Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Networks (VPN)

Similar presentations


Presentation on theme: "Virtual Private Networks (VPN)"— Presentation transcript:

1 Virtual Private Networks (VPN)
Based on slides accompanying the book Network Defense and Countermeasures by Chuck Easttom (2018)

2 Objectives Use a virtual private network (VPN)
Use Point-to-Point Tunneling Protocol (PPTP) as an encryption tool for VPNs Use Layer 2 Tunneling Protocol (L2TP) as an encryption tool for VPNs Add security and privacy to a communication using IPSec Understand and evaluate VPN solutions © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

3 Introduction Virtual private networks (VPNs) provide users of your network the ability to establish a secure remote connection to the network as if they were connecting locally. VPNs provide a solution to the administrator’s need for security in remote connections while solving the user’s need to connect from virtually anywhere. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

4 Basic VPN Technology Data is encapsulated with a header and transmitted over the Internet Does not require additional technologies Multiple methods of connection are available: Dial-up and modem bank High-speed (DSL, cable modem, fiber optic.) © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

5 Basic VPN Technology Remote users are not the only beneficiaries
Site-to-site connections can also be made Enables an organization to move away from expensive dedicated data lines © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

6 Protocols for VPN Encryption
PPTP L2TP IPSec © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

7 Point-to-Point Tunneling Protocol (PPTP)
Older technology than L2TP or IPSec but still widely used Near universal support among VPN equipment vendors Consumes fewer resources than L2TP and IPSec Operates at Layer 2 of OSI model Supports IPX and NetBEUI transmissions Supports two generic types of tunneling Voluntary Compulsory Discuss each of these operations. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

8 PPTP Authentication Extensible Authentication Protocol (EAP)
Designed specifically with PPTP, works from within PPP’s authentication protocol Challenge Handshake Authentication Protocol (CHAP) Three-part handshaking procedure Server sends a challenge message to the originating client Client sends back a value calculated using a one-way hash function Server checks the response against its own calculation Discuss the different types of PPTP authentication. Point out Figure 7.3 that illustrates CHAP authentication. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

9 Layer 2 Tunneling Protocol (L2TP)
New and improved version of PPTP Considered less secure than IPSec Not uncommon to be used with IPSec L2TP Authentication Supports EAP, CHAP (as PPTP does) Also supports MS-CHAP, PAP, SPAP, and Kerberos © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

10 L2TP Authentication MS-CHAP Versus CHAP
Response packet formatted for Windows compatibility Does not require the authenticator to store a clear-text or reversibly encrypted password Provides retry and password changing mechanisms Defines a set of reason-for-failure codes Elaborate on the differences between these two authentication methods. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

11 L2TP Authentication PAP Password Authentication Protocol
Most basic form of authentication Username and password transmitted in clear text Point out the illustrated figure on PAP. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

12 L2TP Authentication SPAP Shiva Password Authentication Protocol
Proprietary version of PAP Encrypted username and password Susceptible to “Playback attack” Define the playback attack. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

13 Kerberos Very well-known network authentication protocol
Sends messages between client and server The actual password is never sent, even as a hash Server uses the stored hash of the password as an encryption key to encrypt data and send it back to the client Kerberos is often on exams. Review the examples on pages © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

14 The Kerberos Process Walk students through this example, making sure they understand each step. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

15 L2TP Compared to PPTP L2TP PPTP Non IP networks
Yes, L2TP can work over X.25 networks and ATM networks No, IP only Encryption Yes, using IPSec Yes, using MPPE Authentication Yes, using EAP, MS-CHAP, CHAP, SPAP, PAP,and Kerberos Yes, EAP and CHAP Explain the differences between the two protocols. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

16 Internet Protocol Security (IPSec)
Developed by the Internet Engineering Task Force (IETF) Symmetric key encryption technology Two encryption modes Transport: Encrypts data but leaves the header unencrypted Less secure, faster Tunnel: Encrypts both the header and the data More secure, slower Elaborate on the two modes of IPSec. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

17 Other Protocols Used with IPSec
Authentication Header (AH) Authentication only Encapsulated Security Payload (ESP) Both data confidentiality and authentication Internet Key Exchange (IKE) Sets up security associations © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

18 SSL/TLS Protocols used to secure websites
SSL: Secure Sockets Layer TLS: Transport Layer Security A new type of firewall uses them to provide VPN access through a web portal © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

19 SSL/TLS Handshake © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

20 Implementing VPN Solutions
Built-in solutions Cisco Solutions Service Solutions Openswan Other Solutions Explain the different uses of the solutions listed. Built-in work primarily for home use or small offices. (These are solutions that come with an operating system.) Larger companies may need additional features that are not included in the built-in solutions. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

21 Summary VPNs provide a secure way of connecting remote users to the network L2TP, PPTP, and IPSec are protocols that can be used PPTP is based on the PPP SSL/TLS can be used to secure a VPN connection via web access Solutions built into an operating system may not provide adequate features for large companies © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks


Download ppt "Virtual Private Networks (VPN)"

Similar presentations


Ads by Google