Tuesday, 27 December 2016

Virtual Private Network

VPN Overview

  • Creates a secure tunnel over a public network  .It doesn't necessarily imply encryption .

  • Uses the Internet as the public backbone to access a secure private network.

VPN Protocols
  • PPTP (Point-to-Point tunneling Protocol)
  • L2F (Layer 2 Forwarding Protocol)
  • L2TP (Layer 2 Tunneling Protocol)
  • IPSec (Internet Protocol Security)

IPsec

Provides Layer 3 security Transparent to applications (no need for integrated IPSec support)

A set of protocols and algorithms used to secure IP data at
the network layer

Combines different components:Security associations (SA)
Authentication headers (AH)
Encapsulating security payload (ESP)
Internet Key Exchange (IKE)

A security context for the VPN tunnel is established via the
ISAKMP  
Why IPsec?

Internet Protocol (IP) is not secureIP protocol was designed in the early stages of the Internet where security was not an issue
All hosts in the network are known

Possible security issuesSource spoofing
Replay packets
No data integrity or confidentiality  

 Benefits of IPsecConfidentialityBy encrypting dataIntegrityRouters at each end of a tunnel calculates the checksum or hash value of the dataAuthenticationSignatures and certificates
All these while still maintaining the ability to route through existing IP networks  

IPsec is designed to provide interoperable, high quality, cryptographically based security for IPv4 and IPv6
Posted by at No comments:

Tuesday, 20 December 2016

What Is a Firewall ?

 A firewall is an access control device that looks at the IP packet,compares with policy rules and decides whether to allow, deny or take some other actions on the packet  .












ASA Overview

• ASA = Adaptive Security Appliance that runs Adaptive Security Algorithm
• Stateful architecture is about flows or connections, not packets
   o Most effective with TCP, UDP, and ICMP
   o TCP is the main reason for deploying a stateful firewall
• Acts as a segregation gateway between networks, enforcing selective connectivity policies
• Tracks all packets as part of a stateful connection; blocks packets not part of a connection, and performs atomic security checks
• Performs network address translation (NAT); applies NAT to embedded application protocol data
• Inspects some application traffic flows for higher level protocol conformance and deep-packet inspection
• Integrates with other solutions (Unified Communications technologies, scansafe, etc.)
Posted by at No comments:
Subscribe to: Comments (Atom)