1 / 58

Virtual Private Networks

Virtual Private Networks. Survey on Information Assurance TEL 581 Presented by Viswesh Prabhu Subramanian Gregory Michel Lincoln Jean Louis. Virtual Private Networks. Contents: What is a VPN? VPN Types VPN Security VPN gateways Introduction to VPN protocols Pros and cons of VPN

cortez
Télécharger la présentation

Virtual Private Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Private Networks Survey on Information Assurance TEL 581 Presented by VisweshPrabhu Subramanian Gregory Michel Lincoln Jean Louis

  2. Virtual Private Networks • Contents: • What is a VPN? • VPN Types • VPN Security • VPN gateways • Introduction to VPN protocols • Pros and cons of VPN • Tunneling protocols • What is tunneling • IPSec • PPP • Point-to-Point Tunneling Protocol (PPTP) • Layer 2 Tunneling Protocol (L2TP) • Layer 2 Forwarding (L2F) • Authentication Protocols • Password Authentication Protocol (PAP) • Challenge Handshake Protocol (Chap) • PAP vs Chap • Extensible Authentication Protocol. • Summary. • Access Guidelines

  3. What is a VPN?

  4. What is a VPN? Short video about VPN from Teracom Training Institute. http://www.yousearchblog.com/video/1Q6wKa1IaIA/Acronyms%20and%20Abbreviations

  5. What is a VPN? A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. (http://lylebeckportfolio.com/vpn.htm)

  6. What is a VPN? http://www.3linkserver.com/images/themes/3link/vpn_image.gif

  7. What is a VPN Public networks are used to move information between trusted network segments using shared facilities like Frame Relay or ATM http://www.uniforum.chi.il.us/slides/baker-vpn/vpn.ppt

  8. What is a VPN? A VIRTUAL Private Network replaces all of the above utilizing the public Internet Performance and availability depend on your ISP and the Internet http://www.uniforum.chi.il.us/slides/baker-vpn/vpn.ppt

  9. Why?

  10. VPN Types

  11. VPN works via Crypto/Encapsulation http://www.uniforum.chi.il.us/slides/baker-vpn/vpn.ppt

  12. VPN Security http://lylebeckportfolio.com/vpn.htm

  13. VPN Gateways • VPN gateways can be categorized as Standalone or Integrated. • Standalone VPNs incorporate purpose-built devices between - the source of data and WAN link orbetween the modem and a data source in a remote office. • Integrated implementations add VPN functionality to existing devices such as routers, firewalls.

  14. Gateway Solutions • Router based VPNs – adding encryption support to existing router(s) can keep the upgrade costs of VPN low. • Firewall based VPNs – workable solution for small networks with low traffic volume. • Software based VPNs – good solution for better understanding a VPN, software runs on existing servers and share resources with them

  15. 2 main VPN architectures: • There are products based on IPSec and Point to Point Tunneling Protocol (PPTP) or L2TP (Layer 2 Tunneling Protocol) • Although IP sec has become the de facto standard for LAN to LAN VPN’s, PPTP and L2TP are heavily used for single client to LAN connections. • Therefore, many VPN products support IPSec, PPTP and L2TP.

  16. Benefits of using VPN • Lower costs – remote access costs have reduced by 80 percent while LAN-to-LAN connectivity costs is reduced by 20-40 percent. • VPN provides low-cost alternative to backbone equipment, in-house terminal equipment and access modems. • Connectivity Improvements – VPN based links are easy and inexpensive ways to meet changing business demands.

  17. Benefits of VPN • Anywhere anytime access – ubiquitous public internet offers transparent access to central corporate systems i.e. email, directories, internal-external web-sites. • VPN technology is improving rapidly and promises a bright future for data communication, its cost-effective, and high returns on investment will outweigh any skittishness in investing in new technology.

  18. Disadvantages of VPN • The availability and performances of VPN networks are difficult to control • VPN speeds are much slower than those experienced with a traditional connection • VPN technologies from different creators may work poorly together. With time, this may improve. For now, however, this can cause frustration when implementing a VPN. • One of the VPN's weakest links its users.

  19. Tunneling Protocols

  20. Tunneling Protocols • What is tunneling • IPSec • PPP • Point-to-Point Tunneling Protocol (PPTP) • Layer 2 Tunneling Protocol (L2TP) • Layer 2 Forwarding (L2F)

  21. Tunneling Protocols • A tunnel is a virtual path across a network that delivers packets that are encapsulated and possibly encrypted. • A packet based on one protocol is wrapped, or encapsulated, in a second packet based on a different protocol

  22. What is tunneling? • Example of situation where Tunneling is used: • An Ethernet network is connected to an FDDI backbone, that FDDI network does not understand the Ethernet frame format • Two networksuse IPX and need to communicate across the Internet

  23. What is tunneling? http://www.novell.com/documentation/nias41/iptuneun/graphics/rtc_021a.gif

  24. What is tunneling? • Tunneling is the main ingredient to a VPN, tunneling is used by VPN to creates its connection • Three main tunneling protocols are used in VPN connections: • PPTP • L2TP • IPSec

  25. IPSec (Internet Protocol Security) • Provides a method of setting up a secure channel for protected data exchange between two devices. • More flexible and less expensive than end-to end and link encryption methods. • Employed to establish virtual private networks (VPNs) among networks across the Internet.

