Transcript Comparison-Encryption and decryption Key management

Virtual Private Network
• Benefits
• Classification
• Tunneling technique, PPTP, L2TP, IPSec
• Encryption Technology
• Key Management Technology
• Authentication
• Settings
Virtual Private Network
•
•
•
•
•
•
Logical Solution For Remote Access
Secure Communications
Tailored To Individuals
Enhancing Productivity
Increase Flexibility
Reduce Costs of Communications
Classification based on protocols
• PPTP
• L2TP
PPTP protocol and L2TP protocol are in the second layer of OSI model, so they
are also called layer second tunneling protocol.
• IPSec
IPSec is layer third tunneling protocol, which is the most common protocol.
Classification based on service applications
• Access VPN
• Client-initiated VPN connection
• NAS-initiated VPN connection
• Intranet VPN
An intranet VPN interconnects distributed internal points of an enterprise
through public networks.
• Extranet VPN
An extranet VPN uses a VPN to extend an enterprise network to suppliers,
partners, and clients.
Classification based on devices
• Switch VPN
Mainly applied in VPN internet, which has fewer users.
• Router VPN
• Firewall VPN
The firewall VPN is the most common kind of VPN type.
Classification based on principles
• Overlapping VPN
Overlapping VPN needs users themselves to establish VPN link between
nodes.
• Peer-to-peer VPN
Peer-to-peer VPN tunnels are established by network operators in backbone
network.
Tunneling technology helped achieve VPN
Three layers:
• First: link layer and the network layer
• Second: tunnel PPP connections (as PPTP, L2TP )
• Third: IPinIP (IPSec)
PPTP (Point to Point Tunneling Protocol )
• Remote users can access corporate networks
• Dial into a local ISP
• Via a secure link to the Internet through systems that are equipped
with Point to Point Protocol
L2TP :similar to PPTP protocol, but exist
differences
• IP networks
• tunnel numbers
• Providing functions(header compression , tunnel authentication )
• drafted by different companies
IPSec (InternetProtocolSecurity )
• End-to-end protection
Two types
• Symmetric key Cryptography
• The encryption and decryption keys are the same.
Data Encryption Standard(DES)
Triple DES
International Data Encryption Algorithm (IDEA)
Blowfish
• Asymmetric key Cryptography
• The encryption key is published for someone to use and encrypt
messages. However, only the receiving party has access to the
decryption key.
• RSA
• Diffie-Hellman
• The computing speed of symmetric-key schemes is quite faster
than the computing speed of public-key encryption.
• DES and Triple DES are more widely used in VPN system.
Key management
• Key exchange
• Key storage
• Key use
• Symmetric keys
• Asymmetric keys
Challenges of key management
• Complex management
• Security issues
• Data availability
• Governance
Authentication of VPN
• Computer level-Authentication
• User level- Authentication
CISCO ANYCONNETCT SETTINGS GUIDE
Step1
Launch the Anyconnect application
Step2
A username and password
Step3
check the status of the VPN connection