Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
CCNA Exploration 4 | Chapter 6 - Teleworker Services
Transcript of CCNA Exploration 4 | Chapter 6 - Teleworker Services
work by connecting to a workplace from
a remote location, with the assistance of
Efficient Teleworking is made possible though
broadband Internet connections, virtual private
networks (VPN), and more advanced technologies,
including Voice over IP (VoIP) and videoconferencing. THE TELEWORKER SOLUTION What is a VPN Virtual Private Network (VPN)
-> is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company.
-> is a way of creating a secure connection to and from a network or computer.
-> is the extension of a private network that encompasses links across shared or public networks like the Internet. How it works Operates at layer 2 or 3 of OSI model
•Layer 2 frame – Ethernet
•Layer 3 packet – IP
•allows senders to encapsulate their data in IP
packets that hide the routing and switching
infrastructure of the Internet
•to ensure data security against unwanted viewers,
or hackers. Advantages and Disadvantages
-Lack of standards
-Understanding of security issues
-Unpredictable Internet traffic
-Difficult to accommodate products from different vendors Types of VPN
~ Site-to-Site VPN
~ Remote Access
~ PPTP VPN (Dial Up VPN)
~ MPLS Network Each site has it's own internet connection which may not be from the same ISP or even the same type. One may have a T1 while the other only has DSL. Site-to-site VPNs can work with hardware or software-based firewall devices. In a remote-access VPN, each host typically has VPN client software. Whenever the host tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the Internet to the VPN gateway at the edge of the target network. Site-to-Site VPN R
E A C C S S It is a software based VPN system that uses your existing Internet connection. By using your existing Internet connection, a secure "tunnel" is created between two points allowing a remote
user to connect to a remote network. P
P Dial U or Point-to-Point VPN These are also referred to as "leased-line VPNs." Simply put, two or more networks are connected using a dedicated line from an ISP. These lines can be packet or circuit switched. It is a true "ISP-tuned" VPN. It requires 2 or more sites connected via the same ISP or an "on-net" connection*. MPLS (Multi-Protocol Label Switching) was originally designed to improve the store-and-forward speed of routers. It was created as a team effort on the part of Ipsilon, Cisco, IBM, and Toshiba. These companies worked together as part of the IETF (Internet Engineering Task Force) and MPLS was born. MPLS
Network Components required to establish this VPN include:
~ An existing network with servers and workstations
~ A connection to the Internet
~ VPN gateways, such as routers, firewalls, VPN
concentrators, and ASAs, that act as endpoints to establish,
manage, and control VPN connections
~ Appropriate software to create and manage VPN tunnels Others ::
~ Appliances Protocols
~ IP Security (IPSec)
~ Transport mode
~ Tunnel mode
~ Point-to-Point Tunneling Protocol (PPTP)
~ Voluntary tunneling method
~ Uses PPP (Point-to-Point Protocol)
~ Layer 2 Tunneling Protocol (L2TP)
Exists at the data link layer of OSI
Composed from PPTP and L2F (Layer 2 Forwarding)
Compulsory tunneling method Security
The key to VPN effectiveness is security. VPNs secure data by encapsulating or encrypting the data. Most VPNs can do both.
Encapsulation is also referred to as tunneling, because encapsulation transmits data transparently from network to network through a shared network infrastructure.
Encryption codes data into a different format using a secret key. Decryption decodes encrypted data into the original unencrypted format. Appliances
~ Intrusion Detection Firewalls
~ VPN Client
~ VPN Server
~ VPN Tunnel
~ VPN Connection
~ Tunneled Data
~ Transit Internetwork Secure VPN requirements
~ All traffic on the secure VPN must be encrypted
~ The security properties of the VPN must be agreed
to by all parties in the VPN.
~ No one outside the VPN can affect the security
properties of the VPN. Trusted VPN requirements
~ No one other than the trusted VPN provider can affect
the creation or modification of a path in the VPN
~ No one other than the trusted VPN provider can change
data, inject data, or delete data on a path in the VPN
~ The routing and addressing used in a trusted VPN must
be established before the VPN is created. Characteristics of Secure VPN Tunneling Tunneling allows the use of public
networks like the Internet to carry
data for users as though the users
had access to a private network.
Tunneling encapsulates an entire
packet within another packet and
sends the new, composite packet
over a network. GRE is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. VPN
ENCRYPTION both the sender and the receiver must know the
used to transform the original message into its coded form. include ALGORITHM
and KEY An algorithm is a mathematical function that combines a message, text, digits, or all three with a key. 4 Common Encryption Algorithms 3) Advanced Encryption Standard (AES) algorithm
~ provides stronger security than DES and is
computationally more efficient than 3DES.
~ offers three different key lengths: 128, 192,
and 256-bit keys. 4) Rivest, Shamir, and Adleman (RSA) algorithm
~ asymmetrical key cryptosystem. The keys
use a bit length of 512, 768, 1024, or larger. 1) Data Encryption Standard (DES) algorithm
~ a symmetric key cryptosystem that uses
a 56-bit key, ensuring high-performance
encryption. 2) Triple DES (3DES) algorithm ~ newer variant of DES that encrypts
with one key, decrypts with another
different key, and then encrypts one
final time with another key. ~ provides significantly
more strength to
the encryption process. VPN Authentication Two Peer Authentication Methods ::
Pre-shared key (PSK)
-> shared between the two parties using a
secure channel before it needs to be used
-> use symmetric key cryptographic algorithms
-> entered into each peer manually and is used
to authenticate the peer
-> uses the exchange of digital certificates to
authenticate the peers. Hashing
-> contribute to data integrity and authentication by
ensuring that unauthorized persons do not tamper
with transmitted messages.
-> also called a message digest, is a number generated
from a string of text.
Hashed Message Authentication Code (HMAC) -> is a
data integrity algorithm that guarantees the
integrity of the message.
-> has two parameters: a message input and a secret key known only to the message originator and intended receivers
-> function : to produce a value (the message authentication code), formed by condensing the secret key and the message input. Two Common HMAC Algorithms:
Message Digest 5 (MD5)
-> uses a 128-bit shared secret key
-> the variable length message and 128-bit shared secret
key are combined and run through the HMAC-MD5
Secure Hash Algorithm 1 (SHA-1)
-> uses a 160-bit secret key
-> the variable length message and the 160-bit shared
secret key are combined and run through the HMAC-
SHA-1 hash algorithm. -> use when confidentiality is not required or permitted
-> provides data authentication and integrity for IP
packets passed between two systems
-> verifies that any message passed from R1 to R2 has not
been modified during transit and that the origin of the
data was either R1 or R2 -> provides confidentiality and authentication by encrypting
the IP packet. IP packet encryption conceals the data and
the identities of the source and destination
-> authenticates the inner IP packet and ESP header Four IPsec Framework Squares When configuring an IPsec gateway to provide security services, first choose an IPsec protocol. The choices are ESP or ESP with AH.
The second square is an encryption algorithm if IPsec is implemented with ESP. Choose the encryption algorithm that is appropriate for the desired level of security: DES, 3DES, or AES.
The third square is authentication. Choose an authentication algorithm to provide data integrity: MD5 or SHA.
The last square is the Diffie-Hellman (DH) algorithm group. Which establishes the sharing of key information between peers. Choose which group to use, DH1 or DH2.