SlideShare a Scribd company logo

IPS NAT and VPN.pptx

Download as PPTX, PDF
K
karthikvcyber

IDS, IPS, NAT and VPN The document discusses and defines intrusion detection systems (IDS), intrusion prevention systems (IPS), network address translation (NAT), and virtual private networks (VPN). It explains that IDS monitor networks for suspicious activity, while IPS can also block threats. It describes static and dynamic NAT and port address translation (PAT). It also outlines remote access VPNs for connecting remote users, site-to-site VPNs for connecting office networks, and common VPN protocols like IPsec. The document provides an overview of these key network security concepts.

Internet
1 of 23
Download to read offline
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
IDS, IPS, NAT and VPN
What is an Intrusion Detection System (IDS)? ๐Ÿ ถ Itโ€™s a technique of detecting unauthorized access to a computer system or a computer network. ๐Ÿ ถ The detection techniques used by IDS are as follows: 1. Signature based Intrusion Detection Technique 2. Anomaly based Intrusion Detection Technique ๐Ÿ ถ Signature based detection scan all the packet on the network and compare them against the database of signatures. Example: E-mail an attachment filename of โ€œfreepics.exeโ€, which are characteristics of a known form of malware. ๐Ÿ ถ Anomaly based detection perform comparison against the established baseline. Example: The number of failed login attempts for a host, and the level of processor usage for a host in a given period of time.
What is Intrusion Prevention System (IPS)? ๐Ÿ ถ They not only detect the intrusion but also take some preventive actions and defend the network by stopping the intruders. ๐Ÿ ถ The detection techniques used by IPS are as follows: 1. Network-based Intrusion Prevention System (NIPSs) 2. Host-based Intrusion Prevention System (HIPSs) ๐Ÿ ถ NIPSs performs packet sniffing and analyze network traffic to identify and stop suspicious activity. ๐Ÿ ถ HIPSs monitors the characteristics & events of a single host, such as monitoring network traffic, system logs, running processes, file access and modification, and system and application configuration changes.
Honey token systems ๐Ÿ ถ Honey token is the security tool used for the purpose of intrusion detection. ๐Ÿ ถ Its concept is derived from honeypots and honeynets ๐Ÿ ถ A honeypot system is designed to attract hackers. ๐Ÿ ถ After an intrusion, network administrators and security specialists can determine how the attacker succeeded. ๐Ÿ ถ Then prevent subsequent attacks, and identify security gaps.
Conclusion ๐Ÿ ถ Honeypot technology has matured after a leap in its development. ๐Ÿ ถ This technology aims to lure hackers to a decoy system, thus delaying the attack and providing network security specialists a window of opportunity to prevent the threat. ๐Ÿ ถ The technology allows system administrators to know the launch address, verify if the security strategy is effective, and determine if the defense line is solid. ๐Ÿ ถ Network security can be improved when such technologies are combined with the honeypot system. ๐Ÿ ถ We believe that honeypot technology will play a crucial role in global network security.
NAT & PAT
Intro to NAT/PAT ยฉ 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0โ€”6-7 7 NAT :- the NETWORK ADDRESS TRANSLATION is used to translate the local ip address on a network with the global or public ip addresses. Requirement of NAT when.. 1.you need to connect to the Internet and your hosts donโ€™t have global unique ip addresses. We are using private addresses. 2. You change your network to another ISP and that require to renumber your network. Then using the nat we didnโ€™t need to change our ip addresses. 3. You need to merge two internets with duplicate addresses. 4.No any host from the foreign network can access our local network. Local network security.
NAT typesโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆ Static NAT:- it is the type of Nat that is designed to allow One-to-one mapping between the local ip addresses and global ip addresses. BUT keep in mind that static NAT require that YOU MUST HAVE ONE REAL INTERNET IP ADDRESS FOR EVERY HOST ON YOUR NETWORK. Dynamic NAT:- this gives the ability to map an unregistered ip address with a registered ip address from out of pool of ip addresses. you donโ€™t have to statically configure your router to map an inside address with an outside address like in static NAT. But you must have the sufficient number of ip addresses for every user who`s going to transfer packets with internet NAT overloading{(PAT-Port Address Translation)}:- this is the most popular type of the NAT configuration it is the type of dynamic NAT. that maps multiple local ip addresses with a single registered ip addresses. __Many โ€“to-One. But it is mostly used because of its feature of using the special port number for every translated addresses with the global ip address through which we can attach unlimited no. of users with the internet using a single ip address only NAT overloading{(PAT-Port Address Translation)}:- this is the most popular type of the NAT configuration it is the type of dynamic NAT. that maps multiple local ip addresses with a single registered ip addresses. Many โ€“to-One. But it is mostly used because of its feature of using the special port number for every translated addresses with the global ip address through which we can attach unlimited no. of users with the internet using a single ip address only ICND v2.0โ€”6-8
