SlideShare uma empresa Scribd logo
1 de 47
Baixar para ler offline
VPN presentation - moeshesh
VPN presentation - moeshesh
:(Virtual Private Network (VPN
 VPN network provides the same secure site to site network
  connectivity for remote user over the internet.
?Why Have VPNs
:VPN Tunnels and Encryption
:VPN Security algorithms
: Symmetric key
 Shared secret key is the same key is used by the sender (for
  encryption) and the receiver (for decryption).
 Shared secret key is often used for long messages.
(Data Encryption Standard (DES
One iteration
: Key Exchange—Diffie-Hellman
:(Authentication (pre-shared key
HashFunction                                :( (MD5,SHA-1
is a formula used to convert a variable-length message into a single 
                                    .string of digits of a fixed length
: VPN protocols
 L2TP (layer 2 tunneling protocol):
  is used to create a media-independent , multiprotocol virtual
  private dialup network (VPDN)…….but it does not provide
  encryption.

 GRE(Generic routing encapsulation ) :
  with GRE tunneling cisco router at each site encapsulates
  protocol specific packets in IP HEADER creating point to point
  link to cisco router at other of an Ip cloud ,where the IP header
  is stripped off .

 IPsec( IP security protocol ):
  is the choice for secure corporate VPNs .it can provide the
  security service using internet key exchange (IKE) to handle
  negotation of protocols and algortithms based on local polivy
  and to generate the encryption and authentication key to be
  used by IPSec.
Internet Key Exchange (IKE):
 used to esablish ashared security policy and
  authentication keys for services such as IPSec
  that require keys .
 one of its protocols is ISAKMP
Internet Security Association and Key
  Management Protocol (ISAKMP):
  it is protocol used for implementing akey
  exchange and negotation of security
  association (SA)
Security association (SA):
 It is the security database that contains all the
  security policy that the VPN will based on.

 This security database contains that:
1-authentication ,encryption algorithm.
2-specification of network traffic.
3-IPsec protocols .
4-IPsec modes .
:IPsec protocols
 Encapsulating Security Payload (ESP):
 a security protocol that provide data encryption
 and production with optional authentication …it
 can completely encapsulates user data

 Authentication Header (AH):
 a security protocol that provide authentication
 .it can be used either by itself or with ESP
:Tunnel versus Transport Mode
Tasks to Configure IPSec (site to
(site

 Task 1 – Prepare for IKE and IPSEC
 Task 2 – Configure IKE
 Task 3 – Configure IPSec
 Task 4 – Test and Verify IPSEC
VPN presentation - moeshesh
Step1- Determine IKE(IKE Phase 1( Policy
Determine the following policy details:
 Key distribution method
 Authentication method
 IPSec peer IP addresses and hostnames


IKE phase 1 policies for all peers
     Encryption algorithm

     Hash algorithm

     IKE SA lifetime

Goal : setup a secure commuication channel for negotiation of
       IPSec SA in phase2
Step2-Determine IPSec (IKE Phase 2( Policy
Determine the following policy details:

 IPSec algorithms and parameters for optimal security and
  performance
 IPSec peer details
 IP address and applications of hosts to be protected
 IKE-initiated Sas




Goal :  these are security parameters used to protect data and
  messages
          exchanged between end points
Step 3—Check Current Configuration
Step4- Ensure the Network Works
VPN presentation - moeshesh
Step 1—Enable IKE
Step 2—Create IKE Policies
VPN presentation - moeshesh
Step 3—Configure ISAKMP Identity
Step4- Verify IKE Configuration
VPN presentation - moeshesh
Step1- Configure Transform Sets
Step2- IPSec Security Association Lifetimes
Step 3—Create Crypto ACLs using Extended
Access Lists
Purpose of Crypto Maps
Crypto maps pull together the various parts configured
 for IPSec, including

 The traffic to be protected by IPSec and a set of SAs
 The local address to be used for the IPSec traffic
 The destination location of IPSec-protected traffic
 The IPSec type to be applied to this traffic
Step 4—Configure IPSec Crypto Maps & apply it
to interfaces
VPN presentation - moeshesh
 Display your configured IKE policies .
show crypto isakmp policy
 Display your configured transform sets.

  show crypto ipsec transform set
 Display security associations

  show crypto isakmp sa
 Display the current state of your IPSec SAs.

  show crypto ipsec sa
 Display your configured crypto maps.
  show crypto map
 Enable debug output for IPSec events.
  debug crypto ipsec
 Enable debug output for ISAKMP events.
  debug crypto isakmp
:VPN Remote access
 The requirements for VPN Servers include the
 need for Internet Security Association and Key
 Management Protocol (ISAKMP) policies using
 Diffie-Hellman.

