Full HTML for

Basic foilset Introduction to Network Management

Given by Roman Markowski at Lectures at Xi'an Jaotong University on Sept 1998. Foils prepared Dec. 6 98
Outside Index Summary of Material

Network management
SNMP - Simple Network Management Protocol
Network security
Unix / PC integration
Virtual Private Network
Internet 2

Table of Contents for full HTML of Introduction to Network Management

 Denote Foils where HTML is sufficient
1 Internetworking: Management
2 Management
3 Network Management (1)
4 Network Management (2)
5 Network Management (3)
6 Network Management (4)
7 Network Management (5)
8 SNMP (1)
9 SNMP (2)
10 SNMP (3)
11 SNMP (4)
12 SNMP (5)
13 SNMP (6)
14 Network Security (1)
15 Network Security (2)
16 Network Security (3)
17 Network Security (4)
18 Network Security (5)
19 Network Security (6)
20 Network Security (6)
21 Network Security (7)
22 Network Security (8)
23 Network Security (9)
24 Network Security (10)
25 Network Security (11)
26 Network Security (12)
27 Unix / PC Integration (1)
28 Unix / PC Integration (2)
29 Unix / PC Integration (3)
30 Unix / PC Integration (4)
31 Unix / PC Integration (5)
32 Unix / PC Integration (6)
33 Unix / PC Integration (7)
34 Unix / PC Integration (8)
35 VPN - Virtual Private Network (1)
36 Virtual Private Network (2)
37 Virtual Private Network (3)
38 Virtual Private Network (4)
39 Virtual Private Network (5)
40 Virtual Private Network (6)
41 Internet 2

Outside Index Summary of Material

HTML version of Basic Foils prepared Dec. 6 98

Foil 1 Internetworking: Management

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Roman Markowski
IS Manager
Northeast Parallel Architectures Center
Syracuse University
September 1998
http://www.npac.syr.edu/users/roman/
HTML version of Basic Foils prepared Dec. 6 98

Foil 2 Management

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Network management
SNMP - Simple Network Management Protocol
Network security
Unix / PC integration
Virtual Private Network
Internet 2
HTML version of Basic Foils prepared Dec. 6 98

Foil 3 Network Management (1)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Distributed network management consists of:
  • Configuration management
  • Fault management
  • Performance management
  • Security management
  • Accounting management
  • Inventory management
  • License management (NetLS, FlexLM)
HTML version of Basic Foils prepared Dec. 6 98

Foil 4 Network Management (2)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Network management and monitoring standards:
  • SNMP - Simple Network Management Protocol SNMP ver 1,2,3 (RFC 1155,1157,1212; 1441-1452, 1909-1910, 1901-1908; 1902-1908, 2271-2275)
  • cornerstone of today's enterprise network management systems
  • SNMP defines agents that collect information from network devices and send the information to a management information base (MIB);
  • SNMP operates over UDP; ports 161, 162
  • simple query / response protocol
HTML version of Basic Foils prepared Dec. 6 98

Foil 5 Network Management (3)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
RMON - Remote Monitoring RMON ver 1,2 (RFC 1271, 1757, 1513)
  • Extension of SNMP MIB developed by IETF in 1992
  • various network monitors and console systems exchange network-monitoring data
  • provides comprehensive network-fault diagnosis, planning and performance-tuning information
  • Supports 10 groups: statistics, history, alarm, host, host top N, matrix, filter, packet capture, event, token ring
  • Example Host: contains statistics associated with each host discovered on the network (host address, packets and bytes transmitted and received, broadcast, multicast and error packets)
HTML version of Basic Foils prepared Dec. 6 98

Foil 6 Network Management (4)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
CMIP - OSI Common Management Information Protocol; less popular than SNMP
MIB - Management Information Base - holds information about resources; network resources are represented by managed objects within the MIB;an object has a name, attributes and properties; MIBs come in 2 basic forms: the Standard MIB (MIB I and MIB II) and Proprietary MIBs (RFC 1213)
HTML version of Basic Foils prepared Dec. 6 98

