1
00:00:00,550 --> 00:00:06,970
In this section we're going to look at virtual private networks all the peahens DPN solutions provide

2
00:00:06,970 --> 00:00:14,380
for secure access across insecure medium such as the Internet allowing for the connection of branch

3
00:00:14,380 --> 00:00:22,880
offices home offices business partners and remote telecommuters to all or some part of a corporate network.

4
00:00:24,030 --> 00:00:30,730
The peons have become very popular because of low cost high bandwidth Internet connectivity which allows

5
00:00:30,730 --> 00:00:37,750
for a secure encrypted connections back to central sites previously remote offices to connect to the

6
00:00:37,750 --> 00:00:43,950
central office or head office three expensive leased lines or dial up phone lines.

7
00:00:45,160 --> 00:00:51,230
The peons have helped reduce network costs by allowing for secure connections through broadband technology

8
00:00:51,230 --> 00:00:54,910
such as DSL and cable these days.

9
00:00:54,910 --> 00:01:02,600
The peons can transport mission critical data voice over IP and client server applications without compromising

10
00:01:02,600 --> 00:01:04,030
quality or security.

11
00:01:05,420 --> 00:01:11,120
In the section a look at an overview of the peahens at CCMA level they just expect you to have an appreciation

12
00:01:11,120 --> 00:01:12,350
of VPN.

13
00:01:12,590 --> 00:01:17,360
But in my experience I find people get really confused if you just gloss over some of the terms and

14
00:01:17,360 --> 00:01:23,730
technologies and VPN components and thus I'm going to delve into it and a little bit more detail.

15
00:01:23,730 --> 00:01:29,750
We're going to explain where the SEC is what encryption is what authentic nation is and what integrity

16
00:01:29,750 --> 00:01:30,310
is.

17
00:01:30,590 --> 00:01:34,830
All vital components in a VPN.

18
00:01:34,840 --> 00:01:36,940
So again what is a VPN.

19
00:01:36,940 --> 00:01:43,660
A VPN is an encrypted connection between private networks over a public network such as the Internet.

20
00:01:43,660 --> 00:01:51,040
So it's a virtual private network which allows for the sending of traffic securely across an insecure

21
00:01:51,070 --> 00:01:52,300
medium.

22
00:01:52,360 --> 00:01:59,500
Thus you can say private data and private information across the Internet without the worry of someone

23
00:01:59,500 --> 00:02:04,810
intercepting and reading your information to keep the data private.

24
00:02:04,810 --> 00:02:09,450
The traffic is encrypted so that confidentiality is maintained.

25
00:02:09,850 --> 00:02:16,900
Instead of using a dedicated connection between two sites such as a lease line we are using a public

26
00:02:16,930 --> 00:02:22,630
infrastructure such as the Internet to send data securely from one private network.

27
00:02:23,080 --> 00:02:30,220
Let's say a home network where he uses telecommuting to a central office or head office where the users

28
00:02:30,220 --> 00:02:38,980
accessing for instance an Oracle database so secure data is sent between these two private sites across

29
00:02:38,980 --> 00:02:41,380
the public Internet.

30
00:02:41,440 --> 00:02:48,340
Now bit of history why the requirement will be paeans will provision for was created in the 1970s and

31
00:02:48,340 --> 00:02:51,240
in those days network security wasn't a big issue.

32
00:02:51,610 --> 00:02:58,270
It's important to realize that IP transmits a lot of data as text which is often referred to as transmitting

33
00:02:58,270 --> 00:02:59,880
in the clear.

34
00:02:59,920 --> 00:03:04,590
That is just transported in raw form with no encryption.

35
00:03:04,590 --> 00:03:10,710
Lots of private information including usernames and passwords are think occasion information and other

36
00:03:10,710 --> 00:03:19,130
private data is transmitted in clear text and if captured can easily be read by hackers and other individuals

37
00:03:20,960 --> 00:03:27,680
Here's a simple example of a sniffer capture of a user logging into an empty server and you can clearly

38
00:03:27,680 --> 00:03:30,730
see that the user name is anonymous.

