SlideShare a Scribd company logo

IP Security over VPN

Download as PPT, PDF
Syed Ubaid Ali Jafri
Syed Ubaid Ali Jafri

Virtual private networks (VPNs) are generally considered to have very strong protection for data communications. Several different approaches to VPN security,Your privacy and security are important to us. Connection logs are erased every 24 hours and no VPN server traffic logs are stored

EducationTechnology
1 of 10
IP SECURITY (VPN) By Syed Ubaid Ali Jafri
Table Of Contents • Introduction • Protocols • Advantages/Disadvantages • Why IPSEC? • IPSEC Header Information • Configuration
INTRODUCTION • IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication
PROTOCOLS • – PPTP point-to-point tunneling protocol • – L2TP layer 2 tunneling protocol • – IPSEC IP security protocols • • IKE • authentication • • AH • integrity • • ESP • confidentiality, integrity
Advantages/Disadvantages Advantages Disadvantages IPsec is that security arrangements can be handled without requiring changes to individual user computers. IPSec is not limited to specific applications. There is no way to predict what applications will traverse a network However, it is guaranteed that they will be routed with IP, making them IPSec compatible Small Packets - When transmitting small packets, the encryption process of IPSec generates a large overhead. This diminishes the performance of the network. Through IP, IPSec can be applied in networks of all sizes including LAN's to global networks. Complexity - Because IPSec has a great number of features and options, it is very complex. Complexity increases the probability of the presence of a weakness or hole. For example, IPSec is weak against replay attacks IPSec functions at a low network level, factors such as users, applications, lower level data carrying protocols, and transport technology will not affect the performance of it. Firewall - The implementation of IPSec defeats the purpose of a firewall. This is because firewalls are based on preconfigured rules, which IPSec encrypts. This problem, however, can be avoided if the firewall is used along with the IPSec gateway, which is a decryption method.
WHY IP SECURITY • The Internet Protocol (IP) has enormous advantages in the use of packets. Each packet contains data that is small, easily handled and maintained. However with these advantages of IP come the disadvantages. The routing of these packets through the Internet as well as other large networks makes them open to security risks such as: • Spoofing: a machine on the network acts as another • Sniffing: another person is listening in on another's activity • Session Hijacking: an attacker completely takes over another users activities • Current Internet protocols do not protect data sufficiently enough during transfer. In order to ensure the integrity and security of the data, a set of standard security Internet Protocols knows as IP Security (IPSec) have been developed.
IPSEC HEADER INFORMATION
CONFIGURATION OF IPSEC IN WINDOWS SERVER 2003 • Creating IP Sec Policy • Click Start RUN > Secpol.msc to Start IP Security Policy Management • Right Click on IP Security Local Policies on Computer, Click Create IP Security Policy • Click Next , And then Enter Name of your policy “ Microsoft IPSec Policy” • Building a Filter List from Host A to Host B • In the new policy properties Click “Add to Create a New Rule” • Click IP Filter List tab, then Lick Next • Type an Appropriate name for the Filter list, and then click Next • In the Source Address Box, Click A Specific IP Subnet And Then Type the “IP Address and the Subnet Mask” • In the destination Address Box, Click A Specific IP Subnet And Then Type the “IP Address and the Subnet Mask”. Cont….
BUILDING A FILTER LIST FROM HOST B – HOST A • Click the IP Filter List tab, and then Click Add • Type a Name for Filter List, Click to Clear the Use Add Wizard Check Box,And then Click Add. • In the Source Address box, Click A Specific IP Subnet, and then type the IP Address and the Subnet Mask for HOST B . • In the Destination Box, Click A Specific IP Subnet , and then IP Address and the subnet Mask for HOST A. • Click to Clear Mirrored Check Box • Click Ok
BUILDING A FILTER LIST FROM HOST B – HOST A • Click the IP Filter List tab, and then Click Add • Type a Name for Filter List, Click to Clear the Use Add Wizard Check Box,And then Click Add. • In the Source Address box, Click A Specific IP Subnet, and then type the IP Address and the Subnet Mask for HOST B . • In the Destination Box, Click A Specific IP Subnet , and then IP Address and the subnet Mask for HOST A. • Click to Clear Mirrored Check Box • Click Ok

