Building Blocks Technologies

Training Services
Course Develsopment Services
Training Instruction Services Consulting Services

Services

Technology Training: Communications Courses: Networking Foundations: VPN Technologies

Course Objectives:

Upon completion of this course the student will be able to:

  • Define a Virtual Private Network
  • Differentiate the popular VPN architectures
  • Compare and contrast the protocols, technologies, and products that are used in a VPN solution
  • Explain the security solutions used in VPNs
  • Explain how encryption is used to enable privacy
  • Describe how digital certificates provide authentication
  • Describe the operation of different tunnelling protocols

Course Type:

The course is taught in class with an instructor. This course is one day in length.

Prerequisite:

An understanding of IP networking, security protocols, and general data communication is recommended. Network Foundations: Internetworking Level II.

Audience:

Individuals that need to implement or support Virtual Private Networks specifically Systems Engineers, Network Administrators, Network Consultants, and Security Planners, should attend.

Course Description:

This course provides the student with the resources to gain knowledge in the area of Virtual Private Networks. Through a series of discussions and illustrations, the student participates in several major topics. The course builds a foundation by describing the traditional model used for transferring information and defining a VPN. The student then participates in discussions regarding different applications for VPN. There are detailed discussions on the protocols, which are used to implement VPN services, including layer 2 and layer 3 VPN protocols. The course wraps up with discussions on the implications and ramifications of deploying VPN devices in different configurations within a network

Course Outline:

Introduction to Networking

  • Circuit Switched vs. Packet Switched
  • The Internet Overview
  • Network Layers Explained
  • Routing vs. Switching
  • Intranets and Extranets
  • VPN Applications
  • Remote Access
  • LAN-to-LAN
  • Corporate Intranets

Network Security Concepts

  • Issues and Risks
  • Authentication
  • Access control
  • Confidentiality
  • Data integrity
  • Non-repudiation
  • Spoofing
  • Man-in-the-Middle
  • Session Hijacking

General Encryption

  • Basics of Cryptography
  • Cryptographic Techniques
  • Block mode vs. Bit Mode
  • Electronic Code Book
  • Cipher Block Chaining
  • Cipher Feedback
  • Output Feedback
  • The RSA model
  • The PGP model
  • The Diffie-Hellman algorithm
  • Encryption and Digital Certificates
  • PKI architecture

Digital Signatures

  • Digital Signatures Overview
  • Message Authentication Codes
  • Digital Certificates
  • Certificate Authorities
  • Hierarchy of Certificates
  • Digital Signature Attacks
  • The Digital Signature Standard
  • DSS Security Requirements

User Authentication

  • Authentication Servers and Passwords
  • PAP and CHAP
  • Biometrics
  • Token Cards
  • Secure authentication servers
  • Digital Certificates
  • Overview Architecture and Examples

VPN Tunnelling Overview

  • How tunnelling works and why it is used
  • Examples of Tunnelling
  • LAN-to-LAN tunnelling
  • Tunnelling over IP
  • Routing Issues
  • VPN and Proxy Servers
  • VPN and Firewalls
  • VPN and Routers
  • Routers vs. a VPN Device
  • Compulsory vs. Voluntary Tunnels
  • Tunnelling models
  • Service Provider to Service Provider
  • Enterprise to Service Provider
  • Enterprise to Enterprise

L2 Tunnelling protocols

  • Layer 2 Tunnelling Overview
  • Point to Point Tunnelling Protocol
  • Overview
  • Architecture of PPTP
  • Applications of PPTP
  • PPTP Messages
  • PPTP Encoding
  • Operation
  • Layer 2 Forwarding
  • Architecture of L2F
  • Applications of L2F
  • L2F Messages
  • L2F Encoding
  • Operation
  • Layer 2 Tunnelling Protocol
  • Overview
  • Architecture of L2TP
  • Applications of L2TP
  • L2TP Messages
  • L2TP Encoding
  • Operation

IPsec In Detail

  • IPsec architecture
  • Benefits of IPsec
  • Transit vs. Tunnel Mode
  • Authentication Header Services
  • Authentication Header Encoding
  • Encapsulating Security Payload
  • Encapsulating Security Payload Encoding
  • Security Associations
  • Internet Key Exchange (IKE)
  • ISAKMP overview
  • Main Mode vs. Aggressive Mode
  • Quick Mode
  • Issues in IPsec implementation

Tunnelling and MPLS

  • Introduction of MPLS
  • Applications and Benefits
  • Concepts of MPLS
  • Label Switching
  • Label
  • Label Switch Router
  • Label Switch Path
  • Forward Equivalence Class
  • Creating a Label Switch Patch
  • Operation of MPLS
  • Using MPLS for a VPN
  • Examples of an MPLS/VPN

Planning a VPN

  • Determining needs
  • Choosing the architecture and topology
  • Setting standards
  • Planning for legacy, non-compatible or ‘non-standard’ applications and platforms
  • Picking solutions
  • Planning for related projects (directories, PKI, etc.)
  • Defining Quality of service

Conclusion