LECTURE 4 NETWORK INFRASTRUCTURE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "LECTURE 4 NETWORK INFRASTRUCTURE"

Transcription

1 SYSTEM ADMINISTRATION MTAT LECTURE 4 NETWORK INFRASTRUCTURE Prepared By: Amnir Hadachi and Artjom Lind University of Tartu, Institute of Computer Science / 1

2 OUTLINE 1.Gateway 2.Virtual Private Network 3.Firewalls 4.Dynamic routing 5.IPv6 6.Domain name servers (DNS) 7.Dynamic host configuration protocol (DHCP) 8.Extra Technical Details 2

3 1. GATEWAY Internet Internet protocol - IP Transmission control protocol -TCP / User datagram protocol - UDP 3

4 GATEWAY Gateway: DEFINITION 4.1 A gateway is a system linking several networks. it is connected to each of the networks, it links them together and acts as a router to convert IP packets between its various interfaces Extra: DEFINITION 4.2 IP packets is a segmented transmitted data into limited-size packets and it is a characteristic of the IP protocol. 4

5 GATEWAY CASE 5.1: let s suppose we are in a local network which uses a private address range. Therefore, the gateway needs to implement address masquerading in order to allow the machines on the network to communicate with the outside world. DEFINITION 5.1 Masquerading process is kind of proxy operating on the network level. Which means each outgoing connection from internal machine is replaced by a connection from the gateway itself and the coming back data is sent through the masquerade connection back to the internal machine. (For This purpose TCP is used) Internet TCP -> - Gateway Server

6 GATEWAY DEFINITION 4.2 TCP (Transmission Control Protocol) is a layer over IP allowing the establishment of connections dedicated to data streams between tow points. To: From: HOW DOES IT WORK (TCP/IP DATA FLOW): To: From: ROUTER ROUTER SENDER ROUTER ROUTER RECIPIENT ROUTER ROUTER ROUTER STAGE 1 THE TCP PROTOCOL SPLIT THE DATA INTO PACKETS. AND ESTABLISH A CONNECTION STAGE 2 THE PACKETS TRAVEL FROM ROUTER TO ROUTER OVER THE INTERNET ACCORDING TO THE IP PROTOCOL 6 STAGE 3 THE TCP PROTOCOL REASSEMBLE THE PACKETS INTO THE ORIGINAL MESSAGE

7 GATEWAY Another protocol relying on IP is UDP DEFINITION 7.1 UDP (User Datagram Protocol) is also packet oriented however it only transmit one packet from an application to another with no compensation of packet loss or ensuring that packet has been received. To: From: To: From: SENDER RECIPIENT UDP DOES NOT ESTABLISH A CONNECTION BEFORE SENDING THE DATA 7

8 GATEWAY Gateway can perform two type of network address translation (NAT): Destination NAT (DNAT) DEFINITION 8.1 DNAT is a technique to alter the destination IP address for a incoming connection. Source NAT (SNAT) DEFINITION 8.2 SNAT is a technique to alter the source IP address of a outgoing connection. REMARK 8.1 Note that NAT is only relevant for IPv4 and its limited address space, in IPv6, the wide availability of dresses reduce the use of NAT by allowing directly internal address to be routable to internet. 8

9 GATEWAY Example NAT: NAT Router INSIDE Internet NAT IP Internet IP DNAT IS LITERALLY AN EXAMPLE OF PORT FORWARDING

10 2. VIRTUAL PRIVATE NETWORK Internet OpenVPN VPN wish SSH IPsec PPTP VPN 10

11 VPN DEFINITION 11.1 VPN (Virtual Private Network ) is a way to link two different local networks via the internet by the mean of a tunnel. (Tunnel is usually encrypted for confidentiality) EXAMPLE 11.1: OpenVPN is piece of software that allows to create virtual private network. In order to secure the communication OpenVPN relies on OpenSSL for all the SSL/TLS cryptography and association features. SSL (SECURE SOCKET LAYER) PROTOCOL WAS INVENTED BY NETSCAPE TO SECURE CONNECTIONS TO WEB SERVICES LATER IT WAS STANDARDIZED BY IEFT UNDER THE ACRONYM TLS (TRANSPORT LAYER SECURITY) 11