39
00:03:30,800 --> 00:03:36,420
Available in ted text and the password of Cisco is also shown in clear text.

40
00:03:36,830 --> 00:03:43,820
So when you connect for instance to a web server the bet web server is not using encrypted HTP your

41
00:03:43,820 --> 00:03:51,240
username and password for instance will be sent in clear text which is easy to capture and read all

42
00:03:51,260 --> 00:03:53,220
information transmitted in an email.

43
00:03:53,240 --> 00:04:01,340
For example I sent in clear text see some examples of critics protocols for instance if all the data

44
00:04:01,460 --> 00:04:06,330
as well as the authentication information is to you a text if you're telling leading to a router or

45
00:04:06,330 --> 00:04:12,140
a switch or you are syndication information is in clear text so usernames and passwords can easily be

46
00:04:12,140 --> 00:04:16,530
captured as well as any commands that you type on the router or switch.

47
00:04:16,550 --> 00:04:22,300
So as an example if you talk show run the entire running configuration could be captured.

48
00:04:22,310 --> 00:04:27,750
There are some really powerful hacking tools available on the internet.

49
00:04:27,760 --> 00:04:32,220
Please note I don't recommend you using them but just be aware that they exist.

50
00:04:32,230 --> 00:04:38,350
An example would be Cain and Abel which is extremely powerful and can capture usernames and passwords

51
00:04:38,530 --> 00:04:41,840
from multiple protocols including those listed here.

52
00:04:42,780 --> 00:04:52,500
Just do a search for Cain and Abel in Google and you can see this Web site Oh excited dog I.T. provides

53
00:04:52,500 --> 00:04:53,910
Cain and Abel for free.

54
00:04:55,490 --> 00:05:00,160
And as really powerful features we're capturing and recovering passwords.

55
00:05:01,460 --> 00:05:03,670
You use this program at your own risk.

56
00:05:04,040 --> 00:05:08,450
And again I don't recommend that you use it but be aware that it exists.

57
00:05:08,630 --> 00:05:13,920
It's empty since the contents of mail messages and text so just pop 3.

58
00:05:14,240 --> 00:05:15,910
So does HTP.

59
00:05:16,000 --> 00:05:17,970
So this is an MP version 1.

60
00:05:18,050 --> 00:05:22,200
So be aware of the protocol that we use in everyday environments.

61
00:05:22,400 --> 00:05:31,890
Same information in say a text which could be captured and read wine undesirables cryptography like

62
00:05:31,890 --> 00:05:35,510
so many other things in life has its own terminology.

63
00:05:35,700 --> 00:05:42,270
Some of the terms that you need to understand well firstly what an algorithm is an algorithm is detailed

64
00:05:42,270 --> 00:05:48,620
steps for performing a function and a cipher is an example of an encryption algorithm.

65
00:05:48,820 --> 00:05:57,690
We look at a lot of the algorithms in the next few slides but as an example days couple days and a yes

66
00:05:58,070 --> 00:06:07,170
by encryption algorithms used for taking it takes data and putting it into non readable form for ciphertext.

67
00:06:07,170 --> 00:06:08,930
In other words encrypted data.

68
00:06:09,110 --> 00:06:13,380
The two main types of encryption algorithm that begin going to look at in this course the first one

69
00:06:13,380 --> 00:06:20,130
is a symmetric algorithm the symmetric algorithm is where the same keys used encryption and decryption

70
00:06:20,730 --> 00:06:28,620
and secret key algorithms like does triple days an alias or symmetric encryption algorithms an asymmetric

71
00:06:28,650 --> 00:06:35,430
algorithm is an algorithm in which different keys are used for encryption and decryption public key

72
00:06:35,730 --> 00:06:39,980
algorithms such as RSA or asymmetric encryption algorithms.

