Please enable JavaScript.
Coggle requires JavaScript to display documents.
VPNs - Coggle Diagram
VPNs
IPsec Overview
IPsec Technologies
IPsec is an IETF standard (RFC 2401-2412) that defines how a VPN can be secured across IP networks. IPsec protects and authenticates IP packets between source and destination.
Integrity - IPsec uses hashing algorithms to ensure that packets have not been altered between source and destination.
Origin authentication - IPsec uses the Internet Key Exchange (IKE) protocol to authenticate source and destination.
Confidentiality - IPsec uses encryption algorithms to prevent cybercriminals from reading the packet contents.
-
-
-
Confidentiality
Confidentiality is achieved by encrypting the data, as shown in the figure. The degree of confidentiality depends on the encryption algorithm and the length of the key used in the encryption algorithm.
-
Integrity
Data integrity means that the data that is received is exactly the same data that was sent. Potentially, data could be intercepted and modified.
Authentication
When conducting business long distance, you must know who is at the other end of the phone, email, or fax. The same is true of VPN networks.
-
IPsec Protocols
IPsec Protocol Overview
The two main IPsec protocols are Authentication Header (AH) and Encapsulation Security Protocol (ESP). The IPsec protocol is the first building block of the framework.
-
-
Authentication Header
AH achieves authenticity by applying a keyed one-way hash function to the packet to create a hash or message digest. The hash is combined with the text and is transmitted in plaintext, as shown in in the figure.
-
-
-
VPN Topologies
-
Remote-Access VPNs
VPNs have become the logical solution for remote-access connectivity for many reasons. As shown in the figure, remote-access VPNs let remote and mobile users securely connect to the enterprise by creating an encrypted tunnel
-
SSL VPNs
When a client negotiates an SSL VPN connection with the VPN gateway, it actually connects using Transport Layer Security (TLS). TLS is the newer version of SSL and is sometimes expressed as SSL/TLS.
It is important to understand that IPsec and SSL VPNs are not mutually exclusive. Instead, they are complementary; both technologies solve different problems, and an organization may implement IPsec, SSL, or both, depending on the needs of its telecommuters.
Site-to-Site IPsec VPNs
Site-to-site VPNs are used to connect networks across another untrusted network such as the internet. In a site-to-site VPN, end hosts send and receive normal unencrypted TCP/IP traffic through a VPN-terminating device.
VPN Overview
A VPN is virtual in that it carries information within a private network, but that information is actually transported over a public network.
-
-
Internet Key Exchange
The IKE Protocol
The Internet Key Exchange (IKE) protocol is a key management protocol standard. IKE is used in conjunction with the IPsec standard.
-
-
-
