Presentation is loading. Please wait.

Presentation is loading. Please wait.

V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.

Published byAmberly Jenkins Modified over 9 years ago

Similar presentations

Presentation on theme: "V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY."— Presentation transcript:

1 V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY

2 Abstract The main purpose of this presentation is to discuss the concept of virtual private networks, the reasons that lead to the development of this concept and the technology behind this concept

3 Evolution of Concept The language of the Internet is IP [Internet Protocol] Everything travels on top of IP IP does not provide ‘Security’ IP packets can be forged and manipulated en route

4 Virtual Private Network A virtual private network is the extension of a private network that encompasses links across shared or public networks like the internet Emulates a point-to-point private link

5 Continued..

6 Types of VPN Connection Router – to – Router VPN connection Intranet based VPN connections Internet based VPN connections Combined Internet & Intranet VPN’s Remote Access VPN connection

7 Elements of VPN VPN Server VPN Client VPN Connection Tunnel Transit Public Network

8 Tunneling Tunneling is the act of encapsulating ordinary (non-secure) IP packets inside encrypted (secure) IP packets Tunneling provides privacy by encrypting everything that goes into and comes out of a secure tunnel

9 Tunneling Protocols Point-to-point tunneling protocol [PPTP] Layer 2 tunneling protocol [L2TP] Internet protocol security [IPSec]

10 Disadvantages of PPTP Mainly developed for the windows world Developed by Microsoft for creating tunnels in windows NT ™ Built on top of point-to-point protocol Weak encryption capabilities

11 Credentials of L2TP Proposed by Cisco ® Systems Operates on low level network layer Runs over UDP as opposed to TCP. [UDP is a faster,leaner and less- reliable protocol] L2TP is “Firewall Friendly”

12 Credentials of IPSec Developed by foremost Encryption Experts Allows support of multiple encryption algorithms Provides an ‘integrity check’ of the IP packets Uses Machine Level Certificates, authenticating by Public Key Encryption Provides excellent encryption technology due to which L2TP uses IPSec as the default

13 Deep into IPSec Internet Protocol Security [IPSec] is a suite of protocols being developed by the IETF that seemlessly integrate security into IP and provide data source authentication, data integrity, confidentiality and protection

14 Continued.. The IPSec suite comprises of : Authentication Header [Responsible for authentication the IP Traffic] Encapsulating Security Payload [Responsible for encrypting the IP Traffic] Key Management [Responsible for several services mainly for managing & exchanging keys]

15 Authentication Header In-between the IP Header and Payload The AH comprises of : Security Parameter Index (SPI) Sequence Number Authentication Data

16 Continued.. Security Parameter Index (SPI) informs the receiver the security protocol used by the sender Sequence Number informs the number of packets sent that use the same parameters Authentication Data is the digital signature of the packet

17 Continued..

18 Encapsulating Security Payload Handles encryption of IP data at packet level Comprises of similar features like the Authentication Header Provides the additional functionality of encryption Does padding of data to ensure proper length for certain encryption algorithms Preferred when encryption and authentication is required

19 Continued..

20 Key Management Duties include : Negotiating protocols, algorithms and keys to be used in the communication Verifying the identity of the other party Managing and Exchanging keys

21 Continued.. The key management protocol is called The Internet Security Association and Key Management Protocol (ISAKMP)/Oakley key exchange protocol Handles exchange of symmetric keys between the sender and receiver

22 ISAKMP Based on Diffie-Hellman model of key generation The two parties exchange public keys and combine with a private key Allows the SPI to be reformatted at specific intervals More secure as the SPI is changed periodically

23 Continued.. Methods of Key Exchange: Main Mode Aggressive Mode Quick Mode

24 Security Association Keeps track of all details of keys and algorithms of an IPSec session Includes information about AH authentication algorithms ESP encryption algorithms and keys lifespan of the keys and Method of exchange of keys

25 Main Mode ISAKMP First Phase of ISAKMP Security Association Set’s up the Mechanism for future communications Agreement on authentication, algorithms and keys takes place Requires three back and forth exchanges

26 Continued.. Three exchange in Main Mode : First the two parties agree on algorithms and hashes for communication Second the parties exchange public keys Third both the parties verify the identity of the other party

27 Aggressive & Quick Mode Same result as the Main mode but takes only two back and forth exchanges Quick Mode is used to create new material for generating keys

28 Example Exchange An example key management scheme is shown below : [root@Codd root]# ipsec auto --up hoare-codd 104 "hoare-codd" #1: STATE_MAIN_I1: initiate 106 "hoare-codd" #1: STATE_MAIN_I2: from STATE_MAIN_I1; sent MI2, expecting MR2 108 "hoare-codd" #1: STATE_MAIN_I3: from STATE_MAIN_I2; sent MI3, expecting MR3 004 "hoare-codd" #1: STATE_MAIN_I4: ISAKMP SA established 112 "hoare-codd" #2: STATE_QUICK_I1: initiate 004 "hoare-codd" #2: STATE_QUICK_I2: sent QI2, IPsec SA established [root@Codd root]#

29 Disadvantages of IPSec Major drawback is the Network Layer Perspective followed Ignorant about the authenticity of people using the setup ESP can lead to fragmentation resulting in reduced throughput

30 Demo of IPSec A demonstration has been arranged using FreeS/WAN which is an IPSec implementation for Linux. The demo demonstrates the gateway- to-gateway mode of IPSec

Download ppt "V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Network Security Philadelphia UniversitylAhmad Al-Ghoul 2010-20111 Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Similar presentations

Ads by Google