David Morgan
U. C. L. A. Extension - X417.28
General Information
Remote Unix access with
telnet
VPN protocols
Cryptology
Linux
Shell programming:
if and while
Articles
VPN
Part 1, LJ 12/99
VPN Part 2,
LJ 1/00
Slide presentations
Introduction - ch1
Basics - ch2
Architectures - ch3
Tunnels - ch4
Installing software
Firewall
Interfaces & Routes
IP Addresses
Socket programming
WINTER 2003 1/8/03 - 3/26/03
This Website (http://homepage.smc.edu/morgan_david/vpn/) will be used to communicate with you. Announcements, grade reports, and assignments will be posted here. The site can be viewed from an internet-connected browser anywhere. You are responsible for awareness of the information posted here. (1/5/03)
Grades - posted. Includes the primitive roots assignment. The last grade to be factored into your average, and final course grade, is that of the final exercise to be done by the end of the weekend. (3/26)
Final exercise - see "Final exercise" link among assignments, below right. Our final class is on 3/26. The final exercise is due by end of the following weekend (3/30), to be deposited on sputnik (see the instructions in the assignment). (3/19)
Grades - posted. Includes the simple-DES assignment. (3/19)
Grades - posted. Includes the "Interfaces/routes" assignment. Please check your grade. If you didn't do the Interfaces/routes assignment and want a grade for it, please do it and turn it in. (3/12)
Homework
-
1) "Primitive roots" link at right, due electronically on sputnik
3/19.
2) load the various packet captures supplied below into Ethereal and spend
some time studying them closely.
3) CIPE
a. CIPE author's objection
to ppp-over-ssh vpn
b. CIPE
documentation
Introduction (except Notes on internals)
c. visit the link entitled "CIPE" at left and browse it and its
sub-links (3/12)
Packet-captured IKE protocol - load this packet-capture file into Ethereal then read about IKE in the textbook, pages 91-96. The capture contains 9 packets; the book describes 2 negotiation phases, and in phase one 3 negotiating rounds. Can you correspond the packets to the stages of negotiation that they manifest? IKE is the part of IPsec that implements Diffie-Hellman key exchanges (3/12)
Packet capture files you can load into Ethereal and study. These are the traces that were printed in 5/29's handout. Five different tunneling options were set up between machines B and D. For each, the same interaction was conducted between A and E, in which the string "This is a test." was passed from A to E and "THIS IS A TEST." was passed back. The traces were all taken on machine C. Please download the 5 capture files, load them into Ethereal, and be fascinated.
AEclear – no tunnel
AEipip – ip-in-ip encapsulation
AEsshpppd – ppp over ssh tunnel
AEcipe – CIPE tunnel
AEipsec – IPsec ESP
tunnel
Grades - posted. The "Linux commands" and midterm exercise have been graded and the "Cumulative Average" reflects the weighted average of those two. I still have not graded the "Interfaces/routes" but have noted that from 4 students I don't have an assignment to grade. If you didn't do the assignment and want a grade for it, please do it and turn it in. (3/5)
Homework
-
Read - backgrounder at link entitled "Simplified DES" at
left and article at the link entitled "Encryption
article" at right. Also read CIPE author's objection
to ppp-over-ssh vpn.
Listen - see http://www.ece.villanova.edu/~perry/ccs/des/all-sdes.html.
And listen to the two audio clips (see the 
icon)
"1. SDES - Simplified DES" and "3. SDES Mangler
Function." Optionally, also hear
"8. Cipher Block Chaining."
Do - S-DES assignment (link at right) due March 12. Please turn in on paper at
March 12's class.
Anticipate - upcoming textbook Chapter 5 "IPsec" (2/26)
Upcoming topics and corresponding assigned reading include:
CIPE
1) CIPE author's objection
to ppp-over-ssh vpn
2) CIPE
documentation
Introduction (except Notes on internals)
3) visit the link entitled "CIPE" at left and browse it and its
sub-links
Cryptography
Link entitled "Simplified S-DES" at left. Read "Assignment
S-DES" at right, including the encryption/decryption sample it
contains; think about how you will go about doing the assignment. The
procedure will be demonstrated in class to clarify the approach.
Read also the article at the link entitled "Encryption article"
at right.
