Securing Access to Data Using IPsec Josh Jones Cosc352.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

SCSC 455 Computer Security Virtual Private Network (VPN)

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Guide to Network Defense and Countermeasures Second Edition

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

Internet Protocol Security (IPSec)

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Security Data Transmission and Authentication

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Chapter 13 – Network Security

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Virtual Private Networking Irfan Khan Myo Thein Nick Merante.

IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Securing Data with Internet Protocol Security (IPSec) Designing IPSec Policies Planning IPSec Deployment.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

Hands-On Microsoft Windows Server 2003 Networking Chapter 9 IP Security.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Securing Network Communications Using IPSec Chapter Twelve.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.

Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

K. Salah1 Security Protocols in the Internet IPSec.

Security Data Transmission and Authentication Lesson 9.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.

Chapter 18 IP Security  IP Security (IPSec)

SECURING NETWORK TRAFFIC WITH IPSEC

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Virtual Private Network zswu

Presentation transcript:

Securing Access to Data Using IPsec Josh Jones Cosc352

Introduction Internet was originally designed to link educational and government facilities together (Small Scale) – TCP/IP Protocols were not made with built in security – Data is being sent without any filters as clear text – Easily monitored by others

Introduction (Cont.) Rapidly increasing size of the the internet as well as private networks – Called for greater security measures IPsec (IP Security) SSL (Secure Sockets Layer) TLS (Transport Layer Security)

What Is IPsec (IP Security) A framework of open standards for helping to ensure private, secure communications over Internet Protocol (IP) networks. Based on cryptography, used to encrypt data so that it cannot be read or tampered with during its journey across an IP network. Operates at the network layer (Layer 3) of the OSI model.

What Is IPsec (IP Security) (Cont.) Designed to provide the following: – authentication (verification of the identity of the sender). – integrity (assurance that the data was not changed in transit). – confidentiality (encryption of the data so that it can ’ t be read by anyone who doesn ’ t have the correct key). Provides security for almost all protocols in the TCP/IP suite.

What Is IPsec (IP Security) (Cont.) IPsec is composed of three main protocols. – Authentication Header (AH). used to authenticate the identity of the sender, and to provide integrity of the data to ensure that it hasn ’ t been modified. – Encapsulating Security Payload (ESP). can provide confidentiality by encrypting the data itself, along with authentication and integrity. – Internet Key Exchange (IKE). the protocol used to set up a security association (SA) in the IPsec.

Benefits of IPsec Transparency of IPsec to users and applications. – IPsec is integrated at the Network layer (layer 3), there is no need to configure separate security for each application that uses TCP/IP.

Benefits of IPsec (Cont.) Defense-in-depth against vulnerabilities in upper-layer protocols and applications. – IPsec protects upper layer protocols, services, and applications. – With IPsec enabled, initial packets to access an application or service running on a server.

Benefits of IPsec (Cont.) Restricted access to servers. – Using IPsec policy, you can configure a server to only accept specific types of traffic. – For example, you can configure an server to accept only secured traffic from client computers. The server discards all other traffic from client computers.

Benefits of IPsec (Cont.) Customizable security configuration. – Administrators can configure IPsec policies to meet the security requirements of an application, computer, group of computers, domain, site, or global organization. IPsec can be customized for use in a wide range of scenarios, including packet filtering, securing host-to-host traffic on specific paths, securing traffic to servers, Layer Two Tunneling Protocol (L2TP)/IPsec for virtual private network (VPN) connections, and site-to-site (also known as gateway-to-gateway) tunneling.

Modes of IPsec Tunnel Mode: – the entire IP packet (data plus the message headers) is encrypted and/or authenticated;provides gateway to gateway (or server to server) protection. Transportation Mode: – used to encrypt data inside a tunnel that is created by L2TP (the layer 2 tunneling protocol). Transport mode provides end-to-end security, all the way from the sending computer to the final destination.

Recommended Scenarios for IPsec Packet filtering End-to-end security between specific hosts End-to-end traffic through an ISA-secured NAT Secure server

Recommended Scenarios for IPsec (Cont.) Server isolation Domain isolation L2TP/IPsec for remote access and site-to-site VPN connections Gateway-to-gateway IPsec tunneling with third- party IPsec gateways

Packet Filtering IPsec provides limited stateless firewall capabilities for end systems. IPsec can be configured to permit or block specific types of traffic based on source and destination address combinations and specific protocols and specific ports.

Packet Filtering (Cont.) You can strengthen security by using IPsec filtering to control exactly the type of communication that is allowed between systems.

Secure Server Allows IPsec authentication and protection for traffic between specific sets of servers Secures communication in environments that are not secure Complements firewalls by requiring authentication of all traffic Reduces firewall exceptions to IPsec traffic

Domain Isolation Allows host to host communication to be limited to domain members (managed computers) Requires IPsec authentication and protection for any communication with domain members (managed computers) – Managed computers can initiate communication with managed and unmanaged computers – Unmanaged computers cannot initiate communication with managed computers

Server Isolation Requires IPsec authentication and protection for communications from hosts to specific servers – Managed computers can initiate communication with specific servers – Unmanaged computers cannot initiate communication with specific servers

Server Isolation (Cont.) Group-specific server isolation. – Only managed computers that are members of a specific security group can initiate communication with specific servers.

When NOT to Use IPsec. IPsec can reduce processing performance and increase network bandwidth consumption. Additionally, IPsec policies can be quite complex to configure and manage. Finally, the use of IPsec can introduce application compatibility issues

When NOT to Use IPsec. (Cont.) Securing traffic between domain controllers and domain members. – In addition to reduced network performance, using IPsec for this scenario is not recommended because of the complexity of the required IPsec policy configuration and management.

When NOT to Use IPsec. (Cont.) IPsec tunnel mode for remote access VPN connections. – IPsec tunnel mode is not a recommended technology for remote access VPN connections because there are no standard methods for user authentication, IP address assignment, and name server address assignment.

Creating IPsec Policies An IPsec policy is a collection of general settings and rules that are used to configure IPsec services and that determine behavior. – General IPsec policy settings. Settings that determine the name of the policy, its description, key exchange settings, and key exchange methods. General IPsec policy settings apply regardless of which rules are configured.

Creating IPsec Policies (Cont.) Rules. – One or more IPsec rules that determine which traffic IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated. After the policies are created, they can be assigned to individual Active Directory domain system containers (domains, sites, organizational units). This allows the IPsec policy to be assigned at the domain, site, or organizational unit level, eliminating the administrative overhead of configuring each computer separately.

Defining IPsec Policy Rules Filter list. – A single filter list is selected that contains one or more predefined packet filters that describe the types of traffic to which the configured filter action for this rule is applied. Authentication methods. – One or more authentication methods are configured (in order of preference) and used for authentication of IPsec peers during main mode negotiations. The available authentication methods are the Kerberos V5 protocol (used in Active Directory environments), use of a certificate issued from a specified certification authority (CA), or a preshared key.

Defining IPsec Policy Rules (Cont.) Filter action. – A single filter action is selected that includes the type of action required (permit, block, or secure) for packets that match the filter list. – For the secure filter action, the negotiation data contains one or more security methods that are used (in order of preference) during IKE negotiations and other IPsec settings. Each security method determines the security protocol (such as AH or ESP), the specific cryptographic algorithms, and session key regeneration settings.

Conclusion IPsec is a versatile way of providing security for you network. Many different scenarios for in-depth defense are available from Microsoft. However, you are free to create and customize your own policies as well.