+ All Categories

Day5

Date post: 06-May-2015
Category:
Upload: jai4uk
View: 1,476 times
Download: 1 times
Share this document with a friend
Description:
Network Security and Hacking Techniques
80
Network Security and Hacking Techniques Day 5
Transcript
Page 1: Day5

Network Security

and Hacking Techniques

Day 5

Page 2: Day5

Network Security and Hacking Techniques DAY 5

Introduction

Introduction

What is a Honeypot?

Value of Honeypot

Types of Honeypot

Solutions

Honeynet

Etc.

References

“The Linux Based Services that Mean Business Securing Internet”

Page 3: Day5

Network Security and Hacking Techniques DAY 5

Honeypot

The Honepot Project is an all-volunteer, non-profit research organization

Dedicated to learning the tools, tactics, and motives of the blackhat community and sharing the lessons learned

Traditional honeypots have been for deception or detecting attacks

Page 4: Day5

Network Security and Hacking Techniques DAY 5

Introduction

Term originally from the military

fake target or ambush

used in network security environment

Background

lack of information on blackhat communities

Page 5: Day5

Network Security and Hacking Techniques DAY 5

Goal

Primary

an instrument for information gathering and learning.

other possibilities for a honeypot

divert hackers from productive system

catch a hacker while conducting an attack

etc...

Page 6: Day5

Network Security and Hacking Techniques DAY 5

Honeypot (Cont…)

1st Generation Honeypot

Firewall separating

the Honeynet into three different networks

Page 7: Day5

Network Security and Hacking Techniques DAY 5

Honeypot (Cont…)

2nd Generation Honeypot

Page 8: Day5

Network Security and Hacking Techniques DAY 5

Honeypot (Cont…)

2nd Generation (2002-)

easier to deploy, yet more difficult to detect

gather greater information

all requirements combined onto a single device

• easier to both deploy and manage

a layer2 gateway, its acts as a bridge

• more difficult to detect (it has no IP Stack)

• control and capture all traffic in the single device

Page 9: Day5

Network Security and Hacking Techniques DAY 5

Information Security-Cryptography

   Basic Concepts

   Classical Cryptosystem

   Mathematics of Cryptography

   Modern Cryptographic techniques

   Secret Key Encryption

   Public Key Encryption

   Key Management

Legal Considerations

Page 10: Day5

Network Security and Hacking Techniques DAY 5

Information Security-Cryptography

Definitions

Introduction to Crytograhpy

Example Ciphers

Types of Ciphers

Methods of Encryption

Page 11: Day5

Network Security and Hacking Techniques DAY 5

Definitions

Algorithm: The set of mathematical rules used in encryption and decryption.

Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals.

Cryptosystem: Hardware or software implementation of cryptography that transforms a message to ciphertext and back to plaintext.

Cryptoanalysis: Practice of obtaining plaintext from ciphertext without a key or breaking the encryption.

Cryptology: The study of both cryptography and cryptoanalysis.

Ciphertext: Data in encrypted or unreadable format. Encipher: Act of transforming data into an unreadable

format.

Page 12: Day5

Network Security and Hacking Techniques DAY 5

Definitions (Conts…)

Decipher: Act of transforming data into a readable format.

Key: Secret sequence of bits and instructions that governs the act of encryption and decryption.

Key clustering: Instance when two different keys generate the same cipher text from the same plaintext.

Keyspace: Possible values used to construct keys.

Plaintext: Data in readable format, also referred to as cleartext.

Work factor: Estimated time, effort, and resources necessary to break a cryptosystem.

Page 13: Day5

Network Security and Hacking Techniques DAY 5

Cryptography

The most widely used tool for securing information and services is cryptography.

Cryptography relies on ciphers: mathematical function used for encryption and decryption of a message.

Encryption: the process of disguising a message in such a way as to hide its substance.

Ciphertext: an encrypted message

Decryption: the process of returning an encrypted message back into plaintext.

Encryption DecryptionPlaintext Ciphertext

OriginalPlaintext

Page 14: Day5

Network Security and Hacking Techniques DAY 5

Example Ciphers

Caesar cipher: each plaintext characters is replaced by a character k to the right. “Watch out for Brutus!” => “Jngpu bhg sbe

Oehghf!”

Only 25 choices! Not hard to break by brute force.

