Network Services—VPN and VoIP - PowerPoint PPT Presentation

Network services vpn and voip
Download
1 / 36

  • 124 Views
  • Uploaded on
  • Presentation posted in: General

Network Services—VPN and VoIP. Chapter 11. Knowledge Concepts. Understanding VPN technology Getting a grip on encryption The business application of VoIP and VPNs How VoIP works. Important Terms. VPN RADIUS Authentication Provisioned Encryption PPTP, L2TP,IPSec Firewall

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Network Services—VPN and VoIP

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Network services vpn and voip

Network Services—VPN and VoIP

Chapter 11


Knowledge concepts

Knowledge Concepts

  • Understanding VPN technology

  • Getting a grip on encryption

  • The business application of VoIP and VPNs

  • How VoIP works


Important terms

Important Terms

  • VPN

  • RADIUS

  • Authentication

  • Provisioned

  • Encryption

  • PPTP, L2TP,IPSec

  • Firewall

  • Proxy server

  • PKI

  • DES

  • Symmetric and asymmetric encryption

  • VoIP

  • H.323, SIP, LDAP


Tunneling with a vpn

Tunneling with a VPN


Why vpns

Why VPNs?

  • Improves ability to communicate outside of a company

  • Enables secure access

  • Provides rapid provisioning of capacity as needed


How remote access via a vpn works

How Remote Access Via a VPN Works


Vpn characteristics

VPN Characteristics

  • Logical network

  • Isolates customer traffic on shared provider facilities

  • Looks like a private network

  • Runs on either packet switched data network or circuit-switched public network

  • Can be deployed over a wide range of network technologies

  • Uses shared carrier infrastructure


Deployment models

Deployment Models

  • Customer-based

    • Carriers install gateways, routers and hardware on customer premises

    • Customer manages security

  • Network-based

    • Carrier houses all equipment at POP near customer location


Vpn frameworks

VPN Frameworks

  • Internet based

    • Small ISPs provide local access services in a region

    • Business users get end-to-end services from a variety of suppliers

    • Encryption used to isolate traffic and provide security

    • Customer provides servers wit applications/content

    • A RADIUS server is used to authenticate traffic for access to application/Content servers

    • RADIUS server is connected to a firewall


Provisioned vpns

Provisioned VPNs

  • Packet-switched VPN that runs across ISP backbone using Frame Relay or ATM

  • Supports multiple protocols

  • Provisioned services improve performance by enabling guarantees of service (QoS)


Vpn applications

VPN Applications

  • VPN is an architecture tied together and calibrated

  • Goals are to manage security and deliver applications with minimal latency

  • Save money by

    • Substituting leased lines for Internet connectivity

    • Reducing dial up costs


3 major vpn applications

3 Major VPN Applications

  • Intranets

    • Sit-to-site connections

  • Remote Access

    • Remote workers and outside customers

    • Eliminates modems & remote access routers

  • Extranets

    • Suppliers have specific access


Vpn gateway functions

VPN Gateway Functions

  • Maintenance of a secure logical connection as a tunnel

  • Tunneling is encapsulation of a data packet within an IP packet

  • Remote ends of tunnel can be at edges of ISP or corporate boundary router

  • Traffic is routed as encyrpted


Key tunneling protocols

Key Tunneling Protocols

  • PPTP—Layer 2 in MS products

  • L2TP –used by ISPs on backbone

  • IPSec –covers encryption at 168 bit and authenticated both ends of tunnel connection

    • Works only in IP environment


Vpn security

VPN Security

  • Firewalls are used to control policies for data exchange between 2 networks

  • Routers can act as a firewall by managing packet traffic (filter)

  • Proxy servers used to separate internal network from public services

  • Authentication provided by RADIUS servers

    • Uses CHAP (Challenge Handshake Authentication Protocol) to authenticate

    • Tokens issued with user password to server to verify user access

    • New tokens generated each time a user connects


Basic encryption terminology

Basic Encryption Terminology

  • Plaintext (aka cleartext): original, readable data

  • Ciphertext: scrambled form of plaintext

  • Encryption: reversible conversion of plaintext into ciphertext

  • Decryption: conversion of ciphertext back into plaintext

  • Crack (aka break) code: decrypt ciphertext without knowing key


Basic encryption terminology cont d

Basic Encryption Terminology (cont’d)

  • Key: secret allowing encryption and decryption to be restricted to possessors of key

  • Symmetric encryption: encryption requiring a shared key for both encryption and decryption

  • Asymmetric encryption: algorithm using a different key for decryption than for encryption


