MATHS FACTS AND FORMULA
PROFIT AND LOSS
WORK AND TIME
TIME, DISTANCE AND SPEED
IMPORTANT SYMBOLS AND TABLES
POSTULATES AND THEOREMS
WHAT IS COMPUTER
INTRODUCTION TO COMPUTERS
DEVELOPMENT OF A COMPUTER PROGRAM
INPUT OUTPUT DEVICES1
BASICS OF COMPUTERS
NETWORK PROTOCOL BASICS
NETWORKED AROUND US
HOW TO SHARE A NET CONNECTION
SETTING UP YOUR NETWORK
ADVANCED HOME NETWORKING
NETWORKING AND BEYOND
MEDIA ACCESS METHODS
VIRTUAL PRIVATE NETWORK
STORAGE AREA NETWORK
TYPES OF PRINTER
INPUT OUTPUT DEVICES
MS SHORTCUT KEYS
MAC OS X LION: FINDER KEYBOARD SHORTCUTS
KEBOARD SHORTCUTS FOR MS Office 2007
MAC OS X KEYBOARD SHORTCUTS
MEMORY OF THE COMPUTER
MOST POPULAR SOCIAL NETWORKING SITES
MOST POPULAR SEARCH ENGINES
SHORTCUT KEYS FOR MS OUTLOOK
SHORTCUT KEYS FOR MS POWER POINT
SHORTCUT KEYS FOR MS EXCEL
POPULAR SEARCH ENGINES
FACTS AND FORMULAE
QUANTITY AND UNIT
FACTS ABOUT YOUR BODY
STD IX AND X
BEING ALIVE–WHAT DOES IT MEAN
CELL AS A UNIT OF LIFE
CELLULAR MACRO MOLECULES
NATURAL RESOURCES AND THEIR UTILISATION
NATURE AND SCOPE OF BIOLOGY
ORGANISMS AND THEIR ENVIRONMENT
SOME FUNGAL DISEASES
WILDLIFE AND FOREST CONSERVATION
SKELETON SYSTEM - Q & A
MINERALS AND THEIR SIGNIFICANCE TO A HUMAN BODY
FACTS ABOUT OUR BODY
SOME BIOLOGY FACTS
FACTS ABOUT BLOOD
FACTS ABOUT BRAIN
RELATIVE ATOMIC MASSES
CLASSIFICATION AND NOMENCLATURE
STATES OR PHASES OF MATTER
ARTICLES AND DETERMINERS
SCIENTIFIC INSTRUMENTS AND WHAT THEY MEASURE
CONFUSING WORDS AND THEIR MEANINGS
PROVERB WITH B
PROVERB WITH C
PROVERB WITH D
PROVERB WITH E
PROVERB WITH F
PROVERB WITH G
PROVERB WITH H
PROVERB WITH I
PROVERB WITH J
PROVERB WITH K
PROVERB WITH L
PROVERB WITH M
PROVERB WITH N
PROVERB WITH O
PROVERB WITH P
PROVERB WITH R
PROVERB WITH S
PROVERB WITH T
PROVERB WITH U
PROVERB WITH V
PROVERB WITH W
PROVERB WITH Y
PROVERB WITH A
INSTRUMENTS AND WHAT THEY MEASURE
LIST OF PREPOSITION
LIST OF VERBS
LIST OF COMMON PRONOUNS
ONE WORD SUBSTITUTION
AIR AROUND US
CHANGES AROUND US
COMPONENTS OF FOOD
FIBER AND FABRICS
GETTING TO KNOW PLANTS
STORING MATERIALS INTO GROUPS
GARBAGE IN GARBAGE OUT
THE LIVING ORGANISMS AND THEIR SURROUNDINGS
MOTION AND MEASUREMENT OF DISTANCES
LIGHT, SHADOWS AND REFLECTIONS
ELECTRICITY AND CIRCUITS
SEPARATION OF SUBSTANCES
NUTRITIONS OF PLANTS
NUTRITION IN ANIMALS
FIBRE TO FABRIC
PHYSICAL AND CHEMICAL CHANGES
COAL AND PETROLEUM
WEATHER, CLIMATE AND ADAPTATIONS OF ANIMALS
WIND STORM AND CYCLONES
CROP PRODUCTION AND MANAGEMENT