IPSec
textbook Chapter 5 (2/26)
Quiz
information - the February 26 quiz has 12 questions in the
following categories.
Basic Concepts - 4 questions
Architectures - 1
Tunnels - 2
IP-in-IP - 1
point-to-point protocol -1
ssh - 2
the "Please solve my problem" question below - 1
It is all multiple choice and will be closed book. I reviewed the slide
presentations in triggering my mind to come up with the questions, but
several presentations in turn were originally derived, closely follow, and
embody the concepts of the book chapters. The chapters to study are
Chapters 2-4; the presentations to study are Basic Concepts A, Basic
Concepts B, VPN Architectures, VPN Tunnels, IP-in-IP encapsulation: basic
tunneling, Point-to-Point Protocol, ssh - The Secure Shell, and
Ssh-over-ppp-based VPN. (2/21)
Quiz - anticipate a quiz February 26 of perhaps about 10 questions covering mainstream concepts of the technologies we've been studying the last 3 or 4 weeks. I'll post more specific information here about the topics and questions as I formulate them. One of the questions for you to answer on the quiz will be the one below, "Please solve my problem." (2/20)
Please solve my problem and test your understanding - I noticed a conflict in my terminology about the vpn technique which combines the secure shell (ssh) and point-to-point protocol (pppd). I titled my slide presentation about it "Ssh-over-ppp-based VPN." On the other hand, I named my link about it (below left) "ppp over ssh." Which is correct? Which protocol carries which? (2/19)
Homework
- read about ssh and cryptography.
ssh - Please read 1) "Getting Started with ssh." Please
follow the link entitled "ssh - secure shell" in the VPN
protocols at left. There you'll find a link to "Getting
Started." 2) the textbook, pp. 236-239 3) optionally and informally,
spend a little time perusing the Secure Shell FAQ. Find the link to it on
the "ssh -secure shell" page.
cryptography - you may wish to read ahead. Things to read
- link entitled "Simplified S-DES" at left
- "Assignment S-DES" at right, including the
encryption/decryption sample it contains; think about how you will go
about doing the assignment. The procedure will be demonstrated in class to
clarify the approach.
- the article at the link entitled "Encryption article" at
right. (2/20)
Homework - now that we are getting familiar with PPP, we will combine it with ssh (secure shell) to produce a real, encrypted VPN. Prepare for that by reading the article I wrote about this arrangement. Follow the link entitled "ppp over ssh" at left; there, find the links to the article, entitled "VPN Part 1, Linux Journal 12/99" and "VPN Part 2, Linux Journal 1/00." Also, visit the page at the link entitled "ssh - secure shell." Explore the further links found there, to get a feeling for what ssh is all about (especially, "Getting Started with SSH"). (2/19, belatedly)
Homework -
reading. We're going to take a
close look at point-to-point protocol (PPP). It's the protocol used for
dial-up phone connections to the internet. (Microsoft renames it
"dial-up networking.") It can be used as an ingredient in a
VPN (textbook section 10.6.1). Please read up on it. Specifically:
1) read what the textbook has to offer, pp. 61-67 and pp. 111-114.
2) read the RFC (#1661). Follow the link at left entitled
"Point-to-point protocol" where you'll find a subsequent link to
the RFC (in text form). I suggest you print out the portions you'll read. My
printout is 54 pages. From page 26 forward is a catalog of packet formats. You
don't have to read these in detail, just read a few of them and understand
what kind of information is being presented. For the first 26 pages, read
it all but the detail of the "Option Negotiation Automaton"
discussion in section 4 is not important.
3) Linux PPP HOWTO. Again, the link to it is on this site's
"Point-to-point protocol" page. Read sections 2, 2.1, 3, 4, 9.9,
9.10, 12.5, 17, 18 (don't worry about the script details, only that they
are trying to choreograph a sequence using a script), 19, 29.
4) the short section entitled "PPPD--a Different Kind of Daemon"
in an article I wrote. Find the article by following the link at left
entitled "ppp over ssh." There, follow the link entitled "VPN Part 2, Linux Journal 1/00"
and then search for "Different Kind of Daemon."
