1 Guide to Network Defense and Countermeasures Chapter 7.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Internet Protocol Security (IP Sec)
Guide to Network Defense and Countermeasures Second Edition
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
11 Setting Up a Virtual Private Network
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Module 5: Configuring Access for Remote Clients and Networks.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies
Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Virtual Private Networking Karlene R. Samuels COSC513.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)
Remote Networking Architectures
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Chapter 11: Setting up a Virtual Private Network.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Intranet, Extranet, Firewall. Intranet and Extranet.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Chapter 6: Packet Filtering
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Guide to Firewalls and VPNs, 3 rd Edition Chapter Ten Setting Up A Virtual Private Network.
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications ◦The client requested data.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Guide to Network Defense and Countermeasures Third Edition
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Virtual Private Network Wo Yan Lam. Overview What is Virtual Private Network Different types of VPN –Remote-Access VPN –Site-to-site VPN Security features.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
Virtual Private Networks and IPSec
Virtual Private Networks
Remote Access Lecture 2.
Virtual Private Networks (VPN)
Cengage Learning: Computer Networking from LANs to WANs
Topic 12: Virtual Private Networks
Presentation transcript:

1 Guide to Network Defense and Countermeasures Chapter 7

2 Chapter 7 - Setting up a Virtual Private Network Explain the “what, why, and how” of virtual private networks (VPNs) Understand the tunneling protocols that enable secure VPN connections Describe the encryption schemes used by VPNs Know how to adjust packet filtering rules for VPNs

3 A VPN provides a way for two computers or networks to communicate securely using the same public channels available on the Internet The “V” in VPN means virtual; rather than a direct network cable connection, a combination of Internet- based routers and network segments are used The “P” means private; only the designated end points of the VPN connection (tunnel) participate The “N” means network; it connects one group of computers to another, and extends the network’s boundaries Exploring VPNs: What, Why, and How

4 VPN components: VPN server, or host is a computer configured to accept connections from clients who either dial in or connect directly using a broadband connection VPN client, or guest can be a router that serves as the end-point of a gateway-to-gateway connection, or can be a computer configured as an endpoint Tunnel - the connection through which data is sent VPN protocols are standardized communication settings that hardware and software use to encrypt data that is sent along the VPN, including IPSec, PPTP, and L2TP Exploring VPNs: What, Why, and How

5 Two types of VPNs: Site-to-site links two or more networks Client-to-site allows network access to dial-in users Hardware vs. software VPNs: Hardware-based VPNs connect one gateway to another; typically the gateways are routers that encrypt/decrypt, but could be a VPN appliance Software-based VPNs are usually integrated with firewalls, and as a result, increase network security; software solutions offer maximum flexibility Exploring VPNs: What, Why, and How

6

7

8

9 VPN combinations: Combining VPN hardware or software with other hardware and software adds network security; one useful combination is a VPN bundled with a firewall, since VPNs do not replace firewall functionality VPN core activity #1: Encapsulation Data encapsulation means that a packet is enclosed within another one that has different IP addressing data to provide a higher degree of protection Data packets are encapsulated within packets that use the source/destination of the VPN gateway Exploring VPNs: What, Why, and How

10

11 VPN core activity #2: Encryption Encryption is the process of rendering information unreadable by all but the intended recipient VPN endpoints encrypt/decrypt data by exchanging keys, or blocks of encoded data; the key is part of an electronic document called a digital signature VPN core activity #3: Authentication Authentication is the process of identifying a user or computer as being authorized to access a network Authentication uses digital certificates; the tunneling protocol determines the type of authentication Exploring VPNs: What, Why, and How

12

13

14 Why establish a VPN? The need for private business transactions drives an increasing number of organizations to adopt VPNs; e-commerce popularity provides an incentive as well; government and military agencies share more information in order to provide homeland security Budgetary considerations have always made VPNs attractive to businesses; also, many businesses employ remote users who need network access Another incentive for creating a VPN is the need to establish a high level of security in an extranet Exploring VPNs: What, Why, and How

