Network services vpn and voip
1 / 36

Network Services—VPN and VoIP - PowerPoint PPT Presentation

  • Uploaded on

Network Services—VPN and VoIP. Chapter 11. Knowledge Concepts. Understanding VPN technology Getting a grip on encryption The business application of VoIP and VPNs How VoIP works. Important Terms. VPN RADIUS Authentication Provisioned Encryption PPTP, L2TP,IPSec Firewall

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Network Services—VPN and VoIP' - benita

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Knowledge concepts
Knowledge Concepts

  • Understanding VPN technology

  • Getting a grip on encryption

  • The business application of VoIP and VPNs

  • How VoIP works

Important terms
Important Terms

  • VPN


  • Authentication

  • Provisioned

  • Encryption

  • PPTP, L2TP,IPSec

  • Firewall

  • Proxy server

  • PKI

  • DES

  • Symmetric and asymmetric encryption

  • VoIP

  • H.323, SIP, LDAP

Why vpns
Why VPNs?

  • Improves ability to communicate outside of a company

  • Enables secure access

  • Provides rapid provisioning of capacity as needed

Vpn characteristics
VPN Characteristics

  • Logical network

  • Isolates customer traffic on shared provider facilities

  • Looks like a private network

  • Runs on either packet switched data network or circuit-switched public network

  • Can be deployed over a wide range of network technologies

  • Uses shared carrier infrastructure

Deployment models
Deployment Models

  • Customer-based

    • Carriers install gateways, routers and hardware on customer premises

    • Customer manages security

  • Network-based

    • Carrier houses all equipment at POP near customer location

Vpn frameworks
VPN Frameworks

  • Internet based

    • Small ISPs provide local access services in a region

    • Business users get end-to-end services from a variety of suppliers

    • Encryption used to isolate traffic and provide security

    • Customer provides servers wit applications/content

    • A RADIUS server is used to authenticate traffic for access to application/Content servers

    • RADIUS server is connected to a firewall

Provisioned vpns
Provisioned VPNs

  • Packet-switched VPN that runs across ISP backbone using Frame Relay or ATM

  • Supports multiple protocols

  • Provisioned services improve performance by enabling guarantees of service (QoS)

Vpn applications
VPN Applications

  • VPN is an architecture tied together and calibrated

  • Goals are to manage security and deliver applications with minimal latency

  • Save money by

    • Substituting leased lines for Internet connectivity

    • Reducing dial up costs

3 major vpn applications
3 Major VPN Applications

  • Intranets

    • Sit-to-site connections

  • Remote Access

    • Remote workers and outside customers

    • Eliminates modems & remote access routers

  • Extranets

    • Suppliers have specific access

Vpn gateway functions
VPN Gateway Functions

  • Maintenance of a secure logical connection as a tunnel

  • Tunneling is encapsulation of a data packet within an IP packet

  • Remote ends of tunnel can be at edges of ISP or corporate boundary router

  • Traffic is routed as encyrpted

Key tunneling protocols
Key Tunneling Protocols

  • PPTP—Layer 2 in MS products

  • L2TP –used by ISPs on backbone

  • IPSec –covers encryption at 168 bit and authenticated both ends of tunnel connection

    • Works only in IP environment

Vpn security
VPN Security

  • Firewalls are used to control policies for data exchange between 2 networks

  • Routers can act as a firewall by managing packet traffic (filter)

  • Proxy servers used to separate internal network from public services

  • Authentication provided by RADIUS servers

    • Uses CHAP (Challenge Handshake Authentication Protocol) to authenticate

    • Tokens issued with user password to server to verify user access

    • New tokens generated each time a user connects

Basic encryption terminology
Basic Encryption Terminology

  • Plaintext (aka cleartext): original, readable data

  • Ciphertext: scrambled form of plaintext

  • Encryption: reversible conversion of plaintext into ciphertext

  • Decryption: conversion of ciphertext back into plaintext

  • Crack (aka break) code: decrypt ciphertext without knowing key

Basic encryption terminology cont d
Basic Encryption Terminology (cont’d)

