A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca Raton, FL , USA
Introduction • Virtual Private Networks (VPN) make use of public network resources to access internal nodes of an enterprise. Within the VPN, the transmission is protected by security mechanisms to provide confidentiality and integrity. So a “private” network is established. Since this network exists only in a virtual sense, it has been termed a virtual private network.
VPN • VPN uses a technique called tunneling, in which data is transmitted across a public network in a cryptographic tunnel that simulates an end to end connection. The end connections could be both private or one end private with the other end being a public domain.
VPN R1 – Router at Site A. R2 – Router at Site B.
VPN Pattern Diagram for VPN TLS VPN IP VPN XML VPN TLS IPSec Secure Channel Authentication
Problem • In today’s world, a lot of people work remotely. They need a secure connection to their company network. We need to develop a secure architecture so that confidential work can be performed. Many companies have offices distributed all over the globe. The employees of such companies need to communicate securely.
Forces • The number of users remotely connected may be growing; the system should be scalable. • The system should be flexible enough to accommodate different ways of providing security. • We should restrict access to the system to only authorized users. • We need to use the Internet or public networks to reduce the cost; in turn subjecting the private network established within the public network to numerous threats faced by the public networks such as Denial of Services and other attacks.
Solution • A secure VPN connection is established between the end user and the local network. A cryptographic tunnel is set up between the end user and the local network This VPN Tunnel may provide data integrity and confidentiality if properly implemented. The network is able to authenticate a user accessing an end point.
Class Diagram Network VPN * * Network End Point 1 1 * Authenticator Secure Channel 1 Identity Base * Identity
:End Point :VPN :Identity :Identity Base :Secure Channel :Network RequestAuth authenticate check authenticated Establish Secure Channel Established VPN Connection Established Sequence Diagram
Variants • Virtual Priivate Networks can be established at the Application layer, IP Layer or the TCP layer. XML VPN are established at the application layer and IP VPN are established at the IP Layer and TSL VPN are established at the TCP Layer.
Known Uses • Ctrix provides a site to site SSL VPN connection for remote users to log into the secure network as well as access applications on the company (secure) network. [Cit] • Cisco VPN on the other hand uses a IPSec VPN. [Cis] • Nokia VPN provides VPN connection for Nokia Mobile Users. [Nok]
Advantages • Users are authenticated by the system to control their access to the VPN. • We could add a logging system for the users logging in at the end points for future audits. • If we use secure encryption, we can provide data confidentiality and integrity for the messages sent through the VPN.
Disadvantages • If the VPN connection is compromised, the attacker could get full access to the internal network. • Because of encryption, VPN traffic is invisible to IDS monitoring. If the IDS probe is outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN tunnel. Therefore if a hacker gains access to the VPN, he can attack the internal systems without being detected by the IDS.
Disadvantages (Contd…) • In case of VPN with a private end user, the remote computer used by the private user is vulnerable to outside attacks which in turn can attack the network it is connected to. • The VPN Tunnel is only as strong as the cryptographic protocol used.
Related Patterns • Firewalls can be added to each network layer to make the network layer more secure. [Fer03] • IDS can also coexist in each of these network layers to detect attack. [Fer05] • Secure Channel and Authenticator establishes the security mechanisms.
Conclusions • A VPN is a basic component in network architectures. We presented here a pattern for its architecture and security properties. Future work will integrate this pattern with other patterns shown in Figure 3.
Q & A • Suggestions • Modifications • Corrections