SSL312 VPN Concentrator 25 Training Presented by: Vivek Chugh – Product Line Manager Hien Ly – L3 Support Engineer Satish Nandi – Product/Engineering Manager
Agenda • What is SSL ? • What is SSL VPN? • Why SSL? • What is the NETGEAR SSL312 SSL VPN Concentrator? • Deployment Scenario • Product Description • NETGEAR SSL VPN Benefits • Features and Benefits • NETGEAR SSL312 Unique Features • Feature comparisons • ProSafe SSL VPN Value Proposition • SSL Technology Overview • SSL Architecture • SSL Protocols • SSL Handshake • SSL Key Exchange Methods • Demo
What is SSL? • SSL stands for secure sockets layer • Provides protection of data • Data sent over the wire is encrypted using SSL thus providing data confidentiality.
What is SSL VPN? • Extends Virtual Private Network (VPN) over the Internet and enables remote users to connect securely. • Uses SSL to provide remote access • SSL is now called TLS by the IETF • Refer to RFC 2246: http://www.ietf.org/rfc/rfc2246.txt • Uses same kind of encryption and authentication protocols as IPSEC • DES, 3DES, AES, supports assymetric or public key cryptography • SSL is an application level protocol • Transmits data over SSL (port 443) • IPSEC is layer 3 protocol, encrypts packets over IP • SSL VPN an deliver remote access from web browsers • No client required (Client-less VPN) • Less skilled internet users don’t require to remember IP addresses, use VNC, pcAnywhere. • All resources are available as bookmarks. • Users are not confined from accessing their remote network from a dedicated PC • Access data anytime and anywhere.
Why SSL? • Confidentiality (Data is encrypted) • Data Integrity (Tamper Proof) • No “Man in the Middle” attacks • Server Authentication (Prove who you are) • Windows Active Directory/Domain Controller • RADIUS • LDAP • Optional client authentication • Dominant Security Technology on the web • Runs over TCP • Transport Layer Security • HTTPS is HTTP over SSL (port 443) • Worldwide e-commerce transactions occur over SSL • Well Tested (Several years of public scrutiny) • Supported in commercially available browsers today • Lock icon at the bottom right of web browser
What is the NETGEAR SSL312 SSL VPN Concentrator? • State of the art remote access SSL VPN solution tailored for the SMB market • Supports up to 25 concurrent sessions • Industry’s most cost effective twenty five tunnel SSL VPN solution. • Unrestricted User License • Allows anywhere, anytime access to your corporate resources, without requiring a VPN client • Browser based access (Internet Explorer, Macintosh Safari) • Provides Seamless “LAN-like” user experience • Customizable user portal for ease of use and enhanced user experience • Offers automatic session and software clean-up mode for kiosk based access • Provides granular access control to your network resources • Wide variety of user authentication methods including Active Directory, LDAP and RADIUS
SSL 312 Product Description • 3 series blue metal case • 2 10/100 Ethernet LAN Ports, 1 console port • 16M Flash/128M SDRAM • Internal Power Supply • High Performance SSL VPN using the Cavium NITROX Soho CN220 200MHz • Unlimited user license – other vendors restrict access • Total Number of SSL VPN Tunnels Supported = 25 • Customized User Experience • List Price of $545.00 • Industry’s most cost effective 25 Tunnel SSL VPN Solution !