Recommended

Hacking liferay
Hacking liferayHacking liferay
Hacking liferayArmel Nene
 
VPN
VPNVPN
VPNSwarup Kumar Mall
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
nessus
nessusnessus
nessusMuhammad Yasin
 
Firewall and its analytics using Splunk
Firewall and its analytics using SplunkFirewall and its analytics using Splunk
Firewall and its analytics using SplunkVikram Kumar Yadav
 
Cisco asa fire power services
Cisco asa fire power servicesCisco asa fire power services
Cisco asa fire power servicesTapan Doshi
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Security Measure to Protect Web Server
Security Measure to Protect Web ServerSecurity Measure to Protect Web Server
Security Measure to Protect Web ServerNameen Singh
 

Recommended

Hacking liferay
Hacking liferayHacking liferay
Hacking liferayArmel Nene
 
VPN
VPNVPN
VPNSwarup Kumar Mall
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
nessus
nessusnessus
nessusMuhammad Yasin
 
Firewall and its analytics using Splunk
Firewall and its analytics using SplunkFirewall and its analytics using Splunk
Firewall and its analytics using SplunkVikram Kumar Yadav
 
Cisco asa fire power services
Cisco asa fire power servicesCisco asa fire power services
Cisco asa fire power servicesTapan Doshi
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Security Measure to Protect Web Server
Security Measure to Protect Web ServerSecurity Measure to Protect Web Server
Security Measure to Protect Web ServerNameen Singh
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Здоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудниковЗдоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудниковMUK Extreme
 
Burp suite
Burp suiteBurp suite
Burp suitepenetration Tester
 
TekWifi Readme
TekWifi ReadmeTekWifi Readme
TekWifi ReadmeYasin KAPLAN
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Edureka!
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lectureMartyn Price
 
Securing the infrastructure using IDS
Securing the infrastructure using IDSSecuring the infrastructure using IDS
Securing the infrastructure using IDSRuban Deventhiran
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
Wi-Fi
Wi-FiWi-Fi
Wi-FiShubham Chauhan
 
Ccna sec
Ccna secCcna sec
Ccna secshg4916
 
Ntcip Device Tester
Ntcip Device TesterNtcip Device Tester
Ntcip Device TesterPeter Ashley
 
Migration to cisco next generation firewall
Migration to cisco next generation firewallMigration to cisco next generation firewall
Migration to cisco next generation firewallIT Tech
 
Kali linux
Kali linuxKali linux
Kali linuxAadhithyanPandian
 
Top ten OSS products cutting out costs and making a difference in the public ...
Top ten OSS products cutting out costs and making a difference in the public ...Top ten OSS products cutting out costs and making a difference in the public ...
Top ten OSS products cutting out costs and making a difference in the public ...Ubertas
 
kali linux
kali linuxkali linux
kali linuxDarshan Dalwadi
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
WEP
WEPWEP
WEPnashniv
 
BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018GENIANS, INC.
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 

More Related Content

What's hot

Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Здоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудниковЗдоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудниковMUK Extreme
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Edureka!
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lectureMartyn Price
 
Securing the infrastructure using IDS
Securing the infrastructure using IDSSecuring the infrastructure using IDS
Securing the infrastructure using IDSRuban Deventhiran
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
Ccna sec
Ccna secCcna sec
Ccna secshg4916
 
Ntcip Device Tester
Ntcip Device TesterNtcip Device Tester
Ntcip Device TesterPeter Ashley
 
Migration to cisco next generation firewall
Migration to cisco next generation firewallMigration to cisco next generation firewall
Migration to cisco next generation firewallIT Tech
 
Top ten OSS products cutting out costs and making a difference in the public ...
Top ten OSS products cutting out costs and making a difference in the public ...Top ten OSS products cutting out costs and making a difference in the public ...
Top ten OSS products cutting out costs and making a difference in the public ...Ubertas
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 

What's hot (19)

Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Здоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудниковЗдоровье важнее - Fortinet решения для удаленных сотрудников
Здоровье важнее - Fortinet решения для удаленных сотрудников
 