12 VPN Security in VPN easy-rsa: the use of RSA algorithm for the public-key cryptography! Problem anyone can pretend the identity of their choice Solution is the concept of Certification Authority (CA), formalised by the X.509 standard. THIS TERM COVERS AN ENTITY THAT HOLDS A TRUSTED KEY PAIR KNOWN AS A ROOT CERTIFICATE. THUS, THIS CERTIFICATE IS THE ONLY ONE USED TO SIGN OTHER CERTIFICATES. All this is done by using data encapsulation and encryption in order to ensure the proposer users get access and data sessions cross VPN device. 12

13 VPN VPN concept: A tunnel is created, through the LANs and WANs that are being used 13

14 VPN Most Popular VPN protocols Point to point Tunneling Protocol (PPTP) Layer Two Tunneling Protocol with Internet Protocol Security (L2TP / IPsec ) 14

15 VPN PPTP DEFINITION 15.1 PPTP is an encapsulates point-to-point frames into IP datagrams for transmission over IP-based network. Characteristics: (data is not encrypted by default) Allows multi protocol traffic to be encrypted, encapsulated in an IP header and then sent across an IP network or public IP network. Uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames. Encrypted IP HEADER GRE HEADER PPP HEADER PPP PAYLOAD (IP DATAGRAM) 15 PPP Frame

16 VPN DEFINITION 16.1 An IP header is a prefix to an IP packet which contains information about IP version, source IP, destination IP, time-to-live, etc DEFINITION 16.1 Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. DEFINITION 16.1 Point-to-Point Protocol (PPP) is a data link protocol used to establish a direct connection between two nodes. DEFINITION 16.1 IP datagram can be considered as the basic unit of information passed across the internet. IP datagram contains a source and destination address along with data. (for more information check 16

17 VPN IP datagram (More details link: 17

18 VPN L2TP with IPsec IPSEC IS A SECURITY PROTOCOL THAT USES AUTHENTICATION AND ENCRYPTION FOR EACH IP PACKET. DEFINITION 18.1 L2TP with IPsec is combination of PPTP and layer two forwarding (L2F), which is a technology from Cisco Systems, Inc, and IPSec is used to encrypt the messages. Characteristics: Allows multi protocol traffic to be encrypted and then sent over any point-to-point datagram delivery support. Relies on IPSec in transport mode for encryption services Encapsulation of L2TP/IPsec consists of two layers: L2TP Encapsulation IPSec Encapsulation 18

19 VPN Encapsulation: L2TP: PPP frame is wrapped with L2TP and UDP header IPsec: The L2TP message is wrapped with an IPSec Encapsulating Security Payload (ESP) header and trailer, and an IPSec Authentication Trailer 19

20 3. FIREWALLS Internet Firewall Netfilter 20

21 FIREWALLS DEFINITION 21.1 A firewall is a piece of computer equipment with hardware and/or software that sorts the incoming or outgoing network packets (coming to or from a local network) and only lets through those matching certain predefined conditions. REMARK 21.1: The firewall is filtering network gateway and is only effective when the only way or route for the packets to access is through the firewall. e.g. the Netfilter firewall in debian 21

22 FIREWALL Netfilter, uses four distinct tables that regulates the filtering of the packets using specific rules and operations: Tables name Description filter nat mangle raw 22 concerns filtering rules: accepting, refusing, ignoring concerns translation of source or destination addresses and ports packages concerns other changes to the IP packets allows other manual modifications on packets before they reach the connection tracking system

23 FIREWALLS Each of the previous tables has: list of rules, called chains the admin can modify the chains 23

24 FIREWALLS Each of the previous tables has: list of rules, called chains the admin can modify the chains filter table chains nat table chains mangle table chains raw table chains 24

25 FIREWALLS filter table chains Chains Description INPUT concerns packets whose destination in the firewall itself OUTPUT concerns packets emitted by firewall FORWARD concerns packets transiting through the firewall (which is neither their source or destination) 25