Foil 7 Network Management (5)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Software management and monitoring systems:
  • Spectrum - Cabletron; NetView 6000 - IBM
  • OpenView - HP; SunNet Manager - Sun
  • Polycenter - Digital; NMS - Novell; ForeView - FORE
Other software tools:
  • fddivis, smtinfo, smtring, smtstat, smtconfig
  • atmstat, atmarp, asxmon, nttcp
  • ping, traceroute, traffic, etherfind, spray
  • netstat, nfsstat, xmeter, sysmeter, osview, top
Hardware monitoring tools allow for traffic measurements, protocol analysis, nodes activity monitoring (examples: Fluke, Microtest)
HTML version of Basic Foils prepared Dec. 6 98

Foil 8 SNMP (1)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
SNMP - Simple Network Management Protocol
  • distributed management protocol
  • application layer protocol; part of TCP/IP suite
  • used for communication between network elements and management station
Two types of devices on a network:
  • network elements (computers, hubs, switches) - they are devices you need to manage; they run SNMP software, called "agents"
  • network management system (NMS) - view and control of network elements; runs OpenView (HP), NetView (IBM), ForeView, etc
HTML version of Basic Foils prepared Dec. 6 98

Foil 9 SNMP (2)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Five types of protocol Data Units
  • GetRequest - lets management station ask network element for information
  • GetNextRequest - lets management station ask network element for information
  • GetResponse - lets network element answer request from management station
  • SetRequest - lets management station tell SNMP software on device to change its settings
  • Trap - lets network element send a message about its condition to management station
HTML version of Basic Foils prepared Dec. 6 98

Foil 10 SNMP (3)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
MIB - Management Information Base
  • defines the data that the agent can exchange with the management station
  • hierarchical collection of managed objects
  • managed object: scalar (define one object instance) and tabular (define multiple related object instances)
  • MIBs are available from vendors
  • iso.organization.dod.internet.private.enterprise.cisco.temporary.AppleTalk.atInput
  • 1.3.6.1.4.1.9.3.3.1
SNMPv1, SNMPv2, SNMPv3 (standarization pending)
  • SNMPv1 and SNMPv2 not compatible
HTML version of Basic Foils prepared Dec. 6 98

Foil 11 SNMP (4)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
SNMPv1 (RFC 1157) - time frame: 1988-present
  • SMI - Structure of Management Information (RFC 1155); ASN.1 - Abstract Syntax Notation One
  • SMI defines rules for describing management information using ASN.1
  • operates over UDP/IP, AppleTalk Datagram Delivery Protocol, Novell IPX, CLNS - OSI ConnectionLess Network Service
  • operations : Get, GetNext, Set, Trap
  • ASN.1 data types associated with managed objects:
    • name (identifier), syntax (data type e.g.integer), encoding (format)
HTML version of Basic Foils prepared Dec. 6 98

Foil 12 SNMP (5)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
SNMPv1 cont.
  • SMI specific data types: simple data types: integers, octets, strings, objectIDs; application-wide data types: network address (IP only), counters (32 bits), gauges, time-ticks (1/100th sec), opaques (represent arbitrary encoding), integers, unsigned integers
SNMPv2 (RFC 1902) - time frame: 1993 - present
  • offers a number of improvements to SNMPv1
  • added SMI data types : bit strings, network addresses (not only IP) , counters (32 or 64 bits)
  • operations : Get, GetNext, Set, Trap (format changed), GetBulk (retrieve large block of data) , Inform (exchange trap information between NMSs)
HTML version of Basic Foils prepared Dec. 6 98

