1 / 26

Any Questions?

Any Questions?. Ch 15- Virtual Private Networks. VPN Fundamentals IPsec VPNs SSL VPNs. Do I know this?. Go through the Quiz- 5 minutes.

darlita
Download Presentation

Any Questions?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Any Questions?

  2. Ch 15-Virtual Private Networks • VPN Fundamentals • IPsec VPNs • SSL VPNs

  3. Do I know this? Go through the Quiz- 5 minutes

  4. 1. Which of the following terms refers to a VPN that uses the Internet to connect the sites of a single company, rather than using leased lines or Frame Relay? a. Intranet VPN b. Extranet VPN c. Access VPN d. Enterprise VPN

  5. 1. Which of the following terms refers to a VPN that uses the Internet to connect the sites of a single company, rather than using leased lines or Frame Relay? a. Intranet VPN b. Extranet VPN c. Access VPN d. Enterprise VPN Answer: A

  6. 2. Which of the following are not considered to be desirable security goals for a site-to-site VPN? a. Message integrity checks b. Privacy (encryption) c. Antivirus d. Authentication

  7. 2. Which of the following are not considered to be desirable security goals for a site-to-site VPN? a. Message integrity checks b. Privacy (encryption) c. Antivirus d. Authentication Answer: C

  8. 3. Which of the following functions could be performed by the IPsec IP Authentication Header? a. Authentication b. Encryption c. Message integrity checks d. Anti-reply

  9. 3. Which of the following functions could be performed by the IPsec IP Authentication Header? a. Authentication b. Encryption c. Message integrity checks d. Anti-reply Answer: A & C

  10. 4. Which of the following is considered to be the best encryption protocol for providing privacy in an IPsec VPN as compared to the other answers? a. AES b. HMAC-MD5 c. HMAC-SHA-1 d. DES e. 3DES

  11. 4. Which of the following is considered to be the best encryption protocol for providing privacy in an IPsec VPN as compared to the other answers? a. AES b. HMAC-MD5 c. HMAC-SHA-1 d. DES e. 3DES Answer: A

  12. 5. Which three of the following options would be the most commonly used options for newly purchased and installed VPN components today? a. ASA b. PIX firewall c. VPN concentrator d. Cisco router e. Cisco VPN client

  13. 5. Which three of the following options would be the most commonly used options for newly purchased and installed VPN components today? a. ASA b. PIX firewall c. VPN concentrator d. Cisco router e. Cisco VPN client Answer: A, C & D

  14. 6. When using the Cisco Web VPN solution, with the client using a normal web browser without any special client software, which of the following are true? a. The user creates a TCP connection to a Web VPN server using SSL. b. If the user connects to a normal web server inside the enterprise, and that server only supports HTTP and not SSL, those packets pass over the Internet unencrypted. c. The Web VPN server connects to internal web servers on behalf of the Web VPN client, translating between HTTP and SSL as need be. d. The web VPN client cannot connect without at least thin-client SSL software installed on the client.

  15. 6. When using the Cisco Web VPN solution, with the client using a normal web browser without any special client software, which of the following are true? a. The user creates a TCP connection to a Web VPN server using SSL. b. If the user connects to a normal web server inside the enterprise, and that server only supports HTTP and not SSL, those packets pass over the Internet unencrypted. c. The Web VPN server connects to internal web servers on behalf of the Web VPN client, translating between HTTP and SSL as need be. d. The web VPN client cannot connect without at least thin-client SSL software installed on the client. Answer: A & C

  16. VPN Fundamentals • Privacy: Preventing anyone in the middle of the Internet (man in the middle) who copies the packet in the Internet from being able to read the data • Authentication: Verifying that the sender of the VPN packet is a legitimate device and not a device used by an attacker • Data integrity: Verifying that the packet was not changed as the packet transited the Internet • Antireplay: Preventing a man in the middle from copying packets sent by a legitimate user, and then later resending the packets to appear to be a legitimate user Pg 528

  17. How to create VPN • Devices at edge create a tunnel • Add headers to packet • New layer of encapsulation • Headers allow for VPN functionality • Encrypt packets Pg 528

  18. Site to Site VPN example • Also called an Intranet VPN • Tunnel using private addresses on inside of network • Original info is hidden inside public IP address and VPN header • Tunnel is another layer of encapsulation Pg 529

  19. VPN Types Pg 530

  20. IPSec VPNs • Defines a set of functions • Authentication • Encryption • Key Exchange • Message Integrity • Different Protocols may be used for each function Pg 531

  21. Encryption • Two steps • Hide the data-encrypt • Unscramble-decrypt • In IPsec a session key is used • Same key is needed on both sides • Symmetric encryption Pg 533

  22. Key Exchange • How to get the session key to both sides • PSK-Pre Shared Key • Manually configure key • Dynamic Key Exhange • Diffie-Hellman key exhange Pg 534

  23. Authentication and Message Integrity • Message Integrity • Authentication Header protocol • Uses a hash instead of encryption • MD5 • Not needed when ESP is used Pg 535

  24. ESP and AH • System may use one or both types of headers • ESP does all 4 functions • AH does only two Pg 537

  25. SSL VPN • SSL and TLS are common security Protocols now in use • SSL VPNs use the existing SSL functionality and HTTP to connect via web browser • Good for web enabled traffic and applications Pg 538

  26. Any Questions?

More Related