Mar 27, 2000IETF 47 - Pyda Srisuresh1 Secure Remote Access with L2TP Pyda Srisuresh.

Slides:

Advertisements

Similar presentations

Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.

Advertisements

Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.

Internet Protocol Security (IP Sec)

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Layer 2 Tunneling Protocol (L2TP)

IPv6 over xDSL: The DIODOS Proposal Athanassios Liakopoulos Greek Research & Technology Network International IPv6 Workshop, Kopaonik,

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 5: Configuring Access for Remote Clients and Networks.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

SCSC 455 Computer Security Virtual Private Network (VPN)

DSL Access Architectures and Protocols. xDSL Architecture.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Guide to Network Defense and Countermeasures Second Edition

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Virtual Private Networks and IPSec

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

© Copyright 1997, The University of New Mexico D-1 Dialups Access for Remote Users via Telephone lines.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

Internet Security Seminar Class CS591 Presentation Topic: VPN.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

Internet Protocol Security (IPSec)

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Security Data Transmission and Authentication

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

1 L2TP OVERVIEW 18-May Agenda VPN Tunneling PPTP L2F LT2P.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

DHCP Configuration of IPSEC Tunnel Mode Draft-ipsec-dhcp-05.txt Bernard Aboba Microsoft.

IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

Configuring Network Access Protection

L2TP Chapter 7. Motivation Sometimes we want to tunnel one protocol over another protocol –Maybe the network does not understand how to forward that protocol.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.

Virtual Private Network Configuration

MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Security Data Transmission and Authentication Lesson 9.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

12/14/00IETF 49 - Pyda Srisuresh1 Framework for interfacing with NAT Pyda Srisuresh.

Implementing Network Access Protection

IPSec VPN Chapter 13 of Malik.

Cengage Learning: Computer Networking from LANs to WANs

Presentation transcript:

Mar 27, 2000IETF 47 - Pyda Srisuresh1 Secure Remote Access with L2TP Pyda Srisuresh

Mar 27, 2000IETF 47 - Pyda Srisuresh2 Enterprise Trust Model Enterprise Intranet is trusted. Direct-Dial (PSTN) PPP/IP access is an extension of Intranet and is also trusted. Employees (on-site or remote) are trusted. L2TP/PPP/IP over a public Internet cannot be trusted because: –LAC & LNS are not in the same administrative domain. –Employee-to-Enterprise IP traffic can be prone to security violation by the Internet or the LAC.

Mar 27, 2000IETF 47 - Pyda Srisuresh3 Remote Access Server highlights Provides link-level authentication, authorization and accounting services. Static/Dynamic IP address assignment to remote user from an enterprise address pool. Provides host-route connectivity to remote user and monitors link status. Uses RADIUS to provide the AAA services so it can scale to large no. of remote users.

Mar 27, 2000IETF 47 - Pyda Srisuresh4 LNS as a NAS L2TP control messages allow an LNS to be virtually same as a NAS that physically terminates PPP sessions. L2TP adds tunneling overhead reducing the effective throughput and path MTU size. Remote user IP packets (embedded in PPP and transported over a public Internet) fail the enterprise trust model.

Mar 27, 2000IETF 47 - Pyda Srisuresh5 SRAS extensions to LNS LNS & IPsec Security gateway functions reside on the same SRAS node. 3 new security parameters configurable on a per-user basis on RADIUS. End user IP data traffic can be guaranteed to be IPsec secure (user-to-SRAS) in both directions with no additional admin. setups. IPsec/IKE SA monitoring can be linked to the virtual PPP link staying alive.

Mar 27, 2000IETF 47 - Pyda Srisuresh6 Proposed RADIUS parameters IPSEC_MANDATE - Mandate IPsec security on the user-to-SRAS data traffic. None (=0) - Not required. LNS_AS_RAS (=1) - Required when terminating on an LNS (i.e., virtual NAS). SRAS(=2) - Required on any NAS. SECURITY_PROFILE - An IPsec security profile name containing the following: Access control security filters Security preferences for Security Assocations Secury Key generation source - Manual or IKE Backup-NAT devices Management utilities enforcing NAT policies

Mar 27, 2000IETF 47 - Pyda Srisuresh7 Proposed RADIUS parameters cont. IKE_NEGOTIATION_PROFILE - An IKE negotiation profile name containing the following: IKE ID of the user and SRAS Preferred authentication approach and the associated parameters such as Pre-Shared-Key (or) a pointer to X.509 digital certificate ISAKMP security negotiation preferences for phase I

Mar 27, 2000IETF 47 - Pyda Srisuresh8 Limitations to SRAS approach IPsec Tunneling overhead on top of L2TP tunneling overhead further reduces throughput and effective path MTU size. Multiple IDentity and authentication requirements on end-user. Link level authentication is prone to session stealing over the Internet, unless better link authentication schemes are employed.