LS 131 105x - Regtops

acceptablepeasSecurity

Nov 30, 2013 (3 years and 11 months ago)

71 views



Course Name

VPN

Course Number

LS 131 105

Course Duration

2 days

Course Description

A VPN is a communications environment in which access is
controlled to permit peer
connections only within a defined
community of interest, and is constructed though some form of
partitioning of a common underlying communications medium,
where this underlying communications medium provides services
to the network on a non
-
exclusive basis
.

Virtual private networks have become an essential part of today's
business networks, as they provide a cost
-
effective means of
assuring private internal and external communications over the
shared Internet infrastructure. Virtual Private Networks:
Techno
logies and Solutions is a comprehensive, practical guide to
VPNs.

VPN Fundamentals includes VPN concepts and architectures, an in
-
depth examination of advanced features and functions such as
tunneling, authentication, access control, VPN gateways, VPN
cli
ents, and VPN network and service management.

This course presents the various technology components, concrete
solutions, and best practices you need to deploy and manage a
highly successful VPN.

Course Objective

After completing this course, attendees will be able to:



Understand SONET/SDH Technology



Understand IPsec, featuring the Authentication Header,
Encapsulating Security Payload, Internet Key

Exchang
e, and implementation details



Understand PPTP, L2F, L2TP,
and MP
LS as VPN tunneling
protocols



Review Two
-
party and three
-
party authentication,
including
RADIUS and Kerberos



Explore Public key infrastructure (PKI) concept and its
i
ntegration into VPN solutions



Understand Access control policies, mechanisms, and


ma
nagement,
and their application to VPNs



Review VPN gateway functions, including site
-
to
-
site intranet
,
remote access, and extranet



Review Gateway configuration, provisionin
g, monitoring, and
accounting



Explore Gateway interaction with firewalls and routers



Understand VPN client implementation issues, including
interaction with

operating systems



Understand Client operation issues, including working with
NAT, DNS, and link MTU limits



Explore VPN service and network management architectures
and t
unnel and secu
rity management



Revi
ew successful VPN deployments



Discuss successful and

unsuccessful VPN deployments



Step through a practical process for managing a VPN
deployment project

Explore the current and future market trends

Target Audience

IT Managers, Security

Officers, Network Engineers, Tech Support
and anyone who is interested in VPN. Basic Knowledge of TCP/IP
and Networking

Prerequisites

Basic Knowledge of TCP/IP and Networking

Course Modules



The roles of VPNs

• Supporting remote users

• Linking remote
offices

• Connecting business partners

• Star and Mesh topologies

• Trusted versus secure VPNs




Overview of VPN Technologies

• Understanding VPNs layers 2 and 3

• Tunneling

• Switching

• MPLS

• IPSec




Essential Security Principles



• Authentication


Privacy

• Data confidentiality

• Data integrity

• Essentials of cryptography




Remote Access Authentication

• PPP, LCP, and NCP operation

• PPP authentication methods: PAP, CHAP, MS
-
CHAP, EAP

• Token
-
based authentication

• SecurID

• Biometrics

• Kerberos




R
emote Access Administration

• RADIUS

• TACACS+




Introduction to VPNs

• VPN components

• VPN concerns and solutions

• Security Issues




Tunneling Protocols

• Generic routing encapsulation

• PPTP

• PPTP, PPP and CHAP

• MSCHAP, MSCHAPv2

• L2F

• L2TP




Cryptographic Protection


Hashing

• MD5

• SHA

• HMAC integrity checking

• One
-
time passwords




Cryptographic Protection


Encryption

• Symmetric:

-

DES

-

3
-
DES



-

AES

-

CBC mode and IVs

-

Shared secrets

• Asymmetric:

-

Exchanging keys with Diffie
-
Hellman (D
H)

-

Public and private keys

-

RSA

-

ECC (Elliptic Curve Cryptosystem)



Secure IP (IPSec)

• IPSec environment

• AH and ESP

• Security associations

• IKE key management

• Main mode

• Aggressive mode

• Quick mode

• Diffie
-
Hellman Key Exchange

• Xauth

• Securi
ng GRE with IPSec

• Securing L2TP with IPSec

• NAT and IPSec

• UDP wrapping

• SPI wrapping



Implementing VPNs

• Employing VPN concentrators

• Integrating firewalls

• Access control

• Using VPN
-
capable routers

• Dedicated VPN hardware

• Operating system supp
ort for VPN

• VPN client software

• Split tunneling

• VPN management