1
00:00:00,830 --> 00:00:05,040
Let's say a few words about other services that can improve the security of your network.

2
00:00:06,240 --> 00:00:13,270
First of these is that the network address translation service the service appeared in response to a

3
00:00:13,270 --> 00:00:16,140
diminishing number of public IP addresses.

4
00:00:21,050 --> 00:00:29,640
That's why in the IP version 4 networks some of the following addresses are often used from $10 0 0

5
00:00:29,880 --> 00:00:48,790
0 to 10 to 5 5 5 5 2 5 5 single class a network from 1 7 to 16 0 0 to 1 7 2 3 1 2 5 5 2 5 5 16 adjacent

6
00:00:48,790 --> 00:00:50,030
class-B networks

7
00:00:52,730 --> 00:01:06,400
from 1 9 2 1 6 8 0 0 2 1 9 2 1 6 8 2 5 5 2 5 5 256 adjacent class C networks.

8
00:01:06,500 --> 00:01:12,870
These are private addresses that are not ratable on the Internet their advantage is that you can assign

9
00:01:12,870 --> 00:01:20,030
them all by yourself without consulting the local I.A. representative you do not have to pay for it.

10
00:01:20,950 --> 00:01:26,020
However a computer with any of the addresses from the range specified on the slide will not be able

11
00:01:26,020 --> 00:01:28,080
to get through to any host on the Internet.

12
00:01:30,950 --> 00:01:33,120
This is not entirely true.

13
00:01:33,320 --> 00:01:40,410
After all we have private addresses and yet we can connect to the Internet the service enables us to

14
00:01:40,410 --> 00:01:41,120
do so.

15
00:01:42,300 --> 00:01:46,170
It changes the addresses of the packets that passed through it.

16
00:01:46,290 --> 00:01:50,460
That's why the service is usually provided by the routers.

17
00:01:50,570 --> 00:01:54,950
We have three types of the address translation.

18
00:01:55,200 --> 00:01:58,360
You can see the source address translation in the picture below.

19
00:01:59,960 --> 00:02:08,960
As you can see the incoming address is changed into a public address 1 9 2 1 6 8 0 0 0 1 from the IP

20
00:02:08,960 --> 00:02:17,640
address field is changed into for example 10 10 that 100 not 100 and that's how a packet makes its way

21
00:02:17,640 --> 00:02:20,240
to the Internet.

22
00:02:20,360 --> 00:02:24,920
The response will be directed to the net server which will then forward it to the corresponding computer

23
00:02:24,920 --> 00:02:28,200
with a private address.

24
00:02:28,200 --> 00:02:34,840
However this solution is rarely used destination address translation allows you to connect to a computer

25
00:02:34,840 --> 00:02:36,390
with a private address.

26
00:02:36,520 --> 00:02:44,600
You can act as for an example a web server from the outside from the internet most often used however

27
00:02:44,670 --> 00:02:52,100
is IP version 4 address masking.

28
00:02:52,180 --> 00:02:58,730
The mechanism is presented in the picture below the entire pool of addresses is changed into one public

29
00:02:58,730 --> 00:02:59,670
address.

30
00:02:59,930 --> 00:03:06,140
The net server has a session history the response which will come to one public address will be associated

31
00:03:06,140 --> 00:03:10,230
with a session established by a particular private computer.

32
00:03:10,350 --> 00:03:12,810
The response will be sent to this particular computer

33
00:03:15,350 --> 00:03:22,360
network address translation improve security of networks all computers are treated as one computer with

34
00:03:22,360 --> 00:03:27,350
a single address this of course has its advantages and drawbacks

35
00:03:29,990 --> 00:03:34,350
all communications between computers passes through the net server.

36
00:03:34,450 --> 00:03:39,270
It is not possible to get through to a computer with a private non readable address from the outside

37
00:03:44,710 --> 00:03:50,430
and other improvements in network security comes from proxy servers they're working principle is very

38
00:03:50,430 --> 00:03:55,380
simple they used to be used to improve the performance of certain services.

39
00:03:57,230 --> 00:04:03,090
When you want to connect to a remote server you really connect to an intermediary server a proxy server

40
00:04:04,710 --> 00:04:11,220
the proxy server will forward your request on your behalf because a proxy server executes requests of

41
00:04:11,220 --> 00:04:13,080
multiple computers.

42
00:04:13,110 --> 00:04:16,550
There's a good chance that different computers report the same request.