MICROORGANISMS: FRIEND AND FOE
SYNTHETIC FIBERS AND PLASTICS
MATERIALS: METALS AND NON-METALS
COAL AND PETROLEUM I
COMBUSTION AND FLAME
CONSERVATION OF PLANTS AND ANIMALS
CELL - STRUCTURE AND FUNCTIONS
REPRODUCTION IN ANIMALS
REACHING THE AGE OF ADOLESCENCE
JUNIOR SCIENCE DICTIONARY
ANNIVERSARIES AND DAYS
IMPORTANT DATES IN INDIAN HISTORY
ANNIVERSARIES AND DAYS I
IMPORTANT INDIAN BATTLES
IMPORTANT SESSIONS OF CONGRESS
OLYMPIC GAMES DETAIL
TOP MEDAL WINNERS
FIRST IN INDIA
NATIONAL ANIMALS AND BIRDS
LONGEST HIGHEST LARGEST
FACTS ABOUT EARTH
SOUNDS MADE BY SOME OBJECTS
MCQ ON IMAGINARY LINES
MULTIPLE CHOICE QUESTIONS
MCQ ON IMAGINARY LINES - SET 2
HERITAGE SITES OF INDIA
STATES OF INDIA
LIST OF COUNTRIES AND THEIR CAPITALS
COUNTRY SPECIFIC DOMAINS
COUNTRIES OF ASIA
COUNTRIES OF AUSTRALIA & OCEANIA
COUNTRIES OF NORTH AMERICA
COUNTRIES OF AFRICA
COUNTRIES OD SOUTH AMERICA
INTERNATIONAL COUNTRY CALLING CODE
COUNTRIES OF EUROPE
COLOUR TERMS I
FIRST IN THE WORLD
PERSONS ASSOCIATED WITH ARTS AND THEATRE
LIST OF PRESIDENTS,PRIME MINISTER & CHIEF JUSTICES
DIFFERENT TYPE OF BANKING TRANSACTION CARDS
DISTRICTS IN INDIA
VEDIC / MENTAL MATHEMATICS
MENTAL ADDITION AND SUBTRACTION
DIVIDE AND CONQUER
DIVISIBILITY MATHS TRICKS
ELEMENTARY VEDIC MATHEMATICS
SQUARING A 2 DIGIT NUMBER
DOUBLE AND HALF METHOD
SQUARING A NUMBER ENDING IN 5
SQUARING A NUMBER ENDING IN 6
SQUARING A NUMBER ENDING IN 7
SQUARING A NUMBER ENDING IN 8
SQUARING A NUMBER ENDING IN 9
SQUARING A NUMBER IN THE RANGE OF 40-49
SQUARING A NUMBER IN THE RANGE OF 50-59
SQUARING A NUMBER IN THE RANGE OF 51-100
MULTIPLICATION BY 5
PHYSICAL GEOGRAPHY OF INDIA
LANGUAGES OF INDIA
RIGHT TO EQUALITY
RIGHT TO FREEDOM
RIGHT TO FREEDOM OF RELIGION
RIGHT AGAINST EXPLOITATION
SPORTS IN INDIA
SPORTS AND ASSOCIATED CUP & TROPHIES
FAMOUS SPORTS AND STADIA
INDIA IN OLYMPICS
INDIA IN COMMONWEALTH AND ASIAN GAMES
INDIA IN SAF GAMES
IMPORTANT SPORTS TERMINOLOGIES
NUMBER OF PLAYERS IN SPORTS AND PLAYING AREA
MAPS FOR SCHOOL ACTIVITY
FACTS ABOUT ANIMALS
EXTINCT ANIMAL SPECIES
AMAZING FACTS ABOUT ANIMALS
SOUNDS ANIMALS MAKE
ANIMALS AND THEIR YOUNG ONES
FACTS ABOUT COWS
ANIMAL, MALE, FEMALE, YOUNG ONE, NOUN AND SOUND
COMPETITIVE EXAMINATION SYLLABUS
SmartKid GK OLYMPIAD 12
YOU SHOULD KNOW
SOME AMAZING INFORMATION
UNDERSTAND YOUR BLOOD TEST
FUNNY BUT TRUE
ALL ABOUT COLOURS
ALL ABOUT RIVERS
FACTS ABOUT GENETICS
Keep me signed in
Forgot your password?