Substitution Cipher: each character in plaintext is replaced by a corresponding character of ciphertext.

E.g., cryptograms in newspapers. plaintext code: a b c d e f g h i j k l m n o p q r s t u v w x y z

ciphertext code: m n b v c x z a s d f g h j k l p o i u y t r e w q

26! Possible pairs.

Page 15: Day5

Network Security and Hacking Techniques DAY 5

Ciphers

For some message M, let’s denote the encryption of that message into cipher text as

Ek(M) = C

Similarly, the decryption into plain text as

Dk(C) = M

Notice,

Dk(Ek(M)) = M symmetric key algorithms.

Some algorithms use different keys for each operation:

Dk1(Ek2(M))= M public-key algorithms.

Page 16: Day5

Network Security and Hacking Techniques DAY 5

Simplified Model of Symmetric Encryption

Page 17: Day5

Network Security and Hacking Techniques DAY 5

Ingredients

Plain text

Encryption algorithm

Secret key

Cipher text

Decryption algorithm

Page 18: Day5

Network Security and Hacking Techniques DAY 5

Requirements for Security

Strong encryption algorithm

Even if known, should not be able to decrypt or work out key

Even if a number of cipher texts are available together with plain texts of them

Sender and receiver must obtain secret key securely

Once key is known, all communication using this key is readable

Page 19: Day5

Network Security and Hacking Techniques DAY 5

Attacking Encryption

Cryptanalysis

Relay on nature of algorithm plus some knowledge of general characteristics of plain text

Attempt to deduce plain text or key

Brute force

Try every possible key until plain text is achieved

Page 20: Day5

Network Security and Hacking Techniques DAY 5

Cryptanalysis

plaintext EncryptEncrypt DecryptDecrypt

Ke Kd

C = EKe(plaintext)

InvaderInvaderSide information plaintext

plaintext

Cryptanalysis

Page 21: Day5

Network Security and Hacking Techniques DAY 5

Cryptanalysis

Cryptanalysis is the science of recovering the plaintext of a message without access to the key.

• Doesn’t have to discover the key necessarily.

• The loss of a key without cryptanalysis is called a compromise.

Ciphertext-only attack The attacker has to recover the plaintext from only

the ciphertext. Known-plaintext attack

Portions of the cipher are known as plaintext. The rest may be easier to recover

Chosen-plaintext attack The attacker can choose what plaintext to encrypt,

again making it easier to recover other ciphertext.

Page 22: Day5

Network Security and Hacking Techniques DAY 5

Encryption Algorithms

Block cipher

Process plain text in fixed block sizes producing block of cipher text of equal size

Data encryption standard (DES)

Triple DES (TDES)

Advanced Encryption Standard

Page 23: Day5

Network Security and Hacking Techniques DAY 5

Simple Block Cipher

Plaintext message

B2 B1 B0

encrypt

B3

B3

B2B1B0

Page 24: Day5

Network Security and Hacking Techniques DAY 5

Problem

If the same block is encrypted twice with the same key, the resulting ciphertext blocks are the same

It is desirable to make identical plaintext blocks encrypt to different ciphertext blocks.

Two methods are commonly used for this:

CBC mode: a ciphertext block is obtained by first xoring the plaintext block with the previous ciphertext block, and encrypting the resulting value.

CFB mode: a ciphertext block is obtained by encrypting the previous ciphertext block, and xoring the resulting value with the plaintext.

Page 25: Day5

Network Security and Hacking Techniques DAY 5

Stream Ciphers

For some applications encryption in blocks will not work

Telephone conversation

Radio Broadcast

White noise…

Page 26: Day5

Network Security and Hacking Techniques DAY 5

Stream Cipher

encrypt

XOR

K0K1K2K3

numbergenerator

keystream

buffer

Plaintext stream

Encrypted stream

Page 27: Day5

Network Security and Hacking Techniques DAY 5

Data Encryption Standard

US standard

64 bit plain text blocks

56 bit key

Broken in 1998 by Electronic Frontier Foundation

Special purpose machine

Less than three days

DES now worthless

Page 28: Day5

Network Security and Hacking Techniques DAY 5

Triple DES

ANSI X9.17 (1985)

