A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca Raton, FL, USA Secure Systems Research Group – Florida Atlantic University

Introduction Virtual Private Networks (VPN) make use of public network resources to access internal nodes of an enterprise. Within the VPN, the transmission is protected by security mechanisms to provide confidentiality and integrity. So a “private” network is established. Since this network exists only in a virtual sense, it has been termed a virtual private network. Secure Systems Research Group – Florida Atlantic University

VPN VPN uses a technique called tunneling, in which data is transmitted across a public network in a cryptographic tunnel that simulates an end to end connection. The end connections could be both private or one end private with the other end being a public domain. Secure Systems Research Group – Florida Atlantic University

VPN R1 – Router at Site A. R2 – Router at Site B. Secure Systems Research Group – Florida Atlantic University

Figure 2. Network Layers and Patterns FireWallIDSVPNProtocol ApplicationXML FWXML IDSXML VPNSAML TCPProxy FWTCP IDSTLS/SSL VPNTLS IPPacket FWPacket IDSIPSec VPNIPSec AUTHENTICATIONAUTHENTICATION SECRECYSECRECY AUTHORIZATIONAUTHORIZATION IDENTIFICATIONIDENTIFICATION Secure Systems Research Group – Florida Atlantic University

Pattern Diagram for VPN VPN TLS VPNIP VPNXML VPN Authentication Secure Channel TLSIPSec Secure Systems Research Group – Florida Atlantic University

Problem In today’s world, a lot of people work remotely. They need a secure connection to their company network. We need to develop a secure architecture so that confidential work can be performed. Many companies have offices distributed all over the globe. The employees of such companies need to communicate securely. Secure Systems Research Group – Florida Atlantic University

Forces The number of users remotely connected may be growing; the system should be scalable. The system should be flexible enough to accommodate different ways of providing security. We should restrict access to the system to only authorized users. We need to use the Internet or public networks to reduce the cost; in turn subjecting the private network established within the public network to numerous threats faced by the public networks such as Denial of Services and other attacks. Secure Systems Research Group – Florida Atlantic University

Solution A secure VPN connection is established between the end user and the local network. A cryptographic tunnel is set up between the end user and the local network This VPN Tunnel may provide data integrity and confidentiality if properly implemented. The network is able to authenticate a user accessing an end point. Secure Systems Research Group – Florida Atlantic University

Network End Point VPN Authenticator Secure Channel Identity Base Identity * * * Class Diagram * Secure Systems Research Group – Florida Atlantic University

:End Point :VPN :Identity Base :Identity :Secure Channel:Network authenticated Establish Secure Channel VPN Connection Established RequestAuth Established authenticate check Sequence Diagram Secure Systems Research Group – Florida Atlantic University

Variants Virtual Priivate Networks can be established at the Application layer, IP Layer or the TCP layer. XML VPN are established at the application layer and IP VPN are established at the IP Layer and TSL VPN are established at the TCP Layer. Secure Systems Research Group – Florida Atlantic University

Known Uses Ctrix provides a site to site SSL VPN connection for remote users to log into the secure network as well as access applications on the company (secure) network. [Cit] Cisco VPN on the other hand uses a IPSec VPN. [Cis] Nokia VPN provides VPN connection for Nokia Mobile Users. [Nok] Secure Systems Research Group – Florida Atlantic University

Advantages Users are authenticated by the system to control their access to the VPN. We could add a logging system for the users logging in at the end points for future audits. If we use secure encryption, we can provide data confidentiality and integrity for the messages sent through the VPN. Secure Systems Research Group – Florida Atlantic University

Disadvantages If the VPN connection is compromised, the attacker could get full access to the internal network. Because of encryption, VPN traffic is invisible to IDS monitoring. If the IDS probe is outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN tunnel. Therefore if a hacker gains access to the VPN, he can attack the internal systems without being detected by the IDS. Secure Systems Research Group – Florida Atlantic University

Disadvantages (Contd…) In case of VPN with a private end user, the remote computer used by the private user is vulnerable to outside attacks which in turn can attack the network it is connected to. The VPN Tunnel is only as strong as the cryptographic protocol used. Secure Systems Research Group – Florida Atlantic University

Related Patterns Firewalls can be added to each network layer to make the network layer more secure. [Fer03] IDS can also coexist in each of these network layers to detect attack. [Fer05] Secure Channel and Authenticator establishes the security mechanisms. Secure Systems Research Group – Florida Atlantic University

Conclusions A VPN is a basic component in network architectures. We presented here a pattern for its architecture and security properties. Future work will integrate this pattern with other patterns shown in Figure 3. Secure Systems Research Group – Florida Atlantic University

Q & A Suggestions Modifications Corrections Secure Systems Research Group – Florida Atlantic University