WAN

1
Chapter 8

• WAN
• SECURITY

2
Cryptography

• Used to scramble ordinary text (plain text) into
  ciphertext (encryption)
• Designed to protect
• Confidentiality
• Integrity
• Non-repudiation
• Authentication

3
Encryption Ciphers

• Ciphers are code substitute symbols or letters
  for data - result is ciphertext.
• Block Cipher
• Cryptographic key algorithm applied to block of
  data
• Applied to 64 bits at once
• Stream Cipher
• Cryptographic key algorithm applied to each
  binary digit

4
Encryption Keys

• Key a variable combined with an algorithm to
  encrypt and decrypt text
• Types of Keys
• Symmetric Key Encryption
• Asymmetric
• Private Key Encryption
• Public Key Encryption

5
Symmetric Key Encryption

• Secret-key cryptography
• Sender and Receiver of message share a single key
  to encrypt and decrypt message
• Key exchanged in secure way
• Key installed on two computers exchanging data
• DES uses symmetric key encryption

6
Private And Public Keys

• Private Key - single secret key known only to
  people that exchange messages
• Data is lost if private key is lost because it
  cant be decrypted
• Private key shared between two computers so each
  can encrypt and decrypt messages
• Public Key - value provided by designated
  authority to be applied with a private key to
  encrypt messages and digital signatures
• Uses public key to encrypt and Private key to
  decrypt
• Digital signature ensures original message
  content not modified

7
Encryption Standards

• Data Encryption Standard (DES)
• RSA Algorithm
• Public Key Infrastructure (PKI)
• Digital Certificates
• Internet Protocol Security

• Kerberos
• Pretty Good Privacy
• Secure Sockets Layer (SSL)
• Secure Hypertext Transfer Protocol (S-HTTP)

8
PKI Components

• Digital certificates
• Certificate Authority (CA)
• Registration Authority (RA)
• Directories (Registries)

9
VPN Protocols

• Point-to-Point Tunneling Protocol (PPTP)
• Encapsulates PPP packets with GRE encapsulation
• Layer-2 Forwarding (L2F)
• Interfaces with Frame Relay ATM uses PPP for
  authentication of remote user
• Layer-2 Tunneling Protocol
• Defines own tunneling protocol uses IPSec for
  encryption
• IPsec
• Operates at IP layer allows sender to
  authenticate and encrypt each IP packet

10
Tunnel Mode vs. Transport Mode

• Tunnel Mode
• Outer IP header specifies IPsec processing
  destination.
• Inner header specifies destination for packet
• Transport Mode
• IPSec header follows directly behind IP header
• In front of TCP/UDP packet

11
Firewalls Methods

• Firewalls
• Filters access to protected private network
• Uses authentication / filtering policies
• Utilizes Policies to allow or disallow different
  types of transmissions
• Methods
• Packet Filtering Analyze packets against sets
  of filters
• Proxy Services Requests services on behalf of
  system users
• Stateful Inspection Dynamic packet filtering

12
Types of Firewalls

• Packet Filtering
• Uses packet filtering rules in router to block or
  filter protocols and IP addresses
• Dual-homed gateway
• Complete block to IP traffic between the Internet
  and Private LAN network
• Screened Host
• Combines packet filtering router with application
  gateway
• Screened Subnet Firewall
• Has intermediate perimeter network to shield the
  private LAN network or intranet

13
Firewall Policies

• IP Addresses
• Protocols
• Domain Names
• Ports
• Specific Words and Phrases

14
Reliable Array of Independent Nodes (RAIN)
a.k.a. channel bonding, redundant array of
independent nodes, reliable array of independent
nodes, or random array of independent nodes

• Software clustering technology
• Provides for redundant firewalls
• Developed by California Institute of Technology
• Basically this is a RAID implementation across
  nodes rather than across hard drives.
• Information retrieved at http//searchdatacenter
  .techtarget.com/sDefinition/0,290660,sid80_gci1112
  223,00.html

15
Quote of the Day

• Aim at heaven and you will get earth thrown in.
  Aim at earth and you get neither. C. S. Lewis