIES CO., LTD. 2014. All rights reserved. No part of this document may be reproduced or
More informationRADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values
RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values First Published: September 23, 2005 Last Updated: August 18, 2010 The Internet Engineering Task Force (IETF) draft standard
More informationisco Cisco PPPoE Baseline Architecture for the Cisco UAC
isco Cisco PPPoE Baseline Architecture for the Cisco UAC Table of Contents Cisco PPPoE Baseline Architecture for the Cisco UAC 6400...1...1 Introduction...1 Assumption...1 Technology Brief...2 Advantages
More informationTable of Contents 1 DHCP Overview DHCP Server Configuration 2-1
Table of Contents 1 DHCP Overview 1-1 Introduction to DHCP 1-1 DHCP Address Allocation 1-2 Allocation Mechanisms 1-2 Dynamic IP Address Allocation Process 1-2 IP Address Lease Extension 1-3 DHCP Message
More informationCisco PPPoE Baseline Architecture for the Cisco UAC 6400
Cisco PPPoE Baseline Architecture for the Cisco UAC 6400 Document ID: 12915 Contents Introduction Assumption Technology Brief Advantages and Disadvantages of PPPoE Architecture Advantages Disadvantages
More informationVPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009
VPN and IPsec Network Administration Using Linux Virtual Private Network and IPSec 04/2009 What is VPN? VPN is an emulation of a private Wide Area Network (WAN) using shared or public IP facilities. A
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationTroubleshooting DHCP server configuration 28
Contents DHCP overview 1 Introduction to DHCP 1 DHCP address allocation 1 Allocation mechanisms 1 Dynamic IP address allocation process 2 IP address lease extension 2 DHCP message format 3 DHCP options
More informationVirtual Private Network
VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure
More informationDHCP Technology White Paper
DHCP Technology White Paper Keywords: DHCP, DHCP server, DHCP relay agent, DHCP client, BOOTP client. Abstract: This document describes DHCP basic concepts and applications, as well as the main functions
More informationVirtual Private Networks
Chapter 12 Virtual Private Networks Introduction Business has changed in the last couple of decades. Companies now have to think about having a global presence, global marketing, and logistics. Most of
More informationIPsec NAT Transparency
sec NAT Transparency First Published: November 25, 2002 Last Updated: March 1, 2011 The sec NAT Transparency feature introduces support for Security (sec) traffic to travel through Network Address Translation
More informationVirtual Private Networks.
Virtual Private Networks thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Virtual Private Networks VPN Basics Protocols (IPSec, PPTP, L2TP) Objectives of VPNs Earlier Companies
More informationRADIUS Attributes. RADIUS IETF Attributes
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationConfiguring the Cisco 827 Router as a PPPoE Client With NAT
Configuring the Cisco 827 Router as a PPPoE Client With NAT Document ID: 8514 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify
More informationOperation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 AAA/RADIUS/HWTACACS Over... 1-1 1.1.1 Introduction to AAA... 1-1 1.1.2 Introduction to RADIUS... 1-3 1.1.3 Introduction to HWTACACS... 1-9 1.1.4 Protocols
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any
More informationConfiguring L2TP over IPsec
CHAPTER 62 This chapter describes how to configure L2TP over IPsec on the ASA. This chapter includes the following topics: Information About L2TP over IPsec, page 62-1 Licensing Requirements for L2TP over
More informationthus, the newly created attribute is accepted if the user accepts attribute 26.
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationPart II. Raj Jain. Washington University in St. Louis
Part II Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/ 19-1 Overview
More informationBCRAN. Section 9. Cable and DSL Technologies
BCRAN Section 9 Cable and DSL Technologies Cable and DSL technologies have changed the remote access world dramatically. Without them, remote and Internet access would be limited to the 56 kbps typical
More informationOperation Manual Security. Table of Contents
Table of Contents Table of Contents Chapter 1 Network Security Overview... 1-1 1.1 Introduction to the Network Security Features Provided by CMW... 1-1 1.2 Hierarchical Line Protection... 1-2 1.3 RADIUS-Based
More informationDHCP Overview. Introduction to DHCP
Table of Contents DHCP Overview 1 Introduction to DHCP 1 DHCP Address Allocation 2 Allocation Mechanisms 2 Dynamic IP Address Allocation Process 2 IP Address Lease Extension 3 DHCP Message Format 3 DHCP
More informationDiameter NASREQ Application. Status of this Memo. This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026.