Encryption

Encryption

  • Encoding plain text data to hide contents with cipher text

  • Symmetric

    • Sender and receiver use same key

    • Popular algorithms: DES, Triple DES, Blowfish

  • Asymmetric (PKI)

    • Different keys with one key held publicly

    • Verifies message through hashing (MD5)

    • Types of public keys are RSA, Diffie-Hellman, PGP

    • PKI uses digital certificates to authenticate users and encrypt data

    • Verisign and Entrust


Us digital signature law

US Digital Signature Law

USA: 15 USC §7006

  • Title 15: Commerce and Trade

    • Chapter 96: Electronic Signatures in Global and National Commerce

  • Based on S.761 (Sponsor Sens Abraham & Spencer)

    • Introduced 1999-003-25

    • Came into force 2000-06-30

    • See Legal Information Institute entry at

      http://www4.law.cornell.edu/uscode/15/ch96.html#PC96


Electronic payments

Electronic Payments

  • Credit card transactions

  • Digital cash

  • Micropayments


Credit card transactions

Credit Card Transactions

  • No documented case of interception of credit-card data while in transit through the Internet

    • Most sites use Secure Sockets Layer (SSL)

    • Credit-card information theft has occurred from servers

    • All sensitive data on Web servers should be encrypted

  • Safety of allowing a merchant to use credit-card information depends on the merchant

    • No worse to give info to reputable firm via Web than to clerk who takes card away from view


Credit cards escrow

Credit Cards & Escrow

  • Allow buyer to register credit-card data with reputable firm

    • Merchant receives payment from escrow service

    • Escrow service bills client credit card

    • Insulates buyer from seller

  • Examples:

    • VeriSign Cybercash http://www.cybercash.com

    • Escrow.com http://www.escrow.com (for domain name sales)

    • Beseen BuyIt Button http://buyit.beseen.com

    • Tradenable http://www.tradenable.com

    • PayPal www.paypal.com


Digital cash

Digital Cash

  • All credit-card transactions result in electronic audit trail

  • Digital cash (aka e-cash) removes trail

    • Load a device with credits

    • Use device for transactions to transfer credits

  • Requires device that can prevent

    • Counterfeiting (loading credits fraudulently)

    • Theft (removing credits fraudulently)


Digital cash cont d

Digital Cash (cont’d)

  • Mechanisms depend on smart cards

    • Devices size of credit card

    • Include microprocessor, RAM, power

    • Programmed with cryptographic tools to prevent unauthorized modification of contents

    • Interface allows merchant to deduct or refund credits

  • Examples include

    • eCash http://www.digiscash.com

    • E-Cash Services http://www.ecashservices.com


Expensive leased lines

Expensive Leased Lines


Vpn access as an intranet

VPN Access as an Intranet


Vpns and business

VPNs and Business

Before a VPN—

Point-to-Point

After a VPN—

Tunneled


Encryption and vpns

Encryption and VPNs


Evaluating a vpn solution

Evaluating a VPN Solution


Network services vpn and voip

VoIP

  • Not yet a big player with less than 5% of market

  • Cost savings, enhanced voice services and new applications major advantages

  • VoIP gateways bridge circuit-switched PSTN and packet-switched Internet

    • Gateways packetize, and compress voice, route packets, authenticate users, and manage network of gateways


Voip hardware

VoIP Hardware

  • Enterprise gateway

    • Deployed between PBX and WAN device (router) for call set-up,routing, and conversion

  • VoIP routers

    • Voice cards perform packetization and compression functions in a router

  • IP PBX

    • Distributed telephony servers that operat ein packt-switched mode

  • ISP VoIP gateways

    • Aggregate incoming traffic and routing


Voip infrastructure

VoIP Infrastructure


Voip architecture

VoIP Architecture


Implementing voip

Implementing VoIP


Voip standards

VoIP Standards

  • H.323

    • Based on ISDN and limited to point-to-point applications

  • SIP

    • Application layer (signaling) protocol

    • Establishes temp sessions for multimedia conferences, telephony, mobile phone-to-instant messaging

  • LDAP

    • Standard directory server technology for Internet

    • Enables retrieval of information from multi-vendor directories

    • Used for free phone and Internet phone number hosting


Important figures

Important Figures

  • Figure 11.1 & 11.2 p.332-333

  • Figure 11.3 & 11.4 p. 334-335

  • Figure 11.5 p. 336

  • Figure 11.8 p. 339

  • Figure 11.10 p. 346

  • Figure 11.12 p. 358


  • Login