15

16 Advantages and disadvantages of VPNs VPNs provide a high level of security, but if a VPN is poorly configured or a remote user at an endpoint disables their firewall by mistake and lets in a hacker, the normal protection can be undone VPNs can be complex to configure and the hardware can represent a substantial investment By focusing on Internet-based technologies, VPNs simplify a network overall Running a VPN means better opportunity to maximize network uptime Exploring VPNs: What, Why, and How

17

18 How to configure VPNs: To set up a VPN, define a VPN domain A VPN domain is a set of one or more computers that is handled by the VPN hardware and software as a single entity, and that uses the VPN to communicate with another domain Besides defining a VPN domain, determine whether the network gateway will be included in that domain; that, in turn, depends on whether the network has a site-to-site or client-to-site type of VPN configuration Exploring VPNs: What, Why, and How

19

20 Single and multiple-entry point configurations Smaller networks that use VPNs often have single entry point configurations, where all traffic to and from the network passes through a single gateway such as a router or firewall or both Large organizations have networks that require multiple-entry point configurations, in which multiple gateways are used, each with a tunnel connecting a different location In multiple-entry point configurations, it is important to exclude the gateway itself from the VPN domain Exploring VPNs: What, Why, and How

21

22

23 VPN topology configurations: In a mesh topology, all the participants in the VPN have Security Associations (SAs) with one another; full mesh is where every subnet is connected to every other; partial mesh is where any subnet may or may not be connected to the other subnets In a star topology, the VPN gateway is the hub, and other participating networks are called rim subnets As organizations with VPNs grow to include new computers and new branch offices, they naturally evolve from a mesh or hub-and-spoke to a hybrid system that combines the two topologies Exploring VPNs: What, Why, and How

24

25

26 IPSec/IKE: Internet Protocol Security (IPSec) was developed for enabling secure communications in the Internet IPSec has become the standard set of protocols for VPN security because: it works at the Network layer; it has the ability to encrypt the entire TCP/IP packet; it can work with IPv6; it provides authentication of source and destination computers The biggest advantage to using IPSec is the fact that it has gone through the standardization process and is supported by a wide variety of VPN hardware and software Understanding Tunneling Protocols

27

28

29 Secure Shell (SSH): Secure Shell (SSH) provides for authentication and encryption of TCP/IP packets over a VPN SSH works with UNIX-based systems and creates a secure Transport layer connection, and makes use of public key cryptography Socks V.5: Socks provides proxy services for applications that don’t normally support proxying; Socks Version 5 adds encrypted authentication and UDP support Understanding Tunneling Protocols

30 Point-to-point tunneling protocol (PPTP): Point-to-point tunneling protocol (PPTP) is a VPN configuration for users who need to dial in to a server using a modem connection on a computer running an older operating system PPTP encapsulates TCP/IP packets and uses a proprietary Microsoft technology called MPPE Layer 2 tunneling protocol (L2TP): Layer 2 tunneling protocol (L2TP) provides a higher level of security than PPTP through IPSec support Understanding Tunneling Protocols

31

32 Triple-data encryption standard (Triple- DES): Most VPNs make use of Triple-data encryption standard (Triple-DES) encryption Triple-DES is strong because it uses three separate 64-bit keys to process data Secure Sockets Layer (SSL): Secure Sockets Layer (SSL) enables Web servers and browsers to exchange encrypted information SSL sessions make use of both symmetric and asymmetric keys to encrypt data Encryption Schemes used by VPNs

33

34 Kerberos: Kerberos is a system for authentication of individual network users that was developed at MIT Kerberos uses an authentication method called authentication by assertion - the computer that connects to a server and requests services asserts that it is acting on behalf of an approved user Instead of digital certificates, Kerberos issues tickets; accessing an application protected by Kerberos requires a ticket Encryption Schemes used by VPNs

