Chapter 4: Virtual Networks

Virtual Networks 1

Chapter 4: Virtual Networks

4.1 Security in networks 4.1.1 Introduction 4.1.2 Cryptography 4.1.3 Cryptanalysis 4.1.4 Symmetric key 4.1.5 Asymmetric key 4.1.6 Mixed systems

4.2 Virtual Private Networks, VPN 4.2.1 Introduction 4.2.2 PPTP 4.2.3 L2TP 4.2.4 IPsec 4.2.5 SSL

4.3 Virtual Local Area Networks, VLAN

Virtual Networks 2


4.1 Security in networks 4.1.1 Introduction 4.1.2 Cryptography 4.1.3 Cryptanalysis 4.1.4 Symmetric key 4.1.5 Asymmetric key 4.1.6 Mixed systems



Virtual Networks 3

Introduction

Secure channel: Properties:

Confidentiality Integrity Authenticity Non-repudiation

Sender Receiver

Secure channel?

Virtual Networks 4

Introduction

Confidentiality: Transmitted info in an insecure channel can

only be understood by desired destination/s It must stay unintelligible for the rest Ways of protection:

Dedicated physical links High costDifficult maintenance

Cipher

Attack e.g.: obtaining data from sender

Virtual Networks 5

Introduction

Integrity: Ensures that transmitted info was not

modified during the communication process Message in destination must be the same as

in source Ways of protection:

Digital signature

Attack e.g.: modifying the destination address in a product bought on the internet

Virtual Networks 6

Introduction

Authenticity: Ensures the source of the info Avoids impersonation Ways of protection:

Digital signature Challenge Human authentication

Biometric (fingerprint, retina, facial recognition, etc.)

Attack e.g.: user impersonation in bank transaction

Virtual Networks 7

Introduction

Non-repudiation: Avoid sender’s denial Avoid receiver’s denial Ways of protection:

Digital signature

Attack e.g.: loss of an application form

Virtual Networks 8

Introduction

Insecure channel: Non-reliable Attacks: Violation of channel security

TypesPassiveActive

CategoriesInterceptionInterruptionModificationFabrication

Virtual Networks 9

Introduction

Passive attacks: Attacker does not change the content of the

transmitted information Objectives:

Entity identification Traffic control Traffic analysis Usual data exchange time detection

Difficult to detect Easy to avoid -> encryption

Virtual Networks 10

Introduction

Active attacks: Attacker does change the content of the

transmitted information Types:

Masked (impostor) Repetitive (intercepted msg, repeated later) Msg modification Service denial

Difficult to prevent Easy to detect -> detection & recovery

Virtual Networks 11

IntroductionInterception: Confidentiality attack Passive A non-authorized intruder achieves the access to a non-

shared resource E.g:

Traffic capture Obtaining copies of files or programs

Transmitter

Receiver

Intruder

Virtual Networks 12

Introduction

Interruption: Destruction of a shared resource Active E.g:

Destruction of hardware Communication breakdown

Transmitter

Receiver

Intruder

Virtual Networks 13

Introduction

Modification: A non-shared resource is intercepted & modified by a non-

authorized host before arriving to its final destination Active E.g:

Change in sent data

Transmitter

Receiver

Intruder

Virtual Networks 14

IntroductionFabrication: Authenticity attack Active Non-authorized host (impostor) generates a resource that

arrives to the final destination E.g:

Fraud information

Transmitter

Receiver

Intruder

Virtual Networks 15


4.1 Security in networks 4.1.1 Introduction 4.1.2 Cryptography 4.1.3 Cryptanalisis 4.1.4 Symmetric key 4.1.5 Asymmetric key 4.1.6 Mixed systems



Virtual Networks 16

Cryptography

Introduction: Why?

