SlideShare uma empresa Scribd logo

VPN presentation - moeshesh

Transferir como PPT, PDF
Mohamed Shishtawy
Mohamed Shishtawy
Tecnologia
1 de 47
:(Virtual Private Network (VPN  VPN network provides the same secure site to site network connectivity for remote user over the internet.
?Why Have VPNs
:VPN Tunnels and Encryption
:VPN Security algorithms
: Symmetric key  Shared secret key is the same key is used by the sender (for encryption) and the receiver (for decryption).  Shared secret key is often used for long messages.
(Data Encryption Standard (DES
One iteration
: Key Exchange—Diffie-Hellman
:(Authentication (pre-shared key
HashFunction :( (MD5,SHA-1 is a formula used to convert a variable-length message into a single  .string of digits of a fixed length
: VPN protocols  L2TP (layer 2 tunneling protocol): is used to create a media-independent , multiprotocol virtual private dialup network (VPDN)…….but it does not provide encryption.  GRE(Generic routing encapsulation ) : with GRE tunneling cisco router at each site encapsulates protocol specific packets in IP HEADER creating point to point link to cisco router at other of an Ip cloud ,where the IP header is stripped off .  IPsec( IP security protocol ): is the choice for secure corporate VPNs .it can provide the security service using internet key exchange (IKE) to handle negotation of protocols and algortithms based on local polivy and to generate the encryption and authentication key to be used by IPSec.
Internet Key Exchange (IKE):  used to esablish ashared security policy and authentication keys for services such as IPSec that require keys .  one of its protocols is ISAKMP Internet Security Association and Key Management Protocol (ISAKMP): it is protocol used for implementing akey exchange and negotation of security association (SA)
Security association (SA):  It is the security database that contains all the security policy that the VPN will based on.  This security database contains that: 1-authentication ,encryption algorithm. 2-specification of network traffic. 3-IPsec protocols . 4-IPsec modes .
:IPsec protocols  Encapsulating Security Payload (ESP): a security protocol that provide data encryption and production with optional authentication …it can completely encapsulates user data  Authentication Header (AH): a security protocol that provide authentication .it can be used either by itself or with ESP
:Tunnel versus Transport Mode
Tasks to Configure IPSec (site to (site Task 1 – Prepare for IKE and IPSEC Task 2 – Configure IKE Task 3 – Configure IPSec Task 4 – Test and Verify IPSEC
Step1- Determine IKE(IKE Phase 1( Policy Determine the following policy details:  Key distribution method  Authentication method  IPSec peer IP addresses and hostnames IKE phase 1 policies for all peers  Encryption algorithm  Hash algorithm  IKE SA lifetime Goal : setup a secure commuication channel for negotiation of IPSec SA in phase2
Step2-Determine IPSec (IKE Phase 2( Policy Determine the following policy details:  IPSec algorithms and parameters for optimal security and performance  IPSec peer details  IP address and applications of hosts to be protected  IKE-initiated Sas Goal : these are security parameters used to protect data and messages exchanged between end points
Step 3—Check Current Configuration
Step4- Ensure the Network Works
Step 1—Enable IKE
Step 2—Create IKE Policies
Step 3—Configure ISAKMP Identity
Step4- Verify IKE Configuration
Step1- Configure Transform Sets
Step2- IPSec Security Association Lifetimes
Step 3—Create Crypto ACLs using Extended Access Lists
Purpose of Crypto Maps Crypto maps pull together the various parts configured for IPSec, including  The traffic to be protected by IPSec and a set of SAs  The local address to be used for the IPSec traffic  The destination location of IPSec-protected traffic  The IPSec type to be applied to this traffic
Step 4—Configure IPSec Crypto Maps & apply it to interfaces
 Display your configured IKE policies . show crypto isakmp policy  Display your configured transform sets. show crypto ipsec transform set  Display security associations show crypto isakmp sa  Display the current state of your IPSec SAs. show crypto ipsec sa  Display your configured crypto maps. show crypto map  Enable debug output for IPSec events. debug crypto ipsec  Enable debug output for ISAKMP events. debug crypto isakmp
:VPN Remote access  The requirements for VPN Servers include the need for Internet Security Association and Key Management Protocol (ISAKMP) policies using Diffie-Hellman.  The VPN Remote feature does support transform sets providing Both encryption and authentication ; so it does not support Authentication Header (AH) authentication.
 AAA (authentication, authorization and accounting) servers : are used for more secure access in a remote-access VPN environment. AAA then checks the following:  Who you are (authentication)  What you are allowed to do (authorization)  What you actually do (accounting) The accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes
: VPN Client  The installation of the Cisco VPN Client is a very straightforward process. A number of tasks must be completed to establish connectivity to a VPN head-end.  just start setup and the Welcome screen will be presented
 The Connection Entries screen is capable of holding multiple entries should multiple access sites. Click the New button at the top of the screen to open the Create New VPN Connection Entry dialog box, shown in Figure
 Authentication Tab  Group Authentication—A username and password is necessary to complete the VPN profile.
 Transport Tab The Transport tab allows the configuration of transparent tunneling as well as the choice of whether to use IPsec over UDP or TCP.
 Backup Servers Tab: The VPN client contains a Backup Servers tab to configure a single connection with the capability to connect to multiple servers.
Finish the Connection Configuration  From the main VPN Client window, you can establish a VPN connection by highlighting one of the profiles and clicking the Connect button at the top of the window. If the connection parameters were properly configured, the VPN connection is successful.
 After a VPN connection is established, various statistics about the connection are available. From the Status pull-down menu, select Statistics. This launches the Statistics window.
VPN presentation - moeshesh

