1 / 24

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH. Charles T. Moetului WRQ, Inc. (206) 217-7048 charlesm@wrq.com. What is VPN?. A Virtual Private Network, or VPN, is a private connection between two machines or networks over a shared or public network.

christinehorne
Télécharger la présentation

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048 charlesm@wrq.com

  2. What is VPN? A Virtual Private Network, or VPN, is a private connection between two machines or networks over a shared or public network. Privacy and security over the public network is maintained through the use of a tunneling protocol.

  3. The alternatives? Secure Dialup Leased Lines

  4. Leased Lines Corporate HQ Remote office Remote office Remote office Remote office

  5. Secure Dialup Home office Modem pool Remote Office To LAN Remote user To LAN RAS Server RAS Server Remote user Home office

  6. Why VPN? Pros: • Implementation Costs • Utilizes the Internet’s infrastructure • Administrative costs Cons: • Lack of interoperability • Variable performance

  7. VPN Corporate HQ Home office Remote office Remote office Internet Remote user Remote office Remote office

  8. Tunneling Tunneling is the process of encapsulating network packets within other network packets before sending them over a network

  9. VPN Tunnel VPN Tunnel Internet Internet VPN Server VPN Server To LAN PC with VPN Client VPN Server PC to Server To Remote office To Remote office Gateway to Gateway

  10. Tunneling protocols PPTP L2TP IPsec SSH SSL/TLS

  11. PPTP Point to Point Tunneling Protocol was developed to tunnel through a PPP connection (RFC 2637)

  12. Encrypted Encrypted PPTP Control Packet PPTP Data Packet Data Link Header Data Link Header IP Header IP GRE Header TCP PPP Header PPTP Control Message Encrypted Payload Data Link Trailer Data Link Trailer

  13. L2TP Layer 2 Tunneling Protocol combines the best of L2F (Layer 2 Forwarding) with the best of PPTP protocol and also tunnels through a PPP connection (RFC 2661)

  14. Encrypted Encrypted L2TP Control Packet L2TP Data Packet Data Link Header Data Link Header IP Header IP Header IPSec ESP Header IPSec ESP Header UDP Header UDP Header L2TP Header L2TP Control Message PPP Header IPSec ESP Trailer Payload IPSec ESP Auth Trailer IPSec ESP Trailer Data Link Trailer IPSec ESP Auth Trailer Data Link Trailer

  15. IPsec Internet Protocol Security is an Internet Standard protocol used for securing data across the Internet (RFC 2401) In a VPN environment IPsec can be used as a complete protocol solution or as the encryption tool within another VPN protocol such as L2TP

  16. VPN via IPsec 1. Use IKE to negotiate VPN VPN Phase 1 SA Client Server 2. Negotiate Phase 2 SA (inbound & outbound SA) Decrypt packets 3. Encrypt using inbound packets with SA and send to outbound SA application Decrypt packets Encrypt packets using inbound using outbound SA and send to SA application

  17. SSH Secure Shell provides a single secure session between two computers over a shared network. The session requires server software on a host and client software on a connecting client

  18. 5. Arbitrary 5. Arbitrary TCP port TCP port forwarding forwarding Secure Shell Basics 1. Establish secure tunnel Secure Secure Authenticate 2. Shell Shell server Server Client Authenticate 3. client 4. Encrypted session OS OS TCP Stack TCP Stack

  19. SSH Tunnel Internet SSH PC with SSH Client Host with SSH daemon

  20. Comparing VPNs • PPTP and L2TP • Uses control packets to build and tear down VPN tunnel • Uses data packets to send the data through the tunnel • IPSec • Negotiates Security Associations (SAs) • Uses outbound SA to encrypt and send packets. • Uses inbound SA to decrypt incoming packets.

  21. Comparing VPN and SSH • PPTP, L2TP and IPSec • Connects PCs to a companies’ network • Connects companies remote networks to each other • SSH • Connects a PC directly to a Host running SSH • Can configure other service ports to be forwarded through the SSH tunnel

  22. Implementing VPNs • Enterprise Service Providers (ESP) • provides Network Access Servers (NAS) • provides VPN clients for individual PC’s • maintains the network infrastructure • Hardware only Providers • provides VPN Servers with built in VPN software • may or may not maintain network infrastructure

  23. Implementing VPNs • Hardware and software providers • provides VPN Servers • provides VPN client and VPN server software • may or may not maintain network infrastructure • Software only providers • provides VPN software to run on existing hardware • does not maintain network infrastructure

  24. Questions?

More Related