Expl WAN Chapter 6 Teleworker

7/21/2019 Expl WAN Chapter 6 Teleworker

1/62


2/62

CCNA4-2 Chapter 6

Teleworker ServicesTeleworker Services

Business RequirementsBusiness Requirementsor Teleworkersor Teleworkers


3/62

CCNA4-! Chapter 6

Business Requirements or TeleworkersBusiness Requirements or Teleworkers

"r#ani$ational Beneits%"r#ani$ational Beneits%& Continuit' o operations(Continuit' o operations(

& )ncrease* responsiveness()ncrease* responsiveness(

& Secure+ relia,le an* mana#ea,le access to inormation(Secure+ relia,le an* mana#ea,le access to inormation(

& Cost-eective inte#ration o voice+ vi*eo an* *ata(Cost-eective inte#ration o voice+ vi*eo an* *ata(

& )ncrease* emplo'ee pro*uctivit'+ satisaction an* retention()ncrease* emplo'ee pro*uctivit'+ satisaction an* retention(

Social%Social%

& )ncrease* emplo'ment opportunities()ncrease* emplo'ment opportunities(

& ess travel an* commuter relate* stress(ess travel an* commuter relate* stress(

.nvironmental%.nvironmental%

& Smaller car,on ootprint(Smaller car,on ootprint(


4/62

CCNA4-4 Chapter 6

The Teleworker SolutionThe Teleworker Solution

Tra*itional+ private /AN technolo#ies%Tra*itional+ private /AN technolo#ies%& 0rame Rela'+ AT+ ease* ines0rame Rela'+ AT+ ease* ines


5/62

CCNA4- Chapter 6


)3sec irtual 3rivate Networks 53N%)3sec irtual 3rivate Networks 53N%& 0le7i,le+ scala,le connectivit'(0le7i,le+ scala,le connectivit'(


6/62

CCNA4-6 Chapter 6


)3sec irtual 3rivate Networks 53N%)3sec irtual 3rivate Networks 53N%& 0le7i,le+ scala,le connectivit'(0le7i,le+ scala,le connectivit'(

Site to site is secureSite to site is secureast an* relia,le(ast an* relia,le( ost common option(ost common option(


7/62CCNA4-8 Chapter 6


Broa*,an* Connections%Broa*,an* Connections%& 9S+ Ca,le+ /ireless+ Satellite(9S+ Ca,le+ /ireless+ Satellite(


8/62CCNA4-: Chapter 6


Broa*,an* Connections%Broa*,an* Connections%& 9S+ Ca,le+ /ireless+ Satellite(9S+ Ca,le+ /ireless+ Satellite(

& Broa*,an*Broa*,an*reers to a*vance* communicationsreers to a*vance* communications

s'stems capa,le o provi*in# hi#h-spee* transmissions'stems capa,le o provi*in# hi#h-spee* transmission

o services over the )nternet an* other networks(o services over the )nternet an* other networks(& Transmission spee*s t'picall' e7cee* 2;;+;;; ,its perTransmission spee*s t'picall' e7cee* 2;;+;;; ,its per

secon* in at least one *irection%secon* in at least one *irection%

& 9ownstream%9ownstream%

& 0rom the )nternet to the user


9/62CCNA4-> Chapter 6


Broa*,an* vs( Base,an*%Broa*,an* vs( Base,an*%& Base,an*%Base,an*%

& "nl' one si#nal on the wire at once("nl' one si#nal on the wire at once(

& a' use Time 9ivision ultiple7in# 5T9a' use Time 9ivision ultiple7in# 5T9

& .thernet networks(.thernet networks(

& Broa*,an*%Broa*,an*%

& ultiple si#nals on the same line(ultiple si#nals on the same line(

& 0requenc' 9ivision ultiple7in#(0requenc' 9ivision ultiple7in#(


10/62CCNA4-1; Chapter 6


Components%Components%

3N Router or3N Router or

3N client(3N client(

Ca,le+ 9SCa,le+ 9S

Router nee*s ?oSRouter nee*s ?oS

3N capa,le routers3N capa,le routers

3N concentrators3N concentrators

Securit' appliances%Securit' appliances%

5TACACS+ Ra*ius5TACACS+ Ra*ius




Components%Components%& The encr'pte*The encr'pte*

3N tunnel3N tunnel

is the heart ois the heart o

secure an*secure an*relia,le teleworker connections(relia,le teleworker connections(