  • Key: secret allowing encryption and decryption to be restricted to possessors of key

  • Symmetric encryption: encryption requiring a shared key for both encryption and decryption

  • Asymmetric encryption: algorithm using a different key for decryption than for encryption


  • Encoding plain text data to hide contents with cipher text

  • Symmetric

    • Sender and receiver use same key

    • Popular algorithms: DES, Triple DES, Blowfish

  • Asymmetric (PKI)

    • Different keys with one key held publicly

    • Verifies message through hashing (MD5)

    • Types of public keys are RSA, Diffie-Hellman, PGP

    • PKI uses digital certificates to authenticate users and encrypt data

    • Verisign and Entrust

Us digital signature law
US Digital Signature Law

USA: 15 USC §7006

  • Title 15: Commerce and Trade

    • Chapter 96: Electronic Signatures in Global and National Commerce

  • Based on S.761 (Sponsor Sens Abraham & Spencer)

    • Introduced 1999-003-25

    • Came into force 2000-06-30

    • See Legal Information Institute entry at

Electronic payments
Electronic Payments

  • Credit card transactions

  • Digital cash

  • Micropayments

Credit card transactions
Credit Card Transactions

  • No documented case of interception of credit-card data while in transit through the Internet

    • Most sites use Secure Sockets Layer (SSL)

    • Credit-card information theft has occurred from servers

    • All sensitive data on Web servers should be encrypted

  • Safety of allowing a merchant to use credit-card information depends on the merchant

    • No worse to give info to reputable firm via Web than to clerk who takes card away from view

Credit cards escrow
Credit Cards & Escrow

  • Allow buyer to register credit-card data with reputable firm

    • Merchant receives payment from escrow service

    • Escrow service bills client credit card

    • Insulates buyer from seller

  • Examples:

    • VeriSign Cybercash

    • (for domain name sales)

    • Beseen BuyIt Button

    • Tradenable

    • PayPal

Digital cash
Digital Cash

  • All credit-card transactions result in electronic audit trail

  • Digital cash (aka e-cash) removes trail

    • Load a device with credits

    • Use device for transactions to transfer credits

  • Requires device that can prevent

    • Counterfeiting (loading credits fraudulently)

    • Theft (removing credits fraudulently)

Digital cash cont d
Digital Cash (cont’d)

  • Mechanisms depend on smart cards

    • Devices size of credit card

    • Include microprocessor, RAM, power

    • Programmed with cryptographic tools to prevent unauthorized modification of contents

    • Interface allows merchant to deduct or refund credits

  • Examples include

    • eCash

    • E-Cash Services

Vpns and business
VPNs and Business

Before a VPN—


After a VPN—



  • Not yet a big player with less than 5% of market

  • Cost savings, enhanced voice services and new applications major advantages

  • VoIP gateways bridge circuit-switched PSTN and packet-switched Internet

    • Gateways packetize, and compress voice, route packets, authenticate users, and manage network of gateways

Voip hardware
VoIP Hardware

  • Enterprise gateway

    • Deployed between PBX and WAN device (router) for call set-up,routing, and conversion

  • VoIP routers

    • Voice cards perform packetization and compression functions in a router

  • IP PBX

    • Distributed telephony servers that operat ein packt-switched mode

  • ISP VoIP gateways

    • Aggregate incoming traffic and routing

Voip standards
VoIP Standards

  • H.323

    • Based on ISDN and limited to point-to-point applications

  • SIP

    • Application layer (signaling) protocol

    • Establishes temp sessions for multimedia conferences, telephony, mobile phone-to-instant messaging

  • LDAP

    • Standard directory server technology for Internet

    • Enables retrieval of information from multi-vendor directories

    • Used for free phone and Internet phone number hosting

Important figures
Important Figures

  • Figure 11.1 & 11.2 p.332-333

  • Figure 11.3 & 11.4 p. 334-335

  • Figure 11.5 p. 336

  • Figure 11.8 p. 339

  • Figure 11.10 p. 346

  • Figure 11.12 p. 358