Virtual Private Networks Ryan Becker Chris Borowski May 21, 2004
VPN Basics Securely connects any two networks across distances: Business to Business Office to Office Employee to Office Makes office resources such as file servers, print servers, and local shares accessable as if they were in the cubicle next door
VPN Types Trusted Secure Hybrid
Trusted VPNs Using dedicated leased line provided by ISP Not encrypted ISP maintains integrity of the line
Secure VPNs Utilizes public lines Company is responsible for securing their own information through encryption schemes Encapsulates individual packets with specific protocols
Hybrid VPNs Combination of Trusted and Secure VPN Uses leased lines and encryption mechanism Holds both parties responsible for maintaining security of transmitted packets
VPN Voyage
Pros and Cons of VPNs Pros: Cons: Seamless information flow Allows Telecommuting Allows easier inter-office/inter-business communication Provides secure method for ATM/Bank transactions Cons: Breaches in security mean severe loss of data integrity and privacy Securing data is an uphill battle
Secure VPN Tunneling Turns LAN traffic into traffic secured for the open internet: Carrier protocol - The outside protocol used by the VPN routers to communicate over the internet (PPP) Encapsulating protocol - The protocol that is wrapped around the original data and protects it from prying eyes (GRE, IPSec, PPTP, L2TP) Passenger protocol – This is the original protocol in which the packet was being sent across the LAN (IPX, NetBeui, IP)
Point to Point Tunneling Protocol (PPTP) Encapsulation Microsoft Proprietary VPN implementation Critics say it is easily breakable and flawed Many still use it because of its easy integration with Microsoft OS’s
Layer 2 Tunneling Protocol (L2TP) Microsoft’s answer to outdated PPTP Relies on PPP implementing the TCP/IP trafficking Requires choice of encryption scheme: SSHv1: vulnerabilities with “man in the middle” attack SSHv2: vulnerabilities with traffic analysis Still considerably more secure than PPTP
IPSec Most popular VPN implementation Three step security scheme: Internet Key Exchange (IKE) occurs to transfer encryption/decryption keys to both sides of the VPN. The Authentication Handler (AH) verifies that both sides of the VPN are who they say they are. The Encapsulating Security Payload (ESP) will encode the packets using the vendor’s choice of encryption scheme. Complicated protocol with vague definitions Therefore many implementations Administrative overhead
AAA Servers Authentication: Who are you? Authorization: What can you do? Accounting: What did you do?
Security Thoughts from Doug Engelbart Inventor of the ‘Mouse’ Founder of ARPANET: ‘Second’ Person on the internet Stressed importance of secure communication protocols “VPN’s are a great way for companies or individuals to securely communicate.”
References Computer Hall of Fame. 16 May 2004 <http://www.computerhalloffame.org/> Englebert, Doug. Personal Interview. May 17, 2004. Fougere, Jay, “VPNs, 101” Web Pro News, 15 May, 2004 <http://www.webpronews.com/it/networksystems/wpn-21-20020502VPNs101.html> Lemos, Robert, “VPN flaw puts internal networks at risk”, September 26, 2002 ZDNet Security News, 16 May, 2004 <http://zdnet.com.com/2100-1105-959659.html> Tyson, Jeff, “How Stuff Works”, 15 May 2004 <http://computer.howstuffworks.com/vpn.htm> “VPN Technologies” January 2004 VPN Consortium, 15 May 2004, <http://www.vpnc.org/vpn-technologies.html>