26 FIREWALLS nat table chains Chains Description REROUTING to modify packets as soon as arrive POSTROUTING to modify packets when they are ready to go on their way OUTPUT to modify packets generated by the firewall itself 26

27 FIREWALLS mangle table chains Chain PREROUTING POSTROUTING INPUT OUTPUT FORWARD 27

28 FIREWALLS raw table chains Chain PREROUTING OUTPUT 28

29 FIREWALLS Each chains mentioned before is a list of rules and it is called in a specific other; NETWORK APPLICATION INPUT OUTPUT PREROUTING FORWARD POSTROUTING 29

30 4. DYNAMIC ROUTING 30

31 DYNAMIC ROUTING DEFINITION 31.1 Dynamic routing allows routers to adjust, in real time, the path used for transmitting IP packets. Each protocol involves its own method of defining routes. (e.g. using shortest path, use routes advertised by peers,etc.) REMARK 31.1: The reference tool for this task is quagga. it is a set of daemons cooperating to define the routing tables that should be used by the linux kernel. 31

32 DYNAMIC ROUTING Functions of Dynamic routing Dynamically share information between routers Automatically update routing table when topology changes Determine best path to a destination Ability to find a new best path if the current path is no longer available 32

33 DYNAMIC ROUTING Extra info: 33

34 5. IPV6 V. 34

35 IPV6 DEFINITION 35.1 IPv6,successor of IPv4, is a new version of IP protocol designed to fix its flaws and handle the network layer. Purpose: Provide a new way to address machines Convey data to their intended destination Handle data fragmentation if needed (split packets into chunks) 35

36 IPV6 Header comparison IPv4 vs IPv6: 36 Source: cisconet.com

37 IPV6 Larger address space: IPV4 = 32 BITS IPV6 = 128 BITS IPv4: 32 bits = 4,294,967,296 possible addressable devices IPv6: 128 bits: 4 times the size in bits = 3.4 x 10^38 possible addressable devices = 340,282,366,920,938,463,463,374,607,431,768,211,456 5 x 10^28 addresses per person on the planet 37

38 IPV6 Configuration - enabling IPv6: put ipv6 in /etc/modules Edit /etc/network/interfaces face ethic inet6 static address 2001:XXXX:YYYY:ZZZZ::1 netmask 64 38

39 IPV6 Configuration - tunnel: Edit /etc/network/interfaces face tun0 inet6 v4tunnel endpoint A.B.C.D address 2001:XXXX:YYYY:ZZZZ::2 gateway 2001:XXXX:YYYY:ZZZZ::1 netmask 64 39

40 IPV6 Router Advertisement (RA) Autoconfiguration: Add in /etc/radvd.conf interface ethic { AdvSendAdvert on; AdvLinkMTU 1472; prefix 2001:XXXX:YYYY:ZZZZ:/64 { AdvOnLink on; AdvPreferredLifetime 3600; AdvValidLifetime 7200; }; }; 40

41 6. DOMAIN NAME SERVERS 41

42 DNS DEFINITION 42.1 The Domain Name Service (DNS) is a fundamental component of the Internet: it maps host names to IP addresses (and vice-versa), which allows the use of instead of or 2001:41c8:1000:21::21:4. DNS Provides: Mapping from names to addresses and vice versa Mechanism to store and retrieve information in a global data store Where to send mail for a domain Geographical information etc. 42

43 DNS Basic DNS tools: Using the host command: # host ut.ee AHs-Mac-mini:~ AH$ host ut.ee ut.ee has address ut.ee mail is handled by 20 frida.it.da.ut.ee. ut.ee mail is handled by 20 berta.it.da.ut.ee. # host AHs-Mac-mini:~ AH$ host has address has IPv6 address 2001:bb8:2002:500::42 Using the host IPv6 # host 2001:bb8:2002:500::42 AHs-Mac-mini:~ AH$ host 2001:bb8:2002:500:: b.b ip6.arpa domain name pointer 43

44 DNS DNS built:.(root) Components: Name space.com.edu.ee Servers making that name space.google.berkeley.ut available DNS database. Forms a tree structure. 44

45 DNS DNS built: DNS is hierarchical DNS administration is shared.com.edu.ee This distribution of administration is called delegation.google.berkeley.ut. 45

