Table of contents
Overview of Firewall Tunneling Technology:
2. Enterprise self-built tunnels:
V tunnel P channel N (virtual private network):
Mainstream encryption algorithm:
Common symmetric encryption algorithms:
Asymmetric encryption algorithm:
Overview of Firewall Tunneling Technology:
1. Operators build tunnels:
The operator builds a VPN, and the tenant rents a VPN line from the operator
Representatives are: MPLS VPN
Features:
It does not require enterprises to maintain VPN lines,
and the cost is relatively high
2. Enterprise self-built tunnels:
The enterprise builds its own VPN and builds a private VPN line on the basis of ISP.
Representatives include: IPSec VPN, GRE, SSL
Features:
The enterprise needs to maintain the VPN line by itself,
and the cost is low
V tunnel P channel N (virtual private network):
Build a virtual leased line (tunnel) on the basis of the ISP operator network
Tunnel classification:
By business type:
1. Vlient-LAN (access VPN)
A terminal accesses a local area network through VPN
Applicable scenarios: remote office on business trip, home office
2. LAN_LAN
One local area network accesses another local area network through VPN
Applicable scenario: interconnection of headquarters and branches
By job level:
Application layer VPN: SSL VPN
Network layer VPN: IPSec VPN, GRE VPN
Network interface layer VPN: L2TP
Tunnel technology:
Different tunneling protocols have different formats for tunnel encapsulation and decapsulation
Encryption and decryption technology (cryptography): protect data privacy/concealment
Cryptography:
Classical cryptography :
The algorithm is kept secret, and the secret key is made public
Carry system : Caesar algorithm, carry 3
Hello--->Khoor
Modern Cryptography:
Algorithm public, secret key secret
Dictionary: 1523, a certain book, which page, which word
Modern Cryptography:
Algorithm disclosure, key disclosure
National Secret Algorithm
Mainstream encryption algorithm:
Symmetric encryption algorithm
The secret key of the encryption algorithm piled up by both parties is the same, and the secret key needs to be sent in advance
Common symmetric encryption algorithms:
IDEA
RC series algorithm
AES algorithm
DES/3DES algorithm
Defects:
1. There are risks in the transmission of secret keys.
2. The number of secret keys is large and difficult to manage.
Asymmetric encryption algorithm:
Define two secret keys:
public key, private
key Public key public, private key reserved
Use the public key to encrypt data, and only use the private key to decrypt it: data encrypted transmission
Use the private key to encrypt data, and only use the public key to decrypt it: identity authentication
Common asymmetric encryption algorithms:
ECC
Rabin
Elgamal (which is based on the Diffie-Hellman key exchange algorithm)
RSA
defect:
low encryption and decryption efficiency
Communication in reality:
use asymmetric encryption algorithm to encrypt and transmit the secret key piled up into encryption algorithm, and use symmetric encryption algorithm key to encrypt and decrypt data.