User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000

261

262

263

264

265

266

267

268

269

270

228 XSR User’s Guide

VPN Overview Chapter 11

Configuring the Virtual Private Network

 Impersonation - Information passes to a person who poses as the

intended recipient. Impersonation can take two forms:

– Spoofing - A person can pretend to be someone else. For example,

a person can pretend to have the email address

jdoe@acme.com,

or a computer can identify itself as a site called www.acme.com

when it is not. This type of impersonation is known as spoofing.

– Misrepresentation - A person or organization can misrepresent

itself. For example, suppose the site

www.acme.com pretends to be

a furniture store when it is really just a site that takes credit-card

payments but never sends any goods.

Normally, users of the many cooperating computers that make up the

Internet or other networks don't monitor or interfere with the network traffic

that continuously passes through their machines. However, many sensitive

personal and business communications over the Internet require precautions

that address the threats listed above. Fortunately, a set of well-established

techniques and standards aggregated under Internet Protocol Security

(IPSec)/Internet Key Exchange (IKE) and the Public-Key Infrastructure

protocol (PKI) make it relatively easy to take such precautions.

The combined features of the above protocols facilitate the following tasks:

 Encryption and decryption promote confidentiality by allowing two

communicating parties to disguise information they share. The sender

encrypts, or scrambles, data before sending it. The receiver decrypts, or

unscrambles, the data after receiving it. While in transit, the encrypted

information is unintelligible to an intruder.

 Tamper detection ensure data integrity by permitting the recipient of

data to verify that it has not been modified in transit. Any attempt to

modify data or substitute a false message for a legitimate one will be

detected. A hash value is calculated by the sender every time data is

sent, and calculated when data is received, and both values are

compared.

 Authentication allows the recipient of information to determine its

origin — that is, to confirm the sender's identity by digitally signing a

message or by applying the challenge-response method.

 Nonrepudiation prevents the sender of information from claiming at a

later date that the information was never sent.

A later section of this chapter details the XSR’s security implementation.