NETGEAR SSL VPN Benefits • Easy to use: • Browser Based (https://) network connection • Simple login (user name / password) • One time set-up • Simple un-install procedure for kiosks • Access from any computer any where: • User laptops, home PCs or remote kiosks can all securely connect • Packets Look like Standard IP Packets • VPN Tunnel provides Firewall/NAT Traversal • Cache Clean Up after Session Termination • Unlimited User Access • Zero Cost Access Client Software: • No Expensive VPN client software or IT support required. • Active-X client for full “IPsec-like” connectivity (<64K in size) • Superior Remote Access Solution: • Remote Employee Access for Small Business • Secure Consumer/Retail Access for home users • Protocol Independent Full LAN Access
NETGEAR SSL VPN Unique Features • Access Modes Supported. • “IPSec-like” Remote Access full LAN Level view – VPN over SSL • High performance TCP application access with LSP/NSP – Remote Control • Desktop & Application Level Remote Access – VNC, RDP • OWA & Intranet access – HttpRP • Other access: WebCIFS, Telnet/SSH, FTP & WebFTP • Broadest client/browser support: • VPN Tunnel and Port Forwarding – through Windows & MAC OS clients • Broadest support for authentication methods. • Local Database, Radius, NT Domain, LDAP, Active Directory • Widest range of applications supported for application proxies. • Support for MSFT: IE, Outlook, Word, Excel, PowerPoint, Access & FrontPage • Excellent Administrative Options • Book marking of Individual user & group configurations, Logging & Monitoring • Highest performance in class
ProSafe SSL VPN Value Proposition • For Small and Mid-Sized Businesses (up to 100 person company) who need to be in the office to get access to their information and applications • Examples: Real Estate Agents, Lawyers, Clinics, Schools, Brokers etc • Problem: They need to come into work to access their information. • Employees drive to work in the weekends and holidays (can’t telecommute) • Current IPSEC VPN Solutions too complex and expensive • Integration with existing network infrastructure not seamless • Costly to setup, deploy and maintain • Solution: • Providing cost effective, easy to use and deploy solution that will allow employees to access their information remotely from anywhere, anytime. • Benefits: • Increases Productivity & Reduces Total Cost of Ownership • Enables telecommuting without any extra hardware or software at home. • Work in more locations • More flexible work schedule • Plug and Play setup • Easy to deploy and maintain • Reduce Office Space • Minimal training required
How does SSL Work – In a simplistic Manner client connects server sends certificate client sends encrypted pre-master create session key for further communication using pre-master key Client Server
SSL architecture SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol applications (e.g., HTTP) SSL Record Protocol TCP IP
SSL components • SSL Record Protocol • fragmentation • compression • message authentication and integrity protection • encryption • SSL Handshake Protocol • negotiation of security algorithms and parameters • key exchange • server authentication and optionally client authentication • SSL Change Cipher Spec Protocol • a single message that indicates the end of the SSL handshake • SSL Alert Protocol • error messages (fatal alerts and warnings)
SSL Handshake Protocol – overview client server client_hello Phase 1: Negotiation of the session ID, key exchange algorithm, MAC algorithm, encryption algorithm, and exchange of initial random numbers server_hello certificate Phase 2: Server may send its certificate and key exchange message, and it may request the client to send a certificate. Server signals end of hello phase. server_key_exchange certificate_request SSL Handshake Protocol server_hello_done certificate Phase 3: Client sends certificate if requested and may send an explicit certificate verification message. Client always sends its key exchange message. client_key_exchange certificate_verify change_cipher_spec finished Phase 4: Change cipher spec and finish handshake change_cipher_spec finished
Hello messages • client_hello • client_version • the highest version supported by the client • client_random • current time (4 bytes) + pseudo random bytes (28 bytes) • session_id • empty if the client wants to create a new session, or • the session ID of an old session within which the client wants to create the new connection • cipher_suites • list of cryptographic options supported by the client ordered by preference • a cipher suite contains the specification of the • key exchange method, the encryption and the MAC algorithm • the algorithms implicitly specify the hash_size, IV_size, and key_material parameters (part of the Cipher Spec of the session state) • exmaple: SSL_RSA_with_3DES_EDE_CBC_SHA • compression_methods • list of compression methods supported by the client SSL Handshake Protocol / Phase 1
Hello messages cont’d • server_hello • server_version • min( highest version supported by client, highest version supported by server ) • server_random • current time + random bytes • random bytes must be independent of the client random • session_id • session ID chosen by the server • if the client wanted to resume an old session: • server checks if the session is resumable • if so, it responds with the session ID and the parties proceed to the finished messages • if the client wanted a new session • server generates a new session ID • cipher_suite • single cipher suite selected by the server from the list given by the client • compression_method • single compression method selected by the server SSL Handshake Protocol / Phase 1
