Carrier protocol:
The protocol over which the information is traveling (Frame Relay, ATM, MPLS).
Encapsulating protocol:
The protocol that is wrapped around the original data (GRE, IPSec, L2F, PPTP, L2TP).
Passenger protocol:
The protocol over which the original data was being carried (IPX, AppleTalk, IPv4, IPv6).
Data Encryption Standard (DES) algorithm – Developed by IBM, DES uses a 56-bit key, ensuring high-performance encryption. DES is a symmetric key cryptosystem. Symmetric and asymmetric keys are explained below.
Triple DES (3DES) algorithm – A newer variant of DES that encrypts with one key, decrypts with another different key, and then encrypts one final time with another key. 3DES provides significantly more strength to the encryption process.
Advanced Encryption Standard (AES) – The National Institute of Standards and Technology (NIST) adopted AES to replace the existing DES encryption in cryptographic devices. AES provides stronger security than DES and is computationally more efficient than 3DES. AES offers three different key lengths: 128, 192, and 256-bit keys.
Rivest, Shamir, and Adleman (RSA) – An asymmetrical key cryptosystem. The keys use a bit length of 512, 768, 1024, or larger.
Peer authentication methods:
RSA signatures
PSKs
DES – Encrypts and decrypts packet data.
3DES – Provides significant encryption strength over 56-bit DES.
AES – Provides stronger encryption, depending on the key length used, and faster throughput.
MD5 – Authenticates packet data, using a 128-bit shared secret key.
SHA-1 – Authenticates packet data, using a 160-bit shared secret key.
DH – Allows two parties to establish a shared secret key used by encryption and hash algorithms, for example, DES and MD5, over an insecure communications channel.
AH provides the following:
Authentication
Integrity
ESP provides the following:
Confidentiality
Authentication
Integrity
Frequency is the rate at which current (or voltage) cycles occur, computed as the number of “waves” per second. Wavelength is the speed of propagation of the electromagnetic signal divided by its frequency in cycles per second.
Downstream – The direction of an RF signal transmission (TV channels and data) from the source (headend) to the destination (subscribers). Transmission from source to destination is called the forward path. Downstream frequencies are in the range of 50 to 860 megahertz (MHz).
Upstream – The direction of the RF signal transmission from subscribers to the headend, or the return or reverse path. Upstream frequencies are in the range of 5 to 42 MHz.
The room is full of people needing to speak to one another-in other words, needing channel access. One solution is for the people to take turns speaking (time division). Another is for each person to speak at different pitches (frequency division). In CDMA, they would speak different languages. People speaking the same language can understand each other, but not other people.
Data confidentiality – A common security concern is protecting data from eavesdroppers. As a design feature, data confidentiality aims at protecting the contents of messages from interception by unauthenticated or unauthorized sources. VPNs achieve confidentiality using mechanisms of encapsulation and encryption.
Data integrity – Receivers have no control over the path the data has traveled and therefore do not know if the data has been seen or handled while it journeyed across the Internet. There is always the possibility that the data has been modified. Data integrity guarantees that no tampering or alterations occur to data while it travels between the source and destination. VPNs typically use hashes to ensure data integrity. A hash is like a checksum or a seal that guarantees that no one has read the content, but it is more robust. Hashes are explained in the next topic.
Authentication – Authentication ensures that a message comes from an authentic source and goes to an authentic destination. User identification gives a user confidence that the party with whom the user establishes communications is who the user thinks the party is. VPNs can use passwords, digital certificates, smart cards, and biometrics to establish the identity of parties at the other end of a network.
Data Confidentiality Protects data from eavesdroppers
Data Integrity Guarantees that no tampering or alterations occur.
Authentication Ensures that only authorized senders and devices enter the network.
Leave a Reply