& irtual 3rivate Network 53N%irtual 3rivate Network 53N%

& A private *ata network that uses the pu,licA private *ata network that uses the pu,lic

telecommunication inrastructure( 3N securit'telecommunication inrastructure( 3N securit'maintains privac' usin# a tunnelin# protocol an*maintains privac' usin# a tunnelin# protocol an*

securit' proce*ures(securit' proce*ures(

& TheThe )3sec 5)3 Securit')3sec 5)3 Securit'tunnelin# protocol is the avore*tunnelin# protocol is the avore*

approach to ,uil*in# secure 3N tunnels(approach to ,uil*in# secure 3N tunnels(




Broa*,an* ServicesBroa*,an* Services


13/62CCNA4-1! Chapter 6

Connectin# Teleworkers to the /ANConnectin# Teleworkers to the /AN

9ialup Access%9ialup Access%& )ne7pensive usin# e7istin# telephone lines()ne7pensive usin# e7istin# telephone lines(

& The slowest option+ it is t'picall' use* ,' mo,ile workersThe slowest option+ it is t'picall' use* ,' mo,ile workers

in areas where hi#h spee* connection are not availa,le(in areas where hi#h spee* connection are not availa,le(




9S Access%9S Access%& 9S also uses telephone lines(9S also uses telephone lines(

& A 9S mo*em separates the 9S si#nal rom theA 9S mo*em separates the 9S si#nal rom the

telephone si#nal(telephone si#nal(

& 3rovi*es an .thernet connection to a host computer or3rovi*es an .thernet connection to a host computer orAN(AN(


15/62


16/62

CCNA4-16 Chapter 6

Satellite Access%Satellite Access%& The computer connects to a satellite mo*em thatThe computer connects to a satellite mo*em that

transmits ra*io si#nals to the nearest point o presencetransmits ra*io si#nals to the nearest point o presence

within the satellite network(within the satellite network(

& 3rovi*es an .thernet connection to a host computer(3rovi*es an .thernet connection to a host computer(



17/62

CCNA4-18 Chapter 6

The @ca,le in ca,le s'stem reers to the coa7ial ca,le thatThe @ca,le in ca,le s'stem reers to the coa7ial ca,le thatcarries ra*io requenc' 5R0 si#nals across the network(carries ra*io requenc' 5R0 si#nals across the network(

A t'pical ca,le operator now uses a satellite *ish orA t'pical ca,le operator now uses a satellite *ish or

microwave s'stem to #ather T si#nals(microwave s'stem to #ather T si#nals(

.arl' s'stems were.arl' s'stems were one-wa'one-wa'with casca*in# ampliierswith casca*in# ampliiersplace* in series alon# the network to compensate or si#nalplace* in series alon# the network to compensate or si#nal

loss(loss(

o*ern ca,le s'stems provi*eo*ern ca,le s'stems provi*e two-wa'two-wa'communicationcommunication

,etween su,scri,ers an* the ca,le operator(,etween su,scri,ers an* the ca,le operator(& Ca,le operators now oer customers hi#h-spee* )nternetCa,le operators now oer customers hi#h-spee* )nternet

access+ *i#ital ca,le television+ an* resi*ential telephoneaccess+ *i#ital ca,le television+ an* resi*ential telephone

service(service(

Ca,leCa,le


18/62

CCNA4-1: Chapter 6

Ca,leCa,le

ain receivin#ain receivin#

antennas an* *ishes(antennas an* *ishes(

/here si#nals/here si#nals

are processe*are processe*

an* *istri,ute*(an* *istri,ute*(


19/62

CCNA4-1> Chapter 6

.lectroma#netic Spectrum%.lectroma#netic Spectrum%

& The ca,le T in*ustr' uses a portion o the R0The ca,le T in*ustr' uses a portion o the R0

electroma#netic spectrum(electroma#netic spectrum(

Si#nals are transmitte* simultaneousl' in either *irection(Si#nals are transmitte* simultaneousl' in either *irection(

9ivi*e* into two paths%9ivi*e* into two paths%

& 9ownstream%9ownstream% ea*en* to Su,scri,er 5:1; $(ea*en* to Su,scri,er 5:1; $(

& =pstream%=pstream% Su,scri,er to ea*en* 5!8 $(Su,scri,er to ea*en* 5!8 $(

Ca,leCa,le


20/62

CCNA4-2; Chapter 6

9"CS)S%9"CS)S%

& The 9ata-over-Ca,le Service )nterace SpeciicationThe 9ata-over-Ca,le Service )nterace Speciication

59"CS)S59"CS)Sis an international stan*ar* *evelope* ,'is an international stan*ar* *evelope* ,'

Ca,lea,Ca,lea,s(s(

& A non-proit research an* *evelopment consortium orA non-proit research an* *evelopment consortium orca,le-relate* technolo#ies(ca,le-relate* technolo#ies(

& Ca,lea,s tests an* certiies ca,le equipment ven*orCa,lea,s tests an* certiies ca,le equipment ven*or

