CISSP Network Security Protocols - Boot Camp

CISSP Network Security Protocols – Boot Camp

welcome to network security the information in this video is compiled by isc2 certified instructor sundeep sigil in this video we would focus our discussion on the following PPP pptp l2tp ipv4 IP SEC ipv6 and TLS let us talk about point-to-point protocol PPP is a layer 2 protocol that adds confidentiality integrity and authentication via point-to-point links PPP support synchronous links such as t1 in addition to asynchronous links such as modems to derivatives of PPP point-to-point protocol over Ethernet pppoe and point-to-point protocol over ATM pppoa are used most commonly by Internet service providers to establish a digital subscriber line dsl internet service connection with customers the point-to-point tunneling protocol pptp is an obsolete method for implementing virtual private networks with many known security issues the earlier authentication methods that were used with pptp had some inherent vulnerabilities which allowed an attacker to easily uncover password values later implementations of pptp address these issues but the protocol still has some limitations that should be understood pptp cannot support multiple connections over one VPN tunnel which means that it can be used for system to system communication but not gateway to gateway connections that must support many user connections simultaneously pptp relies on PPP functionality for a majority of its security features and because it never became an actual industry standard incompatibilities through different vendor implementations exist layer two tunneling protocol l2tp is a tunneling protocol used to support virtual private networks or as part of the delivery of services by ISP it does not provide any encryption or confidentiality by itself rather it relies on an encryption protocol that it passes within the tunnel to provide privacy l2tp inherits PPP authentication and integrates with ipsec to provide confidentiality integrity and potentially another layer of authentication answer to the question internet is an IP based network why do we need PPP the answer is very simple the point-to-point line devices that connect individual systems to the Internet do not understand IP so the traffic that travels over these links has to be encapsulated in PPP answer to another question if pptp and l2tp do not secure data themselves then why do they exist the answer is that they extend PPP connections by providing a tunnel through networks that do not understand PPP in ipv4 an address consists of 32 bits which limits the address space to 2 raise to the power 32 possible unique addresses ipv4 reserved some addresses for special purposes such as private networks approximately 18 million addresses or multicast addresses approximately 270 million addresses ipsec is a suite of protocols that was developed to specifically protect IP traffic ipv4 does not have any integrated security so IPSec was developed to bolt onto IP and secure the data the protocol transmits where pptp and l2tp work at the data link layer IPSec works at the network layer of a OSI model IPSec has following protocols authentication header aah provides data integrity data origin authentication and protection from replay attacks encapsulating security payload ESP provides confidentiality data origin authentication and data integrity internet security Association and key management protocol is a KMP provides a framework for security association creation and key exchange internet key exchange i ke provides authenticated keying material for use with isakmp let us talk lie idle more ipsec aah an ESB can be used separately or together in an IPSec VPN configuration yes the aah protocols can provide data origin authentication and protection from unauthorized modification but do not provide encryption capabilities if the VPN needs to provide confidentiality then ESP has to be enabled and configured properly the rapid exhaustion of ipv4 address space prompted the internet Engineering Task Force to explore new technologies to expand the addressing capability in the Internet the permanent solution was deemed to be a redesign of the internet protocol itself this new generation of the internet protocol was eventually named internet protocol version 6 ipv6 in 1995 the address size was increased from 32 to 128 bits 16 octets thus providing up to approximately 3.40 three times 1038 addresses this is deemed sufficient for the foreseeable future transport layer security TLS is VP and technology which works at session layer of OSI TLS is used mainly to protect HTTP traffic TLS capabilities are already embedded into most web browsers so the deployment and interoperability issues are minimal since TLS VPNs are closer to the application layer they can provide more granular access control and security features compared to the other VPN solutions but since they are dependent on the application layer protocol there are a smaller number of traffic types that can be protected through this VPN type this ends our video for details contact WWE cyber academy com


Leave a Reply

Your email address will not be published. Required fields are marked *