Recomendados

IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Networkjulienlfr
 
Tuto VP IPSEC Site-to-site
Tuto VP IPSEC Site-to-siteTuto VP IPSEC Site-to-site
Tuto VP IPSEC Site-to-siteDimitri LEMBOKOLO
 
Server configuration
Server configurationServer configuration
Server configurationAisha Talat
 
VPN: SSL vs IPSEC
VPN: SSL vs IPSECVPN: SSL vs IPSEC
VPN: SSL vs IPSECSylvain Maret
 
4 protocole de redondance(hsrp-vrrp-glbp)
4 protocole de redondance(hsrp-vrrp-glbp)4 protocole de redondance(hsrp-vrrp-glbp)
4 protocole de redondance(hsrp-vrrp-glbp)medalaa
 
Ch2_Les modèles OSI et TCP_IP.pptx
Ch2_Les modèles OSI et TCP_IP.pptxCh2_Les modèles OSI et TCP_IP.pptx
Ch2_Les modèles OSI et TCP_IP.pptxOthmaneMansouri1
 
Wireshark
WiresharkWireshark
WiresharkKasun Madusanke
 

Recomendados

IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Networkjulienlfr
 
Tuto VP IPSEC Site-to-site
Tuto VP IPSEC Site-to-siteTuto VP IPSEC Site-to-site
Tuto VP IPSEC Site-to-siteDimitri LEMBOKOLO
 
Server configuration
Server configurationServer configuration
Server configurationAisha Talat
 
VPN: SSL vs IPSEC
VPN: SSL vs IPSECVPN: SSL vs IPSEC
VPN: SSL vs IPSECSylvain Maret
 
4 protocole de redondance(hsrp-vrrp-glbp)
4 protocole de redondance(hsrp-vrrp-glbp)4 protocole de redondance(hsrp-vrrp-glbp)
4 protocole de redondance(hsrp-vrrp-glbp)medalaa
 
Ch2_Les modèles OSI et TCP_IP.pptx
Ch2_Les modèles OSI et TCP_IP.pptxCh2_Les modèles OSI et TCP_IP.pptx
Ch2_Les modèles OSI et TCP_IP.pptxOthmaneMansouri1
 
Wireshark
WiresharkWireshark
WiresharkKasun Madusanke
 
GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)NetProtocol Xpert
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentationEmin Abdul Azeez
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnelArunKumar Subbiah
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
SD WAN
SD WANSD WAN
SD WANBri Molina
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssln|u - The Open Security Community
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZIPMAX s.r.l.
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Authentification TLS/SSL sous OpenVPN
Authentification TLS/SSL sous OpenVPNAuthentification TLS/SSL sous OpenVPN
Authentification TLS/SSL sous OpenVPNIsmail Rachdaoui
 
Network scanning
Network scanningNetwork scanning
Network scanningMD SAQUIB KHAN
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project PresentationAndrew McGarry
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMSHossein Yavari
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna MohamedJafar5
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPNMustafa Jarrar
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 

Mais conteúdo relacionado

Mais procurados

GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)NetProtocol Xpert
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZIPMAX s.r.l.
 