Way of protecting information against intruders (encryption & digital signatures)

Definition Science of secret writing, for hiding information

from third parties

Principle Keeping privacy between two or more

communication elements

Virtual Networks 17

Introduction: Functioning basis

Altering original msg to avoid the access to the information of any non-authorized party

E.g Original msg: “This lecture is boring” Altered msg: “Wklv ohfwxuh lv erulqj” Caesar cipher (K=3)

Cryptography

Virtual Networks 18

Cipher: Mechanism that

converts a plain msg in an incomprehensible one

Cipher algorithm needs a key

Decipher: Mechanism that

converts an incomprehensible msg in the original one

Necessary to know the used cipher algorithm and the key

Cryptography

Virtual Networks 19

Introduction: Functioning scheme

Transmitter

Receiver

cipher decipher

Cryptography

Virtual Networks 20





Virtual Networks 21

Cryptanalysis

Introduction: Definition

Set of methods used to guess the key used by the elements of communication

Objective Reveal the secret of communication

Attacks Brute force attack (most common) Types:

Ciphertext-Only Attack Known Plaintext Attack Chosen Plaintext Attack

Virtual Networks 22





Virtual Networks 23

Symmetric Key

Features: Private key Transmitter & Receiver share the same key

Transmitter

Receiver

cipher decipher

Virtual Networks 24

Algorithms: DES, 3DES, RC5, IDEA, AES Requirements:

Neither plaintext nor the key may be extracted from the msg

The cost in time & money of obtaining the information must be higher than the value of the obtained information

Algorithm strength: Internal complexity Key length

Symmetric Key

Virtual Networks 25

Accomplished objectives: Confidentiality Integrity Authentication Non repudiation

Depending on the number of parties sharing the secret key

Symmetric Key

Virtual Networks 26

Advantages: Algorithm execution rate

Best method to cipher great pieces of information

Disadvantages: Distribution of private key Key management

The number of used keys is proportional to the number of used secure channels

Symmetric Key

Virtual Networks 27





Virtual Networks 28

Features: Public Key Every party has got a pair of keys (private-public)

Transmitter

Receiver

cipher decipher

Tx private

Tx public

Rx private

Rx public

Asymmetric Key

Virtual Networks 29

Algorithms: Diffie-Hellman, RSA, DSA Requirements:

Neither plaintext nor the key may be extracted from the msg

The cost in time & money of obtaining the information must be higher than the value of the obtained information

For an public-key encrypted text, there must be only a private key capable of decrypt it, and viceversa

Asymmetric Key

Virtual Networks 30

Accomplished objectives: Confidentiality Integrity Authentication

Offers very good mechanisms

Non repudiation Offers very good mechanisms

Asymmetric Key

Virtual Networks 31

Advantages: No problems for key distribution -> public

key In case of the steal of a user’s private key,

only the msgs sent to that user are involved Better authentication mechanisms than

symmetric systems Disadvantages: Algorithm execution rate

Asymmetric Key

Virtual Networks 32

Authentication: Challenge-response Digital signature Digital certificate

Non repudiation: Digital signature Digital certificate

Asymmetric Key

Virtual Networks 33

Challenge-response: Send of a challenge in clear text. Its response is only known

by the transmitter The transmitter sends a private-key ciphered response

Transmitter

Receiver

cipher decipher

Asymmetric KeyTx private

Tx public

Rx private

Rx public

Virtual Networks 34

Digital signature: Verifies source authenticity Parts

Signature (transmitter) Signature verification (receiver)

Transmitter

Receiver

Signature verification

Asymmetric Key Tx private

Tx public

Rx private

Rx public

Virtual Networks 35

Digital signature: Problem: Process is slow Use of fingerprint

Transmitter

Receiver

Asymmetric Key Tx private

Tx public

Rx private

Rx public

Virtual Networks 36

Digital signature - fingerprint: Reduces encryption time Hash function

Turns a variable length set of data in a summary or fingerprint. A fingerprint has a fixed length and it is illegible and nonsense

Irreversible Algorithms SHA-1, MD5 Requirements

Capability of turning variable length data in fixed length blocks

Easy to use and implement Impossible to obtain the original fingerprint text Different texts must generate different fingerprints

Problem: Key management

Asymmetric Key

Virtual Networks 37

Digital certificate: Information unit containing a pair of public-private

keys, together with the necessary information to allow the owner for secure communications

Contents: Public key Private key (if owner) Owner information Useful information (algorithms, allowed

functions, ...) Valid-from Certificate Authority signatures

Revocation is possible

Asymmetric Key

Virtual Networks 38





Virtual Networks 39

Mixed systems

Session keys: Process

Session Key distribution (asymmetric) Secure communication (symmetric)

Transmitter

Receiver

Session key

Tx private

Tx public

Rx private

Rx public

Virtual Networks 40

Transmitter

Receiver

Session key

Tx private

Tx public

Rx private

Rx publicSession keys: Process

Session Key distribution (asymmetric) Secure communication (symmetric)