Incorporated in DES standard 1999

Uses 3 keys and 3 executions of DEA algorithm

Effective key length 112 or 168 bit

Slow

Block size (64 bit) too small

Page 29: Day5

Network Security and Hacking Techniques DAY 5

Advanced Encryption Standard

National Institute of Standards and Technology (NIST) in 1997 issued call for Advanced Encryption Standard (AES)

Security strength equal to or better than 3DES

Improved efficiency Symmetric block cipher Block length 128 bits Key lengths 128, 192, and 256 bits Evaluation include security, computational

efficiency, memory requirements, hardware and software suitability, and flexibility

2001, AES issued as federal information processing standard (FIPS 197)

Page 30: Day5

Network Security and Hacking Techniques DAY 5

AES Description

Assume key length 128 bits

Input is single 128-bit block Depicted as square matrix of bytes

Block copied into State array

• Modified at each stage

After final stage, State copied to output matrix

128-bit key depicted as square matrix of bytes Expanded into array of key schedule words

Each four bytes

Total key schedule 44 words for 128-bit key

Byte ordering by column First four bytes of 128-bit plaintext input occupy first column of in

matrix

First four bytes of expanded key occupy first column of w matrix

Page 31: Day5

Network Security and Hacking Techniques DAY 5

AES Encryption and Decryption

Page 32: Day5

Network Security and Hacking Techniques DAY 5

AES Comments (1)

Key expanded into array of forty-four 32-bit words, w[i]

Four distinct words (128 bits) serve as round key for each round

Four different stages

One permutation and three substitution

• Substitute bytes uses S-box table to perform byte-by-byte substitution of block

• Shift rows is permutation that performed row by row

• Mix columns is substitution that alters each byte in column as function of all of bytes in column

• Add round key is bitwise XOR of current block with portion of expanded key

Page 33: Day5

Network Security and Hacking Techniques DAY 5

AES Comments (1)

Simple structure

For both encryption and decryption, cipher begins with Add Round Key stage

Followed by nine rounds,

• Each includes all four stages

Followed by tenth round of three stages

Page 34: Day5

Network Security and Hacking Techniques DAY 5

AES Encryption Round

Page 35: Day5

Network Security and Hacking Techniques DAY 5

AES Comments (2)

Only Add Round Key stage uses key

Begin and ends with Add Round Key stage

Any other stage at beginning or end, reversible without key

• Adds no security

Add Round Key stage by itself not formidable

Other three stages scramble bits

By themselves provide no security because no key

Each stage easily reversible

Decryption uses expanded key in reverse order

Not identical to encryption algorithm

Easy to verify that decryption does recover plaintext

Final round of encryption and decryption consists of only three stages

Page 36: Day5

Network Security and Hacking Techniques DAY 5

Location of Encryption DevicesEncryption Across a Packet Switching Network

Page 37: Day5

Network Security and Hacking Techniques DAY 5

Link Encryption

Each communication link equipped at both ends

All traffic secure

High level of security

Requires lots of encryption devices

Message must be decrypted at each switch to read address (virtual circuit number)

Security vulnerable at switches

Particularly on public switched network

Page 38: Day5

Network Security and Hacking Techniques DAY 5

End to End Encryption

Encryption done at ends of system

Data in encrypted form crosses network unaltered

Destination shares key with source to decrypt

Host can only encrypt user data Otherwise switching nodes could not read header or route

packet

Traffic pattern not secure

Use both link and end to end

Page 39: Day5

Network Security and Hacking Techniques DAY 5

Key Distribution

Question: How to deliver a shared key to 2 parties that wish to exchange data without others to see the key?

Key selected by A and delivered to B

Third party selects key and delivers to A and B

Use old key to encrypt and transmit new key from A to B

Use old key to transmit new key from third party to A and B

Page 40: Day5

Network Security and Hacking Techniques DAY 5

Automatic Key Distribution for Connection-Oriented Protocols

Page 41: Day5

Network Security and Hacking Techniques DAY 5

Automatic Key Distribution

Session Key Used for duration of one logical connection Destroyed at end of session Used for user data

Permanent key Used for distribution of keys

Key distribution center Determines which systems may communicate Provides one session key for that connection

Security service module (SSM) Performs end to end encryption Obtains keys for host