35 VPNs need to be used with firewalls VPNs can be located in front of existing firewalls, or placed in DMZs in parallel to an existing firewall Packet filtering rules make use of three IP packet header fields: the source address; the destination address; the Protocol Identifier (Protocol ID) Conduct packet filtering based on any or all of these fields; block all packets from an address with the source address; route entered packets with the destination address; refer to protocols (ICMP, TCP, UDP, ESP, AH) with the Protocol ID Adjusting Packet Filtering Rules for VPNs

36 PPTP filters For PPTP traffic to pass through a firewall, set up packet filtering rules that permit it PPTP uses two protocols: TCP and Generic Routing Encapsulation (GRE) L2TP and IPSec filters If L2TP is used, rules must be set up that permit IPSec traffic Adjusting Packet Filtering Rules for VPNs

37

38

39 Chapter Summary This chapter discussed issues involved in configuring a Virtual Private Network (VPN) and the role that the VPN plays in a network defense strategy VPNs are virtual in that they do not make use of proprietary leased lines. Rather, they connect computers and networks through the public Internet. VPNs are private because they send data through a secure tunnel that leads from one endpoint to another. Each endpoint is terminated by VPN hardware or software that encrypts and encapsulates the data. VPNs are networks that connect one network to one or more networks, one computer to another, or one computer to a network

40 Chapter Summary VPNs consist of various components. These include VPN servers, which are configured to accept connections from client computers; VPN clients; the tunnels through which data passes, and protocols that determine how the tunneled data is to be encrypted, such as IPSec. A site-to- site VPN uses such components to connect to networks. A client-to-site VPN connects a remote user to a network. VPN endpoints can be terminated by VPN hardware, software, or a combination of both

41 Chapter Summary VPNs perform three core activities. Encapsulation encloses one packet of digital information within another one to conceal the original packet’s source and destination IP address and to protect the contents. Encryption makes the contents of the packet - not only its data, but its header information as well - unreadable by all but the intended recipient. Authentication ensures that the computers participating in a VPN are authorized users

42 Chapter Summary Because VPNs can be complex to configure, the reasons for establishing them should be understood.The need to keep critical business communications private and secure drives the adoption of VPNs. The cost-effectiveness of using the Internet for VPN communications also makes VPNs attractive. On the other hand, the encryption performed by VPNs can slow down data transfer rates. Reliance on the Internet, which is often unpredictable, can result in the VPN going down along with ISP connections

43 Chapter Summary A VPN is often configured by establishing a VPN domain, a group of computers that are handled as one entity. Networks that use VPNs can have single entry point configurations, in which all traffic to and from the network passes through a single gateway. Some VPNs are part of multiple- entry point configurations, in which more than one gateway is used. Whether single or multiple entry points are in place in one network, that network can then be connected to other VPN participants using a mesh or star configuration, or a combination of both

44 Chapter Summary VPNs make use of standard instruction sets called protocols that secure tunneled communications between endpoints. IPSec combined with IKE is one of the most popular protocols because of its wide support in the industry and high degree of security through AH and ESP encryption. SSH is a protocol used to authenticate and encrypt packets in a UNIX- based environment. Version 5 of the Socks protocol can also provide security for VPN transactions, though it is not widely used. PPTP and L2TP enable remote users to dial in to a computer over a secure VPN connection

45 Chapter Summary Encryption is one of the techniques that make VPNs possible. Most VPNs today use Triple-DES encryption, a variation of DES in which three separate keys are used to process information. However, some VPNs use SSL encryption when Web-based applications need to be connected securely. Another system, Kerberos, is used in Windows and other OSs to give employees access to network resources for relatively short periods of time through the issuance of “tickets”

46 Chapter Summary VPNs need to be used in conjunction with firewalls. For the two devices to work together, packet filtering rules need to be set up. The rules cover such protocols as PPTP, L2TP, and IPSec. The have as their ultimate goal the filtering of packets so that only traffic to and from VPN endpoints passes through the VPN, and other traffic is filtered by the firewall to reach specific destinations on the network

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.