AAA Working Group Pat R. Calhoun Internet-Draft Black Storm Networks Category: Standards Track William Bulley Merit Network, Inc. Allan C. Rubens Tut Systems, Inc.
More informationAnalysis of VPN Protocols
Analysis of VPN Protocols ECE 646 Final Project Presentation Tamer Mabrouk Touhidur Satiar Overview VPN Definitions Emergence of VPN Concept of Tunneling VPN Classification Comparison of Protocols Customer
More informationVPN Ports and LAN-to-LAN Tunnels
CHAPTER 6 A VPN port is a virtual port which handles tunneled traffic. Tunnels are virtual point-to-point connections through a public network such as the Internet. All packets sent through a VPN tunnel
More informationETSF05/ETSF10 Internet Protocols Network Layer Protocols
ETSF05/ETSF10 Internet Protocols Network Layer Protocols 2016 Jens Andersson Agenda Internetworking IPv4/IPv6 Framentation/Reassembly ICMPv4/ICMPv6 IPv4 to IPv6 transition VPN/Ipsec NAT (Network Address
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help,
More informationIntroduction to DHCP. DHCP Overview
Table of Contents Introduction to DHCP 1 DHCP Overview 1 DHCP Address Allocation 2 Allocation Mechanisms 2 Dynamic IP Address Allocation Process 2 DHCP Message Format 3 Protocols and Standards 4 DHCP Server
More informationPPPoE on ATM. Finding Feature Information. Prerequisites for PPPoE on ATM. Restrictions for PPPoE on ATM
This feature module describes the PPP over Ethernet (PPPoE) on ATM feature. The feature provides the ability to connect a network of hosts over a simple bridging-access device to a remote access concentrator.
More informationHP VSR1000 Virtual Services Router
HP VSR1000 Virtual Services Router Layer 2 - WAN Access Configuration Guide Part number: 5998-6023 Software version: VSR1000_HP-CMW710-R0202-X64 Document version: 6W100-20140418 Legal and notice information
More informationRADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values
RADIUS s and RADIUS Disconnect-Cause Values The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the network access server
More informationthus, the newly created attribute is accepted if the user accepts attribute 26.
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationDHCP Configuration. Page 1 of 14
DHCP Configuration Page 1 of 14 Content Chapter 1 DHCP Configuration...1 1.1 DHCP Overview...1 1.2 DHCP IP Address Assignment... 1 1.2.1 IP Address Assignment Policy...1 1.2.2 Obtaining IP Addresses Dynamically...2
More informationHC-711 Q&As. HCNA-CBSN (Constructing Basic Security Network) - CHS. Pass Huawei HC-711 Exam with 100% Guarantee
HC-711 Q&As HCNA-CBSN (Constructing Basic Security Network) - CHS Pass Huawei HC-711 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money
More informationPoint-to-Point Protocol (PPP)
Point-to-Point Protocol (PPP) www.ine.com PPP» Point-to-Point Protocol» Open standard» Operates in the LLC sub-layer of data link layer in OSI» Originally designed for dial-up connections (modems, ISDN,
More informationOperation Manual DHCP H3C S3600 Series Ethernet Switches-Release Table of Contents
Table of Contents Table of Contents Chapter 1 DHCP Overview... 1-1 1.1 Introduction to DHCP... 1-1 1.2 DHCP IP Address Assignment... 1-1 1.2.1 IP Address Assignment Policy... 1-1 1.2.2 Obtaining IP Addresses
More informationConfiguring Security on the GGSN
CHAPTER 12 This chapter describes how to configure security features on the gateway GPRS support node (GGSN), including Authentication, Authorization, and Accounting (AAA), and RADIUS. IPSec on the Cisco
More informationH Q&As. HCNA-HNTD (Huawei Network Technology and Device) Pass Huawei H Exam with 100% Guarantee
H12-211 Q&As HCNA-HNTD (Huawei Network Technology and Device) Pass Huawei H12-211 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money
