... public internetwork in a manner that emulates the properties of a point-to-point private link.The act of configuring and creating a virtualprivatenetwork is known as virtual private networking. ... authenticating server) and all VPN client computers. • PPTP can be used by computers running Windows XP, Windows 2000, Windows NT version 4.0, Windows Millennium Edition (ME), Windows 98, and Windows ... administrators set up a master account database at the directory server or primary domain controller, or on a RADIUS server.Support inWindows 2000 The Routing and RemoteAccess service in Windows...
... SUMMARYVPNs do not make use of dedicated leased linesVPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secureVPN componentsVPN serversVPN clientsProtocols39TUNNELING PROTOCOLSLayer 2 Tunneling Protocol (L2TP)Provides better security through IPSecIPSec enables L2TP to performAuthenticationEncapsulationEncryption18TUNNELING PROTOCOLSSecure Shell (SSH)Provides authentication and encryptionWorks with UNIXbased systemsVersions for Windows are also availableUses publickey cryptographySocks V. 5Provides proxy services for applications That do not usually support proxyingSocks version 5 adds encrypted authentication and support for UDP2016ENCRYPTION SCHEMES USED BY VPNS (CONTINUED)Secure Sockets Layer (SSL) (continued)StepsServer uses its private key to decode premaster codeGenerates a master secret keyClient and server use it to generate session keysServer and client exchange messages saying handshake is completedSSL session begins34SUMMARY (CONTINUED)VPN typesSitetositeClienttositeEncapsulation encloses one packet within another Conceals the original informationVPN protocolsSecure Shell (SSH)Socks version 5PointtoPoint Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)40 Virtual PrivateNetwork (VPN) 29BIếN ĐổI ĐÓNG GÓI TRONG VPN (ENCAPSULATION)Các buớc trong tiến trình VPN Đóng gói (Encapsulation)Mã hoá (Encryption)Xác thực (Authentication)EncapsulationĐóng gói dữ liệu và các thông số khác nhauVí dụ như IP headerBảo vệ tính nguyên vẹn dữ liệu153127VPN CORE ACTIVITY 2: ENCRYPTIONEncryptionProcess of rendering information unreadable by all but the intended recipientComponentsKeyDigital certificateCertification Authority (CA)Key exchange methodsSymmetric cryptographyAsymmetric cryptographyInternet Key ExchangeFWZ2812SUMMARY (CONTINUED)IPSec/IKEEncryption makes the contents of the packet unreadableAuthentication ensures participating computers are authorized usersKerberos: strong authentication systemVPN advantagesHigh level of security at low costVPN disadvantagesCan introduce serious security risks412410255ENCRYPTION SCHEMES USED BY VPNSTriple Data Encryption Standard (3DES)Used by many VPN hardware and software3DES is a variation on Data Encryption Standard (DES)DES is not secure3DES is more secureThree separate 64bit keys to process data3DES requires more computer resources than DES30WHY ESTABLISH A VPN?VPN combinationsCombining VPN hardware with software adds layers of network securityOne useful combination is a VPN bundled with a firewallVPNs do not eliminate the need for firewallsProvide flexibility and versatility13FIREWALL CONFIGURATION FOR VPNS37Protocol ... SUMMARYVPNs do not make use of dedicated leased linesVPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secureVPN componentsVPN serversVPN clientsProtocols39TUNNELING PROTOCOLSLayer 2 Tunneling Protocol (L2TP)Provides better security through IPSecIPSec enables L2TP to performAuthenticationEncapsulationEncryption18TUNNELING PROTOCOLSSecure Shell (SSH)Provides authentication and encryptionWorks with UNIXbased systemsVersions for Windows are also availableUses publickey cryptographySocks V. 5Provides proxy services for applications That do not usually support proxyingSocks version 5 adds encrypted authentication and support for UDP2016ENCRYPTION SCHEMES USED BY VPNS (CONTINUED)Secure Sockets Layer (SSL) (continued)StepsServer uses its private