Security less hacker access due to required client software but more potential

Security less hacker access due to required client

This preview shows page 101 - 110 out of 116 pages.

Security: less hacker access (due to required client software), but more potential damage if hacked since remote VPN user appears to be another internal user.TDCRami Ghannam, DeUnive101
Background image
IPSec vs. SSL VPN Servicesfor Remote AccessSSL VPNNo specialized client software required on laptop No new IP addressUses same SSL security used by secure web sitesRemote access to web services easily set up, but SSL access to non-web services requires application redirectionthrough an SSL VPN proxy server (VPN concentrator).Security: easy potential access for anyone, but potential targets are limited to small number of accessible SSL-enabled servers.TDCRami Ghannam, DeUnive102
Background image
VPNSLAsManaged VPN Service Level Agreement (SLA) Example:Standard Service ($)99.5% availability; 200 ms. latencyPremium Service ($$)99.7% availability; 170 ms. latency; Zero packet loss; throughput guaranteePremium-Plus Service ($$$)99.75% availability; 150 ms. latency; Zero packet loss; throughput guarantee; jitter guaranteeTDCRami Ghannam, DeUnive103
Background image
Troubleshooting WAN Layer 2 connectionsR1#show interface s0/2/0R1#show ip interface briefR1#debug ppp authenticationRami Ghannam, DeUnive104TDC
Background image
OSI TroubleshootingNetwork – interface addresses, subnets (masks), routing protocols (are the link networks in the routing statements as well as the connected networks?)sh ip int brsh ip protocolssh ip routeclear ip route *(if you made changes)sh run(or sh run interface serial 0/2/0 )sh ip eigrp nei, sh ip ospf neidebug ip <rip, ospf, eigrp>ACLs (watch for the hidden deny any any at the end)Rami Ghannam, DeUnive105TDC
Background image
Here is the realityIs it plugged in, turned on?Is the cable securely attached? Both ends?Is it Up (configured and activated)?Is it configured correctly (address, mask, protocol, speed, default gw, etc. )?Can it see neighbors? Start close and work your way out. Where does it fail? What are the possible reasons for failure at that point?Physical, logical (3 and up protocols, addresses)Rami Ghannam, DeUnive106TDC
Background image
Follow the electronsHow is data getting from one device to another?Are the physical connections present?What is protocol (data link, network, transport) responsible?Are these all configured correctly?Are they compatible?Where is the failure?Is it at the host (default gw, firewalls, ip address-subnet)Is it at the switch (vlans, tagging, port security)Is it at the router (interface –status, ip addr, routing protocol, restriction)Rami Ghannam, DeUnive107TDC
Background image
Troubleshooting CommandsPing (from device to the next interface)(all devices)Netstat –rn(hosts)Ifconfig ipconfig /all (hosts)Show run (all devices)Sh ip route (routers)Sh mac-address-table (switches)Sh ip int br(routers)Sh controllers <interface> (routers, looks at cable ends)Sh ip protocols (routers)Sh int <interface> trunk(switches)Sh int <interface> (routers)Rami Ghannam, DeUnive108TDC
Background image
RamUnive109
Background image
Image of page 110

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture