Docker is an opensource tool used for virtualization and deliver software in the form of packages called Containers. It is one of the most important tools used in networking domain. Dockerfile is a template for building the image which contains commands needed to package the software. In this post, I am going to explain the commands ADD & COPY used in Dockerfile . ADD Command: ADD command is used to copy files, directories or files from remote URLS to destination path in the image. The source paths can contain wildcards. If the destination has relative path, it is relative to the Working directory of the image. Note that source path is always relative to the Docker build context. ADD command will not support authentication. So, if there are any protected files to be added in Dockerfile building, use other tools like curl or wget Dockerfile copying Single & Multiple files, directory using ADD inst...
Tunneling is a mechanism or protocol to ensure secure transmission of data between two networks. Through tunneling, private networks can communicate or send information to a public network like the Internet using the process of encapsulation. Even though they are private data packets, they appear as public packets and tunneling helps these packets to be unnoticed to a public network. Tunneling is also known as Port Forwarding.
Types of Tunnels:
There are several types of tunnels. Some of them are explained in this article.
- Microsoft VPN (PPTP)
- CIPE VPN
- Open VPN
- SSL / TLS VPN
- GRE tunnel
- IPsec tunnel
Before going deep into these tunnels, let us understand the VPN and its purpose.
Virtual Private Network (VPN):
VPN is the technology in the networking industry which is based on the tunneling concept. VPN tunneling establishes and maintains a logical connection. It also transmits data in a secret manner using encryption. Also, the VPN provides authentication to keep the tunnel secure.
All the virtual or logical links join together to form a Virtual Network. It’s the authentication and encryption that makes the virtual network as a VPN.
Types of VPN:
Generally, there are two types of VPN. They are Remote Access VPN and Site-to-Site VPN.
Remote Access VPN:
This type of VPN allows the user to connect to a private network and access its resources. The connection established between the user and the private network is secure and private. Remote Access VPN is useful for both business users and home users.
An example for Remote Access VPN is an employee of a corporate company connecting to the office’s private network in order to access the remote files.
Home users generally use this VPN to bypass internet restrictions to access blocked websites.
Site-to-Site VPN:
Site-to-Site VPN known as Router-to-Router VPN is generally used in corporate offices having different locations to connect the network of one location at another location.
If the different locations of the office are connected using Site-to-Site VPN, it is called Intranet based VPN. If one company uses a Site-to-Site VPN to connect the network of another company, then it is called Extranet based VPN.
Site-to-Site VPN forms a virtual link between different locations of office and connect them through the internet in a private and Secure manner.
This type of VPN is based on Router-to-Router communication. Here one router acts as the VPN client and another one acts as the VPN server. Communication between both routers is done once they both are authenticated.
Microsoft VPN (PPTP):
PPTP full form is Point-to-Point Tunneling Protocol was found in 1995. It has a set of rules to ensure proper communication between the VPN client and VPN server.
PPTP client forms a tunnel with PPTP Server to transport data and traffic. It uses encryption to keep the data secure. PPTP uses TCP communication protocol and port 1723 to form a tunnel. To establish a connection, it needs server address, user name, and password.
PPTP supports encryption keys up to a size of 128 bits and uses Microsoft Point-to-Point Encryption (MPPE). PPTP can be used on Windows, Mac, Linux, Android, and other Operating Systems.
Cryptographic IP Encapsulation (CIPE) VPN:
CIPE is a VPN designed for Linux operating system. This VPN uses IP packets wrapped in the UDP packets.
CIPE is stronger when compared with PPTP and uses public/private key pair for authentication. It also supports Windows 2000 and Windows NT clients. CIPE tunnels are very robust.
This VPN uses Blowfish or IDEA algorithms for encryption. CIPE can be configured via text files or Network Administration Tool (NAT). It uses CRC-32 to protect the integrity of the data.
Open VPN:
OpenVPN is supported by many operating systems like Windows, Linux, Mac, and Android. It uses 256-bit SSL encryption. It is based on SSL, TLS, and not supports IPsec, PPTP, and L2TP. It also supports the use of plugins to improve logging and authentication.
In OpenVPN, peers are authenticated through the pre-shared key, username, and password or a verified certificate. It follows the Client-Server communication architecture. OpenVPN also provides optional compression.
OpenVPN is very useful when there is a dynamic change in the IP’s. It provides greater speeds on UDP over than the use of TCP. It also provides a GUI interface on Windows and Mac for configuration purpose.
SSL/TLS VPN:
SSL/TLS VPN is based on UNIX stunnel and pppd programs. SSL VPN relies on the usage of SSL or TLS protocol. It uses end-to-end encryption (E2EE) to protect the data transmission between client end-device and SSL VPN Server.
SSL VPN is used in corporate offices to enable the secure access of resources by its employees outside the office. They provide secure and reliable communication. It is easy to use which reduces the administration overhead and need for technical support.
Unlike another VPN’s there is no need of downloading software's or configuration files other than a web browser for SSL VPN. This VPN operates at the transport layer.
Generic Routing Encapsulation (GRE) and IP Tunnel:
GRE and IP tunnels are unencrypted tunnels that provide virtual connections and static IP assignment. They do not provide the mechanism to hide communication. IP tunnel provides no authentication and GRE tunnel provides little authentication.
IP tunnel can transport IP traffic alone whereas the tunnel supports IPV6 and multicast traffic in addition to general IP traffic. GRE tunnel provides a private and stateless connection. GRE tunnel is established at the level of the network layer. GRE tunnel is developed by CISCO systems and uses encapsulation for connecting to the private network.
IPsec Tunnel:
IPsec is a developing standard to provide a highly secure tunnel. IPsec operates in two modes namely tunnel and transport modes.
In IPsec, tunnel mode is the default mode. In tunnel mode, the original packet is wrapped, encrypted, and the new header is added by IPsec before sending it to the other end of the tunnel. For example, tunnel mode is used between two IPsec gateways.
IPsec transport mode is used for end-to-end communications. For example, the transport mode is used between client-server or workstation and gateway. In this mode, the payload is encapsulated by IPsec headers. IPsec transport mode can be used to protect the data carried by other tunnels like GRE tunnels.
Comments
Post a Comment