Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

Published byAntonia Watkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo."— Presentation transcript:

1 Virtual Private Network Chapter 4

2 Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo

3 Lecturer : Trần Thị Ngọc Hoa3 Overview of VPN

4 VPN Concept  Virtual Private Networks are logical network that allows users to securely connect through the internet to a remote private network

5 VPN Deployment Scenarios  Remote Access VPN

6 VPN Deployment Scenarios  Extranet VPN ( Site to Site, Router to Router )

7 VPN Deployment Scenarios  Mixed VPN with Firewall

8 Lecturer : Trần Thị Ngọc Hoa8 Tunneling  Tunneling is a process of encapsulating a payload protocol into another protocol  Provide a secure path through an untrusted network or an incompatible network.

9 Lecturer : Trần Thị Ngọc Hoa9 Tunneling Protocol  GRE Generic Routing Encapsulation Cisco Proprietry Tunneling Protocol  PPTP ( with/without MPPE ) Point to Point Tunneling Protocol Microsoft proprietry tunneling protocol  L2TP ( with/without IPSec ) Layer 2 Tunneling Protocol Created by Cisco and Microsoft

10 IP Security  IP Security Overview  Algorithms  IPSec Protocols Lecturer : Trần Thị Ngọc Hoa10

11 Lecturer : Trần Thị Ngọc Hoa11 IP Security Overview  Open standard developed by IETF’s IPSec working group.  Security Architecture for the Internet Prototol  Designed to work at Layers 3 and 4 of the OSI model.  IPSec protects data by providing the following services : Data Authentication  Data integrity  Data origin authentication between A pair of gateways A pair of hosts A host and its gateway  Relay protection Encryption  Many different types of algorithm are used in IPSec  2 primary protocols AH – Authentication Header - 51 ESP – Encryption Security Payload - 50

12 Lecturer : Trần Thị Ngọc Hoa12 Encryption Algorithms  Designed for data confidentiality assurance  2 different methods Symmetrical Asymmetrical

13 Lecturer : Trần Thị Ngọc Hoa13 Symmetrical Algorithms EncryptDecrypt Data #$ad^&* Data  DES – Data Encryption Standard 56 bit key – 64 data bit block No of Key = 72,000,000,000,000,000  3DES Three phases Encrypt – Decrypt – Encrypt 168 bit key – 64 data bit block  AES – Advanced Encryption Standard 128-192-256 bit key Session key

14 Lecturer : Trần Thị Ngọc Hoa14 Asymmetric Algorithms EncryptDecrypt Data #$ad^&* Data Public keyPrivate key  2 different but related keys are required.  RSA -Rivest, Shamir, and Adelman  ElGamal

15 Lecturer : Trần Thị Ngọc Hoa15 Hashing Algorithms  Hashing algorithms are used for authentication and integrity assurance for data  They are based on some type of one-way hashing function.  SHA 128 bits output  MD5 160 bits output  Collision : 2 different inputs => the same output  SHA is prefered than MD5

16 Lecturer : Trần Thị Ngọc Hoa16 Hashing Example

17 Lecturer : Trần Thị Ngọc Hoa17 Key Exchange Problem  Question : How to get the key from one device to the other ? If the key is sent across an untrusted network, you run the risk of it being sniffed and captured by a hacker. If you phone the technician at the other end, you run the risk of phone tapping.  Answer : Diffie Hellman

18 Lecturer : Trần Thị Ngọc Hoa18 Diffie Hellman Key Exchange  The Diffe-Hellman key exchange is used for automatic secure key exchange of Symmetrical keys Other types of keys  Algorithm Description Step 1 : A and B pour their favourite drink into the glass Step 2 : A and B pour the same liquid into the glass Step 3 : A and B exchange their own glass.Then pickup the other liquid and mixed with their own one

19 Lecturer : Trần Thị Ngọc Hoa19 IPSec Protocols  AH Provide  Data integrity  Data authentication  Antireplay protection (optionally) Not provide any form of encryption to the payload of the packet.  ESP Provide payload encryption Provide authentication and integrity

20 Lecturer : Trần Thị Ngọc Hoa20 Security Mode  Both ESP and AH can operate in two different modes  Tunnel Mode : The entire packet is encrypted then encapsulated with a new, unprotected IP header.  Transport Mode : Default mode The original IP header is reused with the new packet The current IP header has been used in the hashing algorithm and therefore cannot be changed from sender to receiver.

21 Lecturer : Trần Thị Ngọc Hoa21 Security Associations  A set of policy and key(s) used to protect data before an IPSec tunnel can be created.  Each SA gets a unique 32-bit Security Parameter Index number – SPI – that is sent in every packet pertaining to the specific SA.  The SA keeps track of general information such as the following: Source IP address Destination IP address IPSec protocols used SPI number Encryption and authentication algorithms Key lifetime (sets the amount of time and/or byte count that a key is valid for; the longer the time, the more vulnerable your data is)

22 Lecturer : Trần Thị Ngọc Hoa22 Internet Key Exchange  Internet Key Exchange (IKE) is used to establish all the information needed – SA – for a tunnel.  2 phases Main mode – IKE Phase 1 Quick mode – IKE Phase 2

Download ppt "Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Kapitel 7: Securing Site-to-Site Connectivity

Kapitel 7: Securing Site-to-Site Connectivity
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.

1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.

Similar presentations

Ads by Google