certificates provide secure data exchange and transaction execution. |
|
Tunneling (as a transport model) |
|
Tunnels are used to deliver data packets across networks. The tunnel is a virtual path that extends across the intermediate network. |
|
GRE Tunneling: protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to routers at remote points over an IP inter network. |
|
PPPoE (Point-to-Point Protocol over Ethernet) is a specification for connecting multiple computer users on an Ethernet local area network to a remote site through common customer premises equipment.
L2TP (Layer 2 Tunnel Protocol) for virtual private networks in the dial access space. |
|
Firewall Service (FS) |
|
A firewall is a combination of hardware and software implementing the client’s security policies. The purpose of the firewall is to prevent unwanted or unauthorized communication into or out of the secure Private Network. FS provides clients with a secure interconnection to the Internet. |
|
Elements of Access
Control: |
• Access lists to control IP access: |
The rule set controls network communication based on 4 |
components: |
1. Source IP Address |
2. Destination IP Address |
3. Application Protocol |
4. Access Port |
• Network address translation: Source address hiding |
• Content security: |
1. URL filtering |
2. Java/ActiveX screening |
3. Intrusion and malicious activity detection |
|
There are three ways
firewalls have to function in order to be effective. They must examine: |
1. Packet Information |
2. Communication-Derived State |
3. Application-Derived State |
|
Standard Authentication |
|
RADIUS (Remote Authentication Dial-In User Service) is a distributed client/server system that secures networks against unauthorized access.
A RADIUS server provides authentication and accounting services to one or more client NAS devices. RADIUS servers are responsible for receiving user connection requests, authenticating users, and then returning all configuration information necessary for the client to deliver service to the users. |
|
|