Dont have a subscription?
Take a Trial
View Subscription Plans
VIRTUAL PRIVATE NETWORK
VIRTUAL PRIVATE NETWORK AND INTERNET SECURITY
After completing this unit, you will be able to:
· Understand the concepts of Virtual Private Network (VPN) and Internet Security.
· Identify the Protocols Involved.
· Know how IpSec, Point to Point Tunneling and Layer 2 Tunneling Protocols are used.
· Understand the Implementing Topologies of VPN.
· Know the role of Socksv5.
· Understand the Issues Pertaining to Performance and Availability.
A.4 VPN Protocols
The term “VPN” or “Virtual Private Network” is one of the most popular buzzwords nowadays in the industry. It is claimed that VPNs can solve many issues, right from extending the enterprise to having strategic business partners and customers to share resources; from providing remote users secure multi-protocol access to corporate Intranets, and even securing corporate data for transport over the public Internet.
Vendors and consumers disagree or are often confused as to what exactly a VPN is and what technology it comprises of. Let us now look in detail at this interesting concept.
While the Internet holds incredible promise as an enabler for e-Business, there are some major stumbling blocks that must be addressed before an organization is truly able to conduct mission-critical business functions over the net. The Internet's greatest assets are its openness and
. But these characteristics ironically are also its greatest weaknesses.
Historically, organizations built and deployed mission-critical applications over private local and wide area networks (LANs and WANs), where the infrastructure was a known entity and access was closely monitored. The end result was a private data communications infrastructure that had somewhat predictable application availability, performance and security measures.
What about security? As you increase your connectivity, you increase your exposure and therefore you face potential security risks. A disconnected stand-alone personal computer with sensitive information is vulnerable only to people who can gain physical access to it. Connect it to the Internet however, and you drastically increase its exposure and attendant vulnerability.
Furthermore, data in transit across the Internet is subject to such threats as spoofing, session hijacking, sniffing, man-in-the-middle attacks, etc.
The desire to use the Internet largely for business and the risk factors associated with this utility have given rise to a new technology known as ‘Virtual Private Networks’ (VPN). VPNs typically are IP-based networks (usually the public Internet) that use encryption and tunneling to achieve the following:
· Connect users securely to their own corporate network (remote access ).
· Link branch offices to an enterprise network (intranet).
· Extend an organization's existing computing infrastructure to have partners, suppliers and customers (extranet).
The idea is to extend trusted relationships across an economical public network without sacrificing security. Ideally, a VPN behaves similarly to a private network; it is secure and has predictable performance.
Many VPN technologies already exist, with more being developed, marketed and deployed every day and this evolution is based on the current requirements that may also lead to customization from organization to organization. Some products are based on standards (usually emerging standards); others are proprietary. Some address very specific requirements, such as secure remote access over the Internet for mobile users, while others focus more on secure LAN-to-LAN connectivity. Each product and technology has inherent strengths and weaknesses.
The core idea is to understand the current technology demands, to understand how to choose the right solutions dependent on the underlying problems that must be addressed, and to understand where the technology will likely head in the future.
Looking at the design goals for a VPN, security is the focus of most solutions available today, and we therefore begin with a study of approaches to ensure
Confidentiality protects the privacy of information being exchanged between communicating parties. Towards this end, every VPN solution provides encryption of some sort for the data that is in transit.
The two primary cryptographic systems in use today are
secret key cryptography
public key cryptography.
Secret or private key cryptography uses a shared key that is used to encrypt and decrypt messages sent across the network. The major problem with private key cryptography is the actual key exchange. Sending secret keys across the Internet in an unencrypted form is not secure. This is efficiently taken care of by public key cryptography. In public key cryptography, a mathematically linked key pair for each communicating party is derived. This means that data encrypted with one key can only be decrypted with the other key in the pair. A sender can encrypt a message with the recipient's public key, which as the name implies is publicly available. The recipient can then decrypt the message by using his or her own private key.
Public key systems enable encryption over an unsecured network as well as a mechanism to exchange secret keys. On the downside, public key cryptography is computationally intensive, and therefore often combined with secret key cryptography to get the best blend of performance and functionality.
Integrity ensures that information being transmitted over the Internet is not altered in any way during transit.
