By International Business Machines Corporation
Read Online or Download A comprehensive guide to virtual private networks. Volume III, Cross-platform key and policy management PDF
Best management books
- Hospitality Management: Case Study Assignments
- Against the Current: Privatization, Water Markets, and the State in Chile
- Why Good People Can't Get Jobs: The Skills Gap and What Companies Can Do About It
- Management internationaler Dienstleistungen mit 3K: Konfiguration - Koordination - Kundenintegration
Extra info for A comprehensive guide to virtual private networks. Volume III, Cross-platform key and policy management
There are generally two ways to protect against the loss or theft of encryption keys: Key escrow This technique provides for the storage and retrieval of keys and data in case keys get lost or stolen. Keys are stored with a trusted third party (recovery agent or key guardian), as a whole or in parts, on independent storage media, to be retrieved as required. The trusted third party could be a company key administrator located on company premises, or an external agency. This ensures that the keys remain in a company’s possession even after a system administrator or whoever used the keys leaves the company.
Remote access servers should provide authentication of users and should ideally also provide for limiting certain users to certain systems and/or networks within the corporate intranet (authorization). Remote access servers must also determine if a user is considered roaming (can connect from multiple remote locations) or stationary (can connect only from a single remote location), and if the server should use callback for particular users once they are properly authenticated. 3 VPN security policy While a simple network security policy specifies which traffic is denied and which traffic is permitted to flow and where, a VPN security policy describes the characteristics of protection for a particular traffic profile.
The LNS accepts the call and builds the L2TP tunnel. • The NAS logs the acceptance. • The LNS exchanges the PPP negotiation with the remote user. • End-to-end data is now tunneled between the remote user and the LNS. LNS Internet ISP Dial Connection LAC L2TP Tunnel PPP Connection 3376\3376F4K1 Figure 10. 2 L2TP flows There are a number of steps that occur for L2TP: • Establish control connection and tunnel • Initiate call • Establish L2TP session • Forward PPP packets Between two devices there may be more than one tunnel and each tunnel must have its own control connection.