Algonquin CollegeClose Window
Algonquin College


Off-Campus Learning


 
 

Off-Campus Learning - Advanced Networking Technology
 

VPN Technologies (CST6505)

View and print this course outline

NETWORK BACKGROUND

The Internet
  • Internet History
  • Internet Infrastructure
  • Internet Deliverables
  • Using Internet Technology
Intranet and Extranet
  • Intranet
  • Extranet
The Internet Virtual Private Network
  • What is an Internet VPN?
  • Why use an Internet VPN?

EXAMPLES OF VPN USE

Internet VPN vs. Frame Relay
  • Internet VPN vs. Frame Relay
  • LAN to LAN
Remote Access VPNs
  • Remote Access VPNs
  • Benefits
Branch Office VPNs
  • Branch Office VPNs
  • Benefits
Internal Corporate VPNs
  • Internal Corporate VPNs
  • Benefits
Extranet VPNs
  • Extranet VPNs
  • Benefits

TECHNOLOGY BACKGROUND

The OSI Model
  • The OSI Model
  • OSI and the Internet
  • Operations through the Layers
  • VPN related protocols
Network and Internetwork Connectivity
  • What is Network / Internetwork Connectivity?
  • Shared Media
  • Switched Media
  • Routing

NETWORK SECURITY CONCEPTS

Issues and Risks
  • General Issues and Risks
  • Threats
  • IPsec
  • Security over the Internet
Identification and Authentication
  • Types of ID/Authentication
  • Usernames/ Passwords
  • Digital Certificates
  • Biometrics
  • Risks/ What you can do
  • Smart Cards / Tokens
Access and Confidentiality
  • Access Control
  • Link Encryption
  • Confidentiality
  • Integrity
  • Non-repudiation

GENERAL ENCRYPTION

Cryptography
  • Cryptography
  • Why Cryptography is Needed
  • Who is out there?
Secret Key and Public Key Algorithms
  • What are Secret and Public Keys?
  • Secret Key/Public Key Diagram
  • Key Size Matching
How Secure is RSA?
  • RSA Security
  • RSA Cracking Efforts
The Diffie-Hellman Technique
  • The Technique
  • The Basis
Public Key Infrastructure
  • What is PKI?
  • Operational Overview of PKI
  • PKI Key Storage
  • Deployment Considerations

MESSAGE AUTHENTICATION AND NON-REPUDIATION

Digital Signatures
  • What are Digital Signatures?
  • Concepts
  • Digital Signatures in action
  • Attacks
  • Digital Signature Standard (DSS)
  • Areas of concern
Certificates
  • Public Key Certificates
  • Certificate and Key Distribution
  • Certificate Authorities
  • Hierarchy of Certificate Authorities
  • Classes of Digital Certificates
LDAP and Non-repudiation
  • LDAP
  • Non-repudiation
  • Non-repudiation service
  • Types of non-repudiation

USER AUTHENTICATION

Passwords
  • Traditional password systems
  • One-time passwords (OTP)
  • How OTPs work
Password Authentication and CHAP
  • Password Authentication Protocol (PAP)
  • Challenge Handshake Authentication Protocol (CHAP)
  • PAP & CHAP weaknesses
Biometric Systems
  • What are Biometrics?
  • The Current Trends in Biometrics
Token Devices
  • Token Devices
  • Token Mechanisms
Authentication
  • Server Authentication
  • Client Authentication
RADIUS
  • Remote Authentication Dial-in User Service (RADIUS)
  • Attribute Exchange
TACACS and Kerberos
  • TACACS
  • Kerberos

VPN SECURITY PLATFORMS

A Sample VPN Architecture and Equipment
  • A Sample VPN Architecture
  • Dedicated VPN Equipment
  • Network Management
Proxy Server and Firewalls
  • Proxy Server
  • Proxy Server functions
  • Firewalls
  • Packet Filters
  • Application Gateways
  • Stateful Inspection Firewall
Routers and NAT Servers
  • Routers
  • Routers for Site-to-Site
  • Routers for Remote Access VPNs
  •  NAT server
  • Server Functions

VPN TUNNELING AND ENCAPSULATION
PROTOCOLS

Tunneling
  • What is Tunneling?
  • Layer 2 Tunneling
Point-to-Point Tunneling Protocol (PPTP)
  • What is PPTP?
  • PPTP Architecture
  • PPTP Process and Encryption
  • PPTP Packet Types
  • PPTP with Radius
  • PPTP Packet Formats
Layer 2 Forwarding Protocol (L2FP)
  • What is L2F?
  • L2F Architecture
  • L2F Session
  • L2 Packet Detail
Layer 2 Tunneling Protocol (L2TP)
  • What is L2TP?
  • L2TP Architecture
  • L2TP Details
  • L2TP Session
  • L2TP Packet Details
Tunneling Models
  • Types of Tunnels (Voluntary/Compulsory)
  • Service Provider to Service Provider
  • Corporation to Service Provider
  • Corporation to Corporation

IPsec

IPsec Architecture
  • What is IPsec?
  • IPsec Architecture
Applications/Traffic Security Protocols
  • IPsec applications
  • Benefits of IPsec
  • Traffic Security Protocols
Authentication Header
  • The 6 fields
  • Transport Mode
  • Tunnel Mode
Encapsulation Security Payload (ESP)
  • ESP Header
  • ESP Trailer
  • Transport Mode
  • Tunnel Mode
  • Transport and Tunnel Mode
Security Association
  • What is a Security Association (SA)?
  • Transport mode SA
  • Tunnel mode SA
Key Management
  • Key management
  • Manual key management
  • Internet Key Exchange (IKE)
  • Phases of the IKE
  • Modes of the IKE
  • Terminology

PLANNING A VPN

Current Environment
  • Remote users
  • Small corporations
  • Large corporations
  • Networking models
  • Advantages/Disadvantages
Requirements
  • What businesses need
  • Reliability and Scalability
  •  Security Considerations
  • Quality of Service
  • Support of the VPN
Architecture and Topology
  • VPN Architecture
  • Topology Review
  • Legacy Systems