*evices%*evices%

& Ca,le mo*ems(Ca,le mo*ems(

& Ca,le mo*em termination s'stems(Ca,le mo*em termination s'stems(

& rants 9"CS)S-certiie* or qualiie* status(rants 9"CS)S-certiie* or qualiie* status(

& .uro-9"CS)S%.uro-9"CS)S%A*apte* or use in .urope with *ierentA*apte* or use in .urope with *ierent

stan*ar*s(stan*ar*s(

Ca,leCa,le


21/62

CCNA4-21 Chapter 6

9"CS)S%9"CS)S%

& 9"CS)S speciies the "pen S'stems )nterconnection9"CS)S speciies the "pen S'stems )nterconnection

5"S) a'ers 1 an* 2 requirements(5"S) a'ers 1 an* 2 requirements(

Ca,leCa,le

Channel Bandwidths Mbits/s

Release =pstream 9ownstream

9"CS)S 1(; !: 1;

9"CS)S 2(; 4; !;

9"CS)S !(; 16; 12;

Access metho* re#ar*in#Access metho* re#ar*in#

the multiple7in# o si#nals(the multiple7in# o si#nals(


22/62


23/62

CCNA4-2! Chapter 6

9eliverin# Services "ver Ca,le%9eliverin# Services "ver Ca,le%

Ca,leCa,le

Share* ,an*wi*th can ,e a*Duste* or con#estion(Share* ,an*wi*th can ,e a*Duste* or con#estion(

',ri* 0i,er-Coa7ial Network 50C',ri* 0i,er-Coa7ial Network 50C


24/62

CCNA4-24 Chapter 6

9S9S is a means o provi*in# hi#h-spee* connections overis a means o provi*in# hi#h-spee* connections overinstalle* copper wires(installe* copper wires(

& A t'pical phone line can han*le si#nals up to 1 $(A t'pical phone line can han*le si#nals up to 1 $(

& A t'pical phone conversation uses romA t'pical phone conversation uses rom

!;; $ to ! k$(!;; $ to ! k$(& The a**itional ,an*wi*th is use* or 9S(The a**itional ,an*wi*th is use* or 9S(

9i#ital Su,scri,er ine 59S9i#ital Su,scri,er ine 59S


25/62

CCNA4-2 Chapter 6

The two ,asic t'pes o 9SThe two ,asic t'pes o 9Stechnolo#ies are as'mmetrictechnolo#ies are as'mmetric

5A9S an* s'mmetric 5S9S(5A9S an* s'mmetric 5S9S(

& All orms o 9S serviceAll orms o 9S service

are cate#ori$e* as A9S or S9S+ an* there are severalare cate#ori$e* as A9S or S9S+ an* there are severalvarieties o each t'pe(varieties o each t'pe(

& A9SA9Sprovi*es hi#her *ownstream ,an*wi*th to the userprovi*es hi#her *ownstream ,an*wi*th to the user

than uploa* ,an*wi*th(than uploa* ,an*wi*th(

& S9SS9S provi*es the same capacit' in ,oth *irections(provi*es the same capacit' in ,oth *irections(

9i#ital Su,scri,er ine 59S9i#ital Su,scri,er ine 59S


26/62

CCNA4-26 Chapter 6

9i#ital Su,scri,er ine 59S - Connections9i#ital Su,scri,er ine 59S - Connections

9S is not a share* me*ium(9S is not a share* me*ium(

oice an* *ata over the same copper telephone line(oice an* *ata over the same copper telephone line(

9S mo*em+9S mo*em+

router(router(

9emarc%9emarc% NetworkNetwork

)nterace 9evice)nterace 9evice((

9S Access9S Access

ultiple7erultiple7er


27/62

CCNA4-28 Chapter 6

/ireless networkin#+ or/ireless networkin#+ or/i-0i+ has improve* the/i-0i+ has improve* the

connectivit' situation+ notconnectivit' situation+ not

onl' in the S""+ ,ut alsoonl' in the S""+ ,ut also

on enterprise campuses(on enterprise campuses(

=sin# :;2(11 networkin#=sin# :;2(11 networkin#

stan*ar*s+ *ata travelsstan*ar*s+ *ata travels

usin# the unlicense* ra*iousin# the unlicense* ra*io

spectrum(spectrum(

ost ra*io an* Tost ra*io an* T

transmissions aretransmissions are

#overnment re#ulate* an* require a license to use(#overnment re#ulate* an* require a license to use(

Broa*,an* /irelessBroa*,an* /ireless


28/62

CCNA4-2: Chapter 6

=ntil recentl'+ a si#niicant limitation o wireless access has=ntil recentl'+ a si#niicant limitation o wireless access has,een the nee* to ,e,een the nee* to ,e within the local transmission ran#ewithin the local transmission ran#e