Burp suite
Burp suiteBurp suite
Burp suite
 
TekWifi Readme
TekWifi ReadmeTekWifi Readme
TekWifi Readme
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture
 
Securing the infrastructure using IDS
Securing the infrastructure using IDSSecuring the infrastructure using IDS
Securing the infrastructure using IDS
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA Firepower
 
Wi-Fi
Wi-FiWi-Fi
Wi-Fi
 
Ccna sec
Ccna secCcna sec
Ccna sec
 
Ntcip Device Tester
Ntcip Device TesterNtcip Device Tester
Ntcip Device Tester
 
Migration to cisco next generation firewall
Migration to cisco next generation firewallMigration to cisco next generation firewall
Migration to cisco next generation firewall
 
Kali linux
Kali linuxKali linux
Kali linux
 
Top ten OSS products cutting out costs and making a difference in the public ...
Top ten OSS products cutting out costs and making a difference in the public ...Top ten OSS products cutting out costs and making a difference in the public ...
Top ten OSS products cutting out costs and making a difference in the public ...
 
kali linux
kali linuxkali linux
kali linux
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
WEP
WEPWEP
WEP
 

Similar to IP Security over VPN

BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018GENIANS, INC.
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsAhmed Habib
 
eIoT-tech-intro-for-paris-hackathon
eIoT-tech-intro-for-paris-hackathoneIoT-tech-intro-for-paris-hackathon
eIoT-tech-intro-for-paris-hackathonCisco DevNet
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS IoT Core and MQTTGustavo Zastrow - Introduction to AWS IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS IoT Core and MQTTGustavoRuizZastrow
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
Itn6 instructor materials_chapter1
Itn6 instructor materials_chapter1Itn6 instructor materials_chapter1
Itn6 instructor materials_chapter1limenih muluneh
 
Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...wosborne03
 
Chapter 5 overview
Chapter 5 overviewChapter 5 overview
Chapter 5 overviewali raza
 
Afrina Naznin (063514056)
Afrina Naznin (063514056)Afrina Naznin (063514056)
Afrina Naznin (063514056)mashiur
 

Similar to IP Security over VPN (20)

BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
6421 b Module-09
6421 b Module-096421 b Module-09
6421 b Module-09
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
CCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ipsCCNA Security 011- implementing ios-based ips
CCNA Security 011- implementing ios-based ips
 
Vp ns
Vp nsVp ns
Vp ns
 
VPN
VPNVPN
VPN
 
eIoT-tech-intro-for-paris-hackathon
eIoT-tech-intro-for-paris-hackathoneIoT-tech-intro-for-paris-hackathon
eIoT-tech-intro-for-paris-hackathon
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS IoT Core and MQTTGustavo Zastrow - Introduction to AWS IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Itn6 instructor materials_chapter1
Itn6 instructor materials_chapter1Itn6 instructor materials_chapter1
Itn6 instructor materials_chapter1
 
Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...
 
Security analytics
Security analyticsSecurity analytics
Security analytics
 
Chapter 5 overview
Chapter 5 overviewChapter 5 overview
Chapter 5 overview
 
Afrina Naznin (063514056)
Afrina Naznin (063514056)Afrina Naznin (063514056)
Afrina Naznin (063514056)
 

More from Syed Ubaid Ali Jafri

Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabSyed Ubaid Ali Jafri
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Syed Ubaid Ali Jafri
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
 
Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Syed Ubaid Ali Jafri
 
Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Syed Ubaid Ali Jafri
 
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriFinal Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriSyed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri
 

More from Syed Ubaid Ali Jafri (18)

Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing Lab
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
OSI Layered based attacks
OSI Layered based attacksOSI Layered based attacks
OSI Layered based attacks
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
 
Data calling from web to C#
Data calling from web to C#Data calling from web to C#
Data calling from web to C#
 
Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable
 
Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography)
 
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriFinal Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
 
Syed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography Techniques
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology
 
Storage area network
Storage area networkStorage area network
Storage area network
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
Network security over ethernet
Network security over ethernetNetwork security over ethernet
Network security over ethernet
 