46 DOS How DNS works DNS SERVER 3 YES I HAVE IT IN MY CACHE IT IS MAPPED TO THIS IP ADDRESS: THANKS I GOT IT I CAN ACCESS NOW 5 4 AWESOME I WILL CACHE IT TOO FOR WHILE IN CASE SOMEONE ASK FOR IT AGAIN DNS SERVER 1 RESOLVER / QUERY I NEED DIRECTION TO I CANNOT FIND THE DOMAIN IN MY DATABASE, I LL CHECK ANOTHER DNS SERVER

47 DNS Query detail with tcpdump $ sudo -s passwd: # tcpdump -s1500 -n port 53 AHs-Mac-mini:~ AH$ sudo tcpdump -s1500 -n port 53 tcpdump: data link type PKTAP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pktap, link-type PKTAP (Packet Tap), capture size 1500 bytes 09:02: IP > : A? dr-eu.skype-cr.akadns.net. (43) 09:02: IP > : AAAA? dr-eu.skype-cr.akadns.net. (43) 09:02: IP > : /10/7 A , A , A , A , A , A , A , A (507) 09:02: IP > : /1/0 (109) 47

48 DNS Query detail and analysis: you can use 48

49 DNS Resolver configuration: How does your computer which DNS server to send the query to get information: location /etc/resolv.conf if you check it you will find: or nameserver a.b.c.d nameserver ip:v6:ad:dr:es:ss IS THE IP/IPV6 OF A FUNCTIONING DNS SERVER. 49

50 7. DYNAMIC HOST CONFIGURATI ON PROTOCOL 50

51 DHCP DEFINITION 51.1 DHCP is a protocol by which a machine can automatically get its network configuration when it boots. DHCP provides: Network related parameters: IP address Network where the machine belongs Dynamic assignment of IP addresses DNS servers etc. 51

52 DHCP DHCP configuration: Configuration file location /etc/dhcp/dhcp.comf domain name DNS servers 52

53 DHCP DHCP interactions IP Lease Discover DHCP Client IP Lease Offers DHCP Server IP lease Request IP lease Acknowledge 53

54 DHCP DHCP Message format source: 54

55 DHCP DHCP Message fields: Message Description Code HWtype Indicates a request or a replay: 1 request 2 reply the type of hardware (e.g. 1 Ethernet 6 IEEE 802 networks) length hardware address length in bytes hops the client sets this to 0 in order to be incremented by router that relays the request to another server and is used to identify loops. 55

56 DHCP DHCP Message fields: Message Description Transaction ID A random number used to match this boot request with the response it generates. Seconds Set by the client. it is the elapsed time in seconds since the client started its boot process Flags field the flgs field is used as broadcast flag client IP address set by the client. either is know IP agrees or

57 DHCP DHCP Message fields: Message Description Your IP address set by the server if the client IP address field was Server IP address set by the server Router IP server this is the address of a BOOTP rely agent client hardware address set by the client, Mac address 57

58 DHCP DHCP Message fields: Message Description Server host name optional server host name terminated by X 00 Boot file name the client either leaves this null or specifies a generic name like router, type of boot options Name sever, domain name, (There is more than 100 options link:

59 DHCP DHCP Message type: 1 = DHCP Discover message (DHCPDiscover). 2 = DHCP Offer message (DHCPOffer). 3 = DHCP Request message (DHCPRequest). 4 = DHCP Decline message (DHCPDecline). 5 = DHCP Acknowledgment message (DHCPAck). 6 = DHCP Negative Acknowledgment message (DHCPNak). 7 = DHCP Release message (DHCPRelease). 8 = DHCP Informational message (DHCPInform). 59

60 8. EXTRA TECHNICAL DETAILS 60

61 EXTRA TECHNICAL DETAILS DNS More details Slides (Numbers):1-13, Slides (Numbers):14, Slides (Numbers):20-End Slides (Numbers):