5t'picall' less than 1;; eet o a wireless router or wireless5t'picall' less than 1;; eet o a wireless router or wireless

access point that has a wire* connection to the )nternet(access point that has a wire* connection to the )nternet(

"nce a worker let the oice or home+ wireless access was"nce a worker let the oice or home+ wireless access wasnot rea*il' availa,le(not rea*il' availa,le(

New *evelopments in ,roa*,an* wireless technolo#' areNew *evelopments in ,roa*,an* wireless technolo#' are

increasin# wireless availa,ilit'(increasin# wireless availa,ilit'(

& unicipal /i-0iunicipal /i-0i& /iAE/iAE

& Satellite )nternetSatellite )nternet



29/62

CCNA4-2> Chapter 6

unicipal /i-0i%unicipal /i-0i%

& ost municipal wireless networks use aost municipal wireless networks use a mesh topolo#'mesh topolo#'

rather than a hu,-an*-spoke mo*el(rather than a hu,-an*-spoke mo*el(

& The mesh ,lanketsThe mesh ,lankets

its area with ra*ioits area with ra*iosi#nals(si#nals(

& Si#nals travel romSi#nals travel rom

access point toaccess point to

access point throu#haccess point throu#h

this clou*(this clou*(

& )nstallation easier()nstallation easier(

& 0aster *eplo'ment(0aster *eplo'ment(

& ore relia,le(ore relia,le(



30/62

CCNA4-!; Chapter 6

/iAE%/iAE%

& /iAE/iAE 5/orl*wi*e )nteropera,ilit' or icrowave5/orl*wi*e )nteropera,ilit' or icrowave

AccessAccessis telecommunications technolo#' aime* atis telecommunications technolo#' aime* at

provi*in# wireless *ata over lon# *istances in a variet' oprovi*in# wireless *ata over lon# *istances in a variet' o

wa's(wa's(& /iAE operates at/iAE operates at hi#her spee*s+ over #reaterhi#her spee*s+ over #reater

*istances*istances+ an* or a+ an* or a #reater num,er o users#reater num,er o usersthan /i-0i(than /i-0i(

& Because o its hi#her spee* 5,an*wi*th an* allin#Because o its hi#her spee* 5,an*wi*th an* allin#

component prices+ the /iAE will soon supplantcomponent prices+ the /iAE will soon supplantmunicipal mesh networks or wireless *eplo'ments(municipal mesh networks or wireless *eplo'ments(



31/62

CCNA4-!1 Chapter 6

/iAE%/iAE%


Two mainTwo main

componentscomponents

!+;;; sq( miles!+;;; sq( miles

8+;; sq( km8+;; sq( km

Connects *irectl'Connects *irectl'to the )S3(to the )S3(


32/62

CCNA4-!2 Chapter 6

Satellite )nternet%Satellite )nternet%

& Satellite )nternet services are use* in locations where lan*-Satellite )nternet services are use* in locations where lan*-

,ase* )nternet access is not availa,le+ or or temporar',ase* )nternet access is not availa,le+ or or temporar'

installations that are continuall' on the move(installations that are continuall' on the move(

& There are ! wa's to connect to )nternet usin# satellites%There are ! wa's to connect to )nternet usin# satellites%& "ne-wa' multicast"ne-wa' multicast are use* or )3 multicast-,ase* *ata+are use* or )3 multicast-,ase* *ata+

au*io+ an* vi*eo *istri,ution(au*io+ an* vi*eo *istri,ution(

& "ne-wa' terrestrial return"ne-wa' terrestrial returnuse tra*itional *ialup accessuse tra*itional *ialup access

to sen* out,oun* *ata throu#h a mo*em an* receiveto sen* out,oun* *ata throu#h a mo*em an* receive*ownloa*s rom the satellite(*ownloa*s rom the satellite(

& Two-wa' satelliteTwo-wa' satellitesen*s *ata rom remote sites viasen*s *ata rom remote sites via

satellite to a hu,( The hu, then sen*s the *ata to thesatellite to a hu,( The hu, then sen*s the *ata to the

)nternet()nternet(



33/62

CCNA4-!! Chapter 6

Two-wa' Satellite )nternet%Two-wa' Satellite )nternet%


The ke' installation requirement is or theThe ke' installation requirement is or the

antenna to have a clear view towar* the equator(antenna to have a clear view towar* the equator(

Two-wa' satellite )nternet uses )3 multicastin# technolo#'(Two-wa' satellite )nternet uses )3 multicastin# technolo#'(

Allows one satellite to serve up to +;;; channels(Allows one satellite to serve up to +;;; channels(


34/62

CCNA4-!4 Chapter 6


irtual 3rivate Network 53Nirtual 3rivate Network 53NTechnolo#'Technolo#'


35/62

CCNA4-! Chapter 6

/hat is a 3NF/hat is a 3NF

& A VPN creates a private network over a public networkA VPN creates a private network over a public network

infrastructure while maintaining confidentiality andinfrastructure while maintaining confidentiality and

security.security.