Foil 13 SNMP (6)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Security
  • lack of authentication capabilities in SNMPv1
  • vulnerability to : masquerading, modification of information, disclosure, management sequence and timing modification
  • communities defined in SNMP headers serve as a week form of authentication
  • SNMPv2 - attempt to introduce a new standard that includes encryption and authentication
  • SNMPv3 - new version which combines SNMPv2u and SNMPv2*
RMONv1, RMONv2 - set of extensions to the SNMP specification that lets a network monitoring device report to the management console in real time about traffic, error conditions, ..
HTML version of Basic Foils prepared Dec. 6 98

Foil 14 Network Security (1)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Security - protection of information as it traverses the network. Security becomes one of the primary concerns when an organization connects its private intranet to the Internet. "Stay home behind locked doors and you'll be far safer than if you travel to the far reaches of the globe". Safe network: internal network with no outside links.
The internet is open and public by design. There is no guarantee against information ending-up in the wrong hands.
HTML version of Basic Foils prepared Dec. 6 98

Foil 15 Network Security (2)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Protection components:
  • Confidentiality - hiding data to all but the intended viewers typically involves encryption, where data are scrambled and unscrambled using some common algorithm (DES, RC4, RC5, IDEA) and common cryptographic keys
  • Integrity - keeping information unchanged by applying tools to detect any alterations (algorithms: MD5, SHA)- they use strong cryptographic data checksums generated at the source, sent with data and checked at the destination
  • Authentication - identifying of the origin of information (typically associated with logon procedures). Public key technologies (RSA, DSA) are used to create digital signatures
  • Authorization - providing authenticated users with access services through access rights
HTML version of Basic Foils prepared Dec. 6 98

Foil 16 Network Security (3)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
There is no such thing as a 100% secure computer system. We can think of security as a triangle with "security", "performance" and "usability" at corners. We cannot be at all corners at the same time
Security specifications:
  • IP Sec - IP Security Protocol (IETF); IPSec addresses the issues of encryption and integrity
  • ITU X.509 - digital certificate (like identity card authorized by Certifite Authority (CA)). It is based on Public Key
  • DES - Data Encryption Standard - private key encryption scheme
  • PAP - Password Authentication Protocol
  • CHAP- Challenge Handshake Authentication Protocol
  • TACACS - authentication for dialing
  • RADIUS - Remote Authentication Dial-In User Service
  • Secure DNS - is designed to stop DNS spoofing
  • PGP / MIME - Pretty Good Privacy; PEM - Privacy Enhanced Mail
HTML version of Basic Foils prepared Dec. 6 98

Foil 17 Network Security (4)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Firewalls - guardians for areas of the network. The firewall must permit only authorized traffic. The firewall itself must be immune to penetration. Setting up an Internet Firewall without a comprehensive security policy is like placing a steel door on a tent.
Architecture of firewalls is based on : packet filtering, proxies, state inspection, or network address hiding and translation
HTML version of Basic Foils prepared Dec. 6 98

Foil 18 Network Security (5)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Computer crimes
  • Attackers: hackers, crackers, vandals, spies
  • First network attack: 1988 (Worm)
Attacks
  • viruses
  • trojan horses and system modifications (modified login, su, telnet, in.telnetd, ftp, ls, ps, netstat, ifconfig, find, du, df, libc, sync, inetd, and syslogd)
  • DNS hijacking - redirect DNS
  • Password Sniffing - there are some tools like TCP Grab or Passfinder;
  • SYNC Flood - forging an IP address on a SYN packet which is basically a synchronization packet for TCP traffic
HTML version of Basic Foils prepared Dec. 6 98

Foil 19 Network Security (6)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Attacks
  • IP Spoofing - a hacker poses as a legitimate host using a fabricated IP address
  • Web spoofing - creating fake Web sites
  • Ping o'Death - ping with packets larger than 64K
  • CGI PHF (Packet Handling Function) can be used to extract password file
  • Social engineering method (obtaining username and password from another person)
  • Holes in commercial and public domain software (sendmail, flexlm, yppasswd, ftpd, various servers)
HTML version of Basic Foils prepared Dec. 6 98

