CS682 – Network Management and Security Session 7.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
K. Salah1 Security Protocols in the Internet IPSec.
Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.
Remote Networking Architectures
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network
NetComm Wireless VPN Functionality Feature Spotlight.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
Virtual Private Networks Warren Toomey. Available WAN Links.
EPipe 2344 Product Introduction. Protocols and Bandwidth Control Protocols TCP/IP, RIP, DHCP, TFTP, PPP, PPPoE, IPoE Bandwidth control (site-site) Multilink.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Module 5: Configuring Access for Remote Clients and Networks.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Virtual Private Network(VPN) Presented By Aparna Chilukuri.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
Virtual Private Network (VPN)
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Virtual Private Networks Manraj Sekhon. What is a VPN?
K. Salah1 Security Protocols in the Internet IPSec.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
SECURITY IN VIRTUAL PRIVATE NETWORKS PRESENTED BY : NISHANT SURESH.
Virtual Private Networks and IPSec
Virtual Private Networks
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
Virtual Private Network (VPN)
Virtual Private Network
Virtual Private Networks
Firewalls Routers, Switches, Hubs VPNs
Presentation transcript:

CS682 – Network Management and Security Session 7

Virtual Private Networking If we have a network in NY and a network in SF we want them to be able to communicate with each other. Solutions: Land based telco lines (T1, T3, etc) Satellite based communications Virtual Private Network

Cost of operation A T1 line from coast to coast can cost over $3000/month A satellite link from coast to coast has very high startup costs and significant monthly costs. A VPN costs only as much as your internet conection

Virtual Private Network A VPN is defined as a system in which two networks are connected through a third, untrusted, network. The two networks are usually a main office and a satellite office, and the third network is usually the Internet.

Security for VPNs 1. We will be sending data over an untrusted network, so it should be encrypted 2. We will have to allow connections to our encrypting host, which presents the usually security issues 3. Can the other side of the VPN be trusted???

1. The Untrusted Network Your ISP may employ someone who has in interest in capturing your data as it traverses the Internet. If your data is unencrypted you may be sending your company secrets to your competors. Encryption must be employed to protect your data

VPN encryption schemes Usually use multiple schemes for Encryption, Authentication, and key management Encryption: DES, or 3DES, IPSec, Blowfish, etc Message Authentication: MD5, SHA-1 Key management (if nescessary): IKE, SKIP

If not using Public key/Private Key Again we get the issue of how to agree on a key Usually the two Security Administrators meet 2-3 times/year and agree on a new (impossible to guess) key.

2. Open Connections Depending on which host is doing our encryption/routing for the VPN we will have to leave application ports open through the firewall. Frequently there is one or more ports for control connections and then data is streamed over IP protocol 47 (gre). This leaves open not a port but an entire protocol!

Which host??? Today routing/VPN is done on either of two places, a server or the router. If the server is to do the routing/ encryption/encapsulation, it shouldn’t be doing anything else! If the router is doing the job, it should be a high performance router! In either case we can usually assist the task by purchasing specialized hardware to do the encryption calculations.

3. Can the other side be trusted? The DoD was hacked a few years ago not directly, but through their VPN. One of their associated agencies was negligent in their task of protecting their Internet connection. A Hacker intruded the agency and used their VPN to attack the DoD.

Problems with VPNs Additional Firewalls Current firewalls to protect the VPN Limitations of the VPN Larger packets (additional header)

Benefits of VPN Two RFC-1918 (not routable Internet addresses) can communicate over the Internet. Since the data is in a “Tunnel” the IP header that is used for routing needs to have a valid IP Much less expensive than a dedicated line

Other uses for VPNs Telecommuting workers Associations with other companies Offsite Backups

Telecommuting Workers Anyone working offsite should have the same availability to the network as someone working on our network. All windows operating systems in use today have support for Point to Point Tunneling Protocol (PPTP). A Microsoft PPTP server can be set up to allow employees to call in and work as if they were at their desks.

Problems with Telecommuting Workers Most Employees are not “tech-savvy” enough to be able to configure a VPN connection. If there are any problems with the VPN will a technician be able to come to their house? A better option would be a solution such as Terminal Server.