vpnlecture.html

黑客培训教程

<HTML><HEAD><TITLE>Virtual Private network [VPN] Lecture</TITLE>
<STYLE>@page  {margin-left: 3.18cm; margin-right: 3.18cm; margin-top: 2.54cm; margin-bottom: 2.54cm; }
</STYLE>
</HEAD>
<BODY lang=en-US>
<hr color="#000000" width="50%" size="1"><center>
Virtual Private network [VPN] Lecture<br>
By _Jonah_<br>
For <br>
Blacksun Research Facility [BSRF]<br>
<a href="http://blacksun.box.sk">
http://blacksun.box.sk</a><br>
<hr color="#000000" width="65%" size="1"></center>

<P style="MARGIN-BOTTOM: 0cm">&nbsp;</P>
<P style="MARGIN-BOTTOM: 0cm">**** BEGIN LOGGING AT Mon Jul 8 22:50:20 2002</P>
<P style="MARGIN-BOTTOM: 0cm">--&gt; You are now talking on #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><b>--- Topic for #bsrf is '.:: BlackSun Research 
Facility (<a href="http://blacksun.box.sk"><br>
http://blacksun.box.sk</a>) ::. || Nothing illegal || Send in your BSRF 
logos for the contest to Mikkkeee or AZTEK || email Simprix 
(simprix@simprix.net) concerning lectures || lecture 07/08/02 at 11PM EST (4 am 
GMT) on VPNS, by _Jonah_ || <a href="http://fusion.dyn.ee/bsrf2.gif">http://fusion.dyn.ee/bsrf2.gif</a></b></P>
<P style="MARGIN-BOTTOM: 0cm">--- Topic for #bsrf set by AZTEK at Sun Jul 7 
10:08:49</P>
<P style="MARGIN-BOTTOM: 0cm">--- ChanServ gives channel operator status to 
simprix</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;DigitalFallout&gt; &lt;---START 
LECTURE---&gt;</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; VPN =</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; Virtual Private network</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; the concept behind it is really 
simple</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; although the implmentation is 
not</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; e.g a company has branches that 
are connected to a shared/public network</P>
<P style="MARGIN-BOTTOM: 0cm">--&gt; _bAss 
(ffffffffff@TCydwnX3BaI.a.004.syd.iprimus.net.au) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; i.e. internet</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and there some sorta data being 
transacted</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; b/w two branches on that shared 
network</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; the old days</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; way back early 90's :-p</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; if there was transactions being 
done on the shared network</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;-- b0ttyburp 
(b0ttyburp@7cZDwowQs8M.blueyonder.co.uk) has left #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">--&gt; b0ttyburp 
(b0ttyburp@7cZDwowQs8M.blueyonder.co.uk) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; there was no security meassure 
inplace on the physical data</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; soooo</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; happy hacker b0ttyburp was having 
a field day</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; then some genious</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; well actualy</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; encryption been around for 
ages</P>
<P style="MARGIN-BOTTOM: 0cm">--&gt; scaal (eat@VP4FadmQevg.vic.bigpond.net.au) 
has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; bleh</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; i forgot to mention</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; b/c that data was insecure</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; corporations leased lines</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; for telco co.</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; for point -to point</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; connections</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; that of course was extremely 
costly</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; then VPN came a long</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; what VPN does</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; is on that shared network</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; it creates a virtual private 
network ... hence VPN</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;-- [PhaLanX] 
(phalanx@RPhz99t4THk.codetel.net.do) has left #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">--&gt; [PhaLanX] 
(phalanx@RPhz99t4THk.codetel.net.do) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; by boaring a path between two 
entities</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;-- Pike has quit ()</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; typically a Corp. Branch and a 
smaller branch</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;-- Jason has quit (.:touchstone:.)</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; let me mention</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; what's really pushing this 
technology is</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; globalization</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and multinational corp, that need 
to communicate</P>
<P style="MARGIN-BOTTOM: 0cm">--&gt; c0ld 
(c0ld@10LEG6SNXrg.chcgil2.dsl-verizon.net) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and would be physically impossible 
to drop a piece of fiber from USA to KOREA</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and the fact that telecomuters 
need access to company resources that are secure</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; questions?</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; -m</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; well I'm sure you guys are smart 
enough to understand this so far</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; well</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;linuxlogic&gt; can VPN's be setup using any 
OS?</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; q's?</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;hydeph&gt; continue</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_bAss&gt; this must be a lecture right</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; it is not OS dependant</P>
<P style="MARGIN-BOTTOM: 0cm">linuxlogic LiquidCrystalDismay &lt;hydeph&gt; por 
favor</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; but i will get into that</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_bAss&gt; =D</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; no more questions relative to 