Foil 20 Network Security (6)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Attacks
Only 5% of crackers write their own code; most cracker tools is publicly available
HTML version of Basic Foils prepared Dec. 6 98

Foil 21 Network Security (7)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Typical scenario:
  • gain access to an account
  • exploit a vulnerabilities in an operating systems (Unix services are particularly vulnerable (sendmail, NFS, NIS, DNS, FTP, TFTP, SYSLOG)
  • use "crack" to break more user passwords
  • obtain superuser privileges
  • install "back doors" (Trojan Horses)
  • install sniffers (packet and password grabbers) to obtain more password and site information
HTML version of Basic Foils prepared Dec. 6 98

Foil 22 Network Security (8)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Typical scenario:
  • The intruders first penetrate a system and gain root access through an unpatched vulnerability.
  • The intruders then run a network monitoring tool that captures up to the first 128 keystrokes of all newly opened FTP, telnet, and rlogin sessions visible within the compromised system's domain. These keystrokes usually contain host, account, and password information for user accounts on other systems; the intruders log these for later retrieval. The intruders typically install Trojan Horse programs to support subsequent access to the compromised system and to hide their network monitoring process.
HTML version of Basic Foils prepared Dec. 6 98

Foil 23 Network Security (9)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Security Policy - I
  • deploy one-time passwords, not reusable ones; use difficult passwords
  • computers must be logged-out when employees are away from offices
  • account must be deactivated after a certain period of inactivity
  • check traffic logs regularly
  • install security patches from vendors
  • delete PHF programs
  • use scanning tools: tiger, SATAN, crack
  • install firewall and filters in routers
  • use encryption (ssh, scp, slogin)
  • disable unix r-commands, finger, etc
HTML version of Basic Foils prepared Dec. 6 98

Foil 24 Network Security (10)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Security Policy - II
  • do not use world writeable files
  • limit unsuccessful logon attempts
  • use digital signatures
  • install security tools: Tripwire, COPS, TCP wrapper packages
  • define the level of acceptable risk
  • design the rescue procedure after your system is compromised
  • look for tools installed by the intruder (packet sniffers)
  • look for trojan horses (modified programs, like login)
  • read security news comp.security.announce, comp.security.unix, alt.security, and apply security recommendations (CERT)
  • monitor Web and e-mail servers - the most commonly exploited weaknesses
HTML version of Basic Foils prepared Dec. 6 98

Foil 25 Network Security (11)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Security Information on the Web:
  • CERT/CC Computer Emergency Response Team / Coordination Center at Carnegie Mellon University http://www.cert.org
  • FIRST Forum of Incident Response and Security Teams http://www.first.com
  • Security tools (Tripwire, COPS, TCP wrappers, etc)
    • ftp://info.cert.org/pub/tools/
    • ftp://info.cert.org/pub/tech_tips/security_tools
    • ftp://ftp.win.tue.nl/pub/security
HTML version of Basic Foils prepared Dec. 6 98

Foil 26 Network Security (12)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Security Information on the Web:
HTML version of Basic Foils prepared Dec. 6 98

Foil 27 Unix / PC Integration (1)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
You cannot simply plug a NT system into your Unix network and have it run seamlessly. Creating a transparent Unix/NT computing environment is difficult.
NT installation within traditional Unix environment requires:
  • system / network management solutions
  • interoperability of networking protocols (Microsoft style networking (NetBIOS/SMB) and Unix NFS with NIS maps)
  • Unix / NT file sharing with required level of security
  • printer sharing
  • tools for porting applications from Unix to NT or vice versa
  • client / server applications developed for both Unix and NT
HTML version of Basic Foils prepared Dec. 6 98