62 EXTRA TECHNICAL DETAILS DHCP More details Slides: Slides:

63 EXTRA TECHNICAL DETAILS Firewalls More details Slides:

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes Dynamic Host Configuration Protocol (DHCP) 1 1 Dynamic Assignment of IP addresses Dynamic assignment of IP addresses is desirable for several reasons: IP addresses are assigned on-demand Avoid manual IP

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)

More information

Lecture Objectives. Lecture 6 Mobile Networks: Nomadic Services, DHCP, NAT, and VPNs. Agenda. Nomadic Services. Agenda. Nomadic Services Functions

Lecture Objectives. Lecture 6 Mobile Networks: Nomadic Services, DHCP, NAT, and VPNs. Agenda. Nomadic Services. Agenda. Nomadic Services Functions Lecture Objectives Wireless Networks and Mobile Systems Lecture 6 Mobile Networks: Nomadic Services, DHCP, NAT, and VPNs Describe the role of nomadic services in mobile networking Describe the objectives

More information

Application Protocols for TCP/IP Administration

Application Protocols for TCP/IP Administration Application Protocols for TCP/IP Administration BootP, TFTP, DHCP Agenda BootP TFTP DHCP BootP, TFTP, DHCP, v4.4 2 Page 60-1 BootP (RFC 951, 1542, 2132) BootP was developed to replace RARP capabilities

More information

Internet Protocols. Supporting Protocols and Framing. Updated: 9/30/14

Internet Protocols. Supporting Protocols and Framing. Updated: 9/30/14 Internet Protocols Supporting Protocols and Framing Updated: 9/30/14 Supporting Protocols ARP / RARP BOOTP ICMP DHCP NAT IP Supporting Protocols IP protocol only deals with the data transfer (best-effort)

More information

This chapter describes how to set up and manage VPN service in Mac OS X Server.

This chapter describes how to set up and manage VPN service in Mac OS X Server. 6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure

More information

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Linux is a open source operating system and any firewall

More information

A DHCP Primer. Dario Laverde, dario@mediatracker.com. 2002 Dario Laverde

A DHCP Primer. Dario Laverde, dario@mediatracker.com. 2002 Dario Laverde A DHCP Primer Dario Laverde, dario@mediatracker.com 2002 Dario Laverde Dynamic Host Configuration Protocol DHCP Client DHCP DHCP Server Dynamic Host Configuration consists of at least an IP address in

More information

GPRS / 3G Services: VPN solutions supported

GPRS / 3G Services: VPN solutions supported GPRS / 3G Services: VPN solutions supported GPRS / 3G VPN soluti An O2 White Paper An O2 White Paper Contents Page No. 3 4-6 4 5 6 6 7-10 7-8 9 9 9 10 11-14 11-12 13 13 13 14 15 16 Chapter No. 1. Executive

More information

HOST AUTO CONFIGURATION (BOOTP, DHCP)

HOST AUTO CONFIGURATION (BOOTP, DHCP) Announcements HOST AUTO CONFIGURATION (BOOTP, DHCP) I. HW5 online today, due in week! Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 I. Auto configuration

More information

Internet Privacy Options

Internet Privacy Options 2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms

More information

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company

More information

21.4 Network Address Translation (NAT) 21.4.1 NAT concept

21.4 Network Address Translation (NAT) 21.4.1 NAT concept 21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

More information

Chapter 12 Supporting Network Address Translation (NAT)

Chapter 12 Supporting Network Address Translation (NAT) [Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information

More information

More Internet Support Protocols

More Internet Support Protocols Domain Name System (DNS) Ch 2.5 More Internet Support Protocols Problem statement: Average brain can easily remember 7 digits On average, IP addresses have 10.28 digits We need an easier way to remember

More information

Efficient Addressing. Outline. Addressing Subnetting Supernetting CS 640 1

Efficient Addressing. Outline. Addressing Subnetting Supernetting CS 640 1 Efficient Addressing Outline Addressing Subnetting Supernetting CS 640 1 IPV4 Global Addresses Properties IPv4 uses 32 bit address space globally unique hierarchical: network + host 7 24 Dot Notation 10.3.2.4

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

Boot(ing) protocols. From (R)ARP to BSDP. dr. C. P. J. Koymans. Informatics Institute University of Amsterdam. September 12, 2008

