Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network and Security Patterns

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Network and Security Patterns"— Presentation transcript:

1 Network and Security Patterns
Ajoy Kumar

2 Introduction Network Layer Security is something which has become the of prime importance in designing any network system. We look at the important layers of the network and try to identify the different Security Patterns associated with each layer. My work will be trying to fill the gaps at each layer where security patterns are missing or not well established.

3 VPN Security We first look at the available patterns in the system.
And as the next step, we try to understand the VPN architecture and we try to develop a Security pattern for the VPN Architecture.

4 Network Architecture Security Objects AU T H E N I CA ON SECRECY
AUTHOR ZAT ION IDENT F C A O FireWall IDS VPN Protocol Application XML FW XML IDS XML VPN SAML TCP Proxy FW TCP IDS TLS/SSL VPN TLS IP Packet FW Packet IDS IPSec VPN IPSec

5 Class Diagram for XML Firewall[Ne06]

6 Class Diagram for a Packet FW[Fe06]

7 Class Diagram for Proxy FireWall[Fe03]

8 Class Diagram for IDS.[Fer05]

9 VPN Architecture VPN make use of public network resources to connect to the private network of the enterprise. Within the VPN, the transmission is protected by security principles to assure confidentiality of the user(s) and data integrity. So a “private” network is established in the public domain. Since this network exists in a logical sense, it has been termed as virtual private network.

10 Features of a good VPN Security Reliability Scalability
Network management Policy management

11 Problem In the company where I work we have a lot of remote employees who log in from different parts of the world such as St. Louis, USA or Israel. These developers log into a machine in Boca and work virtually from Boca. These connections are done using an VPN architecture. We need to develop the most safe architecture so that the work is done most efficiently and with the least threats to security.

12 Context Local networks with applications being executed in distributed systems. Access to the network can be from the Internet or from other external networks using a VPN connection.

13 Forces There are many remote users trying to connect to the same network from different end points. A good VPN system must accommodate all these users. There may be different end users that may require different levels of security. We need to define appropriate policies for each of these VPN connections. The company has various employees joining and leaving the company. Hence the security policies need to be constantly modified. Hence the VPN configuration should be easily configurable. The number of users and applications may increase significantly; adding more users or applications should be done transparently and at proper cost. A VPN set up should avoid access to the corporate network from all harmful external elements There are many ways to perform authentication. The VPN must support the different methods.

14 Pattern Diagram TCP VPN IP VPN XML VPN Authentication Secure Channel
Authorization IPSec TLS Secrecy Message Authentication VPN PKI RM

15 Class Diagram for a VPN End User Secure Network VPN Network
End User Auth Point Secure Channel Identity Base Policy Base Identity Policy

16 Sequence Diagram for a VPN Authentication
:End User :VPN :EndUserAuthPT :IdentityBase :Policy Base :SecureCh :SecureN/W rqstConn rqstConn authenticate authenticated checkAccess accessAllowed openSecConn Established Established

17 Solution Whenever an end user tries to connect to a VPN, the network should ask for authorization. An user can access a network only if a specific policy authorizes it to do. Policy enforcing includes authenticating the end user who is trying to connect to the network. The VPN Tunnel created should maintain its confidentiality and data integrity.

18 Consequences Advantages
Company can define the policies for VPN end users thus centralizing the policies and makes the administration better. Since authorization is used, company can keep a log of end users connected in the present and in the past. A secure tunnel guarantees data integrity and secrecy. Usually a PKI system of encryption is used for sending data over the tunnel. As authentication of end users are performed, users can be held responsible for their actions . We can also incorporate RBAC based on the role of the end user. Usually a Firewall complements a VPN setup..

19 Consequences (Contd…)
Liabilities If the VPN is compromised, then the attacker gets full access to the internal network too. VPN traffic is often invisible to IDS monitoring.If the IDS probe is outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN tunnel because it is encrypted. Therefore if a hacker gains access to the VPN, he can attack the internal systems without being picked up by the IDS. Whatever type of VPN we use, VPN is only as secure as the remote computer connected to it.

20 Liabilities (Contd…) The pattern does not discuss the attack at the end points. VPN Tunnel is only as strong as the cryptography that enables it.

21 Known Users Citrix. Citrix provides a site to site VPN connection for remote users to log into the secure network as well as access applications on the company (secure) network.

22 Related Patterns Patterns for Application Firewalls using PEP and PAP.
Nelly Delessy-Gassant, Eduardo B. Fernandez, Saeed Rajput,and Maria M. Larrondo Petrie

23 Future Work Expand on the VPN Pattern and create separate patterns for IP, SSL and XML VPNs. Developing the patterns missing in the network security diagram shown before.

24 Thank You Q&A Suggestions Concerns

Download ppt "Network and Security Patterns"

Similar presentations

h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.

h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
Unifying the Conceptual levels of Network Security through use of Patterns. PhD Proposal Ajoy Kumar Secure Systems Research Group – Florida Atlantic University.

Unifying the Conceptual levels of Network Security through use of Patterns. PhD Proposal Ajoy Kumar Secure Systems Research Group – Florida Atlantic University.
Chapter 12 Network Security.

Chapter 12 Network Security.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Similar presentations

Ads by Google