& 3Ns use3Ns use cr'pto#raphic tunnelin# protocolscr'pto#raphic tunnelin# protocolsto provi*eto provi*eprotection a#ainst packet sniin#+ sen*er authentication+protection a#ainst packet sniin#+ sen*er authentication+

an* messa#e inte#rit'(an* messa#e inte#rit'(

& "r#ani$ations use 3Ns"r#ani$ations use 3Ns

to provi*eto provi*e a virtual /ANa virtual /ANthat connects ,ranch orthat connects ,ranch or

home oices+ ,usinesshome oices+ ,usiness

partner sites+ an* remotepartner sites+ an* remote

telecommuters(telecommuters(

3Ns an* Their Beneits3Ns an* Their Beneits


36/62

CCNA4-!6 Chapter 6

Beneits%Beneits%& Cost Savin#s%Cost Savin#s%

& "r#ani$ations can use"r#ani$ations can use cost-eective+ thir*-part' )nternetcost-eective+ thir*-part' )nternet

transporttransportto connect remote oices an* users to the mainto connect remote oices an* users to the main

corporate site( This eliminates e7pensive *e*icate* /ANcorporate site( This eliminates e7pensive *e*icate* /ANlinks an* mo*em ,anks(links an* mo*em ,anks(

& Securit'%Securit'%

& A*vance*A*vance* encr'ption an* authentication protocolsencr'ption an* authentication protocolsprotectprotect

*ata rom unauthori$e* access(*ata rom unauthori$e* access(

& Scala,ilit'%Scala,ilit'%

& "r#ani$ations+ ,i# an* small+ are"r#ani$ations+ ,i# an* small+ are a,le to a** lar#ea,le to a** lar#e

amounts o capacit'amounts o capacit' without a**in# si#niicantwithout a**in# si#niicant

inrastructure(inrastructure(

3Ns an* Their Beneits3Ns an* Their Beneits


37/62


38/62

CCNA4-!: Chapter 6

Site-to-site 3N%Site-to-site 3N%

& )n a site-to-site 3N+ hosts sen* an* receive TC3G)3)n a site-to-site 3N+ hosts sen* an* receive TC3G)3

traictraic throu#h a 3N #atewa'throu#h a 3N #atewa'((

& The 3N #atewa'The 3N #atewa' encapsulates an* encr'ptsencapsulates an* encr'ptsout,oun*out,oun*

traic an* sen*s it throu#h a 3N tunnel(traic an* sen*s it throu#h a 3N tunnel(& "n receipt+ the"n receipt+ the

peer 3Npeer 3N

#atewa'#atewa' stripsstrips

the hea*ers+the hea*ers+*ecr'pts*ecr'ptsthethe

content an*content an*

rela's therela's the

packet(packet(

T'pes o 3NsT'pes o 3Ns


39/62

CCNA4-!> Chapter 6

Remote Access 3N%Remote Access 3N%

& Support the nee*s o telecommuters+ mo,ile users+ asSupport the nee*s o telecommuters+ mo,ile users+ as

well as e7tranet consumer-to-,usiness(well as e7tranet consumer-to-,usiness(


3N Concentrator+3N Concentrator+0irewall or router(0irewall or router(


40/62

CCNA4-4; Chapter 6

Remote Access 3N%Remote Access 3N%& Support the nee*s o telecommuters+ mo,ile users+ asSupport the nee*s o telecommuters+ mo,ile users+ as

well as e7tranet consumer-to-,usiness(well as e7tranet consumer-to-,usiness(

& .ach host t'picall' has 3N client sotware(.ach host t'picall' has 3N client sotware(

& The sotware encapsulates an* encr'pts that traic ,eoreThe sotware encapsulates an* encr'pts that traic ,eoresen*in# it over the )nternet(sen*in# it over the )nternet(

& "n receipt+ the"n receipt+ the

3N #atewa'3N #atewa'

han*les the *atahan*les the *atain the same wa'in the same wa'

as it woul*as it woul*

han*le *ata romhan*le *ata rom

a site-to-site 3N(a site-to-site 3N(



41/62


42/62

CCNA4-42 Chapter 6

The key to VPN effectiveness isThe key to VPN effectiveness is security.security.