73
00:06:40,230 --> 00:06:45,450
When can look at those in more detail in a moment but just be aware that with a symmetric algorithm

74
00:06:45,570 --> 00:06:52,380
the same key is used to encrypt and decrypt with an asymmetric algorithm a different key is used to

75
00:06:52,380 --> 00:06:55,650
encrypt versus decrypt.

76
00:06:55,660 --> 00:06:57,030
So what is a key.

77
00:06:57,130 --> 00:07:01,210
It is a bit of information that is required to decrypt the message.

78
00:07:01,210 --> 00:07:07,510
Usually in the form of a value that is used with a cipher to encrypt the message it's important that

79
00:07:07,510 --> 00:07:11,850
the key remain secret in order for the message to remain private.

80
00:07:11,860 --> 00:07:19,170
Think of a key as a password a key or password is used with an encryption algorithm and together that

81
00:07:19,170 --> 00:07:27,670
make the data secret Think of it as follows The algorithm is well known and can be read about in books.

82
00:07:27,790 --> 00:07:34,280
You can look on Wikipedia there's lots of documentation explaining various algorithms like a stripper

83
00:07:34,300 --> 00:07:36,330
does and does.

84
00:07:36,340 --> 00:07:42,190
However the key is a secret valley a key use with an algorithm makes the data unique.

85
00:07:43,190 --> 00:07:45,240
What are we trying to accomplish.

86
00:07:45,380 --> 00:07:50,270
There are four things that you typically want to accomplish in a VPN.

87
00:07:50,270 --> 00:07:55,850
The first one and the one most people think about is data confidentiality or encryption where no one

88
00:07:55,850 --> 00:08:01,460
else should be able to read the information by manipulating the data that is sent across the public

89
00:08:01,460 --> 00:08:02,420
infrastructure.

90
00:08:02,660 --> 00:08:07,370
In other words if a hacker captures you information on the Internet that hackers should not be able

91
00:08:07,370 --> 00:08:15,200
to decrypt or read the information data confidentiality is provided by using encryption algorithms with

92
00:08:15,200 --> 00:08:17,540
the associated keys.

93
00:08:17,540 --> 00:08:23,600
The second goal is data integrity and how we want to know that the data has traversed and changed between

94
00:08:23,600 --> 00:08:25,040
the two parties.

95
00:08:25,100 --> 00:08:31,220
For instance if party base in something to party B Party B wants to know that that data has not been

96
00:08:31,220 --> 00:08:38,670
manipulated or changed in transit that data has arrived without changes as it was sent.

97
00:08:38,730 --> 00:08:39,460
What party.

98
00:08:39,460 --> 00:08:47,120
A The third goal is data origin authentication the Receive of the data needs to be able to verify that

99
00:08:47,120 --> 00:08:51,620
the data that it received could only have originated from the sender.

100
00:08:51,620 --> 00:08:58,120
In other words the so-called sender is the actual sender that we believe them to be the receiver wants

101
00:08:58,130 --> 00:09:04,280
to be able to think teacake the source of the packet that arrived guarantying and certified who the

102
00:09:04,280 --> 00:09:06,690
source of the information actually is.

103
00:09:08,060 --> 00:09:11,270
And then the fourth goal is empty replay protection.

104
00:09:11,270 --> 00:09:15,410
We want to verify that each packet is unique and is not duplicated.

105
00:09:16,080 --> 00:09:22,280
So he has a very basic example of confidentiality for encryption and is one of the earliest forms of

106
00:09:22,280 --> 00:09:28,490
encryption used by Seiza years and years ago if a hectic captured the following text.

107
00:09:28,760 --> 00:09:31,690
M.J. Q-Q TE What does it mean.

108
00:09:31,910 --> 00:09:34,310
Well two things have been done to this text.

109
00:09:34,310 --> 00:09:40,660
The first is that an algorithm has been applied to see a text with a key.

110
00:09:40,670 --> 00:09:47,120
So in this example the algorithm used is a so-called CS's algorithm where data has been moved to the

111
00:09:47,120 --> 00:09:52,570
right hand side and the key space or key used is five.

112
00:09:52,590 --> 00:09:55,050
Now if you reverse that process.