An IP address is either local or global. ICND v2.0โ€”6-9 โ€ข โ€ข Local IP addresses are seen in the inside network.
ICND v2.0โ€”6-10
VPN โ€ข VPN stands for Virtual Private Network. โ€ข A virtual private network offers a higher degree of protection and privacy as youโ€™re surfing the web, whether at home or outside. โ€ข A VPN creates a secure connection over public networks (such as the wi-fi in public transport, hotels, or your favorite cafรฉ) as well as home networks. โ€ข Not only do they provide better security for you and your devices, but they can also help you bypass censorship and access geographically blocked content on the internet from anywhere! โ€ข It lets you remotely connect to a private network. 11
VPN โ€ข A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. โ€ข Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection. 12
Types of VPN 13 There are two basic VPN types : I. RemoteAccess VPN II. Site โ€“ to โ€“ Site VPN III. SSL VPN
Remote access VPN 14 โ€ข Remote access VPN allows a user to connect to a private network and access its services and resources remotely. The connection between the user and the private network happens through the Internet and the connection is secure and private. Allow employees to access the companyโ€™s internet from outside the office.
Site-to-site VPN 15 โ€ข Site-to-site VPNs allow collaborators in geographically disparate offices to share the same virtual network. โ€ข Basically, Site-to-site VPN create a virtual bridge between the networks at geographically distant offices and connect them through the Internet and maintain a secure and private communication between the networks. โ€ข Site-to-site VPN to connect the network of one office location to the network at another office location
VPN systems 16 VPN systems may be classified by: ๏‚ง the tunneling protocol used to tunnel the traffic ๏‚ง the tunnel's termination point location, e.g., on the customer edge or network-provider edge ๏‚ง the type of topology of connections, such as site-to-site or network-to- network ๏‚ง the levels of security provided ๏‚ง the OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity ๏‚ง the number of simultaneous connections
Secure VPN protocols include the following: 17 โ€ข Internet Protocol Security (IPsec) โ€ข Transport Layer Security (SSL/TLS) โ€ข Datagram Transport Layer Security (DTLS) โ€ข Microsoft Point-to-Point Encryption (MPPE) โ€ข Microsoft Secure Socket Tunnelling Protocol (SSTP) โ€ข Multi Path Virtual Private Network (MPVPN). โ€ข Secure Shell (SSH) VPN
Vpn Authentication 18 โ€ข User-created remote-access VPNs may use passwords, biometrics, two- factor authentication or other cryptographic methods โ€ข Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator.
Vpn Routing 19 โ€ข Tunnelling protocols can operate in a point-to-point network topology that would theoretically not be considered a VPN because a VPN by definition is expected to support arbitrary and changing sets of network nodes โ€ข But since most router implementations support a software-defined tunnel interface, customer-provisioned VPNs often are simply defined tunnels running conventional routing protocols
Unencrypted tunnels 20 โ€ข Some virtual networks use tunneling protocols without encryption for protecting the privacy of data. While VPNs often do provide security, an unencrypted overlay network does not neatly fit within the secure or trusted categorization. For example, a tunnel set up between two hosts with Generic Routing Encapsulation (GRE) is a virtual private network but is neither secure nor trusted.
Trusted delivery networks: 21 Trusted VPNs do not use cryptographic tunneling; instead they rely on the security of a single provider's network to protect the traffic. โ€ข Multi-Protocol Label Switching (MPLS) often overlays VPNs, often with quality-of-service control over a trusted delivery network. โ€ข L2TP which is a standards-based replacement, and a compromise taking the good features from each, for two proprietary VPN protocols: Cisco's Layer 2 Forwarding (L2F) (obsolete as of 2009) and Microsoft's Point-to-Point Tunneling Protocol (PPTP).
VPNs vs Proxy Servers 22 โ€ข A proxy server is a middle man that masks your IP address on the internet, without doing anything to secure your data. If changing your IP address is the only task youโ€™re looking for, a proxy might be a good option. โ€ข However, a VPN will change your IP address while also encrypting your information. You can think of it as a two in one service. amazing properties: โ€ข It's fast. โ€ข It's easy to take with you wherever you go. โ€ข It's able to completely hide you from any other boats or submarines. โ€ข It's dependable. โ€ข It costs little to add additional submarines to your fleet once you've purchased the first one.
Thank you