43
00:04:18,410 --> 00:04:25,980
If the data is buffered or cached properly the proxy server does not need to connect to a remote computer.

44
00:04:26,000 --> 00:04:33,510
This is the basis for optimal performance since all requests of that type pass through a proxy server

45
00:04:34,200 --> 00:04:40,890
the server administrator is able to filter requests that can decide for example that certain Web sites

46
00:04:40,890 --> 00:04:45,290
can be visited while others may not.

47
00:04:45,310 --> 00:04:49,440
That can also decide the executable attachments may not be downloaded from the Internet

48
00:04:52,220 --> 00:04:53,420
security wise.

49
00:04:53,480 --> 00:04:58,490
It is interesting that if an attacker manages to run a proxy server and redirect your communication

50
00:04:58,490 --> 00:05:04,740
to the server which is not so difficult that he will be able to modify the request dynamically.

51
00:05:06,870 --> 00:05:12,150
The attacker does not control your host or the target server but the request for example to display

52
00:05:12,150 --> 00:05:18,150
a web page can be modified in real time and instantly forward.

53
00:05:18,210 --> 00:05:23,250
The most common way in which a request can be modified consists of attaching to a request to display

54
00:05:23,250 --> 00:05:30,190
a web page the request to display an invisible point on the computer controlled by the attacker when

55
00:05:30,190 --> 00:05:34,560
you download data from a specific page its entire contents are displayed.

56
00:05:36,230 --> 00:05:40,060
Invisible pictures should also be displayed although you can't see it.

57
00:05:40,060 --> 00:05:43,230
It was most likely downloaded from the attackers computer.

58
00:05:45,070 --> 00:05:49,870
In order for the picture to be downloaded the client computer must connect to the attackers computer

59
00:05:51,970 --> 00:05:53,510
in Windows systems.

60
00:05:53,590 --> 00:05:58,060
Establishing a connection with a remote host entails sending credentials.

61
00:05:58,060 --> 00:06:02,430
That is the user authentication data.

62
00:06:02,580 --> 00:06:06,050
In this way the attacker obtains users log ins and passwords.

63
00:06:07,600 --> 00:06:11,400
They are encrypted but usually quite easy to decipher later on.

64
00:06:17,800 --> 00:06:24,000
Now let's say a few words about remote access protocols and the network quarantine service.

65
00:06:24,160 --> 00:06:32,060
Today when we're talking about the remote access we usually mean VPN networks Dial-Up remote access

66
00:06:32,150 --> 00:06:39,080
either through analog or dedicated connection is no longer used the VPN establishes a tunnel through

67
00:06:39,080 --> 00:06:40,930
the public connection.

68
00:06:40,970 --> 00:06:46,400
It's assumed that it's secure when you use a public connection.

69
00:06:46,400 --> 00:06:50,540
The data you send must be encrypted and its authenticity confirmed.

70
00:06:52,130 --> 00:06:59,780
The ATP point to point tunneling protocol is responsible for ensuring that there is also another VPN

71
00:06:59,780 --> 00:07:05,650
protocol the two T.P. which we'll discuss later on.

72
00:07:05,700 --> 00:07:12,160
Apart from the implementation details of the ETP two things are important from the perspective of administrators

73
00:07:14,050 --> 00:07:19,780
the ATP which is Microsoft's original product is not universal.

74
00:07:19,830 --> 00:07:23,810
It works only on Microsoft systems and within Microsoft environment.

75
00:07:25,490 --> 00:07:33,510
It is also considered to be less secure than the L2 T.P. the ATP used to be easier to configure but

76
00:07:33,510 --> 00:07:37,310
in newer versions of Windows both protocols are equally easy to set up

77
00:07:40,940 --> 00:07:42,250
the L2 t.p.

78
00:07:42,380 --> 00:07:50,330
They are two tunneling protocol is a protocol based on Peepy T.P. it's been modified by Cisco and Microsoft

79
00:07:51,510 --> 00:07:56,370
this protocol uses encryption standards and digital signature standards instead of custom encryption

80
00:07:56,370 --> 00:07:57,390
protocols.

81
00:07:58,110 --> 00:08:07,000
It uses the IP Sirk the L2 TPA enables the IP SEC tunnel mode for the virtual that work interface that's

82
00:08:07,000 --> 00:08:08,900
all the protocol is required to do.

83
00:08:08,950 --> 00:08:12,200
It uses a TCAP session for control.

