Compare and contrast the use of networking services and applications - Paiet/Tech-Journal-for-Everything GitHub Wiki
Compare and contrast the use of networking services and applications
- VPN (Virtual Private Network)
- Used for connecting remote hosts/sites to a private network via an encrypted tunnel through the internet
- Great for telecommuters
- User can work from a home office and look like any other office located host connection to the network
- Great for remote offices
- Set up a VPN tunnel through a VPN enabled router
- All hosts connect through the VPN enabled router instead of running client software
- Site-to-Site * Host-to-Site * Host-to-Host
- Site-to-Site connection
- Works to connect satellite offices to the head office
- Removes geographical boundaries
- Adds the security of an encrypted connection
- As opposed to a standard WAN link
- Host-to-Site
- VPN Client software is configured on the remote host
- Client responsible for the buildup/teardown VPN connection to the head office
- Host-to-Host
- Connects two remote hosts together
- Useful when needing to perform remote administration or assistance
- Remote Desktop/VNC desktop sharing
- Protocols
- IPsec (Internet Protocol Security)
- Performs encryption at the network layer
- Encrypts data before it is transmitted over the wire and isn't decrypted until the receiving host has it
- Encryption keys are generated and shared between devices
- Supports 2 different security services
- Authentication Header (AH)
- Enables authentication of the sender
- Encapsulating Security Payload (ESP)
- Enables authentication and data encryption
- Authentication is optional
- Supports 2 different modes of operation
- Transport
- Encrypts only the data of a packet
- Used to protect data between two hosts
- Tunnel
- Encrypts the header and data of a packet
- Used in VPN connections
- Supports multiple encryption types
- DES, 3DES, AES, Blowfish, etc.
- Can use Internet Key Exchange (IKE) for key entry
- ["An Illustrated Guide to IPsec" Steve Friedl][1]
- GRE
- Generic Routing Encapsulation
- IP Encapsulation Protocol
- Tunneling protocol
- Tunneling is using a service or protocol over another protocol that doesn't support it
- Wraps up the payload (data in a packet) with a GRE header
- SSL VPN
- Secure Sockets Layer VPN
- Allows the use of a web browser to access a VPN providing access to...
- Web Services
- Client/Server applications
- Internal network connectivity
- All data is encrypted using SSL or TLS
- User doesn't need to install and configure VPN client software
- User authenticates when browsing to the SSL VPN
- Two main types of SSL VPNs
- SSL Portal VPN
- Used as a single point of access to multiple network resources
- SSL Tunnel VPN
- Used as a single point of access to multiple network resources
- Requires the use of a browser that can view active content
- User must have rights to view active content
- [National Institute of Standards and Technology (NIST): "Guide to SSL VPNs"][2]
- PTP(PPP)/PPTP
- Point to Point Protocol (PPP)
- Layer 2 protocol for computer communication over a serial interface built upon the HDLC (High-Level Data Link Control) protocol
- Able to handle both synchronous and asynchronous forms of communication
- Able to assign IP configuration dynamically
- Non-proprietary
- Works with any vendor PPP protocol that conforms to the PPP standard
- Able to carry multiple protocols
- Link-Control Protocol
- Link establishment
- A connection is negotiated, established, and configured
- Link quality (optional)
- Checks the link for sufficient quality to work with layer 3 protocols
- Quality check can slow down traffic
- Layer 3 protocol configuration
- Layer 3 protocols can now be brought up or taken down
- Link termination
- Used to close the established link
- Point-to-Point Tunneling Protocol (PPTP)
- Increased PPP security by adding tunneling and data encryption to PPP packets
- Popular among older Windows clients for VPN
- Uses TCP port 1723
- Used in conjunction with GRE and IPSec for VPN connections
Compare and contrast the use of networking services and applications Pt2
- TACACS/RADIUS
- TACACS (Terminal Access Controller Access-Control System)
- Used to communicate with an authentication server
- Provides Authentication, Authorization, and Accounting(AAA) management services
- Developed in 1984 for UNIX systems
- Default TCP port 49
- Evolved into XTACACS (Cisco proprietary) and then TACACS+
- TACACS+
- Process-wide encryption
- Username
- Password
- Authorization
- Accounting info
- RADIUS
- Remote Authentication Dial In User Service
- Used to process authentication, authorization, and accounting requests
- Supports password encryption
- Supported by dialup RAS, VPN, access points (AP), etc.
- The access servers forward all AAA services to the RADIUS server
- Utilizes UDP port 1812
- RAS
- Remote Access Server
- Dial-in server for remote hosts connecting with an analog modem via a telephone connection
- Web services
- Applications that are accessed via a web browser through a secure web based connection
- Browsers might need to support 3rd party plug-ins for certain functionality
- Unified voice services
- The blending of traditional PBX phone services and IP networking
- Uses VoIP phones
- Hardware based
- Phone set with network interface and built-in control
- Software based
- Runs as a software suite on the user's PC
- Utilizes the PC's network connection and a headset with a microphone
- Network controllers
- Used in digital cable networks to enable video-on-demand, catalog shopping, web browsing, and email through cable set-tops