PSeries Technical Conference L19 Brian Dolan-Goecke Atlanta, GeorgiaOctober 8-12, 2001 Linux VPN.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Internet Protocol Security (IP Sec)
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Guide to Network Defense and Countermeasures Second Edition
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)
Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Internet Security Seminar Class CS591 Presentation Topic: VPN.
Internet Protocol Security (IPSec)
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
NetComm Wireless VPN Functionality Feature Spotlight.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Course 201 – Administration, Content Inspection and SSL VPN
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
1 L2TP OVERVIEW 18-May Agenda VPN Tunneling PPTP L2F LT2P.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
1 Network Security Revisited ITEC 370 George Vaughan Franklin University.
Virtual Private Networking with OpenVPN Wim Kerkhoff Fraser Valley Linux Users Group April 15, 2004.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.
By Kevin Stevens UAT NTS4150. Definition: A Virtual Private Network (VPN) is a technology that allows secure communication via a “tunnel,” across public.
Module 5: Configuring Access for Remote Clients and Networks.
Hp education services education.hp.com 10 Virtual Private Networks Version B.00 H7076S Module 2 Slides.
C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
FreeS/WAN & VPN Cory Petkovsek VPN: Virtual Private Network – a secure tunnel through untrusted networks. IP Security (IPSec): a standardized set of authentication.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Securing Access to Data Using IPsec Josh Jones Cosc352.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Windows Vista Configuration MCTS : Advanced Networking.
Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
Virtual Private Networks and IPSec
Virtual Private Networks (VPN)
Virtual Private Networks
Virtual Private Network (VPN)
Virtual Private Network
CIT 480: Securing Computer Systems
VPN-Implementation Using UBUNTU OS and OpenVPN and Hamachi in client-server environment. By Ruphin Byamungu, Kusinza United States International University-Nairobi.
Virtual Private Network (VPN)
Virtual Private Networks
VPN: Virtual Private Network
Topic 12: Virtual Private Networks
Presentation transcript:

pSeries Technical Conference L19 Brian Dolan-Goecke Atlanta, GeorgiaOctober 8-12, 2001 Linux VPN

pSeries Technical Conference Brian Dolan-Goecke

pSeries Technical Conference Contact WebSite: Phone: (612)

pSeries Technical Conference Linux VPN We will explain and build a basic Virtual Private Network (VPN) on Linux. We will begin this session looking at VPNs and how they work. Then investigate some of the solutions for building VPNs on Linux. Finally we will build a basic VPN across the Internet with Linux. A good understanding of TCP/IP and networking is preferred.

pSeries Technical Conference Session Objectives Issues to consider when building a VPN - How it works - What is needed - What technology to use Some Linux VPN options Build a basic VPN

pSeries Technical Conference VPN Definition Virtual Private Network A secure network connection across an insecure network.

pSeries Technical Conference VPN Definition Virtual Private Network (VPN) The use of encryption in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet. VPNs are generally cheaper than real private networks using private lines but rely on having the same encryption system at both ends. The encryption may be performed by firewall software or possibly by routers. Link-level (layer 2 and 3) encryption provides extra protection by encrypting all of each datagram except the link-level information. This prevents a listener from obtaining information about network structure. While link-level encryption prevents traffic analysis (a form of attack), it must encrypt/decrypt on every hop and every path. Protocol-level encryption (layer 3 and 4) encryption encrypts protocol data but leaves protocol and link headers clear. While protocol-level encryption requires you to encrypt/decrypt data only once, and it encrypts/decrypts only those sessions that need it, headers are sent as clear text, allowing traffic analysis. Application (layer 5 up) encryption is based on a particular application and requires that the application be modified to incorporate encryption. Cisco. ( )

pSeries Technical Conference VPN Explanation

pSeries Technical Conference Connection Type Typical Internet Connection Traditional Remote Corporate Connection VPN Remote Cooperate Connection Detailed VPN Connection

pSeries Technical Conference Internet Connection

pSeries Technical Conference Traditional Connection

pSeries Technical Conference VPN Connection

pSeries Technical Conference VPN Connection Detail

pSeries Technical Conference How Does It Work ? 1) A host encrypts and encapsulates network packets in network packets. 2) Packets are transmitted to a remote host, via an insecure network. 3) The remote host will de-encapsulate and decrypt the network packets. 4) The original network packets are then forwarded to the local network.

