Select one of the three topics defined in the Essay Quiz section on page 334 in

Question

Select one of the three topics defined in the Essay Quiz section on page 334 in the textbook. Your paper should be 2 pages in length. You need to provide a minimum of two references and need to use APA format in the reference section.

1)A co-worker with a strong windows background is having difficulty understanding UNIX file permissions. Describe UNIX file permissions for him.compare UNIX file permissions to windows file Permissions.

2)how are authentication and authorization alike and how are they different. What is the relationship,if any,between the two?

3)what is a VPN and what technologies are used to create one?

i need the references also

Explanation / Answer

What is VPN:

VPN, acronymed for Virtual Private Network, can be defined as connection network, that will be used to add extra privacy and security to the personal or organizational network.

VPN operates on the IPSec, that is works with network layer to provide additional SSL. Virtual Private Networks, wastly used in remote accessability of resources from anywhere, anytime.

Types of VPN:

different VPN methods and protocols struggled for dominance. Microsoft's Point to Point Tunneling Protocol (PPTP) was soon overshadowed by its more secure successor, the Layer 2 Tunneling Protocol (L2TP), which combined features of PPTP and Cisco's Layer 2 Forward (L2F) and offered certificate-based authentication. Outside the Microsoft realm, VPNs were commonly based on Internet Protocol Security (IPSec). Whereas PPTP and L2TP operate at the data link Layer (Layer 2) of the OSI model, IPSec operates at the network Layer (Layer 3). IPSec is a set of protocols that can provide more than just encryption of the traffic in the tunnel (data confidentiality); it can also provide authentication of the sender and integrity of the data (assurance that it hasn't been changed in transit). However, it's complex and different vendors implement it slightly differently.

Enter the latest kid on the VPN block: SSL. The Secure Sockets Layer protocol works at the Application Layer (Layer 1). It has been used for quite some time to secure Web transactions such as e-commerce and Internet banking. Now it's an emerging trend in virtual private networking. In this first article in a four-part series, we look at the different categories of SSL VPNs, advantages and disadvantages of using SSL for your VPN, and the basics of how an SSL VPN works.

Technologies used to create VPN:

Setting up a Virtual Private Network is a straightforward process. It's often as simple as entering a username and sever address. The dominant smartphones can configure Virtual Private Networks using PPTP and L2TP/IPsec protocols. All major operating systems can configure PPTP VPN connections. OpenVPN and L2TP/IPsec protocols require a small open source application (OpenVPN) and certificate download respectively.

IP Security (IPsec)

IPsec is a suite of protocols that allows us to encrypt and authenticate each IP packet found in a given communications session. IPsec provides the mechanism for mutual authentication to take place as a communications session is built, as well as allow us to negotiate the cryptographic keys that will be used during the life of the session once it is established. The beautiful part about IPsec is that it is an end-to-end security scheme that operates within the Internet Protocol Suite. This means that we can use it to protect data in all three of the primary models used for VPN architectures:

IPsec can protect any application traffic crossing an IP network and does not require applications to be built to leverage its capabilities. There are other internet security systems that do require an application to be designed to support them; a few of these include

Transport Layer Security (TLS),

Secure Sockets Layer (SSL) and Secure Shell (SSH). These tools can only protect application protocols that have been built to be compatible with them, and they work at the upper layers of the TCP/IP OSI Model.

IPsec, however, was created by the Internet Engineering Task Force (IETF) to operate at the Network Layer of the OSI model. This open standard protocol suite combines these three protocols to protect network traffic:

Authentication Headers (AH)

Authentication headers are defined in RFC 2402, and they provide data origin authentication as well as offering optional anti-replay protection. The drawback with AH is that the authentication it provides for the IP Header is not complete. That is because some of the IP fields cannot be correctly predicted by the receiver. These fields are known as “mutable fields” and they may and often do change during transmission. AH will, however, successfully protect the IP packet's payload, and the payload is actually what we are interested in protecting.

In a nutshell, Authentication Headers will authenticate data origin; it will protect data integrity, and has the optional capability of playback protection. The one drawback to AH, is that it does not offer data confidentiality.

What is a replay attack? A replay attack is when a valid data transmission is repeated or delayed on a network. The purpose for doing this is to apply an IP substitution during the data retransmission so that a cyber criminal can masquerade as a legitimate user or program by falsifying data.

Encapsulating Security Payloads (ESP)

This is one of those protocols where the name says it all. If we looked at an illustration of an IPsec packet we would see that there is an ESP header and an ESP Trailer surrounding, or encapsulating the payload. This header and trailer allow us to authenticate the data's origin, protect ourselves from possible replay attacks, and it does provide data confidentiality. That seems like it would be the security trifecta. Three out of three is much better than what AH offered us. Or is it?

ESP provides more capabilities than AH, but as with all things in networking, this comes at a cost. ESP is substantially more processor intensive than AH. So if data confidentiality isn't a concern, AH may be a better fit based on network resources. The other issue is that ESP requires some pretty solid cryptography, which might not be allowed or even possible in some environments. So there will be situations where you may have to use Authentication Headers rather than ESP.

ESP and AH Modes of Operation

No matter which protocol you chose—Authentication Headers (AH) or Encapsulation Security Payload (ESP)—we quickly discover that they both operate in one of two modes:

Security Associations (SA)

A Security Association (SA) is a combination of shared security attributes used between two end points to support a secure communication session. In Cisco IOS there is a well-defined framework used to establish these security associations:

If it wasn't for the bundle of algorithms and data that provide the parameters necessary to maintain AH and/or ESP operations that are provided by Security Associations, there would be no IPsec protocol in the first place.

References:

1. "What is VPN? and Security WIthin Virtual Private Network", https://www.whatismyip.com/what-is-a-vpn/

2. "Virtual Private Network and Introduction to SSL VPNs", https://www.techrepublic.com/article/solutionbase-introduction-to-ssl-vpns/

3. "Introducing VPN Technologies", http://www.pearsonitcertification.com/articles/article.aspx?p=1804872

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.