Foil 28 Unix / PC Integration (2)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Namespace communication: Unix uses DNS, WindowNT uses WINS. To have both operating systems on your network, you need to get the namespaces communicating
Namespace protocols (DHCP, WINS)
  • DHCP - Dynamic Host Configuration Protocol (RFC 1993, 1541) published in 1989 (IETF)
    • it is meant to replace BOOTP (Bootstrap Protocol)
    • supports all extensions of BOOTP
    • both protocols provide a mechanism to configure a workstation's network parameters (such as IP address, mask, gateway) and download other data to the workstation.
    • IP address can be assigned : manually, automatically, dynamically
    • supports IP2 with longer naming scheme
    • one DHCP server and many clients; if there is one server for many subnets, routers have to forward DHCP packets
HTML version of Basic Foils prepared Dec. 6 98

Foil 29 Unix / PC Integration (3)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Namespace protocols:
  • WINS - Windows Internet Name Service (RFC 1001, 1002)
    • complement to DHCP
    • allows for resolving names to addresses
    • a WINS server manages only a NetBIOS naming which is distinct from DNS namespace
    • WINS, unlike DNS, is not hierarchical
Almost all Unix workstations have static entries in DNS tables
Microsoft's Socket Library (Winsock)
  • looks into local HOSTS file
  • forwards request to DNS server
  • then WINS is used; NetBIOS Broadcast node (B-node) name resolution is attempted (the standard database file for NetBIOS is LMHOSTS in \winnt\system32\drivers\
HTML version of Basic Foils prepared Dec. 6 98

Foil 30 Unix / PC Integration (4)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Sharing Files
Windows NT and Windows 95 desktops must run NFS client software for accessing UNIX files.
Unix machines also need to share files available on Windows NT/95 machines. It requires NFS server running on Widows NT. Of course, it is possible to reverse sharing scheme by installing software on the Unix system to support the NetBIOS and SMB networking native for Windows.
HTML version of Basic Foils prepared Dec. 6 98

Foil 31 Unix / PC Integration (5)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Sharing Files Problems - I
Windows 95 and Windows NT have a different architecture for the kernel device drivers which are required for NFS server and client.
Windows 95 supports the DOS File Allocation Table (FAT) file system which lacks access control. Many companies offer PC-NFS software for Widows 95
Widows NT supports both DOS FAT file system and its native NTFS file system. NTFS has access controls on directories and files.
HTML version of Basic Foils prepared Dec. 6 98

Foil 32 Unix / PC Integration (6)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Sharing Files Problems - II
Sharing file systems requires mapping of
  • permissions (Unix: UID, GID; NT:username/groups)
  • file and directories names (Unix:DNS, NIS; NT:WINS)
WindowsNT can already share file systems with other Windows for Workgroups, Widows 95 and Windows NT machines using NetBEUI/NetBIOS mechanisms
File sharing depends on several associated protocols including
  • portmapper, mount daemon and and lock manager
HTML version of Basic Foils prepared Dec. 6 98

Foil 33 Unix / PC Integration (7)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
SMB - Server Message Block
the protocol developed in NetBIOS to provide file and print sharing
netBIOS and SMB are core networking components of Microsoft network
a freeware SMB software for Unix (Samba)
Samba provides: SMB server, NetBIOS name server, SMB client, Utilities
requires SMB daemon (Samba or LAN Manager for Unix)
HTML version of Basic Foils prepared Dec. 6 98

Foil 34 Unix / PC Integration (8)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Printing
Microsoft already included a Unix compatible TCP/IP LPD line printer daemon with Windows NT. This service, used for printer sharing, is not installed by default.
We can allow Unix systems to use and NT printer
  • setting up the print queue on the NT side
  • creating a queue on the Unix side
We can allow NT systems to use Unix printers
HTML version of Basic Foils prepared Dec. 6 98

Foil 35 VPN - Virtual Private Network (1)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
The VPN market is on the verge of explosive growth. A virtual private network (VPN) broadly defined, is a temporary, secure connection over a public network, usually the Internet. Though the term is relatively new, everyone from the telcos, to operating system vendors, to firewall suppliers and router companies has rushed to offer some type of VPN capability.
A VPN gives users a secure way to access corporate network resources over the Internet or other public or private networks.
HTML version of Basic Foils prepared Dec. 6 98