& 3Ns secure *ata ,' encapsulatin# an* encr'ptin# the3Ns secure *ata ,' encapsulatin# an* encr'ptin# the

*ata(*ata(

& .ncapsulation is reerre* to as tunnelin#.ncapsulation is reerre* to as tunnelin#+ ,ecause+ ,ecause

encapsulation transmits *ata transparentl' rom networkencapsulation transmits *ata transparentl' rom networkto network throu#h a share* inrastructure(to network throu#h a share* inrastructure(

& As i an in*ivi*ual tunnel e7iste* ,etween theAs i an in*ivi*ual tunnel e7iste* ,etween the

en*points(en*points(

& .ncr'ption.ncr'ptionco*es *ata into a *ierent ormat usin# a ke'(co*es *ata into a *ierent ormat usin# a ke'(& 9ecr'ption9ecr'ption*eco*es encr'pte* *ata into the ori#inal*eco*es encr'pte* *ata into the ori#inal

unencr'pte* ormat(unencr'pte* ormat(

3N Components3N Components


43/62


44/62

CCNA4-44 Chapter 6

Tunnelin# allows the use o pu,lic networks like the )nternetTunnelin# allows the use o pu,lic networks like the )nternetto carr' *ata or users as thou#h the users ha* access to ato carr' *ata or users as thou#h the users ha* access to a

private network(private network(

& Tunnelin#Tunnelin# encapsulates an entire packet within anotherencapsulates an entire packet within another

packetpacketan* sen*s the new+ composite packet over aan* sen*s the new+ composite packet over anetwork(network(

3N Tunnelin#3N Tunnelin#


45/62

CCNA4-4 Chapter 6

0or e7ample+ an e-mail messa#e travelin# throu#h the0or e7ample+ an e-mail messa#e travelin# throu#h the)nternet over a 3N()nternet over a 3N(


eneric Routin# .ncapsulationeneric Routin# .ncapsulation

3N T li


46/62

CCNA4-46 Chapter 6

)n the e7ample+ 333 carries the messa#e to the 3N *evice+)n the e7ample+ 333 carries the messa#e to the 3N *evice+where the messa#e is encapsulate* within a eneric Routewhere the messa#e is encapsulate* within a eneric Route

.ncapsulation 5R. packet(.ncapsulation 5R. packet(

& R. is a tunnelin# protocol *evelope* ,' Cisco(R. is a tunnelin# protocol *evelope* ,' Cisco(

& TheThe outer packet source an* *estination a**ressin#outer packet source an* *estination a**ressin#5)nternet )3 A**resses is assi#ne* to5)nternet )3 A**resses is assi#ne* to HtunnelHtunnel

interacesHinteracesHan* is ma*e routa,le across the network(an* is ma*e routa,le across the network(

& "nce a composite packet reaches the *estination"nce a composite packet reaches the *estination

tunnel interace+ the insi*e packet is e7tracte*(tunnel interace+ the insi*e packet is e7tracte*(



47/62

3N 9 C i* i li * ) i3N 9 t C i* ti lit * ) t it


48/62

CCNA4-4: Chapter 6

0or encr'ption to work+0or encr'ption to work+,oth the sen*er an* the receiver,oth the sen*er an* the receivermust know the rules use* to transorm the ori#inal messa#emust know the rules use* to transorm the ori#inal messa#e

into its co*e* orm(into its co*e* orm(

3N encr'ption rules inclu*e3N encr'ption rules inclu*e

anan al#orithm an* a ke'al#orithm an* a ke'(( An al#orithm is aAn al#orithm is a

mathematical unction thatmathematical unction that

com,ines a messa#e+ te7t+com,ines a messa#e+ te7t+

*i#its or all three with a ke'(*i#its or all three with a ke'(

The output is an unrea*a,le cipher strin#(The output is an unrea*a,le cipher strin#(

& 9ecr'ption is e7tremel' *iicult without the correct ke'(9ecr'ption is e7tremel' *iicult without the correct ke'(

3N 9ata Coni*entialit' an* )nte#rit'3N 9ata Coni*entialit' an* )nte#rit'

3N 9 t C i* ti lit * ) t it3N 9 t C i* ti lit * ) t it


49/62

CCNA4-4> Chapter 6

The *e#ree o securit' provi*e* ,' an' encr'ption al#orithmThe *e#ree o securit' provi*e* ,' an' encr'ption al#orithm*epen*s on the len#th o the ke'*epen*s on the len#th o the ke'((

& The shorter the ke'+ the easier it is to ,reak+The shorter the ke'+ the easier it is to ,reak+