84
00:08:12,250 --> 00:08:16,410
This created a problem for computers with private IP addresses.

85
00:08:16,440 --> 00:08:18,910
However it was solved several years ago.

86
00:08:23,880 --> 00:08:28,800
L2 T-P session establishment is presented in the slide below.

87
00:08:28,840 --> 00:08:32,270
Please note that it requires building a tunnel between two hosts.

88
00:08:33,310 --> 00:08:39,880
Therefore we have to identify the session and remote computers a look into the Windows network and sharing

89
00:08:39,880 --> 00:08:46,940
center will show that we have the possibility to set up new network interfaces or new connections.

90
00:08:46,990 --> 00:08:53,830
Let's try to choose connection to a workplace the VPN networks are designed for situations where the

91
00:08:53,830 --> 00:08:56,730
user is away from the physical location of the server.

92
00:08:57,040 --> 00:09:04,920
That provides a certain service and e-mail server file server or network printer.

93
00:09:04,930 --> 00:09:07,070
Now we will try to connect to such a server.

94
00:09:08,510 --> 00:09:11,000
We will do this by selecting the VPN connection

95
00:09:14,060 --> 00:09:16,570
to establish a VPN connection.

96
00:09:16,670 --> 00:09:20,060
You first need to be connected to the remote access server.

97
00:09:20,090 --> 00:09:22,590
We will not use the dial up connection.

98
00:09:22,740 --> 00:09:26,520
We will only build a tunnel through the existing connection.

99
00:09:26,540 --> 00:09:28,760
This will serve us as an internet connection.

100
00:09:29,840 --> 00:09:37,870
This means that in a moment we will have two connections both of which must be active both a connection

101
00:09:37,870 --> 00:09:43,870
to a workplace and the connection which we use to communicate with the Internet must be active.

102
00:09:43,940 --> 00:09:51,750
The connection to the corporate network will be encrypted and signed by the T.P. or the L2 T.P..

103
00:09:51,790 --> 00:09:56,140
Let's name our connection for example test.

104
00:09:56,210 --> 00:10:03,440
We still have to enter the username and password in the demonstration with a user name and the password

105
00:10:03,440 --> 00:10:11,430
will be test.

106
00:10:11,460 --> 00:10:16,930
Let's look at the properties of our connection for it to be established.

107
00:10:16,950 --> 00:10:20,670
We must of course choose an already existing remote access server.

108
00:10:22,180 --> 00:10:29,150
Let's have a look at the Security tab when it comes to the type of VPN tunnel we can choose between

109
00:10:29,210 --> 00:10:32,320
L2 T.P. or ETP.

110
00:10:32,320 --> 00:10:35,180
These are the standard options.

111
00:10:35,180 --> 00:10:38,020
Next we can choose whether or not we will encrypt the data.

112
00:10:38,240 --> 00:10:46,390
The ways way the keys will be exchanged on the type of remote users authentication.

113
00:10:46,540 --> 00:10:54,080
We will further discuss the authentication protocols in the next module devoted to remote access setting

114
00:10:54,080 --> 00:11:00,770
up a tunnel consists of creating a connection choosing the security protocol choosing the security level

115
00:11:01,730 --> 00:11:05,150
and choosing the way to authenticate the remote user.

116
00:11:05,150 --> 00:11:13,470
The advantage of L2 T.P. and IP SEC is that it authenticates not only the user but also the host.

117
00:11:13,520 --> 00:11:19,320
If you select Peepy T.P. then the authentication concerns only the user.

118
00:11:19,500 --> 00:11:27,730
Nor will it be possible to confirm the identity of the remote computer.

119
00:11:27,730 --> 00:11:35,030
Now we have two network connections each of which has a different IP address what address will be private

120
00:11:35,740 --> 00:11:38,530
and the other will be a corporate address.

121
00:11:38,540 --> 00:11:42,610
You may ask which of them will be used to send data.

122
00:11:42,740 --> 00:11:44,510
If we try to connect to a web page

123
00:11:47,210 --> 00:11:54,330
this is specified by the routing rules or the routing paths set on your computer for security reasons

124
00:11:55,200 --> 00:12:02,720
the Arrius servers set routing paths in such a way that the communication is forwarded by said servers.

125
00:12:02,720 --> 00:12:06,130
This means that you are no longer connected to the Internet directly.

126
00:12:06,590 --> 00:12:11,150
If you want to restore the previous functionality you have to configure Roding manually.