113
00:09:55,050 --> 00:09:59,510
In other words move the letters by five to the left hand side.

114
00:09:59,520 --> 00:10:07,950
This can be decrypted as hello just take an alphabet look at em for example move by five letters and

115
00:10:07,950 --> 00:10:10,800
you'll get an H and so forth and so on.

116
00:10:11,160 --> 00:10:17,520
So if a hacker captured the encrypted text he or she would have to know firstly which algorithm was

117
00:10:17,520 --> 00:10:23,820
used and secondly what the key is once you know those two pieces of information.

118
00:10:23,850 --> 00:10:26,640
It's just a matter of reversing the algorithm.

119
00:10:26,760 --> 00:10:32,810
So there's a very simple example of data confidentiality encryption.

120
00:10:32,860 --> 00:10:39,930
This is the process involved with encryption we reversely take some secret data which is encoded text.

121
00:10:40,030 --> 00:10:47,140
This might be an order or a confidential email or some data that is in clear text that we want to keep

122
00:10:47,140 --> 00:10:49,030
it confidential.

123
00:10:49,030 --> 00:10:57,980
We then take a key in combination with an algorithm let's say abs or Advanced Encryption Standard.

124
00:10:58,030 --> 00:11:00,570
I'll explain more about the algorithms in a moment.

125
00:11:00,730 --> 00:11:06,360
But for now just understand that you take the original data which is in clear text.

126
00:11:06,550 --> 00:11:13,720
We take a key you take the encryption algorithm the clear text when sent through the encryption algorithm

127
00:11:14,380 --> 00:11:22,570
with a specific key results in ciphertext or encrypted data that encrypted data can then be sent across

128
00:11:22,570 --> 00:11:29,920
a public infrastructure such as the Internet and a non desirable like a hacker will not be able to read

129
00:11:29,920 --> 00:11:37,420
the information because it's encrypted the receiving party will receive encrypted data and will reverse

130
00:11:37,420 --> 00:11:38,500
the process.

131
00:11:38,510 --> 00:11:46,180
So in other words by applying the same algorithm and the same key but in the reverse direction the encrypted

132
00:11:46,180 --> 00:11:54,280
data is reversed back to the original player it takes data and the receiving party can read the information.

133
00:11:54,310 --> 00:12:00,820
So it's a simple process where you take the data you apply an encryption algorithm with a key to it

134
00:12:01,480 --> 00:12:07,610
which results in ciphertext the sender then transmits that across an insecure medium such as the Internet.

135
00:12:07,840 --> 00:12:11,950
The receiver reverses the process by applying the same key.

136
00:12:12,070 --> 00:12:20,260
If it's a symmetric algorithm and the algorithm that reverses the process which results in the original

137
00:12:20,470 --> 00:12:29,690
It takes data known algorithms keyspace or key length is a set of all possible values for that algorithm.

138
00:12:29,700 --> 00:12:37,230
I find this confuses a lot of people some explain it by using an IP address and but Keys produces a

139
00:12:37,260 --> 00:12:40,260
two to the n keyspace size.

140
00:12:40,260 --> 00:12:46,590
So by looking at a Class A address as an example not provision for addresses 32 bits in size the network

141
00:12:46,590 --> 00:12:50,760
portion is 8 bits and the host portion is 24 bits.

142
00:12:50,790 --> 00:12:53,350
So two to the power of 24.

143
00:12:53,520 --> 00:12:59,160
If you're over 16 and a half billion options or host addresses in theory.

144
00:12:59,160 --> 00:13:01,610
So think about it as follows at 24.

145
00:13:01,610 --> 00:13:06,880
But keyspace results in over 16 and a half billion combinations.

146
00:13:07,200 --> 00:13:12,270
So keep that in mind when we look at the key spaces available in the various algorithms the greater

147
00:13:12,270 --> 00:13:19,560
the keyspace the harder it's going to be to crack the encryption algorithm because there are more combinations

148
00:13:19,560 --> 00:13:20,140
available.