& owever+ the shorter the ke'+ the easier it is to pass theowever+ the shorter the ke'+ the easier it is to pass the

messa#e(messa#e(




50/62

CCNA4-; Chapter 6

ore common encr'ption al#orithms an* ke' len#ths%ore common encr'ption al#orithms an* ke' len#ths%& 9ata .ncr'ption Stan*ar* 59.S%9ata .ncr'ption Stan*ar* 59.S%

& 9evelope* ,' )B(9evelope* ,' )B(

& i#h perormance(i#h perormance(

& 6 ,it(6 ,it(

& Triple 9.S 5!9.S%Triple 9.S 5!9.S%

& A variant o 9.S that encr'pts with one ke'+ *ecr'ptsA variant o 9.S that encr'pts with one ke'+ *ecr'pts

with another *ierent ke'+ an* then encr'pts one inalwith another *ierent ke'+ an* then encr'pts one inal

time with another ke'(time with another ke'(

& 1>2 ,it(1>2 ,it(




51/62

CCNA4-1 Chapter 6

ore common encr'ption al#orithms an* ke' len#ths%ore common encr'ption al#orithms an* ke' len#ths%& A*vance* .ncr'ption Stan*ar* 5A.S%A*vance* .ncr'ption Stan*ar* 5A.S%

& Replace* 9.S encr'ption(Replace* 9.S encr'ption(

& ore secure(ore secure(

& Computationall' more eicient(Computationall' more eicient(

& 12:+ 1>2+ an* 26 ,it(12:+ 1>2+ an* 26 ,it(

& Rivest+ Shamir+ an* A*leman 5RSA%Rivest+ Shamir+ an* A*leman 5RSA%

& 12+ 86:+ 1;24 ,it an* lar#er(12+ 86:+ 1;24 ,it an* lar#er(



52/62



53/62

CCNA4-! Chapter 6

S'mmetric .ncr'ption 5Secret Ie'%S'mmetric .ncr'ption 5Secret Ie'%& .ncr'ption an* *ecr'ption ke's are.ncr'ption an* *ecr'ption ke's arethe samethe same((

& ow *o the encr'ptin# an* *ecr'ptin# *evices ,othow *o the encr'ptin# an* *ecr'ptin# *evices ,oth

have the share* secret ke'Fhave the share* secret ke'F

& Jou coul* use e-mail+ courier+ or overni#ht e7pressJou coul* use e-mail+ courier+ or overni#ht e7pressto sen* the share* secret ke's to the a*ministratorto sen* the share* secret ke's to the a*ministrator

o the *evice(o the *evice(

& A more secure metho* is as'mmetric encr'ption(A more secure metho* is as'mmetric encr'ption(


3N 9 t C i* ti lit * ) t it3N 9ata Coni*entialit an* )nte#rit


54/62

CCNA4-4 Chapter 6

As'mmetric .ncr'ption 53u,lic Ie'%As'mmetric .ncr'ption 53u,lic Ie'%& .ncr'ption an* *ecr'ption ke's are.ncr'ption an* *ecr'ption ke's are*ierent*ierent((

& "ne ke' encr'pts the messa#e+ while a secon* ke'"ne ke' encr'pts the messa#e+ while a secon* ke'

*ecr'pts the messa#e(*ecr'pts the messa#e(

& .ach user has two *ierent ke's that act as a ke' pair.ach user has two *ierent ke's that act as a ke' pair- pu,lic an* private- pu,lic an* private((

& 3u,lic ke's3u,lic ke'sare e7chan#e* with other users(are e7chan#e* with other users(

& essa#esessa#es sent are encr'pte*sent are encr'pte*with thewith the sen*erKssen*erKs

private ke'private ke'an* thean* the recipientKs pu,lic ke'recipientKs pu,lic ke'((& essa#esessa#es receive* are *ecr'pte*receive* are *ecr'pte*with thewith the sen*erKssen*erKs

pu,lic ke'pu,lic ke'an* thean* the recipientKs private ke'recipientKs private ke'((


3N 9 t C i* ti lit * ) t it3N 9ata Coni*entialit' an* )nte#rit'


55/62

CCNA4- Chapter 6


S'mmetric .ncr'ptionS'mmetric .ncr'ption As'mmetric .ncr'ptionAs'mmetric .ncr'ption

Secret Ie' cr'pto#raph' 3u,lic Ie' cr'pto#raph'

.ncr'pt an* *ecr'pt with thesame ke'

.ncr'pt an* *ecr'pt with a*ierent ke'

T'picall' use* or messa#econtent

T'picall' use* or *i#italcertiicates an* ke' mana#ement

9.S+ !9.S+ A9.S RSA

3N 9 t C i* ti lit * ) t it3N 9ata Coni*entialit' an* )nte#rit'