VPNs typically use one of these three technologies to ensure integrity:
1. One-way hash functions
2. Message-authentication codes (MACs)
3. Digital signatures
One-way hash functions
A hash function generates a fixed-length output value based on an arbitrary-length input file. The idea is that it’s easy to calculate the hash value of a file, but mathematically difficult to generate a file that will hash to that value. To validate the integrity of a file, a recipient would calculate the hash value of that file and compare it to the hash value sent by the sender. Thus, the recipient can be assured that the sender had the file at the time he or she created the hash value. There are many algorithms which will help you to calculate hash values.
MACs simply add a key to hash functions. A sender would create a file, calculate an MAC based on a key shared with the recipient, and then append it to the file. When the recipient receives the file, it is easy to calculate the MAC and compare it to the one that was appended to the file.
These can also be used for data integrity purposes. A digital signature is essentially public key cryptography in reverse. A sender digitally “signs” a document with their private key and the recipient can verify the signature via the sender’s public key.
Authentication ensures the identity of all communicating parties. Imagine what happens when you are chatting on the net. You actually do not know who you are chatting with! You also cannot trust the actual validity of the discussion or the data exchange. Two communicators might be fooling with each other or else may be serious about their exchange, but the validity of their exchange definitely needs to be questioned. To correctly identify an individual or a computing resource, VPNs typically use one or more forms of authentication.
These methods are usually based on password authentication or digital certificates
. Password authentication
is the most prevalent form of user authentication used in computer systems today, but it is also one of the weakest because passwords can be guessed or stolen
. Multi-factor authentication
is generally a stronger form of authentication and is based on the premise of utilizing something you have in conjunction with something you know. This process is similar to how most ATM cards are used; a user possesses the physical ATM card and “unlocks” it with a password.
For example, many VPNs support SecurID by Security Dynamics, a
that combines secret key encryption with a one-time password. The password is automatically generated by encrypting a timestamp with the secret key. This one-time password will be valid for a short interval, usually 30 to 60 seconds.
are also becoming more prevalent as an authentication mechanism for VPNs. A digital certificate is an electronic document that is issued to an individual by a “Certificate Authority” that can guarantee an individual’s identity. It essentially binds the identity of an individual to a public key. A digital certificate will contain a public key, information specific to the user, information specific to the issuer, a validity period and additional management information. This information will be used to create a message digest, which is encrypted with the Certificate Authority’s private key to “sign” the certificate. Although this process sounds simple, it involves a complex system of key generation, certification, revocation and management, all part of a ‘Public Key Infrastructure’. A Public Key Infrastructure is a broad set of technologies that are utilized to manage public keys, private keys and certificates.
Performance and Availability
Most VPN technologies today do not address performance and availability issues even though they are extremely important. Why? The simple reason is because the majority of VPN solutions exist on client machines and gateway servers at the extreme ends of the communication path. They simply cannot consistently affect the performance of the network components in the middle.
Unfortunately, this “middle” is exactly where the Internet fits into the architecture. Any cost savings that a VPN provides can be quickly negated if users are forced to sacrifice quality of service beyond certain limits. Until a standard mechanism for quality of service becomes available everywhere, end-to-end performance guarantees will be hard to implement.
As a partial remedy, several Internet Service Providers (ISPs) are offering managed VPN services, which combine security capabilities with ‘Quality of Service’ guarantees. This type of service can be an excellent choice for site-to-site connectivity.
A.4 VPN PROTOCOLS
As a matter of practice, the separate technologies used to provide confidentiality, integrity and authentication in a given implementation are grouped into a broad VPN protocol.
Three widely used VPN protocols are:
The protocol which seems destined to become the de facto standard for VPNs is IPSec (Internet Protocol Security). IPSec is a set of authentication and encryption protocols, developed by the Internet Engineering Task Force (IETF) and designed to address the inherent lack of security for IP-based networks. It is designed to address data confidentiality, integrity, authentication and key management in addition to tunneling.
The IPSec protocol typically works on the edges of a security domain. Basically, IPSec encapsulates a packet by wrapping another packet around it. It then encrypts the entire packet. This encrypted stream of traffic forms a secure tunnel across an otherwise unsecured network.