Boot(ing) protocols. From (R)ARP to BSDP. dr. C. P. J. Koymans. Informatics Institute University of Amsterdam. September 12, 2008 Boot(ing) protocols From (R)ARP to BSDP dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 12, 2008 dr. C. P. J. Koymans (UvA) Boot(ing) protocols September 12, 2008 1 / 25 ARP

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015

Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015 CS168 Computer Networks Jannotti Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015 Contents 1 Introduction 1 2 Components 1 2.1 Creating the tunnel..................................... 2 2.2 Using the

More information

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

More information

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN Firewall IPTables and its use in a realistic scenario FEUP MIEIC SSIN José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 Topics 1- Firewall 1.1 - How they work? 1.2 - Why use them? 1.3 - NAT

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

Review: Lecture 1 - Internet History

Review: Lecture 1 - Internet History Review: Lecture 1 - Internet History late 60's ARPANET, NCP 1977 first internet 1980's The Internet collection of networks communicating using the TCP/IP protocols 1 Review: Lecture 1 - Administration

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Overview. Protocols. VPN and Firewalls

Overview. Protocols. VPN and Firewalls Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls VPN-Definition VPNs (Virtual Private Networks)

More information

Chapter 7. Local Area Network Communications Protocols

Chapter 7. Local Area Network Communications Protocols Chapter 7 Local Area Network Communications Protocols IP Version 4 The most commonly used network layer protocol is IP, or the Internet Protocol. As its name would indicate, IP is the protocol used on

More information

Technical Support Information Belkin internal use only

Technical Support Information Belkin internal use only The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security

More information

Introduction To Computer Networking

Introduction To Computer Networking Introduction To Computer Networking Alex S. 1 Introduction 1.1 Serial Lines Serial lines are generally the most basic and most common communication medium you can have between computers and/or equipment.

More information

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode 13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4

More information

Lecture 17 - Network Security

Lecture 17 - Network Security Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat

More information

Linux Routers and Community Networks

Linux Routers and Community Networks Summer Course at Mekelle Institute of Technology. July, 2015. Linux Routers and Community Networks Llorenç Cerdà-Alabern http://personals.ac.upc.edu/llorenc llorenc@ac.upc.edu Universitat Politènica de

More information

Chapter 5. Data Communication And Internet Technology

Chapter 5. Data Communication And Internet Technology Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN

More information

19531 - Telematics. 14th Tutorial - Proxies, Firewalls, P2P

19531 - Telematics. 14th Tutorial - Proxies, Firewalls, P2P 19531 - Telematics 14th Tutorial - Proxies, Firewalls, P2P Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 10. February, 2011 Institute of Computer Science Telematics

More information

Introduction to IP v6

Introduction to IP v6 IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation

More information

Autumn Oct 21, Oct 21, 2004 CS573: Network Protocols and Standards 1 Oct 21, 2004 CS573: Network Protocols and Standards 2

Autumn Oct 21, Oct 21, 2004 CS573: Network Protocols and Standards 1 Oct 21, 2004 CS573: Network Protocols and Standards 2 IPv4 IP: Addressing, ARP, Routing Protocols and Standards Autumn 2004-2005 IP Datagram Format IPv4 Addressing ARP and RARP IP Routing Basics Subnetting and Supernetting ICMP Address Translation (NAT) Dynamic

More information

Full Paper Proc. of Int. Joint Colloquium on Emerging Technologies in Computer Electrical and Mechanical 2011

Full Paper Proc. of Int. Joint Colloquium on Emerging Technologies in Computer Electrical and Mechanical 2011 Customized Dynamic Host Configuration Protocol Mr. Sadananda M P and Mr. Sudeep Manohar Encore Software Private Ltd., Bangalore, India Email: sadanand119@gmail.com Jawaharlal Nehru National College of

More information

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN

More information

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1 Scaling the Network: Subnetting and Other Protocols Networking CS 3470, Section 1 Today CIDR Subnetting Private IP addresses ICMP, IMAP, and DHCP Protocols 2 Packet Encapsulation ** Creative Commons: http://en.wikipedia.org/wiki/file:udp_encapsulation.svg

More information

Cisco Which VPN Solution is Right for You?

