Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

SCSC 455 Computer Security Virtual Private Network (VPN)

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Kapitel 7: Securing Site-to-Site Connectivity

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

K. Salah1 Security Protocols in the Internet IPSec.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Chapter 7: Securing Site-to-Site Connectivity

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

Advanced Unix 25 Oct 2005 An Introduction to IPsec.

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Karlstad University IP security Ge Zhang

Network Security David Lazăr.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.

Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

Network Layer Security Network Systems Security Mort Anvari.

K. Salah1 Security Protocols in the Internet IPSec.

Securing Access to Data Using IPsec Josh Jones Cosc352.

VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.

VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

IPSec Detailed Description and VPN

UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture

Chapter 18 IP Security  IP Security (IPSec)

Internet and Intranet Fundamentals

VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

Security Protocols in the Internet

Chapter 6 IP Security.

Presentation transcript:

Virtual Private Network Chapter 4

Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo

Lecturer : Trần Thị Ngọc Hoa3 Overview of VPN

VPN Concept  Virtual Private Networks are logical network that allows users to securely connect through the internet to a remote private network

VPN Deployment Scenarios  Remote Access VPN

VPN Deployment Scenarios  Extranet VPN ( Site to Site, Router to Router )

VPN Deployment Scenarios  Mixed VPN with Firewall

Lecturer : Trần Thị Ngọc Hoa8 Tunneling  Tunneling is a process of encapsulating a payload protocol into another protocol  Provide a secure path through an untrusted network or an incompatible network.

Lecturer : Trần Thị Ngọc Hoa9 Tunneling Protocol  GRE Generic Routing Encapsulation Cisco Proprietry Tunneling Protocol  PPTP ( with/without MPPE ) Point to Point Tunneling Protocol Microsoft proprietry tunneling protocol  L2TP ( with/without IPSec ) Layer 2 Tunneling Protocol Created by Cisco and Microsoft

IP Security  IP Security Overview  Algorithms  IPSec Protocols Lecturer : Trần Thị Ngọc Hoa10

Lecturer : Trần Thị Ngọc Hoa11 IP Security Overview  Open standard developed by IETF’s IPSec working group.  Security Architecture for the Internet Prototol  Designed to work at Layers 3 and 4 of the OSI model.  IPSec protects data by providing the following services : Data Authentication  Data integrity  Data origin authentication between A pair of gateways A pair of hosts A host and its gateway  Relay protection Encryption  Many different types of algorithm are used in IPSec  2 primary protocols AH – Authentication Header - 51 ESP – Encryption Security Payload - 50

Lecturer : Trần Thị Ngọc Hoa12 Encryption Algorithms  Designed for data confidentiality assurance  2 different methods Symmetrical Asymmetrical

Lecturer : Trần Thị Ngọc Hoa13 Symmetrical Algorithms EncryptDecrypt Data #$ad^&* Data  DES – Data Encryption Standard 56 bit key – 64 data bit block No of Key = 72,000,000,000,000,000  3DES Three phases Encrypt – Decrypt – Encrypt 168 bit key – 64 data bit block  AES – Advanced Encryption Standard bit key Session key

Lecturer : Trần Thị Ngọc Hoa14 Asymmetric Algorithms EncryptDecrypt Data #$ad^&* Data Public keyPrivate key  2 different but related keys are required.  RSA -Rivest, Shamir, and Adelman  ElGamal

Lecturer : Trần Thị Ngọc Hoa15 Hashing Algorithms  Hashing algorithms are used for authentication and integrity assurance for data  They are based on some type of one-way hashing function.  SHA 128 bits output  MD5 160 bits output  Collision : 2 different inputs => the same output  SHA is prefered than MD5

Lecturer : Trần Thị Ngọc Hoa16 Hashing Example

Lecturer : Trần Thị Ngọc Hoa17 Key Exchange Problem  Question : How to get the key from one device to the other ? If the key is sent across an untrusted network, you run the risk of it being sniffed and captured by a hacker. If you phone the technician at the other end, you run the risk of phone tapping.  Answer : Diffie Hellman

Lecturer : Trần Thị Ngọc Hoa18 Diffie Hellman Key Exchange  The Diffe-Hellman key exchange is used for automatic secure key exchange of Symmetrical keys Other types of keys  Algorithm Description Step 1 : A and B pour their favourite drink into the glass Step 2 : A and B pour the same liquid into the glass Step 3 : A and B exchange their own glass.Then pickup the other liquid and mixed with their own one

Lecturer : Trần Thị Ngọc Hoa19 IPSec Protocols  AH Provide  Data integrity  Data authentication  Antireplay protection (optionally) Not provide any form of encryption to the payload of the packet.  ESP Provide payload encryption Provide authentication and integrity

Lecturer : Trần Thị Ngọc Hoa20 Security Mode  Both ESP and AH can operate in two different modes  Tunnel Mode : The entire packet is encrypted then encapsulated with a new, unprotected IP header.  Transport Mode : Default mode The original IP header is reused with the new packet The current IP header has been used in the hashing algorithm and therefore cannot be changed from sender to receiver.

Lecturer : Trần Thị Ngọc Hoa21 Security Associations  A set of policy and key(s) used to protect data before an IPSec tunnel can be created.  Each SA gets a unique 32-bit Security Parameter Index number – SPI – that is sent in every packet pertaining to the specific SA.  The SA keeps track of general information such as the following: Source IP address Destination IP address IPSec protocols used SPI number Encryption and authentication algorithms Key lifetime (sets the amount of time and/or byte count that a key is valid for; the longer the time, the more vulnerable your data is)

Lecturer : Trần Thị Ngọc Hoa22 Internet Key Exchange  Internet Key Exchange (IKE) is used to establish all the information needed – SA – for a tunnel.  2 phases Main mode – IKE Phase 1 Quick mode – IKE Phase 2