1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts...

download 1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

If you can't read please download the document

Transcript of 1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts...

  • Slide 1

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization Slide 2 2 TCP/IP in the OSI Model Slide 3 3 TCP/IP Design Requirements and Constraints Data amount and confidentiality Future growth plans Current TCP/IP network characteristics Response times Network availability requirements Slide 4 4 TCP/IP Design Decisions IP addressing scheme IP subnet mask configuration Variable Length Subnet Mask (VLSM) Classless Interdomain Routing (CIDR) Authentication and encryption TCP/IP filters Availability and performance Slide 5 5 Network Components That Require TCP/IP Slide 6 6 Essential IP Configuration Information IP address Subnet mask Default gateway (except for routers and IP switches) Slide 7 7 Class-Based IP Addresses Slide 8 8 Public IP Addressing Schemes Obtain a public IP address range. Ensure that the range has enough addresses. Consider cost. Improve performance by excluding Network Address Translation (NAT). Consider security issues in your design. Slide 9 9 Private IP Addressing Schemes Slide 10 10 IP Address Ranges for Private Networks Slide 11 11 Creating a Private Addressing Scheme Obtain the public IP addresses. Select the private IP address range. Reduce the number of Internet-connected devices. Include NAT. Incorporate security. Slide 12 12 IP Subnet Mask Slide 13 13 Default Gateway Forwards IP packets to other subnets or routers Is not required on routers, IP switches, or NAT devices Use a router as the default gateway when It is the only router on the subnet Most traffic goes through that router Routers use Internet Group Membership Protocol (IGMP) messages to identify better route paths Slide 14 14 VLSM Reduces routing table entries Uses address space more efficiently VLSM design considerations Arrange routers hierarchically. Highest-level subnet mask allocates least number of bits. Lower-level subnet masks assign more bits. Lowest-level subnet mask supports maximum number of hosts. Slide 15 15 Implementing VLSM: An Example Slide 16 16 CIDR Replaces class-based IP addressing system Adds network prefix to IP address Is similar to VLSM; implemented by ISPs Is flexible Allows routing table aggregation Slide 17 17 IPSec and VPN in TCP/IP Data Protection Internet Protocol Security (IPSec) Is an extension of TCP/IP Is supported only by Microsoft Windows 2000 Protects specific servers and resources Provides end-to-end encryption Slide 18 18 IPSec and VPN in TCP/IP Data Protection (Cont.) Virtual private network (VPN) Allows remote access Is supported by many operating systems Protects an entire subnet Provides point-to-point encryption Uses a screened subnet Slide 19 19 IPSec Connection Process Check IPSec policies Perform Internet Key Exchange (IKE) Establish the security association Exchange encrypted data Slide 20 20 IPSec Policies Customize IPSec security with policies. Specify other IPSec rules in your policies. Use the default policies as the base for custom policies. Client (Respond Only) Server (Request Security) Secure Server (Require Security) Slide 21 21 IPSec Modes Transport mode Multiple IPSec-enabled devices End-to-end encryption Tunnel mode One other IPSec-enabled device Point-to-point encryption Slide 22 22 IPSec Authentication Methods Kerberos v5 X509 certificates version 3 Preshared keys Slide 23 23 IPSec Integrity Checking and Data Encryption Authentication Headers (AH) protocol Use for integrity checking. Use when not encrypting data. Do not use for packets going through NAT. Encapsulating Security Payloads (ESP) Use for encrypting data. Choose among three encryption algorithms. Slide 24 24 VPN Data Protection Point-to-Point Tunneling Protocol (PPTP) The industry standard Supported by various operating systems Layer 2 Tunneling Protocol (L2TP) Draft RFC-based protocol Supported by Windows 2000 Slide 25 25 VPN Authentication Protocols Password Authentication Protocol (PAP) Shiva Password Authentication Protocol (SPAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) Extensible Authentication Protocol (EAP) Slide 26 26 VPN Encryption Protocols Microsoft Point-to-Point Encryption (MPPE) Various IPSec encryption algorithms Slide 27 27 TCP/IP Filters Filter inbound traffic Work at application layer Provide alternative to Routing and Remote Access or Proxy Server Slide 28 28 Optimizing TCP/IP Add persistent connections. Add more connections. Add more routers. Slide 29 29 Chapter Summary TCP/IP designs Design concepts Class-based or CIDR addresses Public or private scheme Subnetting IGMP VLSM and CIDR Slide 30 30 Chapter Summary (Cont.) TCP/IP data protection IPSec VPN TCP/IP filters