More Related Content

PPTX
VPN & FIREWALL
Moin Islam
ย 
PPTX
WLAN:VPN Security
@zenafaris91
ย 
PDF
Cryptography and network security.
RAVI RAJ
ย 
PPT
Vpn
Kajal Thakkar
ย 
PDF
Husky VPN.pdf
Vograce
ย 
PPTX
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
ย 
DOCX
Virtual Private Network
Richa Singh
ย 
PPTX
Virtual Private Network
HASHIR RAZA
ย 
VPN & FIREWALL
Moin Islam
ย 
WLAN:VPN Security
@zenafaris91
ย 
Cryptography and network security.
RAVI RAJ
ย 
Vpn
Kajal Thakkar
ย 
Husky VPN.pdf
Vograce
ย 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
ย 
Virtual Private Network
Richa Singh
ย 
Virtual Private Network
HASHIR RAZA
ย 

Similar to IPS NAT and VPN.pptx (20)

PDF
VPN (virtual private network)
Netwax Lab
ย 
PDF
Ch18 Internet Security
phanleson
ย 
PPTX
MVA slides lesson 8
Fabio Almeida- Oficina Eletrรดnica
ย 
PPTX
98 366 mva slides lesson 8
suddenven
ย 
PPT
Shradhamaheshwari vpn
Shradha Maheshwari
ย 
PPT
Vpn networks kami
kamran_share
ย 
PPT
V P N
bhathiji
ย 
PPTX
CCNA CCNP Basics for your mid term vivaa
OnkarSingh642357
ย 
PPTX
6-virtualprivatenetworkvpndsfsdfsdf-111113032322-phpapp01.pptx
softwarefull2
ย 
PDF
Network Concepts
Rajamanickam Gomathijayam
ย 
DOCX
Firewall configuration
Nutan Kumar Panda
ย 
PPT
Vpn rsvp
Swarup Kumar Mall
ย 
PDF
IP Security One problem with Internet protocol (IP) is that it has.pdf
solimankellymattwe60
ย 
PPTX
Insights of vpn
Harshika Rana
ย 
PPSX
Firewall & its Services
Navdeep Dhingra
ย 
PPT
Network and security concepts
sonuagain
ย 
PPT
VPN
Swarup Kumar Mall
ย 
PPT
Vp ns
Swarup Kumar Mall
ย 
PPT
cyber forensics-enum,sniffing,malware threat.ppt
mcjaya2024
ย 
PDF
IP security and VPN presentation
KishoreTs3
ย 
VPN (virtual private network)
Netwax Lab
ย 
Ch18 Internet Security
phanleson
ย 
MVA slides lesson 8
Fabio Almeida- Oficina Eletrรดnica
ย 
98 366 mva slides lesson 8
suddenven
ย 
Shradhamaheshwari vpn
Shradha Maheshwari
ย 
Vpn networks kami
kamran_share
ย 
V P N
bhathiji
ย 
CCNA CCNP Basics for your mid term vivaa
OnkarSingh642357
ย 
6-virtualprivatenetworkvpndsfsdfsdf-111113032322-phpapp01.pptx
softwarefull2
ย 
Network Concepts
Rajamanickam Gomathijayam
ย 
Firewall configuration
Nutan Kumar Panda
ย 
Vpn rsvp
Swarup Kumar Mall
ย 
IP Security One problem with Internet protocol (IP) is that it has.pdf
solimankellymattwe60
ย 
Insights of vpn
Harshika Rana
ย 
Firewall & its Services
Navdeep Dhingra
ย 
Network and security concepts
sonuagain
ย 
VPN
Swarup Kumar Mall
ย 
Vp ns
Swarup Kumar Mall
ย 
cyber forensics-enum,sniffing,malware threat.ppt
mcjaya2024
ย 
IP security and VPN presentation
KishoreTs3
ย 
Ad

More from karthikvcyber (20)