Authentification TLS/SSL sous OpenVPN
Authentification TLS/SSL sous OpenVPNAuthentification TLS/SSL sous OpenVPN
Authentification TLS/SSL sous OpenVPNIsmail Rachdaoui
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project PresentationAndrew McGarry
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 

Mais procurados (20)

GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)GRE (Generic Routing Encapsulation)
GRE (Generic Routing Encapsulation)
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
Wpa3
Wpa3Wpa3
Wpa3
 
SD WAN
SD WANSD WAN
SD WAN
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZ
 
NMAP
NMAPNMAP
NMAP
 
Authentification TLS/SSL sous OpenVPN
Authentification TLS/SSL sous OpenVPNAuthentification TLS/SSL sous OpenVPN
Authentification TLS/SSL sous OpenVPN
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMS
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
 
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 

Destaque

session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPNMustafa Jarrar
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)Nicole Allen
 
Manual de construccion de aero generador
Manual de construccion de aero generadorManual de construccion de aero generador
Manual de construccion de aero generadorgermanunger
 
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Talal Al-Shammari
 
Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize The Shift Project
 
Multifacet Themes of Diversity
Multifacet Themes of DiversityMultifacet Themes of Diversity
Multifacet Themes of DiversityAbrazil
 
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACPresentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACaldo castillo navarro
 
Power reunio 010 011
Power reunio 010 011Power reunio 010 011
Power reunio 010 011Alba Torrent
 
Webquest london
Webquest londonWebquest london
Webquest londonNielswaem
 
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...Nicole Allen
 
El juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosEl juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosAlberto Herranz Peris
 
Mayan government kckd dont delete.
Mayan government kckd dont delete.Mayan government kckd dont delete.
Mayan government kckd dont delete.SLCCLEH
 

Destaque (20)

session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPN
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
Radio Sua Voz
Radio Sua VozRadio Sua Voz
Radio Sua Voz
 
5 7
5 75 7
5 7
 
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
 
Manual de construccion de aero generador
Manual de construccion de aero generadorManual de construccion de aero generador
Manual de construccion de aero generador
 
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
Ms. Sarah Hashem - Sustainability of the three main aspects of the ( economic...
 
Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize Commande Publique et Innovation - Pierre Lachaize
Commande Publique et Innovation - Pierre Lachaize
 
Tp12 1
Tp12 1Tp12 1
Tp12 1
 
Multifacet Themes of Diversity
Multifacet Themes of DiversityMultifacet Themes of Diversity
Multifacet Themes of Diversity
 
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SACPresentación CUNAT CONSULTORES Y ASOCIADOS SAC
Presentación CUNAT CONSULTORES Y ASOCIADOS SAC
 
Power reunio 010 011
Power reunio 010 011Power reunio 010 011
Power reunio 010 011
 
Proef Presentation
Proef Presentation Proef Presentation
Proef Presentation
 
Webquest london
Webquest londonWebquest london
Webquest london
 
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
2011-11-09 In Search of Affordable Textbooks: How OER Can Reduce Costs (Sloan...
 
El juego con otros niños de cero a seis años
El juego con otros niños de cero a seis añosEl juego con otros niños de cero a seis años
El juego con otros niños de cero a seis años
 
Hurricane
HurricaneHurricane
Hurricane
 
Cenaclu literar
Cenaclu literarCenaclu literar
Cenaclu literar
 
Mayan government kckd dont delete.
Mayan government kckd dont delete.Mayan government kckd dont delete.
Mayan government kckd dont delete.
 

Semelhante a VPN presentation - moeshesh

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxAliMohamed855266
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)n|u - The Open Security Community
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationdborsan
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2githe26200
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverijmnct
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 

Semelhante a VPN presentation - moeshesh (20)

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
I psecurity
I psecurityI psecurity
I psecurity
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
Websecurity
Websecurity Websecurity
Websecurity
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
Lan to lan vpn
Lan to lan vpnLan to lan vpn
Lan to lan vpn
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Web Security
Web SecurityWeb Security
Web Security
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configuration
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa server
 
The Security layer
The Security layerThe Security layer
The Security layer
 

Último

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Último (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

