1 / 42

Agenda

Agenda. 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM. Homework. Study For Exam. Chapter 10. Data Link Control. Figure 10-1. Data Link Layer. Figure 10-2. Data Link Layer Function. Figure 10-3.

abe
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agenda 1. QUIZ 2. HOMEWORK LAST CLASS 3. HOMEWORK NEXT CLASS 4. DATA LINK CONTROL 5. FIREWALLS 6. PRACTICE EXAM

  2. Homework Study For Exam

  3. Chapter 10 Data Link Control

  4. Figure 10-1 Data Link Layer

  5. Figure 10-2 Data Link Layer Function

  6. Figure 10-3 Line Discipline Categories

  7. Figure 10-4 Line Discipline Concept: ENQ/ACK

  8. Figure 10-5 ENQ/ACK Line Discipline

  9. Figure 10-6 Poll/Select Line Discipline

  10. Figure 10-7 Select

  11. Figure 10-8 Poll

  12. Figure 10-9 Categories of Flow Control

  13. Figure 10-10 Stop-and-Wait

  14. Figure 10-11 Sliding Window

  15. Figure 10-12 Sender Sliding Window

  16. Figure 10-13 Receiver Sliding Window

  17. Figure 10-14 Example of Sliding Window

  18. Figure 10-15 Categories of Error Control

  19. Figure 10-16 Stop-and-wait ARQ, Damaged Frame

  20. Figure 10-17 Stop-and-wait ARQ, Lost Frame

  21. Figure 10-18 Stop-and-wait ARQ, Lost ACK

  22. Figure 10-19 Go-Back-n, Damaged Frame

  23. Figure 10-20 Go-Back-n, Lost Frame

  24. Figure 10-21 Go-Back-n, Lost ACK

  25. Figure 10-22 Selective-Reject, Damaged Frame

  26. WAN-Virtual Circuits VPN VPN

  27. WAN-Virtual Circuits • Problems For Management • VPN implementation, services & overall • utility vary widely--the single complete • solution that can meet all your needs does • not exist • (Depending on your environment) some • implementations hold distinct advantages • over others

  28. WAN-Virtual Circuits • Virtual Private Networking Version 2.0 • 1. What is a VPN? • 2. What is a tunnel? • 3. What is the relationship between VPNs and multi- • system management? • 4. What is significance of Service Level Agreements • (SLAs)?

  29. WAN-Virtual Circuits • Virtual Private Networking Enhancers • 1. IPSec: • A protocol that authenticates, encapsulates • (tunnels) and encrypts traffic across IP networks. • It supports key management, the Internet Key Exchange • protocol & various encryptions (e.g., DES & Tripple DES) • 2. Multiprotocol Label Switching (MPLS): • Defines a process in which a label is attached to an IP • header to increase routing efficiency and enable routers • to forward packets according to specified QoS levels. • Uses a tunneling technique.

  30. MPLS vs. Circuit Switching • MPLS • Minimizes changes to hardware by • routing and switching functions • Will establish pre-hop behavior • for delay sensitive traffic • Permits bandwidth reservation and • flow control over wide range of paths • Will permit bandwidth & other • constraints to be considered in computes • Provides ranking to individual flows so • during failure important flows go first • Circuit Switching • Hardware designs do not need to • change • Minimizes delay variations • Enables accurate bandwidth • reservations • Can automatically compute routes • over known/specified bandwidths • Can provide hard guarantees of • service and routing

  31. VPN Example: Cisco Secure Client CAMPUS InternetVPN and/or IP-VPN X.509 Cert Auth Mobile Dial Remote Access User with Cisco Secure VPN Client Cisco 7100 Series VPN Router VPN Administrator Extranet User with Internet Access Mobile Home User with Cisco Secure VPN Client Cisco Secure Access Control Server-AAA Extranet User with Cisco Secure VPN Client

  32. VPN Example: Cisco Secure Client • Advertised Features • Full compliance with IPSec and related standards • DES, 3DES, MD-5 & SHA-1 algorithms • Internet Key Exchange using ISAKMP/Oakley • Interoperates with virtually all PC Windows communications • devices: LAN adapters, modems, PCMCIA cards, etc. • GUI for configuring security policy and managing certificates • Easy to install and transparent to use with easy configuration • for deployment to end users • Security policy can be exported and protected as read only by • the VPN administrator

  33. VPN Example: Cisco Secure Client • Advertised Applications • Travelling “Road Warrior” communications (client to gateway) • Creation of virtual “secure enclave” on unprotected network • X.509 v3 certificates • FIPS-46 DES encryption • FIPS-180-1 SHA-1 hash • FIPS-186 DSS digital signatures • CAPI 2.0: Microsoft Crypto API • PKCS: Public Key Cryptographic Standards • IP Security Standards

  34. VPN Example: Cisco Secure Client • Internet Protocol Security Standards • RFC 2401 Security Architecture for Internet Protocol • RFC 2402 IP Authentication Header • RFC 2403 Use of HMAC-MD5-96 within ESP & AH • RFC 2404 Use of HMAC-SHA-1-96 within ESP & AH • RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV • RFC 2406 IP Encapsulating Security Payload (ESP) • RFC 2407 IP Security Domain of Interpretation for ISAKMP • RFC 2408 Internet Security Association & Key Management • Protocol (ISAKMP) • RFC 2409 Internet Key Exchange (IKE) • RFC 2410 NULL Encryption Algorithm & its uses with IPSec

  35. VPN Evaluation: Computer Networks Report Services Wt. GTEI Uunet InfonetQuest AT&T PSINet Geogr Coverage 25% 5 3 4 2 2 2.5 SLAs 25% 4 4.5 3 1.5 3 2.5 Pricing 20% 2.5 5 3.5 3.5 1 1 Security 20% 4.5 3.5 2 4 3.5 2 QoS Support 10% 2 2 2 1 1 2 Total Score 3.85 3.76 3.05 2.46 2.25 2.05 B B C+ D D D Specific Products Evaluated: GTE Internetworking: VPN Advantage Note: Scores weighted 0-5 Uunet: UUsecure VPN Direct Edition Infonet: Private Internet Quest Communications: Quest VPN AT&T: Virtual Private Network Service (VPNS) PSINET: IntraNet

  36. Enterprise Firewalls • Problems For Management • What are you most concerned about? • Penetration protection • Performance • Logging & reporting • Data overload • Good records • Type to use? • Hardware (inspection only) • Proxy (software processing) • Central or Distributed Management?

  37. Enterprise Firewalls • Potential Contradictory Goals • Penetration protection vs. performance • Logging & reporting vs. data overload • Good records vs. archival costs • Central or Distributed management • Central management creates security policy & pushes • it out (security policy defined once & easier monitor • or each firewall is configured separately in one • GUI (good for small sites but more overhead) • Distributed management takes more people

  38. Enterprise Firewall Central Manager Internet

  39. Firewall Evaluation: Computer Networks Report Services Wt. VPN-1 SecPIX Raptor NetScreen Sidewinder Management 30% 4 5 4 3 2 Reporting 30% 5 4 2 2 2 Security Features 20% 5 3 5 3 3 Firewall Perform 10% 5 5 3 5 3 VPN Perform 10% 3 2 2 5 2 Total Score 4.5 4.0 3.3 3.1 2.3 A- B+ C+ C+ D Compaines: VPN-1 Gateway & VPN-1 Accellerator Card: Check Point Secure PIX: Cisco Raptor: Axent NetScreen 100 1.66: NetScreen Technologies Note: Scores weighted 0-5 Sidewinder: Secure Computing

  40. Current Offerings

  41. Current Offerings

More Related