Mixed systems

Virtual Networks 41

Accomplished objectives: Confidentiality Integrity Authentication Non repudiation

Use of digital signatures & certificates

Mixed systems

Virtual Networks 42

Advantages: No problems for key distribution -> public

key Improbable to guess session key May use public key authentication & non-

repudiation mechanisms Algorithm execution rate

Mixed systems

Virtual Networks 43





Virtual Networks 44

Virtual Private Networks

Introduction: Interconnection of users & entities

Dedicated line (intranets)ExpensiveDifficult to manage

Use os public access networkSecurity risks

LAN

Public network

Virtual Networks 45

Concept: VPN: Private data channel implemented upon a

public communication network Objectives:

Linking remote subnetworks Linking subnetworks & remote users

Use of virtual tunnel with encryption

LANVirtual tunnel

Public network


Virtual Networks 46

Requirements: Authentication & identity verification Virtual IP address range management Data cipher Management of digital certificates and

public and private keys Support for many protocols


Virtual Networks 47

Types: Hardware-based systems

optimized specific designs Very secure and simple High performance High cost Additional services (firewalls, intruder detectors,

antivirus, etc.) Cisco, Stonesoft, Juniper, Nokia, Panda Security

Software-based systems


Virtual Networks 48

Advantages: Security & confidentiality Cost reduction Scalability Simple management Compatibility with wireless links


Virtual Networks 49

Elements: Local or private networks

Restricted access LAN with pvt IP address range

Insecure networks VPN tunnels Servers Routers Remote users (road warriors) Remote offices (gateways)


Virtual Networks 50

Scenarios: P2P LAN - LAN LAN – remote user

LAN

LAN LAN


Virtual Networks 51





Virtual Networks 52

PPTP

Features: Peer to Peer Tunnel Protocol (PPTP) Designed & developed by 3Com, Microsoft

Corporation, Ascend Communications y ECI Telematics; defined IETF (RFC 2637)

Used for secure virtual access of remote users to a private network

Use of tunnel mechanisms for the send of data from client to server

Use of a private or public IP network

Virtual Networks 53

PPTP

Functioning: PPTP server configured to distribute private LAN

IP addresses Server acts as a bridge

LANRemote user

67.187.11.25

PPTP server192.168.1.1

192.168.1.30

192.168.1.31

192.168.1.32192.168.1.100 -

120

Virtual Networks 54

PPTP

Phases: PPP Connection establishment with ISP PPTP connection control

TCP connection Control msgs exchange

Data transmission GRE Protocol Cipher

Virtual Networks 55

PPTP

PPP: Point-to-Point Protocol (RFC 1661)

Data link layer Used for the connection to ISP by means of a telephony

line (modem) or PSTN Versions for broadband access (PPPoE y PPPoA) Functions:

Establishing, maintaining and finishing peer-to-peer connection

User authentication (PAP y CHAP)Creation of encrypted frames

IP DataPPP

Virtual Networks 56

PPTP

PPTP connection control: Specifies session control messages:

PPTP_START_SESSION_REQUEST: session start request PPTP_START_SESSION_REPLY: session start response PPTP_ECHO_REQUEST: session keepalive request PPTP_ECHO_REPLY: session keepalive response PPTP_WAN_ERROR_NOTIFY: error notification PPTP_SET_LINK_INFO: client-server connection

configuration PPTP_STOP_SESSION_REQUEST: session stop request PPTP_STOP_SESSION_REPLY: session stop reply

Virtual Networks 57

PPTP

PPTP authentication: Uses the same mechanisms as PPP:

PAP (Password Authentication Protocol)Very simple: send of name and passwd in plaintext

CHAP (Challenge Handshake Authentication Protocol)Challenge-response mechanismClient generates a fingerprint from the received challenge

(MD5)Shared secret keySend of challenge to renew identity

Virtual Networks 58

PPTP

PPTP authentication: Two new mechanisms:

SPAP (Shiva Password Authentication Protocol)PAP with the send of an encrypted client passwd

MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)