  26. IPSec (Internet Protocol Security) • IPSec uses two basic security protocols: • Authentication Header (AH): It is the authenticating protocol • Encapsulating Security Payload (ESP): ESP is an authenticating and encrypting protocol that provide source authentication, confidentiality, and message integrity.

  27. IPSec (Internet Protocol Security) • IPSec can work in one of two modes: • Transport mode, in which the payload of the message is protected • Tunnel mode, in which the payload and the routing and header information are protected.

  28. IPSec (Internet Protocol Security) CISSP Certification All in One Exam Guide pg 610

  29. Point-to-Point Tunneling Protocol (PPTP) • PPTP is a Microsoft protocol which allows remote users to set up a PPP connection to a local ISP and then create a secure VPN to their destination

  30. Point-to-Point Tunneling Protocol (PPTP) CISSP Certification All in One Exam Guide pg 612

  31. Point-to-Point Tunneling Protocol (PPTP) • In PPTP, the PPP payload is encrypted with Microsoft Point-to-Point Encryption (MPPE) using MS-CHAP or EAP-TLS. • The keys used in encrypting this data are generated during the authentication process between the user and the authentication server.

  32. Point-to-Point Tunneling Protocol (PPTP) CISSP Certification All in One Exam Guide pg 613

  33. Point-to-Point Tunneling Protocol (PPTP) • One limitation of PPTP is that it can work only over IP networks, Other protocols must be used to move data over frame relay, X.25, and ATM links

  34. Layer 2 Transport Protocol • L2TP provides the functionality of PPTP, but it can work over networks other than just IP • L2TP does not provide any encryption or authentication services. • It needs to be combined with IPSec if encryption and authentication services are required.

  35. Layer 2 Transport Protocol • The processes that L2TP uses for encapsulation are similar to those used by PPTP

  36. Layer 2 Transport Protocol • PPTP can run only within IP networks. • L2TP, on the can run within other protocols such as frame relay, X.25, and ATM. • PPTP is an encryption protocol and L2TP is not • L2TP supports TACACS+ and RADIUS, while PPTP does not.

  37. Summary of tunneling • Point-to-Point Tunneling Protocol (PPTP): • Designed for client/server connectivity • Sets up a single point-to-point connection between two computers • Works at the data link layer • Transmits over IP networks only

  38. Summary of tunneling • Layer 2 Tunneling Protocol (L2TP) • Sets up a single point-to-point connection between two computers • Works at the data link layer • Transmits over multiple types of networks, not just IP • Combined with IPSec for security

  39. Summary of tunneling • IPSec: • Handles multiple connections at the same time • Provides secure authentication and encryption • Supports only IP networks

  40. Authentication Protocols

  41. Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Protocol (Chap) PAP vs Chap Extensible Authentication Protocol (EAP)

  42. What is authentication?The process of determining that you are whom you say you are. “It provides identification and authentication of the user who is attempting to access a network from a remote system.” (CISSP Certification all-in-one exam guide, pg. 614) Authentication

  43. Authentication How does one get authenticated? By username/password, token, etc. validation. • If valid, then the user is granted access. • If not valid, no access is provided.

  44. Password Authentication Protocol (PAP) • Used by remote users to authenticate over PPP lines. • Users enter username and password before Authentication. • The password and the username are sent over the network to the authentication server. • The username and password are compared to the database that is stored on the authentication server. • If username and password matches access is granted. Else access is denied.

  45. Password Authentication Protocol (PAP) PAP Authentication process

  46. Password Authentication Protocol (PAP) Problem!!!! • PAP is very insecure. • Credentials are sent in cleartext. This limitation allows for a sniffer software to obtain you credentials.

  47. Challenge Handshake Authentication Protocol (CHAP) • Uses a challenge/response mechanism to authenticate the user instead of a password. • A challenge is a random value that is encrypted with the use of a predefined password as an encryption key.

  48. Challenge Handshake Authentication Protocol (CHAP) • The authentication process • The host computer sends the authentication server a logon request. • The server sends the user a random valued challenge. • This challenge is encrypted with the use of a predefined password as an encryption key. • The encrypted challenge value is returned to the server.

  49. Challenge Handshake Authentication Protocol (CHAP) • The Authentication process (con’t) • The authentication server uses the predefined password as the encryption key to decrypt the challenge value. • The Server compares the received value with the one stored in its database. • If the results are the same, the server authenticates the user and grants access. Else, access will be denied.

  50. Challenge Handshake Authentication Protocol (CHAP) Challenge Handshake Process

More Related