Foil 36 Virtual Private Network (2)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
VPN is a private network that uses PDN (Public Data Network) services for internal communication
VPN is not truly private because an organization shares the PDN infrastructure with others. It is virtually private because all users enjoy reliable and secure communications at desired levels of performance
VPN is cost effective, flexible and affordable. VPNs offer a savings of up to 60% over equivalent private networks. Renting data bandwidth in a data-optimized PDN is more flexible and cost-effective than building it in the voice-oriented PSTN (Public Switched Telephone Network)
VPNs typically include a number of security features including encryption, authentication, and tunneling.
HTML version of Basic Foils prepared Dec. 6 98

Foil 37 Virtual Private Network (3)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Internet is the most widely accessible high-speed PDN suitable for enterprise VPNs. Currently, access to the Internet is available via the PSTN (ISDN, T1, T3). Over time there will be less dependence on the PSTN and more PDN options like Frame Relay and ATM will become available worldwide
Once the PSTN also converts to ATM in its backbone, voice and data may once again share the same public network infrastructure. VOA standard (Voice over ATM) is under development
Currently Corporate private data communication networks are based on T1 leased lines or Frame Relay PVCs. The new architecture arises but is not available yet (expected by Y2K): Internet-VPN. In I-VPN the secure traffic can flow not within one enterprise, but among many enterprises and their customers.
HTML version of Basic Foils prepared Dec. 6 98

Foil 38 Virtual Private Network (4)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
Requirements for VPN:
  • end-to-end Quality of Service (QoS) but not available yet.
  • competing standards include: RSVP, IPv6, ATM QoS, MPOA
  • security; reliability; good performance; internet access
Secure tunneling over public PDN:
  • PPTP - Microsoft (In Win NT)
  • L2F - Cisco (Layer 2 forwarding)
  • ATMP - Ascend (Ascend Tunnel Management Protocol)
  • L2TP - Microsoft / Cisco (Layer 2 Tunneling Protocol)
  • IPSec - Internet Protocol Security
Security is based on encryption and authentication
  • Client side x.509 certificates,
  • SecurID; SmartCard, CryptoCard,
  • S/Key authentication module
HTML version of Basic Foils prepared Dec. 6 98

Foil 39 Virtual Private Network (5)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
A VPN can be used in place of traditional dial-up connections to provide access to remote users and telecommuters; can be used to connect LANs in different sites instead of using the public switched telephone network or dedicated leased lines; and can be used to give customers, clients and consultants access to corporate resources.
Most VPNs can be designed to work as an extranet. But not all extranets are VPNs. A VPN can be used in a similar manner, but typically a VPN has much higher security associated with it. Specifically, a VPN typically requires the establishment of a tunnel into the corporate network and the encryption of data passed between the user's PC and corporate servers.
HTML version of Basic Foils prepared Dec. 6 98

Foil 40 Virtual Private Network (6)

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
I recommend to read:
Everyone claims VPN capabilities, but not everyone provides adequate security for business-to-business virtual private networks.
HTML version of Basic Foils prepared Dec. 6 98

Foil 41 Internet 2

From Introduction to Network Management Lectures at Xi'an Jaotong University -- Sept 1998. *
Full HTML Index
The Internet 2 initiative is a collaborative effort by the nation's leading research universities, teamed with government and industry partners, to accelerate the next stage of Internet development in support of higher education. The Internet 2 project has three basic goals:
  • the creation of a leading edge network capability for the research community;
  • the development of a new generation of network applications that will support media integration and real time collaboration necessary to support national research objectives, distance education and life long learning;
  • the rapid transfer of new network services and applications into the commercial marketplace, thereby improving production Internet services to all members of the academic community.
More information about Internet2:
© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Sun Dec 6 1998