To mount the Windows file-system securely, one can establish a SSH tunnel that routes all SMB traffic to the remote fileserver through an encrypted channel. If one were to mount a Microsoft Windows file-system remotely through the Internet, someone snooping on the connection could see transferred files. For example, Microsoft Windows machines can share files using the Server Message Block (SMB) protocol, a non-encrypted protocol. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel. Secure Shell tunneling (SSH tunneling)Ī Secure Shell (SSH) tunnel consists of an encrypted tunnel created through an SSH protocol connection. IPsec has an end-to-end Transport Mode, but can also operate in a tunneling mode through a trusted security gateway.
Tunneling protocols may use data encryption to transport insecure payload protocols over a public network (such as the Internet), thereby providing VPN functionality. The IP in the delivery protocol could run over any data-link protocol from IEEE 802.2 over IEEE 802.3 (i.e., standards-based Ethernet) to the Point-to-Point Protocol (PPP) over a dialup modem link. L2TP, however, actually runs over the transport layer using User Datagram Protocol (UDP) over IP. In contrast, an IP payload might believe it sees a data link layer delivery when it is carried inside the Layer 2 Tunneling Protocol (L2TP), which appears to the payload mechanism as a protocol of the data link layer. In this case, the delivery and payload protocols are compatible, but the payload addresses are incompatible with those of the delivery network. To understand a particular protocol stack, network engineers must understand both the payload and delivery protocol sets.Īs an example of network layer over network layer, Generic Routing Encapsulation (GRE), a protocol running over IP ( IP Protocol Number 47), often serves to carry IP packets, with RFC 1918 private addresses, over the Internet using delivery packets with public IP addresses. Typically, the delivery protocol operates at an equal or higher level in the model than does the payload protocol.
Tunneling typically contrasts with a layered protocol model such as those of OSI or TCP/IP.
0 kommentar(er)