Page 42: Day5

Network Security and Hacking Techniques DAY 5

Message Authentication

Protection against active attacks

Falsification of data

Eavesdropping

Message is authentic if it is genuine and comes from the alleged source

Authentication allows receiver to verify that message is authentic

Message has not altered

Message is from authentic source

Message timeline

Page 43: Day5

Network Security and Hacking Techniques DAY 5

Authentication Using Encryption

Assumes sender and receiver are only entities that know key

Message includes:

error detection code

sequence number

time stamp

Page 44: Day5

Network Security and Hacking Techniques DAY 5

Authentication Without Encryption

Authentication tag generated and appended to each message

Message not encrypted

Useful for:

Messages broadcast to multiple destinations

• Have one destination responsible for authentication

One side heavily loaded

• Encryption adds to workload

• Can authenticate random messages

Programs authenticated without encryption can be executed without decoding

Page 45: Day5

Network Security and Hacking Techniques DAY 5

Message Authentication Code

Generate authentication code based on shared key and message

Common key shared between A and B

If only sender and receiver know key and code matches:

Receiver assured message has not altered

Receiver assured message is from alleged sender

If message has sequence number, receiver assured of proper sequence

Page 46: Day5

Network Security and Hacking Techniques DAY 5

Message Authentication Using a Message Authentication Code

Page 47: Day5

Network Security and Hacking Techniques DAY 5

One Way Hash Function

Accepts variable size message and produces fixed size tag (message digest)

Advantages of authentication without encryption

Encryption is slow

Encryption hardware expensive

Encryption hardware optimized to large data

Algorithms covered by patents

Algorithms subject to export controls (from USA)

Page 48: Day5

Network Security and Hacking Techniques DAY 5

Message Authentication Using a One-Way Hash Function

Page 49: Day5

Network Security and Hacking Techniques DAY 5

Public Key Encryption

Based on mathematical algorithms

Asymmetric

Use two separate keys

Ingredients

Plain text

Encryption algorithm

Public and private key

Cipher text

Decryption algorithm

Page 50: Day5

Network Security and Hacking Techniques DAY 5

Public-Key Cryptography

Page 51: Day5

Network Security and Hacking Techniques DAY 5

Public Key Encryption - Operation

One key made public

Used for encryption

Other kept private

Used for decryption

Infeasible to determine decryption key given encryption key and algorithm

Either key can be used for encryption, the other for decryption

Page 52: Day5

Network Security and Hacking Techniques DAY 5

Steps

User generates pair of keys

User places one key in public domain

To send a message to user, encrypt using public key

User decrypts using private key

Page 53: Day5

Network Security and Hacking Techniques DAY 5

Digital Signature

Sender encrypts message with their private key

Receiver can decrypt using senders public key

This authenticates sender, who is only person who has the matching key

Does not give privacy of data Decrypt key is public

Page 54: Day5

Network Security and Hacking Techniques DAY 5

Signatures

Handwritten signatures can verify that a document is

Authentic

• The signature is mine and has not been altered

Unforgeable

• Proves that I signed the document

Non-repudible

• I cannot deny that I signed the document

Page 55: Day5

Network Security and Hacking Techniques DAY 5

Digital Signatures

Public key systems can also be used to provide message authentication:

The sender’s secret key can be used to encrypt a message, thereby signing it

This creates a digital signature of a message, which the recipient (or anyone else) can check by using the sender's public key to decrypt it.

This proves that the sender was the true originator of the message, and that the message has not been subsequently altered by anyone else

Page 56: Day5

Network Security and Hacking Techniques DAY 5

Digital Properties

The properties of digital documents are different from paper documents

We need to be able to bind a signature to the entire sequence of bits that make up the document

How do I prevent someone from revealing their private key and then claiming they never signed something?

Page 57: Day5

Network Security and Hacking Techniques DAY 5

Message Digests

Message digests are used to create short, fixed-length representations of longer, variable-length messages

The goal is to make H(M) != H(M’)

Digest algorithms are designed to produce unique digests for different messages.

Page 58: Day5

Network Security and Hacking Techniques DAY 5

Digests

{h}Kpri

M

Signing

Verifying

E(Kpri , h)

128 bits

H(M) h

M

hH(doc)

D(Kpub ,{h}) {h}Kpri h'

h = h'?

M

signed doc

Page 59: Day5

Network Security and Hacking Techniques DAY 5

Next Problem

You digitally sign a document

Send the document to a bank

Encrypted using the bank’s public key

How do you

Verify that the public key you used to encrypt the message actually belongs to the bank?