 The VPN Remote feature does support transform
 sets providing Both encryption and authentication
 ; so it does not support Authentication Header
 (AH) authentication.
 AAA (authentication, authorization and accounting)
  servers :
are used for more secure access in a remote-access VPN
  environment.

AAA then checks the following:
 Who you are (authentication)
 What you are allowed to do (authorization)
 What you actually do (accounting)

The accounting information is especially useful for
 tracking client use for security auditing, billing or
 reporting purposes
: VPN Client
 The installation of the Cisco VPN Client is a very straightforward
  process. A number of tasks must be completed to establish
  connectivity to a VPN head-end.
 just start setup and the Welcome screen will be presented
 The Connection Entries screen is capable of
 holding multiple entries should multiple access
 sites. Click the New button at the top of the
 screen to open the Create New VPN Connection
 Entry dialog box, shown in Figure
 Authentication Tab
 Group Authentication—A username and password
 is necessary to complete the VPN profile.
 Transport Tab
 The Transport tab allows the configuration of transparent
 tunneling as well as the choice of whether to use IPsec
 over UDP or TCP.
 Backup Servers Tab:
 The VPN client contains a Backup Servers tab to
 configure a single connection with the capability to
 connect to multiple servers.
Finish the Connection Configuration
 From the main VPN Client window, you can establish a VPN
  connection by highlighting one of the profiles and clicking the
  Connect button at the top of the window. If the connection
  parameters were properly configured, the VPN connection is
  successful.
 After a VPN connection is established, various
 statistics about the connection are available.
 From the Status pull-down menu, select Statistics.
 This launches the Statistics window.
VPN presentation - moeshesh

Mais conteúdo relacionado

Mais procurados

Support De Cours - Reseaux avec et sans fil
Support De Cours - Reseaux avec et sans filSupport De Cours - Reseaux avec et sans fil
Support De Cours - Reseaux avec et sans filTunisie collège
 
Huawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverHuawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverIPMAX s.r.l.
 
Support formation vidéo : Cisco ASA, configuration
Support formation vidéo : Cisco ASA, configurationSupport formation vidéo : Cisco ASA, configuration
Support formation vidéo : Cisco ASA, configurationSmartnSkilled
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPTAIRTEL
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNetProtocol Xpert
 
Présentation etherchannel
Présentation etherchannelPrésentation etherchannel
Présentation etherchannelLechoco Kado
 
vpn-site-a-site-avec-des-routeurs-cisco
 vpn-site-a-site-avec-des-routeurs-cisco vpn-site-a-site-avec-des-routeurs-cisco
vpn-site-a-site-avec-des-routeurs-ciscoCamara Assane
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And AnswersCCNAResources
 
MPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfMPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfHuynh MVT
 

Mais procurados (20)

Support De Cours - Reseaux avec et sans fil
Support De Cours - Reseaux avec et sans filSupport De Cours - Reseaux avec et sans fil
Support De Cours - Reseaux avec et sans fil
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS Fundamental
 
Huawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverHuawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP server
 
Support formation vidéo : Cisco ASA, configuration
Support formation vidéo : Cisco ASA, configurationSupport formation vidéo : Cisco ASA, configuration
Support formation vidéo : Cisco ASA, configuration
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPT
 
Types of VPN
Types of VPNTypes of VPN
Types of VPN
 
Ip multicast
Ip multicastIp multicast
Ip multicast
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security Context
 
Présentation etherchannel
Présentation etherchannelPrésentation etherchannel
Présentation etherchannel
 
vpn-site-a-site-avec-des-routeurs-cisco
 vpn-site-a-site-avec-des-routeurs-cisco vpn-site-a-site-avec-des-routeurs-cisco
vpn-site-a-site-avec-des-routeurs-cisco
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
 
Cisco ASA
Cisco ASACisco ASA
Cisco ASA
 
Le protocole stp
Le protocole stpLe protocole stp
Le protocole stp
 
Tp voip
Tp voipTp voip
Tp voip
 
mis en place dun vpn site à site
mis en place dun vpn site à site mis en place dun vpn site à site
mis en place dun vpn site à site
 
