网络安全PPT讲义课件.ppt

* * John discussed many of the security issues facing corporations today * Theme: VPNs are being deployed today Points to Cover: VPNs are not something being looked at for future use, but are being deployed today. They are being used by major corporations from all industries, from finance to healthcare to manufacturing. The major reason for deploying VPNs is the cost savings associated with eliminating dedicated lines, frame relay, and dial-up lines (either WATS or long distance) * Theme: Common methods of authenticating in IPSec Points IPSec is not built to authenticate individual users. Rather it authenticates entities, or machines, in two ways – shared secrets or digital certificates. Shared secrets are the simplest way to set up a VPN. Two parties share a “key”, or a string of alphanumeric characters, that no one else knows and is used to encrypt data. A shared secret encrypts data very efficiently Because only these two parties know the key, only they can participate in the VPN. However, if that key becomes exposed, then the key must be changed or the data is at risk. Also, because different keys are used for all parties, it does not scale well. As more people participate in a VPN, the number of keys needed grows geometrically and cannot be managed. To address this, the public key infrastructure was created. It is also called a public/private key system, because each entity has a private key which no one else knows and a public key which is vouched for by a trusted third party, known as a certificate authority. This public key is stored in a certificate. PKI is good for authenticating entities because the combination of public and private key can be used to irrefutably determine that only this one entity could have signed and sent this message. The RSA Keon solution provides a wonderful method of establishing a PKI. However, PKI is not efficient enough for encrypting large amounts of information, so another method needed to be created to transfer the