Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Networking Irfan Khan Myo Thein Nick Merante.

Published byAnna Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "Virtual Private Networking Irfan Khan Myo Thein Nick Merante."— Presentation transcript:

1 Virtual Private Networking Irfan Khan Myo Thein Nick Merante

2 VPN + IPSec VPN: Virtual Private Network –Enable two remote networks to appear as one network via the internet. IPSec: Internet Protocol Security Extensions –Enable machines to securely communicate over an insecure medium

3 What We Will Cover The need for security Benefits of a VPN/IPSec combination The necessary tools How to set everything up How to verify everything is working

4 The Need for Security Internet not like it used to be The hunt for bugs Automated tools do most of the dirty work Systems targets regardless of content value Business need for securing client/customer data in global network

5 Why Use VPN Confidentiality Integrity Authenticity Replay Protection

6 Who can benefit Peer to peer security – encryption of traffic between people. –PGP Desktop Security www.pgpi.org Corporate security – encryption of traffic between offices.

7 Benefits to personal users Create a secure path between two machines Enhance the level of trust with authentication

8 Benefits for corporate users Can do away with leased lines connecting offices without sacrificing privacy. Can then make use of the internet: –More reliable –More portable –More cost-effective

9 A method of security Implementing a Virtual Private Network (VPN) Using IPSec to encrypt all traffic Authenticating data sent

10 What is IPSec IPSec = AH + ESP + IKE

11 Different Modes AH vs ESP AH: Authentication Header –Attaches checksum to packets –Ensures packet not modified in transit ESP: Encapsulating Security Payload –Encrypts data –Ensures authentication

12 Tunnel Mode –Encapsulate packet into new IPv4/v6 header –Used for VPN Gateways Transport Mode –Encrypts normal traffic between peers Different Modes Tunnel vs Transport

13 Tunnel vs Transport Host 1Host 2 Host 1Gateway 1Host 2 Transport Mode Tunnel Mode Gateway 2

14 Necessary Tools Two unix machines with properly configured kernels to serve as gateways Racoon for key exchange Internet connection

15 Preparing the machine Modify the kernel bpf # Berkeley packet filter IPFIREWALL# Enable Firewall IPDIVERT# Divert IP sockets (Used for NAT) IPSEC # IP security IPSEC_ESP# IP security (crypto; define w/ IPSEC) IPSEC_DEBUG # debug for IP sec Install Racoon –Obtain source code or install from ports collection

16 Creating the tunnel Set up tunnel between 2 private networks gif – Generic tunnel interface Diagram A Tunnel Script (Step 3)

17 Diagram A Internet Gateway A Node B Node A Node C Gateway B Node B Node A Node C VPN Tunnel van-gw1 gif0: 192.168.6.1 vpn-gw2 gif0: 192.168.5.1 192.52.220.22192.52.220.152 192.168.6.100192.168.6.101192.168.6.102 192.168.5.100192.168.5.101192.168.5.102

18 Adding the Encryption Creating the policies Manual keying Automatic keying (racoon) –Racoon configuration Different algorithms –des, 3des, blowfish, etc. Step 4 / Figure A

19 Figure A # Ident: ipsec.conf # Usage: setkey –f ipsec.conf flush; # Flush the Security Association Database spdflush;# Flush the Security Policy Database #add 192.52.220.22 192.52.220.152 esp 9111 -E blowfish-cbc "12345"; #add 192.52.220.152 192.52.220.22 esp 9112 -E blowfish-cbc "12345"; spdadd 192.168.6.0/24 192.168.5.0/24 any -P out ipsec esp/tunnel/192.52.220.22-192.52.220.152/require; spdadd 192.168.5.0/24 192.168.6.0/24 any -P in ipsec esp/tunnel/192.52.220.152-192.52.220.22/default;

20 Changes to the Packet Orig IP hdrTCPData Orig IP hdrTCPData ESP Trailer ESP Auth ESP Header encrypted authenticated Before applying ESP After applying ESP IP v4: ESP: Encapsulating Security Payload

21 Manual vs Automatic Keying Benefits of manual keying –Simplicity –Less overhead Benefits of automatic keying –Much more secure –Encryption keys periodically changed based on time or amount transferred.

22 Encryption Algorithms Data Encryption Standard (DES) –64 bits Triple DES –192 bits Blowfish –40 to 448 bits Rijndael (AES) –128/192/256 bits

23 Verification An analysis before and after –Key Policies (Figure B) –Dump Security Association Database with setkey –D (Figure C) –TCP Dump of Headers (Figure D) –TCP Dump of Data (Figure E)

24 Diagram A Internet Gateway A Node B Node A Node C Gateway B Node B Node A Node C VPN Tunnel van-gw1 gif0: 192.168.6.1 vpn-gw2 gif0: 192.168.5.1 192.52.220.22192.52.220.152 192.168.6.100192.168.6.101192.168.6.102 192.168.5.100192.168.5.101192.168.5.102

25 Conclusion Different tools for different jobs PGP for encrypting data SSL for encrypting sockets SSH for encrypting logons IPSec for encrypting all traffic Another tool for the administrator’s toolbox

Download ppt "Virtual Private Networking Irfan Khan Myo Thein Nick Merante."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Similar presentations

Ads by Google