56/62

CCNA4-6 Chapter 6

3N 9ata )nte#rit'%3N 9ata )nte#rit'%& ashesashescontri,ute to *ata inte#rit' an* authentication ,'contri,ute to *ata inte#rit' an* authentication ,'

ensurin# that unauthori$e* persons *o not tamper withensurin# that unauthori$e* persons *o not tamper with

transmitte* messa#es(transmitte* messa#es(

& AA hashhash+ also calle* a+ also calle* a messa#e *i#estmessa#e *i#est+ is a value+ is a value5authentication co*e5authentication co*e #enerate* rom a strin# o te7t(#enerate* rom a strin# o te7t(

& )t is #enerate* usin# a ormula an* a share* ke' an*)t is #enerate* usin# a ormula an* a share* ke' an*

inclu*e* as part o the encr'pte* messa#e(inclu*e* as part o the encr'pte* messa#e(

& The recipient uses theThe recipient uses thesame ormula an* ke'same ormula an* ke'toto#enerate the authentication co*e(#enerate the authentication co*e(

& ) the values match) the values match+ the recipient can ,e sure that the+ the recipient can ,e sure that the

messa#e has not ,een chan#e* in transit(messa#e has not ,een chan#e* in transit(




57/62

CCNA4-8 Chapter 6

3N 9ata )nte#rit'%3N 9ata )nte#rit'%& essa#e 9i#est 59%essa#e 9i#est 59% 12: ,it ke'(12: ,it ke'(

& Secure ash Al#orithm 1 5SA-1%Secure ash Al#orithm 1 5SA-1%16;-,it ke'(16;-,it ke'(


Somethin# was chan#e*LSomethin# was chan#e*L



58/62

CCNA4-: Chapter 6

3N Authentication%3N Authentication%& The *evice on theThe *evice on the

other en* o the 3Nother en* o the 3N

tunnel must ,e authenticate* ,eore the communicationtunnel must ,e authenticate* ,eore the communication

path is consi*ere* secure(path is consi*ere* secure(

& There are two peer authentication metho*s%There are two peer authentication metho*s%

& 3re-share* ke' 53SI%3re-share* ke' 53SI%

& A secret ke' that is share* ,etween the two partiesA secret ke' that is share* ,etween the two parties

usin# a secure channel ,eore it nee*s to ,e use*(usin# a secure channel ,eore it nee*s to ,e use*(

& RSA si#nature%RSA si#nature%

& =ses the e7chan#e o *i#ital certiicates to=ses the e7chan#e o *i#ital certiicates to

authenticate the peers(authenticate the peers(


)3sec Securit' 3rotocols)3sec Securit' 3rotocols


59/62

CCNA4-> Chapter 6

)3sec)3secis a protocol suite or securin# )3 communications withis a protocol suite or securin# )3 communications withencr'ption+ inte#rit'+ an* authentication(encr'ption+ inte#rit'+ an* authentication(

& There are two main )3sec ramework protocols%There are two main )3sec ramework protocols%

& Authentication ea*er 5A%Authentication ea*er 5A%

& =se when coni*entialit' is not require* or=se when coni*entialit' is not require* orpermitte*(permitte*(




60/62

CCNA4-6; Chapter 6

)3sec)3secis a protocol suite or securin# )3 communications withis a protocol suite or securin# )3 communications withencr'ption+ inte#rit'+ an* authentication(encr'ption+ inte#rit'+ an* authentication(

& There are two main )3sec ramework protocols%There are two main )3sec ramework protocols%

& .ncapsulatin# Securit' 3a'loa* 5.S3%.ncapsulatin# Securit' 3a'loa* 5.S3%

& 3rovi*es coni*entialit' an* authentication ,'3rovi*es coni*entialit' an* authentication ,'encr'ptin# the packet(encr'ptin# the packet(




61/62

CCNA4-61 Chapter 6

)3sec relies on e7istin# al#orithms to implement encr'ption+)3sec relies on e7istin# al#orithms to implement encr'ption+authentication+ an* ke' e7chan#e(authentication+ an* ke' e7chan#e(


9ie-ellman%9ie-ellman%Allows two parties toAllows two parties to

esta,lish a share*esta,lish a share*

secret ke' use* ,'secret ke' use* ,'

encr'ption an* hashencr'ption an* hash

al#orithms over anal#orithms over an

unsecure line(unsecure line(



62/62

/hen coni#urin# )psec+ there are/hen coni#urin# )psec+ there are our choiceour choices to ,e ma*e%s to ,e ma*e%


/hich )3sec 3rotocolF/hich )3sec 3rotocolF

ow to share ke's(ow to share ke's(

Expl WAN Chapter 6 Teleworker

Documents

Transcript of Expl WAN Chapter 6 Teleworker