More informationLecture 1.1: Point to Point Protocol (PPP) An introduction
Lecture 1.1: Point to Point Protocol (PPP) An introduction "the watchword for a point-to-point protocol should be simplicity" (RFC 1547, PPP requirements). disattended by 50+ RFCs Recommended reading:
More informationRequest for Comments: 4072 Category: Standards Track Lucent Technologies G. Zorn Cisco Systems August 2005
Network Working Group Request for Comments: 4072 Category: Standards Track P. Eronen, Ed. Nokia T. Hiller Lucent Technologies G. Zorn Cisco Systems August 2005 Diameter Extensible Authentication Protocol
More informationIPsec NAT Transparency
The feature introduces support for IP Security (IPsec) traffic to travel through Network Address Translation (NAT) or Port Address Translation (PAT) points in the network by addressing many known incompatibilities
More informationOperation Manual DHCP. Table of Contents
Table of Contents Table of Contents Chapter 1 DHCP Overview... 1-1 1.1 Introduction to DHCP... 1-1 1.2 DHCP IP Address Assignment... 1-2 1.2.1 IP Address Assignment Policy... 1-2 1.2.2 Obtaining IP Addresses
More informationAdded Features. 1. PPTP (Point-to-Point Tunneling Protocol)
Added Features 1. PPTP (Point-to-Point Tunneling Protocol) APOS PPTP (Point-to-Point Tunneling Protocol) conforms to the RFC2637 standard. If you can access the PPTP server through the LAN interface, you
More informationRADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model
Table of Contents RADIUS Configuration 1 Overview 1 Introduction to RADIUS 1 Client/Server Model 1 Security and Authentication Mechanisms 2 Basic Message Exchange Process of RADIUS 2 RADIUS Packet Format
More informationHP FlexFabric 5930 Switch Series
HP FlexFabric 5930 Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-4571 Software version: Release 2406 & Release 2407P01 Document version: 6W101-20140404 Legal and notice information
More informationINFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP
INFS 766 Internet Security Protocols Lectures 7 and 8 IPSEC Prof. Ravi Sandhu IPSEC ROADMAP Security Association IP AH (Authentication Header) Protocol IP ESP (Encapsulating Security Protocol) Authentication
More informationSecure channel, VPN and IPsec. stole some slides from Merike Kaeo
Secure channel, VPN and IPsec stole some slides from Merike Kaeo 1 HTTP and Secure Channel HTTP HTTP TLS TCP TCP IP IP 2 SSL and TLS SSL/TLS SSL v3.0 specified
More informationEnterprise Data Communication Products. Feature Description - IP Service. Issue 05 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 05 Date 2013-04-25 HUAWEI TECHNOLOGIES CO., LTD. 2013. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of
More informationChapter 10 Security Protocols of the Data Link Layer
Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2005/06 10.1 Scope of Link Layer Security Protocols
More informationProtocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science
Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical
More informationTable of Contents 1 PPP Configuration Commands PPPoE Configuration Commands 2-1
Table of Contents 1 PPP Configuration Commands 1-1 PPP Configuration Commands 1-1 ip address ppp-negotiate 1-1 link-protocol ppp 1-2 mtu 1-2 ppp account-statistics enable 1-3 ppp authentication-mode 1-3
More informationVPN. Agenda VPN VPDN. L84 - VPN and VPDN in IP. Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP)
VPN Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP) Agenda VPN Classical Approach Overview IP Based Solutions IP addresses non overlapping IP addresses overlapping MPLS-VPN VPDN RAS
More informationFlexible Dynamic Mesh VPN draft-detienne-dmvpn-00