pSeries Technical Conference How VPN Works

pSeries Technical Conference Why Have a VPN Secure access to corporate resources Fast access Less expensive infrastructure Easier access to corporate resources One connection for Internet and corporate

pSeries Technical Conference Why Not to have a VPN Higher cost of administration Can make your site more visible Need to be more security proactive Large possible security risk Requires more powerful systems

pSeries Technical Conference What is Needed ? Host Computers Network Connections VPN Software

pSeries Technical Conference Linux VPN Options

pSeries Technical Conference Available Linux VPNs Low Cost (Free) Solutions GRE CIPE IPIP PPTP SSH port forwarding IPSec

pSeries Technical Conference Available Linux VPNs Non-Free Solutions AltVista Tunnel CheckPoint FireWall-1 IPSec Many More...

pSeries Technical Conference VPN We Will Investigate GRE CIPE IPSec PPTP

pSeries Technical Conference Linux GRE Developed by: Cisco Available from: Part of standard Linux Kernel tarball Resources: RFC 2401 (and more...)

pSeries Technical Conference Linux GRE Advantages Free Comes with Linux Kernel tarball Works with cisco routers Tried and tested Can work through Masq/NAT Works with IPv6

pSeries Technical Conference Linux GRE Disadvantages No encryption

pSeries Technical Conference Linux CIPE Developed by: Olaf Titzl Available at: Resources:

pSeries Technical Conference Linux CIPE Advantages Built for VPN Can use blowfish or PKE encryption Works through/with SOCKS, NAT, Dynamic IP Free

pSeries Technical Conference Linux CIPE Disadvantages Uses udp (for good reason) Seems slow now and then Only works for IPv4

pSeries Technical Conference Linux IPSec Developed by: FreeS/WAN (Linux Version) Available at: Resources:

pSeries Technical Conference IPSec Advantages Should work across platform/vendors/devices Will work with IPv6

pSeries Technical Conference IPSec Disadvantages Difficult to implement Has problems with NAT/Masq Problems with authentication

pSeries Technical Conference Linux PPTP Developed by: Matthew Ramsay, Kevin Thayer, David Luyer, Patrick LoPresti, Philip Van Baren, Peter Galbavy and more Available at: Resources:

pSeries Technical Conference Linux PPTP Advantages Compatible with Microsoft Can be server or client

pSeries Technical Conference Linux PPTP Disadvantages Compatible with Microsoft Has some security holes

pSeries Technical Conference Build Linux VPN!

pSeries Technical Conference VPNs to Create GRE CIPE

pSeries Technical Conference Need Software IP and Network Address IPChains config Routing

pSeries Technical Conference Tools We Will Use ifconfig route ipchains

pSeries Technical Conference VPN Basics Define devices Create devices Connect devices Adjust routing/ipchains

pSeries Technical Conference GRE Steps Determine IP addresses & network Load module Configure GRE tunnel Setup routing Modify IPChains

pSeries Technical Conference CIPE Steps Determine IP addresses & network Download software Compile software Configure software Load module Start ciped daemon Set up routing Modify IPChains

pSeries Technical Conference CIPE Notes Can handle up to 99 devices Auto-creates devices Use "device ciped0" option in config file

pSeries Technical Conference CIPE Config File #/etc/cipe/options # Surprise, this file allows comments (but only on a line by themselves) debug=yes # This is probably the minimal set of options that has to be set # Without a "device" line, the device is picked dynamically device ciped # the peer's IP address ptpaddr # our CIPE device's IP address ipaddr # my UDP address. Note: if you set port 0 here, the system will pick # one and tell it to you via the ip-up script. Same holds for IP #me bigred.inka.de:6789 me :2048 #...and the UDP address we connect to. Of course no wildcards here. #peer blackforest.inka.de:6543 peer :2048 # The static key. Keep this file secret! # The key is 128 bits in hexadecimal notation. key 3333fd20adf9c0ccf9eff2393bbb3e41

pSeries Technical Conference Other Issue DNS Broadcast or Not Authentication

pSeries Technical Conference Resources Linux Docs Linux Route2 HowTo - Linux Masquerade HowTo - Linux VPN HowTo - Linux Network Administrators Guide (NAG) Virtual Private Network Consortium -- FreeS/WAN IPSec --

pSeries Technical Conference Books IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks By Naganand Doraswamy & Dan Harkins Prentice Hall, Virtual Private Networks, 2nd Edition By Charlie Scott, Paul Wolfe & Mike Erwin 2nd Edition December

pSeries Technical Conference Version Info Brian Dolan-Goecke Linux VPN Presentation Version /10/2001

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.