{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}


Lecture_14_IPSEC_VPNs_x_6 - IP Security Overview IP Packets...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 COMP 6370 IPSec/VPNs – Lecture 14 1 IP Security Overview IP Packets have no inherent security Relatively easy to forge contents of IP packets modify contents of IP packets inspect the contents of IP packets in transit Therefore, there is no guarantee that IP datagrams received: are from the claimed sender (source address in the IP header) contain the original data that the sender placed in them were not inspected by a third party while the packet was being sent from source to destination IPSec is a means to limit the spoofing of routers COMP 6370 IPSec/VPNs – Lecture 14 2 Virtual Private Networks A VPN is a way to simulate a private network over a public network, such as the Internet “Virtual” because it depends on the use of virtual connections temporary connections that have no real physical presence, but consist of packets routed over various machines on the Internet on an ad hoc basis secure virtual connections are created between machines and networks as follows: two machines a machine and a network two networks COMP 6370 IPSec/VPNs – Lecture 14 3 Origins of VPNs WANs T1/T3 ATM Frame Relay ISDN X.25 Forerunner of VPNs was the idea of a virtual circuit A virtual circuit creates a logical path from the source to the destination COMP 6370 IPSec/VPNs – Lecture 14 4 Virtual Circuits In packet switched networks, the network makes dynamic decisions concerning the pathway each packet will take To improve reliability, a decision could be made prior to any data being sent In this manner, a single static path could be set up between two communicating parties and used exclusively between them This pathway is known as a virtual circuit When creating a virtual circuit, sender and receiver agree on which path will be used and on packet size. During communications, acknowledgements are sent, including flow control info and error control info COMP 6370 IPSec/VPNs – Lecture 14 5 Tunneling Tunneling enables one network to send its data over another network’s connections Tunneling creates circuit-like connections across the packet-oriented Internet Internet VPNs designed to create the logical equivalent below COMP 6370 IPSec/VPNs – Lecture 14 6 VPNs versus long haul connections Long Haul connections leased line frame relay network ISDN ........ For two remote offices, much cheaper to each get an ISP POP (point of presence) Then deploy an VPN between the two routers at the two offices over the Internet
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 COMP 6370 IPSec/VPNs – Lecture 14 7 How VPNs Solve Internet Security Issues Firewalls discussed next lecture authentication multiple means including IPSec Challenge Handshaking Authentication Protocol (CHAP) RSA encryption multiple means including IPSec private key encryption public key encryption COMP 6370 IPSec/VPNs – Lecture 14 8 IP Spoofing
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}