VPN presentation - moeshesh

  • 1.
  • 2.
  • 3. :(Virtual Private Network (VPN  VPN network provides the same secure site to site network connectivity for remote user over the internet.
  • 5. :VPN Tunnels and Encryption
  • 7. : Symmetric key  Shared secret key is the same key is used by the sender (for encryption) and the receiver (for decryption).  Shared secret key is often used for long messages.
  • 12. HashFunction :( (MD5,SHA-1 is a formula used to convert a variable-length message into a single  .string of digits of a fixed length
  • 13. : VPN protocols  L2TP (layer 2 tunneling protocol): is used to create a media-independent , multiprotocol virtual private dialup network (VPDN)…….but it does not provide encryption.  GRE(Generic routing encapsulation ) : with GRE tunneling cisco router at each site encapsulates protocol specific packets in IP HEADER creating point to point link to cisco router at other of an Ip cloud ,where the IP header is stripped off .  IPsec( IP security protocol ): is the choice for secure corporate VPNs .it can provide the security service using internet key exchange (IKE) to handle negotation of protocols and algortithms based on local polivy and to generate the encryption and authentication key to be used by IPSec.
  • 14. Internet Key Exchange (IKE):  used to esablish ashared security policy and authentication keys for services such as IPSec that require keys .  one of its protocols is ISAKMP Internet Security Association and Key Management Protocol (ISAKMP): it is protocol used for implementing akey exchange and negotation of security association (SA)
  • 15. Security association (SA):  It is the security database that contains all the security policy that the VPN will based on.  This security database contains that: 1-authentication ,encryption algorithm. 2-specification of network traffic. 3-IPsec protocols . 4-IPsec modes .
  • 16. :IPsec protocols  Encapsulating Security Payload (ESP): a security protocol that provide data encryption and production with optional authentication …it can completely encapsulates user data  Authentication Header (AH): a security protocol that provide authentication .it can be used either by itself or with ESP
  • 18. Tasks to Configure IPSec (site to (site Task 1 – Prepare for IKE and IPSEC Task 2 – Configure IKE Task 3 – Configure IPSec Task 4 – Test and Verify IPSEC
  • 19.
  • 20. Step1- Determine IKE(IKE Phase 1( Policy Determine the following policy details:  Key distribution method  Authentication method  IPSec peer IP addresses and hostnames IKE phase 1 policies for all peers  Encryption algorithm  Hash algorithm  IKE SA lifetime Goal : setup a secure commuication channel for negotiation of IPSec SA in phase2
  • 21. Step2-Determine IPSec (IKE Phase 2( Policy Determine the following policy details:  IPSec algorithms and parameters for optimal security and performance  IPSec peer details  IP address and applications of hosts to be protected  IKE-initiated Sas Goal : these are security parameters used to protect data and messages exchanged between end points
  • 22. Step 3—Check Current Configuration
  • 23. Step4- Ensure the Network Works
  • 24.
  • 27.
  • 29. Step4- Verify IKE Configuration
  • 30.
  • 32. Step2- IPSec Security Association Lifetimes
  • 33. Step 3—Create Crypto ACLs using Extended Access Lists
  • 34. Purpose of Crypto Maps Crypto maps pull together the various parts configured for IPSec, including  The traffic to be protected by IPSec and a set of SAs  The local address to be used for the IPSec traffic  The destination location of IPSec-protected traffic  The IPSec type to be applied to this traffic
  • 35. Step 4—Configure IPSec Crypto Maps & apply it to interfaces
  • 36.
  • 37.  Display your configured IKE policies . show crypto isakmp policy  Display your configured transform sets. show crypto ipsec transform set  Display security associations show crypto isakmp sa  Display the current state of your IPSec SAs. show crypto ipsec sa  Display your configured crypto maps. show crypto map  Enable debug output for IPSec events. debug crypto ipsec  Enable debug output for ISAKMP events. debug crypto isakmp
  • 38. :VPN Remote access  The requirements for VPN Servers include the need for Internet Security Association and Key Management Protocol (ISAKMP) policies using Diffie-Hellman.  The VPN Remote feature does support transform sets providing Both encryption and authentication ; so it does not support Authentication Header (AH) authentication.
  • 39.  AAA (authentication, authorization and accounting) servers : are used for more secure access in a remote-access VPN environment. AAA then checks the following:  Who you are (authentication)  What you are allowed to do (authorization)  What you actually do (accounting) The accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes
  • 40. : VPN Client  The installation of the Cisco VPN Client is a very straightforward process. A number of tasks must be completed to establish connectivity to a VPN head-end.  just start setup and the Welcome screen will be presented
  • 41.  The Connection Entries screen is capable of holding multiple entries should multiple access sites. Click the New button at the top of the screen to open the Create New VPN Connection Entry dialog box, shown in Figure
  • 42.  Authentication Tab  Group Authentication—A username and password is necessary to complete the VPN profile.
  • 43.  Transport Tab The Transport tab allows the configuration of transparent tunneling as well as the choice of whether to use IPsec over UDP or TCP.
  • 44.  Backup Servers Tab: The VPN client contains a Backup Servers tab to configure a single connection with the capability to connect to multiple servers.
  • 45. Finish the Connection Configuration  From the main VPN Client window, you can establish a VPN connection by highlighting one of the profiles and clicking the Connect button at the top of the window. If the connection parameters were properly configured, the VPN connection is successful.
  • 46.  After a VPN connection is established, various statistics about the connection are available. From the Status pull-down menu, select Statistics. This launches the Statistics window.