Guide to Network Defense and Countermeasures Second Edition

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Internet Protocol Security (IP Sec)
Guide to Network Defense and Countermeasures Second Edition
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
11 Setting Up a Virtual Private Network
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
SCSC 455 Computer Security Virtual Private Network (VPN)
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Introduction to Cryptography
Virtual Private Networks and IPSec
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
1 Guide to Network Defense and Countermeasures Chapter 7.
Chapter 11: Setting up a Virtual Private Network.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Secure Socket Layer (SSL)
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Guide to Firewalls and VPNs, 3 rd Edition Chapter Ten Setting Up A Virtual Private Network.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Guide to Network Defense and Countermeasures Third Edition
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Virtual Private Networks and IPSec
Virtual Private Networks
Remote Access Lecture 2.
UNIT.4 IP Security.
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Virtual Private Networks (VPN)
Presentation transcript:

Guide to Network Defense and Countermeasures Second Edition Chapter 5 Virtual Private Network (VPN) Concepts

Objectives Explain basic VPN concepts Describe encapsulation in VPNs Describe encryption in VPNs Describe authentication in VPNs Summarize the advantages and disadvantages of VPNs Guide to Network Defense and Countermeasures, Second Edition

Understanding VPN Concepts Virtual Private Network (VPN) enables computers to Communicate securely over insecure channels Exchange private encrypted messages that others cannot decipher Guide to Network Defense and Countermeasures, Second Edition

What VPNs Are VPN Endpoints Virtual network connection Uses the Internet to establish a secure connection Secure tunnel Extends an organization’s network Endpoints Specified computers, users, or network gateways Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Why Establish a VPN? Business incentives driving VPN adoption VPNs are cost-effective VPNs provide secure connection for remote users Contractors Traveling employees Partners and suppliers VPN Components VPN server or host Configured to accept connections from clients VPN client or guest Endpoints connecting to a VPN Guide to Network Defense and Countermeasures, Second Edition

Why Establish a VPN? (continued) VPN Components Tunnel Connection through which data is sent VPN protocols Sets of standardized communication settings Used to encrypt data sent along the VPN Types of VPNs Site-to-site VPN Gateway-to-gateway VPN Client-to-site VPN Remote access VPN Guide to Network Defense and Countermeasures, Second Edition

Why Establish a VPN? (continued) Hardware versus software VPNs Hardware-based VPNs Connect one gateway to another Routers at each network gateway encrypt and decrypt packets VPN appliance Designed to serve as VPN endpoint Join multiple LANs Benefits Scalable Better security Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Why Establish a VPN? (continued) Hardware versus software VPNs (continued) Software-based VPNs Integrated with firewalls Appropriate when participating networks use different routers and firewalls Benefits More cost-effective Offer maximum flexibility Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Why Establish a VPN? (continued) VPN combinations Combining VPN hardware with software adds layers of network security One useful combination is a VPN bundled with a firewall VPNs do not eliminate the need for firewalls Provide flexibility and versatility Guide to Network Defense and Countermeasures, Second Edition

Why Establish a VPN? (continued) VPN combinations (continued) Points to consider when selecting VPNs Compatibility Scalability Security Cost Vendor support Guide to Network Defense and Countermeasures, Second Edition

VPN Core Activity 1: Encapsulation Core set of activities Encapsulation Encryption Authentication Encloses a packet within another That has different IP source and destination Protects integrity of the data Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Understanding Tunneling Protocols Point-to-Point Tunneling Protocol (PPTP) Used when you need to dial in to a server with a modem connection On a computer using an older OS version Encapsulates TCP/IP packets Header contains only information needed to route data from the VPN client to the server Uses Microsoft Point-to-Point Encryption (MPPE) Encrypt data that passes between the remote computer and the remote access server L2TP uses IPSec encryption More secure and widely supported Guide to Network Defense and Countermeasures, Second Edition

Understanding Tunneling Protocols (continued) Layer 2 Tunneling Protocol (L2TP) Provides better security through IPSec IPSec enables L2TP to perform Authentication Encapsulation Encryption Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Understanding Tunneling Protocols (continued) Secure Shell (SSH) Provides authentication and encryption Works with UNIX-based systems Versions for Windows are also available Uses public-key cryptography Socks V. 5 Provides proxy services for applications That do not usually support proxying Socks version 5 adds encrypted authentication and support for UDP Guide to Network Defense and Countermeasures, Second Edition

IPSec/IKE Internet Protocol Security (IPSec) Characteristics Set of standard procedures Developed by the Internet Engineering Task Force (IETF) Enables secure communications on the Internet Characteristics Works at layer 3 Can encrypt an entire TCP/IP packet Originally developed for use with IPv6 Provides authentication of source and destination computers Guide to Network Defense and Countermeasures, Second Edition

IPSec/IKE (continued) Widely supported Security Association (SA) Relationship between two or more entities Describes how they will use security services to communicate Used by IPSec to track all the particulars of a communication session SAs are unidirectional Guide to Network Defense and Countermeasures, Second Edition

IPSec/IKE (continued) Components Internet Security Association Key Management Protocol (ISAKMP) Internet Key Exchange (IKE) Oakley IPSecurity Policy Management IPSec Driver IPSec core components Authentication Header (AH) Encapsulation Security Payload (ESP) Guide to Network Defense and Countermeasures, Second Edition

IPSec/IKE (continued) Authentication Header (AH) Provides authentication of TCP/IP packets Ensures data integrity Packets are signed with a digital signature Adds a header calculated by the values in the datagram Creating a messages digest of the datagram AH in tunnel mode Authenticates the entire original header Places a new header at the front of the original packet AH in transport mode Authenticates the payload and the header Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

IPSec/IKE (continued) Encapsulation Security Payload (ESP) Provides confidentiality for messages Encrypts different parts of a TCP/IP packet ESP in tunnel mode Encrypts both the header and data part of each packet Data cannot pass through a firewall using NAT ESP in transport mode Encrypts only data portion of the packet Data can pass through a firewall IPSec should be configured to work with transport mode Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

VPN Core Activity 2: Encryption Process of rendering information unreadable by all but the intended recipient Components Key Digital certificate Certification Authority (CA) Key exchange methods Symmetric cryptography Asymmetric cryptography Internet Key Exchange FWZ Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Encryption Schemes Used by VPNs Triple Data Encryption Standard (3DES) Used by many VPN hardware and software 3DES is a variation on Data Encryption Standard (DES) DES is not secure 3DES is more secure Three separate 64-bit keys to process data 3DES requires more computer resources than DES Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Encryption Schemes Used by VPNs (continued) Secure Sockets Layer (SSL) Developed by Netscape Communications Corporation Enables Web servers and browsers to exchange encrypted information Characteristics Uses public and private key encryption Uses sockets method of communication Operates at network layer (layer 3) of the OSI model Widely used on the Web Only supports data exchanged by Web-enabled applications Unlikely to replace IPSec Guide to Network Defense and Countermeasures, Second Edition

Encryption Schemes Used by VPNs (continued) Secure Sockets Layer (SSL) (continued) Steps Client connects to Web server using SSL protocol Two machines arrange a “handshake” process Client sends its preferences for encryption method, SSL version number, and a randomly generated number Server responds with SSL version number, its own cipher preferences, and its digital certificate Client verifies date and other information on the digital certificate Client generates and send a “pre-master” code Guide to Network Defense and Countermeasures, Second Edition

Encryption Schemes Used by VPNs (continued) Secure Sockets Layer (SSL) (continued) Steps Server uses its private key to decode pre-master code Generates a master secret key Client and server use it to generate session keys Server and client exchange messages saying handshake is completed SSL session begins Guide to Network Defense and Countermeasures, Second Edition

VPN Core Activity 3: Authentication Identifying a user or computer as authorized to access and use network resources Types of authentication methods used in VPNs IPSec MS-CHAP Both computers exchange authentication packets and authenticate one another VPNs use digital certificates to authenticate users Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Kerberos Authentication system Developed at the Massachusetts Institute of Technology (MIT) Authenticates the identity of network users Authentication by assertion Computer that connects to a server and requests services acts on behalf of an approved user Guide to Network Defense and Countermeasures, Second Edition

Guide to Network Defense and Countermeasures, Second Edition

Kerberos (continued) Advantages Disadvantages Passwords are not stored on the system They cannot be intercepted Has a lower “network overhead” than a Public Key Infrastructure (PKI) Handy for single sign-on (SSO) Disadvantages AS (KDC) is a single point of failure for Kerberos Guide to Network Defense and Countermeasures, Second Edition

Advantages and Disadvantages of VPNs Guide to Network Defense and Countermeasures, Second Edition

Summary VPNs do not make use of dedicated leased lines VPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secure VPN components VPN servers VPN clients Protocols Guide to Network Defense and Countermeasures, Second Edition

Summary (continued) VPN types Site-to-site Client-to-site Encapsulation encloses one packet within another Conceals the original information VPN protocols Secure Shell (SSH) Socks version 5 Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Guide to Network Defense and Countermeasures, Second Edition

Summary (continued) IPSec/IKE Encryption makes the contents of the packet unreadable Authentication ensures participating computers are authorized users Kerberos: strong authentication system VPN advantages High level of security at low cost VPN disadvantages Can introduce serious security risks Guide to Network Defense and Countermeasures, Second Edition

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.