LAN Security
LAN Security LAN Security
LAN Security
 

Recently uploaded

Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxRosabel UA
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 

Recently uploaded (20)

Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptx
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSE
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 

IP Security over VPN

  • 1. IP SECURITY (VPN) By Syed Ubaid Ali Jafri
  • 2. Table Of Contents • Introduction • Protocols • Advantages/Disadvantages • Why IPSEC? • IPSEC Header Information • Configuration
  • 3. INTRODUCTION • IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication
  • 4. PROTOCOLS • – PPTP point-to-point tunneling protocol • – L2TP layer 2 tunneling protocol • – IPSEC IP security protocols • • IKE • authentication • • AH • integrity • • ESP • confidentiality, integrity
  • 5. Advantages/Disadvantages Advantages Disadvantages IPsec is that security arrangements can be handled without requiring changes to individual user computers. IPSec is not limited to specific applications. There is no way to predict what applications will traverse a network However, it is guaranteed that they will be routed with IP, making them IPSec compatible Small Packets - When transmitting small packets, the encryption process of IPSec generates a large overhead. This diminishes the performance of the network. Through IP, IPSec can be applied in networks of all sizes including LAN's to global networks. Complexity - Because IPSec has a great number of features and options, it is very complex. Complexity increases the probability of the presence of a weakness or hole. For example, IPSec is weak against replay attacks IPSec functions at a low network level, factors such as users, applications, lower level data carrying protocols, and transport technology will not affect the performance of it. Firewall - The implementation of IPSec defeats the purpose of a firewall. This is because firewalls are based on preconfigured rules, which IPSec encrypts. This problem, however, can be avoided if the firewall is used along with the IPSec gateway, which is a decryption method.
  • 6. WHY IP SECURITY • The Internet Protocol (IP) has enormous advantages in the use of packets. Each packet contains data that is small, easily handled and maintained. However with these advantages of IP come the disadvantages. The routing of these packets through the Internet as well as other large networks makes them open to security risks such as: • Spoofing: a machine on the network acts as another • Sniffing: another person is listening in on another's activity • Session Hijacking: an attacker completely takes over another users activities • Current Internet protocols do not protect data sufficiently enough during transfer. In order to ensure the integrity and security of the data, a set of standard security Internet Protocols knows as IP Security (IPSec) have been developed.
  • 8. CONFIGURATION OF IPSEC IN WINDOWS SERVER 2003 • Creating IP Sec Policy • Click Start RUN > Secpol.msc to Start IP Security Policy Management • Right Click on IP Security Local Policies on Computer, Click Create IP Security Policy • Click Next , And then Enter Name of your policy “ Microsoft IPSec Policy” • Building a Filter List from Host A to Host B • In the new policy properties Click “Add to Create a New Rule” • Click IP Filter List tab, then Lick Next • Type an Appropriate name for the Filter list, and then click Next • In the Source Address Box, Click A Specific IP Subnet And Then Type the “IP Address and the Subnet Mask” • In the destination Address Box, Click A Specific IP Subnet And Then Type the “IP Address and the Subnet Mask”. Cont….
  • 9. BUILDING A FILTER LIST FROM HOST B – HOST A • Click the IP Filter List tab, and then Click Add • Type a Name for Filter List, Click to Clear the Use Add Wizard Check Box,And then Click Add. • In the Source Address box, Click A Specific IP Subnet, and then type the IP Address and the Subnet Mask for HOST B . • In the Destination Box, Click A Specific IP Subnet , and then IP Address and the subnet Mask for HOST A. • Click to Clear Mirrored Check Box • Click Ok
  • 10. BUILDING A FILTER LIST FROM HOST B – HOST A • Click the IP Filter List tab, and then Click Add • Type a Name for Filter List, Click to Clear the Use Add Wizard Check Box,And then Click Add. • In the Source Address box, Click A Specific IP Subnet, and then type the IP Address and the Subnet Mask for HOST B . • In the Destination Box, Click A Specific IP Subnet , and then IP Address and the subnet Mask for HOST A. • Click to Clear Mirrored Check Box • Click Ok