📄 vpnlecture.html
字号:
sec</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> also</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> also</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> it is important to keep in mind</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> client management for VPNs </P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> selecting the appropriate routers
for the job etc</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> questions?</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> -m first</P>
<P style="MARGIN-BOTTOM: 0cm"><phatal> why was this held here</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> haha!</P>
<P style="MARGIN-BOTTOM: 0cm"><_rpc-> HEH</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> k, so lemme put all the info i've
absorbed into a more accurate definition of a VPN... (tell me if this is correct
or not) a VPN is a method of transport that provides security through encryption
and packet header modification that implements a VIRTUAL p2p link between shared
networks... correct?</P>
<P style="MARGIN-BOTTOM: 0cm"><c0ld> lol</P>
<P style="MARGIN-BOTTOM: 0cm">--- _rpc- is now known as rpc</P>
<P style="MARGIN-BOTTOM: 0cm"><phatal> instead of #lecture?</P>
<P style="MARGIN-BOTTOM: 0cm"><LiquidCrystalDismay> oh i wanted to see the
rest :)</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> lol, that was some pretty nice ascii
art ;-D</P>
<P style="MARGIN-BOTTOM: 0cm">--> kf26t3a (kf26t3a@mtdCfs6iqTg.eseenet.com)
has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> lol @ liquid</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> thorn yea</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> k, cool</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> my fingers are tired</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> heheh, i bet</P>
<P style="MARGIN-BOTTOM: 0cm"><Phaedrus> How are the actual crypto bits
handled? What protocols is it using? Aren't the packets encapsulated and not
modified at header level? </P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i will get into that also</P>
<P style="MARGIN-BOTTOM: 0cm">* Phaedrus ohs...sits tight</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> at the bit level for you :-D</P>
<P style="MARGIN-BOTTOM: 0cm">Phaedrus phatal >phatal< they are always
held here</P>
<P style="MARGIN-BOTTOM: 0cm">* Phaedrus has an exam on this stuff in two
days</P>
<P style="MARGIN-BOTTOM: 0cm"><Pleb> _Jonah_, could you repeat that? I
wasn't paying attention.</P>
<P style="MARGIN-BOTTOM: 0cm"><Pleb> ;)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> so lemme sip some whater</P>
<P style="MARGIN-BOTTOM: 0cm"><rpc> hi phaedrus</P>
<P style="MARGIN-BOTTOM: 0cm"><Phaedrus> hi</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><Pleb> lol</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> fuck, i need a more comfortable
chair</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> :-\</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> next i'll begin to talk about VPN
Architectures && Implementation</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ithink we all</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> got an idea of how vpns work</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and the fundamental concepts</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i'll go into packet security
etc</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and how the step by step process
of VPNs are set up</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and taken down ,, (LOGICALLY of
course)</P>
<P style="MARGIN-BOTTOM: 0cm">--> _Acolyte-
(a@9J3lMVShCog.tnt1.orange.au.da.uu.net) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> there are a whole bunch of </P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> architecture arrangements</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> for VPN implementation</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> like i said the most popular</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> are routers on the p2p</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> but</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> it can b client to router like in
the wan-dial up user scenario</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> logically</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> its the encrypted tunnel
connection on a shared network</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the imediate benefit of a VPN is
the tocal cost of ownership</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> instead of leasing lines for p2p
connections</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> you have the free access of the
(internet) or shared network</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> plus</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the sexiest thing is</P>
<P style="MARGIN-BOTTOM: 0cm">--> Mikkkeee (mike@yxlXiJEpTppc.150.108.234.O)
has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> link failure is virtually
eliminated</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> e.g. in the leased line
scenario</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> if there's a cut</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> byebye network</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> however in the VPN, link failure
is protected using routing protocols</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> like RIP,EIGRP.. etc</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> those protocols auto sense link
failures and redirect traffic</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> thers something called IPSsec</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> IPSec</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> (internet protocol security)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> lemme attempt to make a
diagram</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> a typical ip packet is designed
like this</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> hmm</P>
<P style="MARGIN-BOTTOM: 0cm"><-- _Acolyte-
(a@9J3lMVShCog.tnt1.orange.au.da.uu.net) has left #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the packet is like a rectangle</P>
<P style="MARGIN-BOTTOM: 0cm"><Mikkkeee> sup ppl</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> |header|data|</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> in the header</P>
<P style="MARGIN-BOTTOM: 0cm">--> Acolyte