PPTX
Security Incident machnism Security Incident machnismSecurity Incident machni...
karthikvcyber
ย 
PPTX
Security Information Event Management Security Information Event Management
karthikvcyber
ย 
PPTX
cybersecuritycybersecuritycybersecuritycybersecurity
karthikvcyber
ย 
PDF
Standards & Framework.pdf
karthikvcyber
ย 
PPT
Standards & Framework.ppt
karthikvcyber
ย 
PPTX
OSINT.pptx
karthikvcyber
ย 
PPTX
Encrypto.pptx
karthikvcyber
ย 
PPTX
PID-PPID.pptx
karthikvcyber
ย 
PPTX
Authentication.pptx
karthikvcyber
ย 
PPTX
SIEM.pptx
karthikvcyber
ย 
PPTX
VAPT_FINAL SLIDES.pptx
karthikvcyber
ย 
PPTX
cryptography-Final.pptx
karthikvcyber
ย 
PPTX
fileanddirectory-PID.pptx
karthikvcyber
ย 
PPT
CS_Tuto.ppt
karthikvcyber
ย 
PPT
Vuln.ppt
karthikvcyber
ย 
PPTX
IP_Subnet training.pptx
karthikvcyber
ย 
PPTX
Authorisation.pptx
karthikvcyber
ย 
PPT
CCNP.ppt
karthikvcyber
ย 
PPTX
subnet.pptx
karthikvcyber
ย 
PPTX
OSI TCP-IP.pptx
karthikvcyber
ย 
Security Incident machnism Security Incident machnismSecurity Incident machni...
karthikvcyber
ย 
Security Information Event Management Security Information Event Management
karthikvcyber
ย 
cybersecuritycybersecuritycybersecuritycybersecurity
karthikvcyber
ย 
Standards & Framework.pdf
karthikvcyber
ย 
Standards & Framework.ppt
karthikvcyber
ย 
OSINT.pptx
karthikvcyber
ย 
Encrypto.pptx
karthikvcyber
ย 
PID-PPID.pptx
karthikvcyber
ย 
Authentication.pptx
karthikvcyber
ย 
SIEM.pptx
karthikvcyber
ย 
VAPT_FINAL SLIDES.pptx
karthikvcyber
ย 
cryptography-Final.pptx
karthikvcyber
ย 
fileanddirectory-PID.pptx
karthikvcyber
ย 
CS_Tuto.ppt
karthikvcyber
ย 
Vuln.ppt
karthikvcyber
ย 
IP_Subnet training.pptx
karthikvcyber
ย 
Authorisation.pptx
karthikvcyber
ย 
CCNP.ppt
karthikvcyber
ย 
subnet.pptx
karthikvcyber
ย 
OSI TCP-IP.pptx
karthikvcyber
ย 
Ad

Recently uploaded (20)

PDF
โ€œGoogle Algorithm Updates in 2025 Guideโ€
soohhhnah
ย 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
ย 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
ย 
PDF
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
ย 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
ย 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
ย 
PPTX
durere- in cancer tu ttresjjnklj gfrrjnrs mhugyfrd
Serban Elena
ย 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
ย 
PDF
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
ย 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
ย 
PDF
๐Ÿ’ฐ ๐”๐Š๐“๐ˆ ๐Š๐„๐Œ๐„๐๐€๐๐†๐€๐ ๐Š๐ˆ๐๐„๐‘๐Ÿ’๐ƒ ๐‡๐€๐‘๐ˆ ๐ˆ๐๐ˆ ๐Ÿ๐ŸŽ๐Ÿ๐Ÿ“ ๐Ÿ’ฐ
GRAB
ย 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
ย 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
ย 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
ย 
PPTX
PPT_M4.3_WORKING WITH SLIDES APPLIED.pptx
MCEAMONVILLAVER
ย 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
ย 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
ย 
PPTX
ppt for upby gurvinder singh padamload.pptx
rocky1808
ย 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
ย 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
ย 
โ€œGoogle Algorithm Updates in 2025 Guideโ€
soohhhnah
ย 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
ย 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
ย 
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
ย 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
ย 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
ย 
durere- in cancer tu ttresjjnklj gfrrjnrs mhugyfrd
Serban Elena
ย 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
ย 
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
ย 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
ย 
๐Ÿ’ฐ ๐”๐Š๐“๐ˆ ๐Š๐„๐Œ๐„๐๐€๐๐†๐€๐ ๐Š๐ˆ๐๐„๐‘๐Ÿ’๐ƒ ๐‡๐€๐‘๐ˆ ๐ˆ๐๐ˆ ๐Ÿ๐ŸŽ๐Ÿ๐Ÿ“ ๐Ÿ’ฐ
GRAB
ย 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
ย 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
ย 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
ย 
PPT_M4.3_WORKING WITH SLIDES APPLIED.pptx
MCEAMONVILLAVER
ย 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
ย 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
ย 
ppt for upby gurvinder singh padamload.pptx
rocky1808
ย 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
ย 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
ย 