Flexible Dynamic Mesh VPN draft-detienne-dmvpn-00 Fred Detienne, Cisco Systems Manish Kumar, Cisco Systems Mike Sullenberger, Cisco Systems What is Dynamic Mesh VPN? DMVPN is a solution for building VPNs
More informationBroadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S
Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408
More informationOperation Manual DHCP H3C S5500-SI Series Ethernet Switches. Table of Contents. Table of Contents
Table of Contents Table of Contents Chapter 1 DHCP Overview... 1-1 1.1 Introduction to DHCP... 1-1 1.2 DHCP Address Allocation... 1-1 1.2.1 Allocation Mechanisms... 1-1 1.2.2 Dynamic IP Address Allocation
More informationDHCP Basics (Dynamic Host Configuration Protocol) BUPT/QMUL
DHCP Basics (Dynamic Host Configuration Protocol) BUPT/QMUL 2017-04-01 Topics In This Course Background Introduction of Internet TCP/IP and OSI/RM Socket programmingtypical Internet Applications DHCP (Dynamic
More informationMicrosoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security
Operating System Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security White Paper Abstract The Microsoft Windows operating system includes technology to secure communications
More informationTable of Contents 1 AAA Overview AAA Configuration 2-1
Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-2 Introduction to RADIUS 1-2
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationSchool of Computer Sciences Universiti Sains Malaysia Pulau Pinang
School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content
More informationSonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide
SonicWALL 6.2.0.0 Addendum A Supplement to the SonicWALL Internet Security Appliance User's Guide Contents SonicWALL Addendum 6.2.0.0... 3 New Network Features... 3 NAT with L2TP Client... 3 New Tools
More informationTable of Contents 1 AAA Overview AAA Configuration 2-1
Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-3 Introduction to RADIUS 1-3
More informationA-B I N D E X. backbone networks, fault tolerance, 174
I N D E X A-B access links fault tolerance, 175 176 multiple IKE identities, 176 182 single IKE identity with MLPPP, 188 189 with single IKE identity, 183 187 active/standby stateful failover model, 213
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationIPv6: An Introduction
Outline IPv6: An Introduction Dheeraj Sanghi Department of Computer Science and Engineering Indian Institute of Technology Kanpur dheeraj@iitk.ac.in http://www.cse.iitk.ac.in/users/dheeraj Problems with
More informationL2TP Network Server. LNS Service Operation
This chapter describes the support for Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) functionality on Cisco ASR 5500 chassis and explains how it is configured. The product Administration Guides
More informationOperation Manual Security. Table of Contents
Table of Contents Table of Contents Chapter 1 802.1x Configuration... 1-1 1.1 802.1x Overview... 1-1 1.1.1 802.1x Standard Overview... 1-1 1.1.2 802.1x System Architecture... 1-1 1.1.3 802.1x Authentication
More informationInstitute of Computer Technology - Vienna University of Technology. L103 - WAN Design
Network Design WAN WAN Backbone, Floating Static Routes,Dial-On-Demand RAS, VPDN Techniques (L2TP, PPTP, L2F) IPsec-VPN, Internet Defense Agenda WAN Area Core WAN Access WAN Classical RAS Remote Access
More informationConfiguring the PPPoE Client
CHAPTER 72 This section describes how to configure the PPPoE client provided with the ASA. It includes the following topics: PPPoE Client Overview, page 72-1 Username and Password, page 72-2 Enabling PPPoE,
More informationH3C SR8800-F Routers. Comware 7 BRAS Services Configuration Guide. New H3C Technologies Co., Ltd.