Supported key exchange methods • RSA based (SSL_RSA_with...) • the secret key (pre-master secret) is encrypted with the server’s public RSA key • the server’s public key is made available to the client during the exchange • fixed Diffie-Hellman (SSL_DH_RSA_with… or SSL_DH_DSS_with…) • the server has fix DH parameters contained in a certificate signed by a CA • the client may have fix DH parameters certified by a CA or it may send an unauthenticated one-time DH public value in the client_key_exchange message • ephemeral Diffie-Hellman (SSL_DHE_RSA_with… or SSL_DHE_DSS_with…) • both the server and the client generate one-time DH parameters • the server signs its DH parameters with its private RSA or DSS key • the client may authenticate itself (if requested by the server) by signing the hash of the handshake messages with its private RSA or DSS key SSL Handshake Protocol / Phase 1
Server certificate and key exchange messages • certificate • required for every key exchange method except for anonymous DH • contains one or a chain of X.509 certificates (up to a known root CA) • may contain • public RSA key suitable for encryption, or • public RSA or DSS key suitable for signing only, or • fix DH parameters • server_key_exchange • sent only if the certificate does not contain enough information to complete the key exchange (e.g., the certificate contains an RSA signing key only) • may contain • public RSA key (exponent and modulus), or • DH parameters (p, g, public DH value), or • Fortezza parameters • digitally signed • if DSS: SHA-1 hash of (client_random | server_random | server_params) is signed • if RSA: MD5 hash and SHA-1 hash of (client_random | server_random | server_params) are concatenated and encrypted with the private RSA key SSL Handshake Protocol / Phase 2
Certificate request and server hello done msgs • certificate_request • sent if the client needs to authenticate itself • specifies which type of certificate is requested (rsa_sign, dss_sign, rsa_fixed_dh, dss_fixed_dh, …) • server_hello_done • sent to indicate that the server is finished its part of the key exchange • after sending this message the server waits for client response • the client should verify that the server provided a valid certificate and the server parameters are acceptable SSL Handshake Protocol / Phase 2
Client authentication and key exchange • certificate • sent only if requested by the server • may contain • public RSA or DSS key suitable for signing only, or • fix DH parameters • client_key_exchange • always sent (but it is empty if the key exchange method is fix DH) • may contain • RSA encrypted pre-master secret, or • client one-time public DH value, or • Fortezza key exchange parameters • certificate_verify • sent only if the client sent a certificate • provides client authentication • contains signed hash of all the previous handshake messages • if DSS: SHA-1 hash is signed • if RSA: MD5 and SHA-1 hash is concatenated and encrypted with the private key MD5( master_secret | pad_2 | MD5( handshake_messages | master_secret | pad_1 ) ) SHA( master_secret | pad_2 | SHA( handshake_messages | master_secret | pad_1 ) ) SSL Handshake Protocol / Phase 3
Finished messages • finished • sent immediately after the change_cipher_spec message • first message that uses the newly negotiated algorithms, keys, IVs, etc. • used to verify that the key exchange and authentication was successful • contains the MD5 and SHA-1 hash of all the previous handshake messages: MD5( master_secret | pad_2 | MD5( handshake_messages | sender | master_secret | pad_1 ) ) | SHA( master_secret | pad_2 | SHA( handshake_messages | sender | master_secret | pad_1 ) ) where “sender” is a code that identifies that the sender is the client or the server (client: 0x434C4E54; server: 0x53525652) SSL Handshake Protocol / Phase 4
Sessions and connections • an SSL session is an association between a client and a server • sessions are stateful; the session state includes security algorithms and parameters • a session may include multiple secure connections between the same client and server • connections of the same session share the session state • sessions are used to avoid expensive negotiation of new security parameters for each connection • there may be multiple simultaneous sessions between the same two parties, but this feature is not used in practice
SSL Key Exchange Steps - Summary • Client (SSL) connects to the server • Server sends it’s own certificate that contains the public key • Client then creates a random key (premaster key) and uses servers public key to encrypt it • Client then sends encrypted premaster key to the server • Server then decrypts the key and uses decrypted premaster key to create secret session key • Client and Server uses secret session key for further communication
SSL and Encryption - Summary • Not all clients use same encryption and authentication algorithms • Client and Server negotiate encryption and decryption algorithms (cipher suits) during initial handshake • Connection will fail if they don’t have common algorithms • Uses Public/Private key (assymetric) scheme to create secret key (symmetric) • Secret Key is required to encrypt data • Provides High Performance • Secret Session Key • You only require the server’s certificates in order to have encrypted data transfer • This is the reason why you don’t need to install client certificate on the browser.