5) man page for pppd (issue "man pppd" on sputnik, or see web
version). Read what it says for the following options: <tty_name>,
<speed>, connect, debug, logfile, record. (2/7)
Explanatory linux things - here's a page of background information to help you understand the PPP demonstration we will do. It discusses a few select elements of the linux environment we will utilize, so you can have a bit of previous familiarity with them. (2/7)
Posted - the "tunnels" slides we looked at in class last Wednesday. Please see the link entitled "Tunnels" below left. Paper copies will be provided next Wednesday. (2/7)
Please read - retrospectively, now that we've already covered IP-over-IP, a very short description of IP-over-IP. (2/7)
Homework
- please devote time this week to reading.
Chapter 2, Basic Concepts - a careful reading, while last night's
lecture on it is fresh in your mind will reinforce the subject matter.
"Introduction to the Internet Protocols" paper (link below) - make
sure you have examined the and understand its contents.
Upcoming chapters - Chapters 3 "VPN Architectures" and 4 "Tunnels"
which we will talk about next week.
IP-in-IP Encapsulation slides - review these again shortly before
next week's class to refresh your memory. We will recap them, then
reconstruct the tunnel and "sniff" packets passing through it by
running ethereal and/or tcpdump on the various machines while A and E are
interacting using various client-server program pairs. (1/30)
Homework
-
Do - "Interfaces/routes" assignment. Due on paper in
class 1/29. Please see link at right.
Anticipate/read - we will discuss the textbook's chapter 2. Also
coming up are chapters 3 and 4. Probably we will want to talk about
chapter 4 (tunnels) sooner than the others because it will relate to
tunnels we want to build on our network. So look at all the chapters, with
priority on 2 because its "on the schedule" next, and 4 because
it relates to what's "on the lab bench" next.
Additional supplemental reading - Read also the 25-page paper Introduction
to the Internet Protocols to your level of familiarity. That is, if it
comes as review to you, read it to the point you determine you already
know it all. If not, read it more fully to acquire its content. An
understanding of this paper's concepts is fundamental grounding for this
course. (1/22)
Homework - see the link at right entitled "Linux commands." Submit your work, electronically as described at that link, by next week's class 1/22. Read the textbook, chapters 1 and 2. (1/15)
Remote user accounts on linux machine sputnik.smc.edu have been set up. Your account name is your last name. Your password is as discussed in class last week-- all lowercase. Mr. Wang and Mr. Wang: since there are two Wangs your account names are "wangt" and "wangy" for Wang Tsan-yu and Wang Yin respectively. Bill, who called me by phone today, your password is 1234. For guidance how to connect, please see the link entitled "Remote Unix access with telnet" at left. (1/13)
Homework - print the TCP/IP Pocket Reference Guide and install the Ethereal software (see following 2 items). (1/5)
TCP/IP and tcpdump Pocket Reference Guide - from SANS Institute. Please print it out 2-sided, fold it in 3 panels triptych style, and carry it with your materials for this class. The link to it is at left; it is an Adobe Acrobat .pdf file. (1/5)
Ethereal - is an excellent free packet capture utility. What is a packet, and why caputre it? I assume you have a pretty good idea already coming in to this class; and we will recap that and other networking concepts relevant to VPNs. I would like you to install Ethereal and get familiar with it, assuming you have a linux or windows computer available on which to do so. I will use Ethereal in class to show the behavior of VPNs we build, and want to make sure you clearly grasp how the tool works, so as to clearly grasp what it will show us. For Windows, please visit http://www.ethereal.com/distribution/win32. For linux, look for an rpm package file on your installation CDs first, otherwise visit http://www.ethereal.com/ for guidance. (1/5)
Remote Unix accounts - will be set up for you on a linux system. The information you need to log in is as
follows.
Your username - your last name as it appears on my class
roster, all lowercase (e.g., bush). If your lowercase last name doesn't work, add your first
initial to it (e.g., bushg).
Your password - the last four digits of your
number appearing on my class
list.
The target computer - is sputnik.smc.edu
Log in method - the assignment asks you to "log in." Translation: use telnet as
described in the "Remote Unix access with Telnet" link at left. (1/5)
Eniac - 1946
Milestone in the history of computation
Assignments/due
Linux commands 1/22
Interfaces/routes 1/29
Assignment S-DES 3/12
Primitive roots 3/19
Final exercise 3/30