Tuto VP IPSEC Site-to-site
Tuto VP IPSEC Site-to-siteTuto VP IPSEC Site-to-site
Tuto VP IPSEC Site-to-site
 
Cisco: QoS
Cisco: QoSCisco: QoS
Cisco: QoS
 
vpn
vpnvpn
vpn
 
Soutenance Finale
Soutenance FinaleSoutenance Finale
Soutenance Finale
 
MPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfMPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdf
 

Destaque

session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPNMustafa Jarrar
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)Nicole Allen
 
Manual de construccion de aero generador
Manual de construccion de aero generadorManual de construccion de aero generador
Manual de construccion de aero generadorgermanunger
 
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Talal Al-Shammari
 
Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize The Shift Project
 
Multifacet Themes of Diversity
Multifacet Themes of DiversityMultifacet Themes of Diversity
Multifacet Themes of DiversityAbrazil
 
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACPresentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACaldo castillo navarro
 
Power reunio 010 011
Power reunio 010 011Power reunio 010 011
Power reunio 010 011Alba Torrent
 
Webquest london
Webquest londonWebquest london
Webquest londonNielswaem
 
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...Nicole Allen
 
El juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosEl juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosAlberto Herranz Peris
 
Mayan government kckd dont delete.
Mayan government kckd dont delete.Mayan government kckd dont delete.
Mayan government kckd dont delete.SLCCLEH
 

Destaque (20)

session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPN
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
Radio Sua Voz
Radio Sua VozRadio Sua Voz
Radio Sua Voz
 
5 7
5 75 7
5 7
 
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
 
Manual de construccion de aero generador
Manual de construccion de aero generadorManual de construccion de aero generador
Manual de construccion de aero generador
 
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
 
Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize
 
Tp12 1
Tp12 1Tp12 1
Tp12 1
 
Multifacet Themes of Diversity
Multifacet Themes of DiversityMultifacet Themes of Diversity
Multifacet Themes of Diversity
 
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACPresentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
 
Power reunio 010 011
Power reunio 010 011Power reunio 010 011
Power reunio 010 011
 
Proef Presentation
Proef Presentation Proef Presentation
Proef Presentation
 
Webquest london
Webquest londonWebquest london
Webquest london
 
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
 
El juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosEl juego con otros niños de cero a seis años
El juego con otros niños de cero a seis años
 
Hurricane
HurricaneHurricane
Hurricane
 
Cenaclu literar
Cenaclu literarCenaclu literar
Cenaclu literar
 
Mayan government kckd dont delete.
Mayan government kckd dont delete.Mayan government kckd dont delete.
Mayan government kckd dont delete.
 

Semelhante a VPN presentation - moeshesh

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxAliMohamed855266
 
Ip sec and ssl
Ip sec and  sslIp sec and  ssl
Ip sec and sslMohd Arif
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)n|u - The Open Security Community
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationdborsan
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2githe26200
 

Semelhante a VPN presentation - moeshesh (20)

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 
I psecurity
I psecurityI psecurity
I psecurity
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
Websecurity
Websecurity Websecurity
Websecurity
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
Lan to lan vpn
Lan to lan vpnLan to lan vpn
Lan to lan vpn
 
Ip sec and ssl
Ip sec and  sslIp sec and  ssl
Ip sec and ssl
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Web Security
Web SecurityWeb Security
Web Security
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configuration
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2
 

Último

Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 

Último (20)

Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 

VPN presentation - moeshesh

  • 3. :(Virtual Private Network (VPN  VPN network provides the same secure site to site network connectivity for remote user over the internet.
  • 5. :VPN Tunnels and Encryption
  • 7. : Symmetric key  Shared secret key is the same key is used by the sender (for encryption) and the receiver (for decryption).  Shared secret key is often used for long messages.
  • 12. HashFunction :( (MD5,SHA-1 is a formula used to convert a variable-length message into a single  .string of digits of a fixed length
  • 13. : VPN protocols  L2TP (layer 2 tunneling protocol): is used to create a media-independent , multiprotocol virtual private dialup network (VPDN)…….but it does not provide encryption.  GRE(Generic routing encapsulation ) : with GRE tunneling cisco router at each site encapsulates protocol specific packets in IP HEADER creating point to point link to cisco router at other of an Ip cloud ,where the IP header is stripped off .  IPsec( IP security protocol ): is the choice for secure corporate VPNs .it can provide the security service using internet key exchange (IKE) to handle negotation of protocols and algortithms based on local polivy and to generate the encryption and authentication key to be used by IPSec.
  • 14. Internet Key Exchange (IKE):  used to esablish ashared security policy and authentication keys for services such as IPSec that require keys .  one of its protocols is ISAKMP Internet Security Association and Key Management Protocol (ISAKMP): it is protocol used for implementing akey exchange and negotation of security association (SA)
  • 15. Security association (SA):  It is the security database that contains all the security policy that the VPN will based on.  This security database contains that: 1-authentication ,encryption algorithm. 2-specification of network traffic. 3-IPsec protocols . 4-IPsec modes .
  • 16. :IPsec protocols  Encapsulating Security Payload (ESP): a security protocol that provide data encryption and production with optional authentication …it can completely encapsulates user data  Authentication Header (AH): a security protocol that provide authentication .it can be used either by itself or with ESP
  • 18. Tasks to Configure IPSec (site to (site Task 1 – Prepare for IKE and IPSEC Task 2 – Configure IKE Task 3 – Configure IPSec Task 4 – Test and Verify IPSEC
  • 20. Step1- Determine IKE(IKE Phase 1( Policy Determine the following policy details:  Key distribution method  Authentication method  IPSec peer IP addresses and hostnames IKE phase 1 policies for all peers  Encryption algorithm  Hash algorithm  IKE SA lifetime Goal : setup a secure commuication channel for negotiation of IPSec SA in phase2
  • 21. Step2-Determine IPSec (IKE Phase 2( Policy Determine the following policy details:  IPSec algorithms and parameters for optimal security and performance  IPSec peer details  IP address and applications of hosts to be protected  IKE-initiated Sas Goal : these are security parameters used to protect data and messages exchanged between end points
  • 22. Step 3—Check Current Configuration
  • 23. Step4- Ensure the Network Works
  • 29. Step4- Verify IKE Configuration
  • 32. Step2- IPSec Security Association Lifetimes
  • 33. Step 3—Create Crypto ACLs using Extended Access Lists
  • 34. Purpose of Crypto Maps Crypto maps pull together the various parts configured for IPSec, including  The traffic to be protected by IPSec and a set of SAs  The local address to be used for the IPSec traffic  The destination location of IPSec-protected traffic  The IPSec type to be applied to this traffic
  • 35. Step 4—Configure IPSec Crypto Maps & apply it to interfaces
  • 37.  Display your configured IKE policies . show crypto isakmp policy  Display your configured transform sets. show crypto ipsec transform set  Display security associations show crypto isakmp sa  Display the current state of your IPSec SAs. show crypto ipsec sa  Display your configured crypto maps. show crypto map  Enable debug output for IPSec events. debug crypto ipsec  Enable debug output for ISAKMP events. debug crypto isakmp
  • 38. :VPN Remote access  The requirements for VPN Servers include the need for Internet Security Association and Key Management Protocol (ISAKMP) policies using Diffie-Hellman.  The VPN Remote feature does support transform sets providing Both encryption and authentication ; so it does not support Authentication Header (AH) authentication.
  • 39.  AAA (authentication, authorization and accounting) servers : are used for more secure access in a remote-access VPN environment. AAA then checks the following:  Who you are (authentication)  What you are allowed to do (authorization)  What you actually do (accounting) The accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes
  • 40. : VPN Client  The installation of the Cisco VPN Client is a very straightforward process. A number of tasks must be completed to establish connectivity to a VPN head-end.  just start setup and the Welcome screen will be presented
  • 41.  The Connection Entries screen is capable of holding multiple entries should multiple access sites. Click the New button at the top of the screen to open the Create New VPN Connection Entry dialog box, shown in Figure
  • 42.  Authentication Tab  Group Authentication—A username and password is necessary to complete the VPN profile.
  • 43.  Transport Tab The Transport tab allows the configuration of transparent tunneling as well as the choice of whether to use IPsec over UDP or TCP.
  • 44.  Backup Servers Tab: The VPN client contains a Backup Servers tab to configure a single connection with the capability to connect to multiple servers.
  • 45. Finish the Connection Configuration  From the main VPN Client window, you can establish a VPN connection by highlighting one of the profiles and clicking the Connect button at the top of the window. If the connection parameters were properly configured, the VPN connection is successful.
  • 46.  After a VPN connection is established, various statistics about the connection are available. From the Status pull-down menu, select Statistics. This launches the Statistics window.