what i just said?</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;th0rn&gt; hmm.... so are vpn's a whole other 
type of topology?</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; VPNs are a logical and Physical 
topology</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; i wil get into that</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;th0rn&gt; k</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; i think everyone is on the ball so 
far</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; there are 3 classes of VPNs</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;th0rn&gt; ya, i was jus wondering how they are 
layed out</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; A. Remote Dial in.....</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; those users will have a desire for 
co. resources on an infrequent bases</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; or are constantly changing 
physical locations</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; B. Always connected</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; connected</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; those are small branches, like a 
cellular store </P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; or retail outless</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; or home telecommuters that need 
permanent access</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; ... sorry for my spelling</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and lastly</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; C. The Extranet class</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; this is a newly defined class of 
the internet</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; essential</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; essentially</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; it is for large corp to 
communicate with each other</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and transfer critical data over 
large geographic WANs</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; ok</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; there are a few fundamentals</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; that need to me taken heed of when 
deploying a VPN</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;-- piksel has quit (Ping timeout: 180 
seconds)</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;simprix&gt; ready to continue</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; What type of security will you 
employ, encryption type,, type of tunneling,, type of authen tication</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; B. What sorta QoS requirements 
will ur deploy</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; QoS quality of service...</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; some QoS techniques would be 
traffic shaping, packet prioritizing</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; packet queing</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; etc</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and C. How will the VPN be 
manage</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; btw i have my lecture notes on ftp 
after this i'l put it up</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; AA. Security for VPN</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; (now i'm going to be referencing the 
those three fundamentals)</P>
<P style="MARGIN-BOTTOM: 0cm">--&gt; aphrael 
(aphrael@NTCS7oS6MSA.dialup.mindspring.com) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; the VPN is like i already said 
connected across a shared network</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; i.e a tunnel</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; it is a Point-to-point 
connection</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; between two nodes</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; the first process of </P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; initiating a VPN </P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; connecting</P>
<P style="MARGIN-BOTTOM: 0cm">--&gt; guest284 (dick@k2UJmRwJyT2.64.5.220.O) has 
joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; is the process called Tunnel 
Setup</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; this process involves 
authentication</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; typically MD5...(message digest 
5)</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; triple A authentication ....</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; AAA- 
Authentication, authorization &amp;accounting</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; thats based on radius and 
tacacs</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and you can use radius and 
tacas</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; once the tunnel is 
established</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; encryption begins</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; the last part</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; of security for the vpn</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; is to include some type of data 
integrity checking</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; this is typically done by 
protocols like</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; IPsec/SAP which i will describe 
further in a bit</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; Beyond ensuring no other devices 
interact (i.e. happy hacker b0ttyburp)</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; packet integrity should be 
accounted for </P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; using new headers</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; attentuation, and packet 
detriorzation should be tested</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; using ESP,AHA</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; SHA</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; AHA=algorithm hasing 
authentication</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; dont hoold me to it but i think 
that's it</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; and SHA secure hasing algorithm</P>
<P style="MARGIN-BOTTOM: 0cm">&lt;_Jonah_&gt; algorithm</P>