H3C SR8800-F Routers Comware 7 BRAS Services Configuration Guide New H3C Technologies Co., Ltd. http://www.h3c.com.hk Software version: SR8800FS-CMW710-R7655P05 or later Document version: 6W100-20170825
More informationConfiguring DHCP Snooping
This chapter contains the following sections: Information About DHCP Snooping, page 1 DHCP Overview, page 2 BOOTP Packet Format, page 4 Trusted and Untrusted Sources, page 6 DHCP Snooping Binding Database,
More informationCIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec
CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality
More informationCisco ISG Design and Deployment Guide: ATM Aggregation
Cisco ISG Design and Deployment Guide: ATM Aggregation First Published: March 22, 2006 Last Updated: January 21, 2009 This document uses model networks tested in a Cisco lab to describe how to deploy a
More informationshow crypto group summary, page 1 show crypto ikev2-ikesa security-associations summary spi, page 2
This chapter includes the command output tables. group summary, page 1 ikev2-ikesa security-associations summary, page 2 ikev2-ikesa security-associations summary spi, page 2 ipsec security-associations,
More informationVirtual Private Networks
EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,
More informationCS519: Computer Networks. Lecture 8: Apr 21, 2004 VPNs
: Computer Networks Lecture 8: Apr 21, 2004 VPNs VPN Taxonomy VPN Client Network Provider-based Customer-based Provider-based Customer-based Compulsory Voluntary L2 L3 Secure Non-secure ATM Frame Relay
More informationGTP-based S2b Interface Support on the P-GW and SAEGW
GTP-based S2b Interface Support on the P-GW and SAEGW This chapter describes the GTP-based S2b interface support feature on the standalone P-GW and the SAEGW. Feature, page 1 How the S2b Architecture Works,
More informationVPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1
VPN, IPsec and TLS stole slides from Merike Kaeo apricot2017 1 Virtual Private Network Overlay Network a VPN is built on top of a public network (Internet)
More informationip dhcp-client network-discovery through ip nat sip-sbc
ip dhcp-client network-discovery through ip nat sip-sbc ip dhcp-client network-discovery, page 3 ip dhcp-client update dns, page 5 ip dhcp drop-inform, page 8 ip dhcp-relay information option server-override,
More informationOn Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964
The requirements for a future all-digital-data distributed network which provides common user service for a wide range of users having different requirements is considered. The use of a standard format
More informationOperation Manual User Access. Table of Contents
Table of Contents Table of Contents Chapter 1 PPP Configuration... 1-1 1.1 Introduction to PPP... 1-1 1.1.1 Introduction to PPP... 1-1 1.2 Configuring PPP... 1-2 1.2.1 Configuring PPP Encapsulation on
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationHP A3100 v2 Switch Series
HP A3100 v2 Switch Series Layer 3 - IP Services Configuration Guide HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B)
More informationHP 5120 SI Switch Series
HP 5120 SI Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-1807 Software version: Release 1513 Document version: 6W100-20130830 Legal and notice information Copyright 2013 Hewlett-Packard
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationIP Security. Have a range of application specific security mechanisms
IP Security IP Security Have a range of application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS However there are security concerns that cut across protocol layers Would like security
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationDIAMETER Support in BNG
DIAMETER provides a base protocol that can be extended in order to provide authentication, authorization, and accounting (AAA) services to new access technologies. This chapter provides information about
More informationL2TP over IPsec. About L2TP over IPsec/IKEv1 VPN
This chapter describes how to configure /IKEv1 on the ASA. About /IKEv1 VPN, on page 1 Licensing Requirements for, on page 3 Prerequisites for Configuring, on page 4 Guidelines and Limitations, on page
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationNetwork Working Group Request for Comments: D. Mitton RSA, Security Division of EMC B. Aboba Microsoft Corporation January 2008
Network Working Group Request for Comments: 5176 Obsoletes: 3576 Category: Informational M. Chiba G. Dommety M. Eklund Cisco Systems, Inc. D. Mitton RSA, Security Division of EMC B. Aboba Microsoft Corporation
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help,
More informationTable of Contents 1 IKE 1-1
Table of Contents 1 IKE 1-1 IKE Overview 1-1 Security Mechanism of IKE 1-1 Operation of IKE 1-1 Functions of IKE in IPsec 1-2 Relationship Between IKE and IPsec 1-3 Protocols 1-3 Configuring IKE 1-3 Configuration
More information