Proprietary CHAP-based-Algorithm by Microsoft Mutual authentication process (client & server)Due to a security failure in Windows NT, MS-CHAP v2 was

created

Virtual Networks 59

PPTP

Data transmission: Uses a modification of GRE (Generic Routing

Encapsulation) protocol: RFC 1701 y 1702 Establishes a functional division in three protocols:

Passenger ProtocolCarrier ProtocolTransport Protocol

Protocol

CarrierTransport

Virtual Networks 60

PPTP

Data transmission: Send of PPP frames -> encapsulated in IP

datagrams

GRE DataPPPIPMAC

TCP DataIP

Virtual Networks 61

PPTP

Encryption: MPPE (Microsoft Point-To-Point Encryption)

RFC 3078 uses RSA RC4 algorithm-> Session key from a client pvt

key Only with CHAP or MS-CHAP

Allows non-encrypted tunneling (PAP or SPAP) -> No VPN

Virtual Networks 62

PPTP

Advantages: Implementation low cost (uses public network) No limit for the number of tunnels due to server

physical interfaces (but more resources are necessary in the server for every tunnel)

Disadvantages: Very vulnerable

Non-authenticated TCP connection control Weakness of MS-CHAP protocol in NT systems Weakness of MPPE protocol

Use of pvt passwd





63Virtual Networks

Virtual Networks 64

L2TP

Features: Layer 2 tunneling protocol (RFC 2661) - PPP L2TP v3 (RFC 3931) - multiprotocol Based in 2 network protocols to carry de red PPP

frames: PPTP L2F (Layer Two Forwarding)

Used together with IPSec to offer more security (L2TP/IPSec, RFC 3193)

Virtual Networks 65

L2TP

Functioning: LAC: L2TP Access Concentrator LNS: L2TP Network Server Server acts as a bridge

LAN

Remote user

67.187.11.25

L2TP Server(LNS)192.168.1.1

192.168.1.31

192.168.1.32

192.168.1.100 - 120

ISP

LAC

Voluntary

Compulsory

Virtual Networks 66

L2TP

Types of tunnels: Compulsory:

1) User starts a PPP connection with ISP

2) ISP accepts connection & PPP link

3) ISP requests authentication 4) LAC starts L2TP tunnel to LNS5) If LNS accepts, LAC

encapsulates PPP with L2TP and sends frames

6) LNS accepts L2TP frames & process them as if they were PPP frames

7) LNS authenticates PPP valid user -> assigns IP addr

Voluntary:1) Remote users is

connected to ISP2) L2TP client starts L2TP

tunnel to LNS3) If LNS accepts, LAC

encapsulates PPP with L2TP and sends through tunnel

4) LNS accepts frames & process them as if they were PPP frames

5) LNS authenticates PPP valid user -> assigns IP addr

Virtual Networks 67

L2TP

Messages: Two types:

ControlUsed during the establishment, keepalive & termination of

the tunnelReliable control channel (guarantees msg delivery)

DataEncapsulates information into PPP frameUses UDP port 1701

Virtual Networks 68

L2TP

Control msgs: Connection keepalive:

Start-Control-Connection-Request: Session start request Start-Control-Connection-Reply: Session start response Start-Control-Connection-Connected: Established

session Start-Control-Connection-Notification: Session end Hello: sent during inactivity periods

Virtual Networks 69

L2TP

Control msgs: ‘Call’ keepalive:

Outgoing-Call-Request: start of outgoing call Outgoing-Call-Reply: start of outgoing call response Outgoing-Call-Connected: outgoing call established Incoming-Call-Request: start of incoming call Incoming-Call-Reply: start of incoming call response Incoming-Call-Connected: incoming call established Call-Disconnect-Notify: call stop

Virtual Networks 70

L2TP

Control msgs: Error notification:

WAN-Error-Notify

PPP Control session: Set-Link-Info: configures client-server connection

Virtual Networks 71

L2TP

Advantages: Implementation low cost Multiprotocol supportDisadvantages: Only the two terminals in the tunnel are

identified (possible impersonation attacks) No support for integrity (possible service denial

attack) Does not develop confidentiality Does not offer encryption, though PPP may be

encrypted (no mechanism for automatic key generation)





72Virtual Networks

Virtual Networks 73

IPSec

Features: Internet Protocol Security Offers security services for the network layer Allows linking different networks (remote offices) Allows a remote user to access the pvt resources

in a network IETF (Internet Engineering Task Force) Standard Integrated in IPv4; default included in IPv6 IPSec is connection oriented