Cisco Which VPN Solution is Right for You? Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2

More information

Protecting and controlling Virtual LANs by Linux router-firewall

Protecting and controlling Virtual LANs by Linux router-firewall Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia

More information

Virtual Private Network VPN, VRF, and MPLS

Virtual Private Network VPN, VRF, and MPLS CE443 Computer Networks Virtual Private Network VPN, VRF, and MPLS Behnam Momeni Computer Engineering Department Sharif University of Technology Acknowledgments: Lecture slides are from Computer networks

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture Packet Capture Document Scope This solutions document describes how to configure and use the packet capture feature in SonicOS Enhanced. This document contains the following sections: Feature Overview

More information

Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.

Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup. CEN 007C Computer Networks Fundamentals Instructor: Prof. A. Helmy Homework : Network Layer Assigned: Nov. 28 th, 2011. Due Date: Dec 8 th, 2011 (to the TA) 1. ( points) What are the 2 most important network-layer

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Internet Working 5 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004

Internet Working 5 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004 5 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004 1 43 Last lecture Lecture room hopefully all got the message lecture on tuesday and thursday same

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Chapter 4: Security of the architecture, and lower layer security (network security) 1 Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

Firewalls. Chien-Chung Shen cshen@cis.udel.edu

Firewalls. Chien-Chung Shen cshen@cis.udel.edu Firewalls Chien-Chung Shen cshen@cis.udel.edu The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective

More information

GPRS and 3G Services: Connectivity Options

GPRS and 3G Services: Connectivity Options GPRS and 3G Services: Connectivity Options An O2 White Paper Contents Page No. 3-4 5-7 5 6 7 7 8-10 8 10 11-12 11 12 13 14 15 15 15 16 17 Chapter No. 1. Executive Summary 2. Bearer Service 2.1. Overview

More information

UIP1868P User Interface Guide

UIP1868P User Interface Guide UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting

More information

Mobile IP and DHCP. Motivation for Mobile IP. Terminology

Mobile IP and DHCP. Motivation for Mobile IP. Terminology Motivation for Mobile IP Motivation transfer Encapsulation Security Mobile IP and DHCP Problems DHCP Dr. Ka-Cheong Leung CSIS 7304 The Wireless and Mobile Computing 1 Routing based on IP destination address,

More information

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission

More information

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various

More information

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

Galileo International. Firewall & Proxy Specifications

Galileo International. Firewall & Proxy Specifications Galileo International Technical Support Documentation Firewall & Proxy Specifications For Focalpoint, Viewpoint & Focalpoint Print Manager (GALILEO and APOLLO PRODUCTION SYSTEMS) Copyright Copyright 2001

More information

VPN. Vyatta System. REFERENCE GUIDE Introduction to VPN IPsec Site to Site VPN Remote Access VPN OpenVPN VYATTA, INC.

VPN. Vyatta System. REFERENCE GUIDE Introduction to VPN IPsec Site to Site VPN Remote Access VPN OpenVPN VYATTA, INC. VYATTA, INC. Vyatta System VPN REFERENCE GUIDE Introduction to VPN IPsec Site to Site VPN Remote Access VPN OpenVPN Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA

More information

Innominate mguard Version 6

Innominate mguard Version 6 Innominate mguard Version 6 Configuration Examples mguard smart mguard PCI mguard blade mguard industrial RS EAGLE mguard mguard delta Innominate Security Technologies AG Albert-Einstein-Str. 14 12489

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

IP - The Internet Protocol. Magda El Zarki Dept. of CS UC Irvine

IP - The Internet Protocol. Magda El Zarki Dept. of CS UC Irvine 1 IP - The Internet Protocol Magda El Zarki Dept. of CS UC Irvine Email: elzarki@uci.edu http://www.ics.uci.edu/~magda 2 Overview IP (Internet Protocol) is a Network Layer Protocol. Several versions most

More information

Internetworking. Problem: There is more than one network (heterogeneity & scale)

Internetworking. Problem: There is more than one network (heterogeneity & scale) Internetworking Problem: There is more than one network (heterogeneity & scale) Hongwei Zhang http://www.cs.wayne.edu/~hzhang Internetworking: Internet Protocol (IP) Routing and scalability Group Communication

More information

Chapter 4 Network Layer

Chapter 4 Network Layer Chapter 4 Network Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete

More information

Internet Packets. Forwarding Datagrams

Internet Packets. Forwarding Datagrams Internet Packets Packets at the network layer level are called datagrams They are encapsulated in frames for delivery across physical networks Frames are packets at the data link layer Datagrams are formed

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup 1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already

More information

What communication protocols are used to discover Tesira servers on a network?