Overview • Hardware features • 2 10/100 ethernet ports • Hardware SSL acceleration (Cavium accelerator) • setfactorydefaults button • Console port • Key Software features • 25 concurrent sessions/tunnels • VPN over SSL (IPSEC like) • Port forwarding for limited access • Application & Terminal services • Utilities : telnet, ftp & SSH • Local & external user authentication services • Customizable user Portal • Granular access control • Browsers : IE & Safari
Deployment • SSL VPN in DMZ or Bridge to special network • SSL VPN in Intranet • SSL VPN outside Firewall
SSL VPN in Intranet (Single Arm) • Commonly used as typical deployment • SSL traffic forwarded to SSL312 SSL312
SSL VPN in DMZ or Bridge to Special Network • SSL traffic forwarded to SSL312 Special Network SSL312
SSL VPN on the Internet (Router Mode) • Least likely to be used since SSL312 does not provide firewall and security protection for non-VPN traffic • Both Ethernet Ports will be used: • 1 port will directly connected to Internet • 1 port will be connected to Local Area network with routing capability SSL312
Domains Groups Users Users Groups Admin Domains Hierarchy of organization • Portals :SSL-VPN • Domains : geardomain • Groups : geardomain • Users :admin • Domains – Authentication • Local • NT Domain • Active Directory • LDAP • Radius PAP/CHAP / MS-CHAP Portals NOTE: Hierarchy does not take effect when Local domains are used.
Components • System Configuration • Network • Certificate • Date & Time • Utilities • Access Administration • Users & Groups • Domains • Network Resources • VPN Tunnel • Port Forwarding • Monitoring • SSL VPN Portal • Portal Layout • User Portal
Network • Interfaces • Ethernet-1 • Ethernet-2 , Optional • Static Routes • Default Route • Static Route • Host Table • DNS Settings (required if you want the NTP to work correctly)
Certificates • Generating CSR • Generate the CSR • Submit to CA Authority • Upload the Cert • Generating Self Signed Cert/CRT • Generates a CRT • Upload the Cert • Activating the Certificate • Certificate’s State • Active • Expired • Certificate currently active in SSL312 • Enable Option – Will be prompted for password
Date & Time • Build-in RTC • Manual Mode or NTP mode • Supports NTP • Defaults – Netgear servers • Custom servers • Day light savings • Automatic, No option to disable DST Make sure DNS configurations are filled if using NTP
Logging • Syslog & Email Alert • Reporting option • Daily - Sent at 5:00 AM daily • Weekly - Sent on Monday at 5:00 AM • Full – When full (About 200 Messages) • If log fills up & reporting mode was either “Daily” or “Weekly” • All logs are cleared & logging continues • Log & Alert levels/Categories • Emergency • Alert • Critical • Error • Warning • Notice • Information • Debug
Portal • Web layout, the user will see on login • Portal layout is customizable • Factory defaults • Portal : SSL-VPN • Domain : geardomain with local authentication • Group : geardomain • User : Administrator role user “admin” • Default portal URL • https://ip_address_of_ssl312_port1 (i.e.: https://126.96.36.199) • URL for additional portals • https://ip_address_of_ssl312_port1/portals/portal_name • portal_name is case sensitive • i.e.: https://188.8.131.52/portals/ProSupport • Multiple domains can belong to a portal • Login page of a portal only offers the domains belonging to that portal Note : Default portal, domain or group cannot be delete
Domain • Domain defines the authentication method • Attached to Portal (only one) • Will always have at least 1 group • When a domain is created • Default group with “domain-name” is also created for the domain • Domain offer following authentication methods • Local • Radius (PAP, CHAP, MSCHAP) • Active Directory • LDAP • NT domain