(a@9J3lMVShCog.tnt1.orange.au.da.uu.net) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> theres |destination ip|source
ip|dest. port|source port|</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> followed by the data</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> what ipsec does</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> it encrypts the entire packet</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> before it gets sent out the VPN
gateway</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> an dputs it in an entirely new
packet</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> where - |new header|old
packet|</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the entire old packet is put in
the data</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> section</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> including the oldheader...etc</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> take a second to grasp that
concept</P>
<P style="MARGIN-BOTTOM: 0cm"><-- Acolyte
(a@9J3lMVShCog.tnt1.orange.au.da.uu.net) has left #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> then when that new ipsec packet
arrives at the end VPN gateway</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> it does the VPN Header checks from
the IPSEC header</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> reforms the packet and redirects
it on the private network</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the IPSec core is located b/w
layers 3(network layer) and layer 4(tcp/udp) layer</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> or the ipsec header/ESP (data
body)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ESP = hmm</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> something Security Payload</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i forget i'm sorry</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> so</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> to reinterate</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the new IPsec packet</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> has the new AHA header followed
bye the ESP body/data</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ESP ensures packet encryption</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> while</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the AHA... Authentication Hashing
Algorithm</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> esures</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> packet delivery</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> there are two modes</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> for IPSec</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> tranparent</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and Tunnel mode</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> Transparent btw is rarely ever
used anymore</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> in trans. mode, only the data is
encrypted</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> so remote routers located within
the tunnel can implement QoS b/c they can read the header</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> in tunnel mode</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the entire packet is
encapsulated</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and a new packet is created...</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> just as i describe above</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> now</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> when implementing VPN you may want
to use trans. mode if you have a whole bunch of dial up users</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> b/c of all the hops their packets
are going to take</P>
<P style="MARGIN-BOTTOM: 0cm">--> Zomart (Zomart@y9ppfhSBLZ22.om.om.cox.net)
has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> however the argument to not using
it(which is the predominant one)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> is that packet transport integrity
is very high</P>
<P style="MARGIN-BOTTOM: 0cm">--> Chris (melphies@VDSQtysxETo.ipt.aol.com)
has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> so its a more secure soln. to use
tunnel mode</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> thers another</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> VPN routing/packet protocol</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and its GRE.... Generic Routing
Encapsulation</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ahh ESP ... Encapsulation Security
Payload</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> GRE simply allows APpletalk and
IPX/SPX packets to communication over a IP VPN backbone</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ;-D</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> PPTP , point to point tunneling
protocol is for Dial up users</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> with all those in mind</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> we move on to something called</P>
<P style="MARGIN-BOTTOM: 0cm"><-- aphrael has quit ()</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> Security Association</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> there are a whole bunch of
encryption/decryption methods choices to employ</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i.e. DES,AHA,SHA,MD5...etc</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> also</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> there are security keys related to
each session</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> all this info is combined in
statement of security policies </P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> these statements have been
negotiated by both endpoints of the VPN connection</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> btw its unidirectional</P>
<P style="MARGIN-BOTTOM: 0cm"><-- piksel has quit (leaving)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> each endpoin has there own
SA...(Security Association)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> QUestions?</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> -m!</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> thnx</P>
<P style="MARGIN-BOTTOM: 0cm"><LiquidCrystalDismay> isn't PPTP for
windows, or some shit?</P>
<P style="MARGIN-BOTTOM: 0cm"><rpc> few comments</P>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -