Network and Security Patterns Ajoy Kumar
Introduction Network Layer Security is something which has become the of prime importance in designing any network system. We look at the important layers of the network and try to identify the different Security Patterns associated with each layer. My work will be trying to fill the gaps at each layer where security patterns are missing or not well established.
VPN Security We first look at the available patterns in the system. And as the next step, we try to understand the VPN architecture and we try to develop a Security pattern for the VPN Architecture.
Network Architecture Security Objects AU T H E N I CA ON SECRECY AUTHOR ZAT ION IDENT F C A O FireWall IDS VPN Protocol Application XML FW XML IDS XML VPN SAML TCP Proxy FW TCP IDS TLS/SSL VPN TLS IP Packet FW Packet IDS IPSec VPN IPSec
Class Diagram for XML Firewall[Ne06]
Class Diagram for a Packet FW[Fe06]
Class Diagram for Proxy FireWall[Fe03]
Class Diagram for IDS.[Fer05]
VPN Architecture VPN make use of public network resources to connect to the private network of the enterprise. Within the VPN, the transmission is protected by security principles to assure confidentiality of the user(s) and data integrity. So a “private” network is established in the public domain. Since this network exists in a logical sense, it has been termed as virtual private network.
Features of a good VPN Security Reliability Scalability Network management Policy management
Problem In the company where I work we have a lot of remote employees who log in from different parts of the world such as St. Louis, USA or Israel. These developers log into a machine in Boca and work virtually from Boca. These connections are done using an VPN architecture. We need to develop the most safe architecture so that the work is done most efficiently and with the least threats to security.
Context Local networks with applications being executed in distributed systems. Access to the network can be from the Internet or from other external networks using a VPN connection.
Forces There are many remote users trying to connect to the same network from different end points. A good VPN system must accommodate all these users. There may be different end users that may require different levels of security. We need to define appropriate policies for each of these VPN connections. The company has various employees joining and leaving the company. Hence the security policies need to be constantly modified. Hence the VPN configuration should be easily configurable. The number of users and applications may increase significantly; adding more users or applications should be done transparently and at proper cost. A VPN set up should avoid access to the corporate network from all harmful external elements There are many ways to perform authentication. The VPN must support the different methods.
Pattern Diagram TCP VPN IP VPN XML VPN Authentication Secure Channel Authorization IPSec TLS Secrecy Message Authentication VPN PKI RM
Class Diagram for a VPN End User Secure Network VPN Network End User Auth Point Secure Channel Identity Base Policy Base Identity Policy
Sequence Diagram for a VPN Authentication :End User :VPN :EndUserAuthPT :IdentityBase :Policy Base :SecureCh :SecureN/W rqstConn rqstConn authenticate authenticated checkAccess accessAllowed openSecConn Established Established
Solution Whenever an end user tries to connect to a VPN, the network should ask for authorization. An user can access a network only if a specific policy authorizes it to do. Policy enforcing includes authenticating the end user who is trying to connect to the network. The VPN Tunnel created should maintain its confidentiality and data integrity.
Consequences Advantages Company can define the policies for VPN end users thus centralizing the policies and makes the administration better. Since authorization is used, company can keep a log of end users connected in the present and in the past. A secure tunnel guarantees data integrity and secrecy. Usually a PKI system of encryption is used for sending data over the tunnel. As authentication of end users are performed, users can be held responsible for their actions . We can also incorporate RBAC based on the role of the end user. Usually a Firewall complements a VPN setup..
Consequences (Contd…) Liabilities If the VPN is compromised, then the attacker gets full access to the internal network too. VPN traffic is often invisible to IDS monitoring.If the IDS probe is outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN tunnel because it is encrypted. Therefore if a hacker gains access to the VPN, he can attack the internal systems without being picked up by the IDS. Whatever type of VPN we use, VPN is only as secure as the remote computer connected to it.
Liabilities (Contd…) The pattern does not discuss the attack at the end points. VPN Tunnel is only as strong as the cryptography that enables it.
Known Users Citrix. Citrix provides a site to site VPN connection for remote users to log into the secure network as well as access applications on the company (secure) network.
Related Patterns Patterns for Application Firewalls using PEP and PAP. Nelly Delessy-Gassant, Eduardo B. Fernandez, Saeed Rajput,and Maria M. Larrondo Petrie
Future Work Expand on the VPN Pattern and create separate patterns for IP, SSL and XML VPNs. Developing the patterns missing in the network security diagram shown before.
Thank You Q&A Suggestions Concerns