Virtual Networks 74

IPSec

Features: Services:

Data integrity Source authentication Confidentiality Replay attack prevention

Functioning modes: Transport mode Tunnel mode

Virtual Networks 75

IPSec

Security association: Definition (SA):

“Unidirectional agreement between the parties in an IPSec connection according to the methods & parameters used for the tunnel structure. They must guarantee transmitted data security”

An entity must store: Used security algorithms and keys Functioning mode Key management methods Valid time for the established connection Database with SA

Virtual Networks 76

IPSec

Security association: Example:

SPI: 12345Source IP: 200.168.1.100Dest IP: 193.68.2.23 Protocol: ESPEncryption algorithm: 3DES-cbcHMAC algorithm: MD5Encryption key: 0x7aeaca…HMAC key:0xc0291f…

Methods for key distribution & management: Manual: personal delivery Automatic: AutoKey IKE

Virtual Networks 77

IPSec

IKE Protocol: Internet Key Exchange Protocol (IKE) Defined in IETF

key distribution & management SA establishment

Standard is not only limited to IPSec (OSPF or RIP) Hybrid protocol:

ISAKMP (Internet Security Association and Key Management Protocol)

Define msg syntaxNecessary proceedings for SA establishment, negotiation,

modification and deletion Oakley

Specifies the logic for the secure key exchange

Virtual Networks 78

IPSec

IKE – IPSec tunnel negotiation: Two phases:

Phase 1: Establishment of a secure bidirectional communication channel (IKE SA)

IKE SA different to IPSec SACalled ISAKMP SA

Phase 2: Agreements about cipher and authentication algorithms -> IPSec SA

Uses ISAKMP to generate IPSec SAThe precursor offers different possibilities The other entity accepts the first configuration according

to its limitations They inform each other about the type of traffic

Virtual Networks 79

IPSec

Advantages: Allows remote access in a secure way Best option for e-commerce (secure

infrastructure for electronic transactions) Allows secure corporate networks (extranets)

over public networks

Virtual Networks 80

IPSec

Protocols: Authentication Header Protocol (AH) Encapsulated Secure Payload (ESP)

Virtual Networks 81

IPSec

AH Protocol: Network layer Protocol field: 51 Provided services:

Integrity Authentication Does not guarantee confidentiality (no data encryption)

HMAC (Hash Message Authentication Codes) Generation of digital fingerprint (SHA or MD5) Encryption of digital fingerprint with shared secret

Virtual Networks 82

IPSec

AH Protocol: HMAC

Transmitter

HMACIP AH DATA

Receiver

HMACIP AH DATA

Virtual Networks 83

IPSec

AH Protocol: Format

Next header

Payloadlength

Reserved

Security Parameters Index (SPI)

Sequence number

Authentication data

IP header

Data

AH header

32 bits

Virtual Networks 84

IPSec

AH Protocol: Format:

Next header: superior layer protocol Payload length: Data field length (32 bits) Security Parameters Index (SPI): SA identifier Sequence number Authentication data: Variable length HMAC

Virtual Networks 85

IPSec

ESP Protocol: Network layer Protocol field: 50 Supported services:

Integrity (optional) Authentication (optional) Confidentiality (data encryption)

Symmetric key encryption algorithm Algoritmo de (DES, 3DES, Blowfish) Usually block encryption (padding) Requires a secure mechanism for key distribution (IKE)

Virtual Networks 86

IPSec

ESP Protocol:

Transmitter

IP ESP DATA

Receiver

IP ESP DATAESP ESP

Virtual Networks 87

IPSec

ESP Protocol: Formato

Padding

Security Parameters Index (SPI)

Sequence number

IP header

Datos ESP

32 bits

Next header

Padlength

Authentication data

Encryption

Virtual Networks 88

IPSec

ESP Protocol: Format:

Security Parameters Index (SPI): SA Identifier Sequence number Padding Pad length: padding length (bytes) Next header: Superior layer protocol Authentication data: Variable length HMAC

Virtual Networks 89

IPSec

Modes of operation: Applicable to AH & ESP

Transport Mode using AH

Transport Mode using ESP

Tunnel Mode using AH

Tunnel Mode using ESP

Most used

Virtual Networks 90

IPSec

Transport Mode: Data are encapsulated in an AH or ESP datagram Ensures end-to-end communication client-client scheme (both ends must understand

IPSec) Used to connect remote users

IP 1DataIPSecIP 2

IP 1 IP 2

IPSec host IPSec host

Virtual Networks 91

IPSec

Transport mode: AH: Next header = Protocol in IP header

ESP: Next header = Protocol in IP header

AHheader

DataOriginal IP header

Authentication

ESP

header

Data

Encryption

Authentication

Original IP header

Virtual Networks 92

IPSec

Tunnel mode: Data are encapsulated in a whole IP datagram A new IP header is generated Used when the final destination is not the IPSec

end (gateways)

IP ADataIPSecIP B

gateway using IPSec gateway using IPSec

Host without IPSec

IP 1

IP 2IP BIP A

IP 1IP 2

Host without IPSec

Virtual Networks 93

IPSec

Tunnel mode : AH: New IP header Protocol = 51 & Next header = 4

ESP: New IP header Protocol = 50 & Next header = 4

AH header

DataNewIP header

Authentication

ESPHeader

DataNewIP header

Encryption

Authentication

Original IPHeader

Original IPHeader

Virtual Networks 94





Virtual Networks 95

SSL

Project OpenVPN: Implementation of VPN based on SSL (OpenSSL) Free software (GPL) Reason: Limitations of IPSec Features:

Driver is in charge of building a tunnel & encapsulating pkts through a virtual link

Allows authentication & encryption All communications using TCP or UDP port (default

1194) Multiplatform Allows compression

Virtual Networks 96

SSL

Project OpenVPN: Features:

Client-server model (version 2.0) Self-install packages and graphic interfaces Allows remote management Great flexibility (many script formats)

Virtual Networks 97





Virtual Networks 98

VLAN

Introduction: Las LANs institucionales modernas suelen

presentar topología jerárquica Cada grupo de trabajo posee su propia LAN

conmutada Las LANs conmutadas pueden interconectarse

entre sí mediante una jerarquía de conmutadores

A

B

S1

C D

E

FS2

S4

S3

H

I

G

Virtual Networks 99

VLAN

Inconvenientes: Falta de aislamiento del tráfico

Tráfico de difusión Limitar tráfico por razones de seguridad y

confidencialidad

Uso ineficiente de los conmutadores Gestión de los usuarios

Virtual Networks 100

VLAN

VLAN: VLAN basada en puertos

División de puertos del conmutador en grupos Cada grupo constituye una VLAN Cada VLAN es un dominio de difusión Gestión de usuario -> Cambio de configuración del

conmutador

A B C D E F G H I


VLAN

VLAN: ¿Cómo enviar información entre grupos?

Conectar puerto del conmutador VLAN a router externo Configurar dicho puerto como miembro de ambos grupos Configuración lógica -> conmutadores separados conectados

mediante un router Normalmente los fabricantes incluyen en un único dispositivo

conmutador VLAN y router

A B C D E F G H I


VLAN

VLAN: Localización diferente

Miembros de un grupo se encuentran en edificios diferentes Necesario varios conmutadores Conectar puertos de grupos entre conmutadores -> No

escalable

A BC

D E FG HI


VLAN

VLAN: Localización diferente

Troncalización VLAN (VLAN Trunking) Puerto troncal pertenece a todas las VLANs ¿VLAN Destino de la trama? -> formato de trama 802.1Q

A BC

D E FG HI

Enlace

troncal


VLAN

IEEE 802.1Q: IEEE 802.3 (Ethernet)

IEEE 802.1Q

Dir.Destino

DatosPreambuloDir.Origen

Tipo CRC

Dir.Destino

DatosPreambuloDir.Origen

Tipo CRC nuevoTPID TCI

Información de control de etiquetado

Identificador de protocolo de etiquetado


VLAN

VLAN: VLAN basada en MAC (nivel 2)

El administrador de red crea grupos VLAN basados en rangos de direcciones MAC

El puerto del conmutador se conecta a la VLAN correspondiente con la dirección MAC del equipo asociado

VLAN nivel 3 Basada en direcciones de red IPv4 o IPv6 Basada en protocolos de red (Appletalk, IPX, TCP/IP)

Chapter 4: Virtual Networks

Documents

Transcript of Chapter 4: Virtual Networks