IPS NAT and VPN.pptx

  • 1. IDS, IPS, NAT and VPN
  • 2. What is an Intrusion Detection System (IDS)? ๐Ÿ ถ Itโ€™s a technique of detecting unauthorized access to a computer system or a computer network. ๐Ÿ ถ The detection techniques used by IDS are as follows: 1. Signature based Intrusion Detection Technique 2. Anomaly based Intrusion Detection Technique ๐Ÿ ถ Signature based detection scan all the packet on the network and compare them against the database of signatures. Example: E-mail an attachment filename of โ€œfreepics.exeโ€, which are characteristics of a known form of malware. ๐Ÿ ถ Anomaly based detection perform comparison against the established baseline. Example: The number of failed login attempts for a host, and the level of processor usage for a host in a given period of time.
  • 3. What is Intrusion Prevention System (IPS)? ๐Ÿ ถ They not only detect the intrusion but also take some preventive actions and defend the network by stopping the intruders. ๐Ÿ ถ The detection techniques used by IPS are as follows: 1. Network-based Intrusion Prevention System (NIPSs) 2. Host-based Intrusion Prevention System (HIPSs) ๐Ÿ ถ NIPSs performs packet sniffing and analyze network traffic to identify and stop suspicious activity. ๐Ÿ ถ HIPSs monitors the characteristics & events of a single host, such as monitoring network traffic, system logs, running processes, file access and modification, and system and application configuration changes.
  • 4. Honey token systems ๐Ÿ ถ Honey token is the security tool used for the purpose of intrusion detection. ๐Ÿ ถ Its concept is derived from honeypots and honeynets ๐Ÿ ถ A honeypot system is designed to attract hackers. ๐Ÿ ถ After an intrusion, network administrators and security specialists can determine how the attacker succeeded. ๐Ÿ ถ Then prevent subsequent attacks, and identify security gaps.
  • 5. Conclusion ๐Ÿ ถ Honeypot technology has matured after a leap in its development. ๐Ÿ ถ This technology aims to lure hackers to a decoy system, thus delaying the attack and providing network security specialists a window of opportunity to prevent the threat. ๐Ÿ ถ The technology allows system administrators to know the launch address, verify if the security strategy is effective, and determine if the defense line is solid. ๐Ÿ ถ Network security can be improved when such technologies are combined with the honeypot system. ๐Ÿ ถ We believe that honeypot technology will play a crucial role in global network security.
  • 7. Intro to NAT/PAT ยฉ 2002, Cisco Systems, Inc. All rights reserved. ICND v2.0โ€”6-7 7 NAT :- the NETWORK ADDRESS TRANSLATION is used to translate the local ip address on a network with the global or public ip addresses. Requirement of NAT when.. 1.you need to connect to the Internet and your hosts donโ€™t have global unique ip addresses. We are using private addresses. 2. You change your network to another ISP and that require to renumber your network. Then using the nat we didnโ€™t need to change our ip addresses. 3. You need to merge two internets with duplicate addresses. 4.No any host from the foreign network can access our local network. Local network security.
  • 8. NAT typesโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆ Static NAT:- it is the type of Nat that is designed to allow One-to-one mapping between the local ip addresses and global ip addresses. BUT keep in mind that static NAT require that YOU MUST HAVE ONE REAL INTERNET IP ADDRESS FOR EVERY HOST ON YOUR NETWORK. Dynamic NAT:- this gives the ability to map an unregistered ip address with a registered ip address from out of pool of ip addresses. you donโ€™t have to statically configure your router to map an inside address with an outside address like in static NAT. But you must have the sufficient number of ip addresses for every user who`s going to transfer packets with internet NAT overloading{(PAT-Port Address Translation)}:- this is the most popular type of the NAT configuration it is the type of dynamic NAT. that maps multiple local ip addresses with a single registered ip addresses. __Many โ€“to-One. But it is mostly used because of its feature of using the special port number for every translated addresses with the global ip address through which we can attach unlimited no. of users with the internet using a single ip address only NAT overloading{(PAT-Port Address Translation)}:- this is the most popular type of the NAT configuration it is the type of dynamic NAT. that maps multiple local ip addresses with a single registered ip addresses. Many โ€“to-One. But it is mostly used because of its feature of using the special port number for every translated addresses with the global ip address through which we can attach unlimited no. of users with the internet using a single ip address only ICND v2.0โ€”6-8