What communication protocols are used to discover Tesira servers on a network? Understanding device discovery methods in Tesira OBJECTIVES In this application note, basic networking concepts will be summarized to better understand how Tesira servers are discovered over networks.

More information

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Virtual Private Networks Solutions for Secure Remote Access. White Paper Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information

More information

Protocol Security Where?

Protocol Security Where? IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos

More information

Networking Test 4 Study Guide

Networking Test 4 Study Guide Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.

More information

Intro to Linux Kernel Firewall

Intro to Linux Kernel Firewall Intro to Linux Kernel Firewall Linux Kernel Firewall Kernel provides Xtables (implemeted as different Netfilter modules) which store chains and rules x_tables is the name of the kernel module carrying

More information

Basic Network Configuration

Basic Network Configuration Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the

More information

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné

More information

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration ICS 351: Today's plan IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration IP address exhaustion IPv4 addresses are 32 bits long so there

More information

RARP: Reverse Address Resolution Protocol

RARP: Reverse Address Resolution Protocol SFWR 4C03: Computer Networks and Computer Security January 19-22 2004 Lecturer: Kartik Krishnan Lectures 7-9 RARP: Reverse Address Resolution Protocol When a system with a local disk is bootstrapped it

More information

Post-Class Quiz: Telecommunication & Network Security Domain

Post-Class Quiz: Telecommunication & Network Security Domain 1. What type of network is more likely to include Frame Relay, Switched Multi-megabit Data Services (SMDS), and X.25? A. Local area network (LAN) B. Wide area network (WAN) C. Intranet D. Internet 2. Which

More information

TCP/IP Network Essentials. Linux System Administration and IP Services

TCP/IP Network Essentials. Linux System Administration and IP Services TCP/IP Network Essentials Linux System Administration and IP Services Layers Complex problems can be solved using the common divide and conquer principle. In this case the internals of the Internet are

More information

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol 1 TCP/IP protocol suite A suite of protocols for networking for the Internet Transmission control protocol (TCP) or User Datagram protocol

More information

Linux Firewalls (Ubuntu IPTables) II

Linux Firewalls (Ubuntu IPTables) II Linux Firewalls (Ubuntu IPTables) II Here we will complete the previous firewall lab by making a bridge on the Ubuntu machine, to make the Ubuntu machine completely control the Internet connection on the

More information

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering ENG 224 Information Technology Laboratory 6: Internet Connection Sharing Objectives: Build a private network that

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss08/netlab Equipment for each group: - 1 Server computer (OS: Windows 2000 Advanced

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication

More information

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection: Table of Content I. What is VPN?... 2 II. Types of VPN connection... 2 III. Types of VPN Protocol... 3 IV. Remote Access VPN configuration... 4 a. PPTP protocol configuration... 4 Network Topology... 4

More information

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer Corporate VPN Using Mikrotik Cloud Feature By SOUMIL GUPTA BHAYA Mikortik Certified Trainer What is a VPN? A virtual private network (VPN) is a method for the extension of a private network across a public

More information

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9. Lecture 17 Overview Last Lecture Wide Area Networking (2) This Lecture Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.2 Next Lecture Internet Protocol (2) Source: chapters 19.1, 19.2, 22,1

More information

Lecture 10 - Network Security

Lecture 10 - Network Security Lecture 10 - Network Security Networks and Security Jacob Aae Mikkelsen IMADA December 9, 2013 December 9, 2013 1 / 38 Network layer security: IPsec IP Security Protocol: IPsec Network layer security:

More information