The majority of VPN vendors implement
in their solutions. The comprehensive nature of the protocol make it ideal for site-to-site VPNs, although there are still interoperability issues that exist across different vendors’ implementations. IPSec is a bi-directional protocol, which means that extranet configurations are carefully designed and implemented. When setting up an extranet
, you may not want to give your partners access to your entire network or allow them to access yet another partner through your network,
Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling protocol (L2TP)
PPTP is a tunneling protocol which provides remote users encrypted, multi-protocol access to a corporate network over the Internet. Network layer protocols, such as IPX and NetBEUI, are encapsulated by the PPTP protocol for transport over the Internet. Unlike IPSec, PPTP was not originally designed to provide LAN-to-LAN tunneling.
PPTP is usually built into NT 4.0, and the client gets a free add-on to Windows 95. Microsoft's implementation of PPTP has been found to have several problems that make it vulnerable to attacks, and it also lacks scalability in that it only supports 255 concurrent connections per server. The low cost and integration with NT and Windows 95, however, makes PPTP a viable remote access solution where multi-protocol access is needed, heavy-duty encryption and authentication is not needed, and a Microsoft-only solution is appropriate.
PPTP can support only one tunnel at a time for each user. However, its proposed successor, L2TP (a hybrid of PPTP and another protocol, L2F) can support multiple, simultaneous tunnels for each user. L2TP will be incorporated in Windows 2000 and can support IPSec for data encryption and integrity.
In a traditional remote access scenario, a remote user accesses a network by directly connecting a
network access server (NAS).
Generally, the NAS provides several distinct functions: It terminates the point-to-point communications session of the remote user, validates the identity of that user, and then serves that user with access to the network. Although most remote access technologies bundle these functions into a single device,
separates them into two physically separate devices: the
Access Server (LAS)
L2TP Network Server (LNS).
As their names imply, the L2TP Access Server supports authentication. Upon successful authentication, the remote user’s session is forwarded to the LNS, which lets that user into the network. Their separation enables greater flexibility for implementation than other remote access technologies.
L2TP can be implemented in two distinct topologies:
The distinction between these two topologies lies in whether the client machine that is using L2TP to access a remote network is aware that its connection is being tunneled or not.
The first implementation topology is known as client-aware tunneling. This name is derived from the remote client initiating the tunnel. In this scenario, the client establishes a logical connection within a physical connection to the LAS. The client remains aware of the tunneled connection all the way through to the LNS, and it can even determine which of its traffic goes through the tunnel.
Client-transparent tunneling features L2TP access concentrators (LACs) distributed geographically close to the remote users. Such geographic dispersion is intended to reduce the long-distance telephone charges that would otherwise be incurred by remote users dialing into a centrally located LAC.
The remote users need not support L2TP directly; they merely establish a point-to- point communication session with the LAC using PPP. Ostensibly, the user will be encapsulating IP datagrams in PPP frames. The LAC exchanges PPP messages with the remote user and establishes an L2TP tunnel with the LNS through which the remote user's PPP messages are passed.
The LNS is the remote user’s gateway to its home network. It is the terminus of the tunnel; it strips off all L2TP encapsulation and serves up network access for the remote user.
SOCKS version 5 is a circuit-level proxy protocol that was originally designed to facilitate authenticated firewall traversal. It provides a secure, proxy architecture with extremely granular access control, making it an excellent choice for extranet configurations.
SOCKS v5 supports a broad range of authentication, encryption, tunneling and key management schemes, as well as a number of features not possible with IPSec, PPTP or other VPN technologies. SOCKS v5 provides an extensible architecture that allows developers to build system plug-ins, such as content filtering and extensive logging and auditing of users. When SOCKS is used in conjunction with other VPN technologies, it’s possible to have a more complete security solution. A user may, for example, incorporate IPSec and SOCKS together. IPSec could be used to secure the underlying network transport, while SOCKS could be used to enforce user-level and application level access control.
This unit makes an attempt to explain how applications deployed across the Internet today are increasingly mission-critical, whereby poor performance or a lack of security can increase risk to businesses over the Internet. VPNs can play a major role in ensuring that these risks are mitigated. By addressing security and performance issues, a VPN can be a viable alternative to dedicated, private network links. Understanding the innumerable VPN solutions can help organizations build infrastructures that will support their tactical business needs today, as well as their strategic business needs for tomorrow.
View Subscription Plans