Manualshelf

Specifications

ManualsBrandsCharles ManualsComputer equipment3641-80
10111213141516171819
Section 364-180-202
16
7.4 Virtual Private Network Security
7.4.1 Link Control Protocol (LCP) is used in point-to-point protocols to establish, configure and test the
data link Internet connection.
7.4.2 Layer 2 Tunneling Protocol (L2TP) is an extension of PPTP and provides a means of
encapsulation to transmit multi-protocol packets over layer 2 point-to-point links.
7.4.3 Point-to-Point Tunneling Protocol (PPTP) is used to extend a corporate network through a private
tunnel over the public network.
7.4.4 Generic Routing Encapsulation (GRE) allows any network protocol to be transmitted over a
network running a different protocol by encapsulating the packets of the network protocol within
GRE packets.
7.4.5 Internet Protocol Security (IPSec) with Internet Key Exchange (IKE) is a set of protocols for
security at the network or packet-processing layer. It is useful for virtual private networks and
remote user access.
7.4.6 Data Encryption Standard (DES), 3DES and Blowfish are encryption algorithms for a more secure
exchange using IPSec.
7.5 FIREWALL
7.5.1 Port Filtering is a series of rules that determine how a packet should be handled. The routes
define the protocol type, the range of source and destination ports numbers and an indication of
whether or not the packet should be allowed. When a packet arrives the filter list is searched for a
match that will indicate if the packet. Filters may overlap as the search finds the most specific
rule.
7.5.2 Validation is similar to port filters. They are rules to define handling of packet based on source or
destination IP address. The validation allows ranges of IP addresses to be specified and the
action to be taken on packets from or to addresses in that range. This is a powerful mechanism
that allows users to block packets from certain addresses while allowing others.
7.5.3 Intrusion Detection provides a means to identify possible security attacks. Some attacks will
cause a host to be blacklist (i.e., no traffic from that host is accepted under any circumstances)
for a period of the time. Other attacks are simply logged.
7.5.4 Network Address Translation (NAT) is the translation of an IP address used within one network to
a different IP address used within another network.
7.5.5 Network Address Port Translation (NAPT) is more correctly called PAT. PAT will store addresses
and the translated port tables for each active clients and assigns new port numbers to new clients
that are on the network. It defines the number of port reassignments assigned to each active IP
client. It provides a similar functionality to NAT, but is a more specific tool. PAT forwards requests
for a particular IP and port pair to another IP port pair. This feature is commonly used on publicly
connected hosts to make an internal service available to a larger network.
7.6 Point-to-Point WAN PROTOCOLS
7.6.1 Internet Protocol Control Protocol (IPCP) is responsible for configuring, enabling and disabling
the IP protocol features on both ends of a point-to-point connection.