How does the bank verify that you actually signed the document (or where do they get your public key)?

Page 60: Day5

Network Security and Hacking Techniques DAY 5

Certificates

A certificate associates a public key with the real identity of an individual, server, or other entity, known as the subject

SubjectDistinguished Name, Public Key

Issuer Distinguished Name, Signature

Period of validity Not Before Date, Not After Date

Administrative information Version, Serial Number

Extended Information

Page 61: Day5

Network Security and Hacking Techniques DAY 5

Certificate Authority

A trusted source of certificates

Verifying certificate requests

Processing certificate requests

Issuing and managing certificates

In previous example

I would get a certificate for the bank to obtain the public key of the bank

The bank would get a certificate to obtain my public key

Page 62: Day5

Network Security and Hacking Techniques DAY 5

The RSA Algorithm

 Key Generation

  Select p, q p and q both prime, p q

Calculate n = p ´ q

Calculate f(n) = (p – 1)(q – 1)

Select integer e gcd(f(n), e) = 1; 1 < e < f(n)

Calculate d de mod f(n) = 1

Public key KU = {e, n}

Private key KR = {d, n}

Encryption

Plaintext: M < n

Ciphertext: C = Me (mod n)

Decryption

Ciphertext: C

Plaintext: M = Cd (mod n)

Page 63: Day5

Network Security and Hacking Techniques DAY 5

Example of RSA Algorithm

Page 64: Day5

Network Security and Hacking Techniques DAY 5

Public-Key Certificate Use

Page 65: Day5

Network Security and Hacking Techniques DAY 5

Implementing Network Security using VPNs

Introduction to VPNS

Overview of VPNs

CPE-Based VPNs

Provider-Provisioned VPNs

Introduction to RFC 2547

Introduction to CCClLayer 2 MPLS VPN

lETF Standards Update

Conclusions

Page 66: Day5

Network Security and Hacking Techniques DAY 5

What is a VPN?

A private network constructed over a shared infrastructure

Virtual: not a separate physical network

Private: separate addressing and routing

Network: a collection of devices that communicate

Policies are key—global connectivity is not the goal

SharedInfrastructure

SharedInfrastructure

Mobile Users and Telecommuters

Remote AccessRemote Access

BranchOffice

Corporate Headquarters

Suppliers, Partnersand Customers

IntranetIntranet

ExtranetExtranet

Page 67: Day5

Network Security and Hacking Techniques DAY 5

Deploying VPNs in the 1990s

Operational model PVCs overlay the shared infrastructure (ATM/Frame Relay) Routing occurs at customer premise

Benefits Mature technologies Relatively “secure” Service commitments (bandwidth, availability, and more)

Limitations Scalability, provisioning and management Not a fully integrated IP solution

Provider Frame Relay Network

CPE CPE

DLCIDLCI

FR Switch

DLCIDLCI

DLCIDLCI

FR SwitchFR Switch

FR Switch

Page 68: Day5

Network Security and Hacking Techniques DAY 5

Deploying VPNs in the 21st'Century

Uses IP infrastructure

Can be,shared with Internet services increasing importance of IP/MPLS

Subscriber benefits

Lower operational expense

Single network connection Provider benefits

Multiservice infrastructure

Creates additional source of revenue

SharedInfrastructure

SharedInfrastructure

Mobile Users and Telecommuters

Remote AccessRemote Access

BranchOffice

Corporate Headquarters

Suppliers, Partnersand Customers

IntranetIntranet

ExtranetExtranet

Page 69: Day5

Network Security and Hacking Techniques DAY 5

VPN Classification Model

Customer-managed VPN solutions (CPE-VPNs) Layer 2: L2TP and PPTP Layer 3: IPSec

Provider-provisioned VPN solutions (PP-VPNs) Layer 3: MPLS-Based VPNs (RFC 2547bis) Layer 3: Non-MPLS-Based VPNs (Virtual Routers) Layer2: MPLS VPNs

PE

PE

CPE

CPE

SubscriberSite 3

PP-VPN

SubscriberSite 2

CPE

PE

VPN Tunnel

VPN T

unne

l VP

N T

un

nel

CPE

PE

PE

PE

CPE

CPE

CPE-VPN

VPN TunnelSubscriber

Site 1

SubscriberSite 3

SubscriberSite 2

VP

N T

un

nel

VPN Tu

nn

el

SubscriberSite 1

Page 70: Day5

Network Security and Hacking Techniques DAY 5

CPE- Based VPN’s

Page 71: Day5

Network Security and Hacking Techniques DAY 5

CPE-VPNs: L2TP and PPTP

Application: Dial access for remote users Layer 2 Tunneling Protocol (L2TP) RFC2661 Combination of L2f and Point-to-point Tunneling Point-to-Point Tunneling Protocol (PPTP) Bundled with Windows and Windows NT Authentication during setup lPSec can operate over PPP for stronger security

V.x Modem

PPP Dial upService Provider or 或 VPN

L2TPAccess Server

Dial AccessServer L2TP Tunnel

Dial AccessServer

PPTPAccess ServerPPTP Tunel

Dial Access Provider

Page 72: Day5

Network Security and Hacking Techniques DAY 5

CPE-VPNs: IPSec Tunnel Mode

IPSec defines IETF Layer 3 security architecture

Applications - Strong security requirements, across one or multiple Service Providers

Customer responsible for key management

Security services include: Access control

Data originauthentication

Replay protection

Dataintegrity

Data privacy (encryption/decryption)

Key management

Page 73: Day5

Network Security and Hacking Techniques DAY 5

CPE-VPNs: IPSec Example

Uses normal IP services from service provider

Protected packets forwarded by existing routers

Does not address QoS/SLAs

Minimal provider opportunity

Customer manages its own routing

CorporateHQ

BranchOffice

CPE CPE

IPsec ESP TunnelIPsec ESP Tunnel

Public Internet

Page 74: Day5

Network Security and Hacking Techniques DAY 5

Customer Edge Routers

Customer Edge (CE) routers Router or switch device located at customer premises

providing access to the service provider network Layer 2 (FR, ATM, Ethernet) and Layer 3 (IP, IPX, SNA …)

independenceof the service provider network

CEs within a VPN, uses the same L2 technology to access the service provider network

Requires a sub-interface per CE it needs to interconnect to within the VPN

Maintains routing adjacencies with other CEs within the VPN

CEPP

PECE

Customer Edge

CE

CE

PE VPN AVPN A

VPN B VPN B

PE

ATM

FR

ATM

FR

VPN Site

Page 75: Day5

Network Security and Hacking Techniques DAY 5

Provider Edge Routers

Provider Edge (PE) routers

Maintain site-specific VPN Forwarding Tables

Exchange VPN Connection Tables with other PE routers using MP-IBGP or LDP

Use MPLS LSPs to forward VPN traffic

CEPP

PECE

CE

CE

PE VPN AVPN A

VPN B VPN B

PE

Provider Edge

ATM

FR

ATM

FR

Page 76: Day5

Network Security and Hacking Techniques DAY 5

Provider Routers

Provider (P) routers

Forward data traffic transparently over established LSPs

Do not maintain VPN-specific forwarding information

CEPP

PECE

CE

CE

PE VPN AVPN A

VPN B VPN B

PE

Provider Routers

ATM

FR

ATM

FR

Page 77: Day5

Network Security and Hacking Techniques DAY 5

VPN Forwarding Tables (VFT)

Each VFT is populated with:

The forwarding information provisioned for the local CE sites

VPN Connection Tables received from other PEs via iBGP or LDP

P

P

P PE 2

VPN ASite 3

VPN ASite 1

VPN BSite2

VPN BSite 1

PE 1

PE 3

VPN ASite2

CE–A1

CE–B1

CE–A3

CE–A2

CE–B2

P

A VA VFTFT is created is createdfor each site for each site

connected to the connected to the PEPE

OSPF

OSPF

OSPF

ATM

ATM

ATM

Page 78: Day5

Network Security and Hacking Techniques DAY 5

VPN Connection Tables (VCT)

The VCT is a subset of information hold by the VFT

VCTs are distributed by the PEs via iBGP or LDP

Site 1Site 1 Site 2Site 2

Site 1Site 1Site 2Site 2 PE-2

CE-4

PE-1CE-2

CE-2

CE-1

VFTVFT

VFTVFT

A VA VCTCT is is distributed distributed for each VPN site for each VPN site to to

PEPEss

MP-iBGP session / LDP

Page 79: Day5

Network Security and Hacking Techniques DAY 5

Page 80: Day5

END


Recommended