key to decode premaster codeGenerates a master secret keyClient and server use it to generate session keysServer and client exchange messages saying handshake is completedSSL session begins34SUMMARY (CONTINUED)VPN typesSitetositeClienttositeEncapsulation encloses one packet within another Conceals the original informationVPN protocolsSecure Shell (SSH)Socks version 5PointtoPoint Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)40 Virtual PrivateNetwork (VPN) 29BIếN ĐổI ĐÓNG GÓI TRONG VPN (ENCAPSULATION)Các buớc trong tiến trình VPN Đóng gói (Encapsulation)Mã hoá (Encryption)Xác thực (Authentication)EncapsulationĐóng gói dữ liệu và các thông số khác nhauVí dụ như IP headerBảo vệ tính nguyên vẹn dữ liệu153127VPN CORE ACTIVITY 2: ENCRYPTIONEncryptionProcess of rendering information unreadable by all but the intended recipientComponentsKeyDigital certificateCertification Authority (CA)Key exchange methodsSymmetric cryptographyAsymmetric cryptographyInternet Key ExchangeFWZ2812SUMMARY (CONTINUED)IPSec/IKEEncryption makes the contents of the packet unreadableAuthentication ensures participating computers are authorized usersKerberos: strong authentication systemVPN advantagesHigh level of security at low costVPN disadvantagesCan introduce serious security risks412410255ENCRYPTION SCHEMES USED BY VPNSTriple Data Encryption Standard (3DES)Used by many VPN hardware and software3DES is a variation on Data Encryption Standard (DES)DES is not secure3DES is more secureThree separate 64bit keys to process data3DES requires more computer resources than DES30WHY ESTABLISH A VPN?VPN combinationsCombining VPN hardware with software adds layers of network securityOne useful combination is a VPN bundled with a firewallVPNs do not eliminate the need for firewallsProvide flexibility and versatility13FIREWALL CONFIGURATION FOR VPNS37Protocol ... IP 51L2TPPPTPIP 17IP 6UDPTCP1701GRE/PPTPDataIP 47 1723TUNNELING PROTOCOLSPointtoPoint Tunneling Protocol (PPTP)Used when you need to dial in to a server with a modem connectionOn a computer using an older OS versionEncapsulates TCP/IP packetsHeader contains only information needed to route data from the VPN client to the serverUses Microsoft PointtoPoint Encryption (MPPE)Encrypt data that passes between the remote computer and the remoteaccess serverL2TP uses IPSec encryptionMore secure and widely supported17NỘI DUNGNguyên lý VPNCác biến đổi đóng gói trong VPNsMã hoá trong VPNsXác thực trong VPNsƯu nhược điểm của VPNs2VPN CORE ACTIVITY 3: AUTHENTICATIONAuthenticationIdentifying a user or computer as authorized to access and use network resourcesTypes of authentication methods used in VPNsIPSecMSCHAPBoth computers exchange authentication packets and authenticate one anotherVPNs use digital certificates to authenticate users35...
... trò• CLIENT1 chạy Windows XP Professional, bản SP2 : Máy khách• ROUTER1 chạy Windows Server 2003, bản SP1, Standard Edition: Máy chủ VPN & Router trả lời• INTERNET chạy Windows Server 2003, ... Edition: Router Internet• ROUTER2 chạy Windows Server 2003, bản SP1, Standard Edition: Máy chủ VPN- & Router gọi• CLIENT2 chạy Windows XP Professional, bản SP2: Máy kháchMô hình minh họa cho ... Chuyªn Photocopy - §¸nh m¸y - In LuËn v¨n, TiÓu luËn : 6.280.688Lý thuyết. I. Tổng quan về mạng riêng ảo VPN (Virtual Private Network) . II. VPN và bảo mật internet VPN. III. Thiết kế...
... của L2F(Layer 2 Forwarding của Cisco System) và tínhkết nối nhanh Point - to Point của PPTP (Point to Point Tunnling Protocol củaMicrosoft). Trong môi trường RemoteAccess L2TP cho phép khởi ... hiện nay là VPN truy cập từ xa (Remote- Access )và VPN điểm-nối-điểm (site-to-site).1. VPN Remote Access - RemoteAccess VPNs cho phép truy cập bất cứ lúc nào bằng Remote, mobile, và các thiết ... (such as Remote Authentication Dial -In User Service [RADIUS], Terminal Access Controller Access Control System Plus [TACACS+]…).1.5 PPTP (Point to Point Tunneling Protocol)- Được sử dụng trên...