  • 9. An IP address is either local or global. ICND v2.0โ€”6-9 โ€ข โ€ข Local IP addresses are seen in the inside network.
  • 11. VPN โ€ข VPN stands for Virtual Private Network. โ€ข A virtual private network offers a higher degree of protection and privacy as youโ€™re surfing the web, whether at home or outside. โ€ข A VPN creates a secure connection over public networks (such as the wi-fi in public transport, hotels, or your favorite cafรฉ) as well as home networks. โ€ข Not only do they provide better security for you and your devices, but they can also help you bypass censorship and access geographically blocked content on the internet from anywhere! โ€ข It lets you remotely connect to a private network. 11
  • 12. VPN โ€ข A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. โ€ข Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection. 12
  • 13. Types of VPN 13 There are two basic VPN types : I. RemoteAccess VPN II. Site โ€“ to โ€“ Site VPN III. SSL VPN
  • 14. Remote access VPN 14 โ€ข Remote access VPN allows a user to connect to a private network and access its services and resources remotely. The connection between the user and the private network happens through the Internet and the connection is secure and private. Allow employees to access the companyโ€™s internet from outside the office.
  • 15. Site-to-site VPN 15 โ€ข Site-to-site VPNs allow collaborators in geographically disparate offices to share the same virtual network. โ€ข Basically, Site-to-site VPN create a virtual bridge between the networks at geographically distant offices and connect them through the Internet and maintain a secure and private communication between the networks. โ€ข Site-to-site VPN to connect the network of one office location to the network at another office location
  • 16. VPN systems 16 VPN systems may be classified by: ๏‚ง the tunneling protocol used to tunnel the traffic ๏‚ง the tunnel's termination point location, e.g., on the customer edge or network-provider edge ๏‚ง the type of topology of connections, such as site-to-site or network-to- network ๏‚ง the levels of security provided ๏‚ง the OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity ๏‚ง the number of simultaneous connections
  • 17. Secure VPN protocols include the following: 17 โ€ข Internet Protocol Security (IPsec) โ€ข Transport Layer Security (SSL/TLS) โ€ข Datagram Transport Layer Security (DTLS) โ€ข Microsoft Point-to-Point Encryption (MPPE) โ€ข Microsoft Secure Socket Tunnelling Protocol (SSTP) โ€ข Multi Path Virtual Private Network (MPVPN). โ€ข Secure Shell (SSH) VPN
  • 18. Vpn Authentication 18 โ€ข User-created remote-access VPNs may use passwords, biometrics, two- factor authentication or other cryptographic methods โ€ข Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator.
  • 19. Vpn Routing 19 โ€ข Tunnelling protocols can operate in a point-to-point network topology that would theoretically not be considered a VPN because a VPN by definition is expected to support arbitrary and changing sets of network nodes โ€ข But since most router implementations support a software-defined tunnel interface, customer-provisioned VPNs often are simply defined tunnels running conventional routing protocols
  • 20. Unencrypted tunnels 20 โ€ข Some virtual networks use tunneling protocols without encryption for protecting the privacy of data. While VPNs often do provide security, an unencrypted overlay network does not neatly fit within the secure or trusted categorization. For example, a tunnel set up between two hosts with Generic Routing Encapsulation (GRE) is a virtual private network but is neither secure nor trusted.
  • 21. Trusted delivery networks: 21 Trusted VPNs do not use cryptographic tunneling; instead they rely on the security of a single provider's network to protect the traffic. โ€ข Multi-Protocol Label Switching (MPLS) often overlays VPNs, often with quality-of-service control over a trusted delivery network. โ€ข L2TP which is a standards-based replacement, and a compromise taking the good features from each, for two proprietary VPN protocols: Cisco's Layer 2 Forwarding (L2F) (obsolete as of 2009) and Microsoft's Point-to-Point Tunneling Protocol (PPTP).
  • 22. VPNs vs Proxy Servers 22 โ€ข A proxy server is a middle man that masks your IP address on the internet, without doing anything to secure your data. If changing your IP address is the only task youโ€™re looking for, a proxy might be a good option. โ€ข However, a VPN will change your IP address while also encrypting your information. You can think of it as a two in one service. amazing properties: โ€ข It's fast. โ€ข It's easy to take with you wherever you go. โ€ข It's able to completely hide you from any other boats or submarines. โ€ข It's dependable. โ€ข It costs little to add additional submarines to your fleet once you've purchased the first one.