... Inc. Step 1: Log in Log in as Administrator. On a typical system, only the administrator can configure an IP address. Step 2: Configure TCP/IP to use a static IP address Right-click My Network ... entered in the table in the Procedures step of this lab. 7. Click OK. 8. Click OK to close the Local Area Connection Properties dialog box. 9. Minimize the Network And Dial-Up Connections window. ... 2002, Cisco Systems, Inc. Step 4: As a test of the configuration, use Internet Control Messaging Protocol (ICMP), better known as ping. 1. At the command prompt type ping xxx.xxx.xxx.xxx...
... Routing and RemoteAccess nhấn vào RemoteAccess Policies nhấn chuột phải vào Connections to Microsoft Routing and RemoteAccess server chọn Properties. Trên thẻ Setting chọn Grant remoteaccess ... mới (Network Interface trong Routing and Remote Access) 9. Nhấn OK. Trên trang Address Range Assignment nhấn Next 10. Trên trang Managing Multiple RemoteAccess Servers chọn No, use Routing ... the Routing and RemoteAccess Server Setup nhấn Finish Tiếp theo ta cấu hình giao diện quay số yêu cầu 1. Trên Routing and RemoteAccess chọn SIM01 và nhấn chuột phải vào network Interface...
... following equipment is required for this exercise: • A system running Windows2000 with Administrative Tools enabled Scenario The Air Guitar Company has just installed a new system running Windows ... Systems, Inc. Lab 8.3.1: Adding Users inWindows2000 Estimated Time: 10 Minutes Objective • Describe the role and purpose of user accounts. • Plan and create local and domain user accounts. ... the user name, password and domain to log on as the Administrator. In this lab, the student will create two user accounts inWindows2000. Log on as the Administrator and create the first...
... Methods for Administering a Windows 2000Network 19 Review 24 Module 1: Introduction to Active Directory in Windows 2000 Module 1: Introduction to Active Directory inWindows2000 9 ... the directory service in Windows 2000. Module 1: Introduction to Active Directory inWindows2000 19 #### Methods for Administering a Windows2000Network !Using Active Directory ... structure. 10 Module 1: Introduction to Active Directory inWindows2000 Domains !A Domain Is a Security Boundary$A domain administrator can administer only within the domain, unless explicitly...
... Systems, Inc. Step 2: Changing a Password 1. Right-click on the studentA1 account and click Set Password. Type in a new password and then type it again to confirm the password. Step 3: Resetting ... Type it in and then confirm it. Log in with the studentA1 account. 4. Log off as studentA1. Step 4: Deleting an Account 1. Open the Computer Management screen from administrative tools in the ... password on next login” box will display. Click OK to exit. 3. Log off as the administrator and log on with the studentA1 account. When logging back on, a message prompting will be displayed...
... the chart in Step 1, begin adding user accounts and group accounts by selecting them in the name box and clicking the Add button. Again, do so according to the chart in Step 1, then click OK. ... v2.0 - Lab 8.4.3 Copyright 2002, Cisco Systems, Inc. Lab 8.4.3: Assigning Permissions inWindows2000 Estimated Time: 30 Minutes Objective In this exercise, the student will learn how to ... on the scenario that is described in the following section. Equipment The following equipment is required for this exercise: • A computer running Windows2000 formatted with NTFS Scenario...
... 8.5.6: Writing a Script inWindows2000 Estimated Time: 30 Minutes Objective The objective of this lab is to learn how to write a script inWindows2000. Equipment The following equipment ... equipment is required for this exercise: • A computer running Windows2000 Professional Scenario The system administrator needs to create a script in the startup folder that will display on the users ... Greeting = Greeting & " I like the name Steve." End IF End IF MsgBox Greeting 3. Save the document as “Greeting.vbs” Note: If the student needs to edit changes after saving,...
... v2.0 - Lab 7.1.2 Copyright 2002, Cisco Systems, Inc. Lab 7.1.2: Assigning Permissions inWindows2000 Estimated time: 30 Minutes Objective In this exercise, the student will learn how to ... manage folders and assign access rights is an important capability of operating systems. This capability helps ensure data integrity by defining the level of user access. Step 1 First, create ... assign NTFS permissions to folders. Equipment The following equipment is required for this exercise: • A computer running Windows2000 formatted with NTFS Scenario The boss needs a folder...