Groups • Users can be grouped into GROUPs • Attached to Domains (only one) • When a domain is created • Default group with “domain-name” is also created for the domain
Users • Two class of users • Administrators • User • User are created under Groups • Each user belong to a single group • Users with Administrative privilege – Administrator GUI • Normal users – User Portal
Policies • Policy administration • Global • Group • User • User policies take precedence over Group policies • Group polices take precedence over Global policies • Policies can be applied • IP address/range/Network Resource • Service type (Terminal Services, VNC, VPN Tunnel etc) • PERMIT or DENY • Login policies • Allow/Deny - IP address/Network/WAN • Allow/Deny - Browser list
VPN Tunnel & Port forwarding • VPN Tunnel • Provide full access to network like IPSec • ActiveX client gets installed on the client machine • Loops all the local traffic over to SSL tunnel • Port Forwarding • Scaled down version of VPN tunnel • Forwards the confirmed IP Address/Port on to SSL tunnel. • Only TCP traffic.
Fully populated User Portal • VPN Tunnel • Applications • Remote Access • Terminal Services • VNC • Network Places • Port Forwarding • Utilities • Telnet • Ftp • SSH
FAQ-1 • How do I change my system password?An administrator may change the system password by logging in via the system console or via SSH and typing passwd root. Then enter the password, click Enter, type the confirmation password and click Enter again. NOTE: The system password is different from the Administrative web management interface password, which is configured through the web management interface. • How can I customize the portal layout?The portal layout may be customized on the SSL VPN Portal » Portal Layout page in the web management interface. From the portal layout page, you can define what pages, icons and options to display to users. You can create multiple layouts and apply them to different authentication domains. • When I create a new domain, I can't see the new domain on the login pageIf you created a new domain and you cannot select the domain from the Domain drop down list on the login page, then most you are probably not logging in from the correct portal layout URL. For example, let's say you created a layout named "mylayout" with the virtual host name "mylayout.netgear.com". Then you configured a an authentication domain called "myRadius" and selected the new layout "mylayout" for the authentication domain. Now, if you go to the default Portal layout, you will not see the "myRadius" in the Domain Name drop down menu. To login using "myRadius", either go to https://[IP_Address_or_domain_name]/portal/mylayout. Then you will be able to see the "myRadius" authentication domain.
FAQ-2 • I want my domain to be selected by default on the login pageThe list of domains are shown in alphabetical order. If you would like your authentication domain to be selected by default, then create a new portal layout, configure virtual hosting, and login using the new virtual hostname. Your new authentication domain will be selected by default. • How do I create a virtual hostname on the portal layout page?To create a virtual hostname, enter the full URL of the virtual host--for example, "partners.netgear.com". Because the web server needs to learn the new configuration, restart the SSL312 software on the Monitoring » Diagnostics » Reboot. Then make sure that the new domain name resolves to the IP address of the SSL312. Login to your organization's external DNS manager and add a new DNS name or a new alias and configure it to resolve to the SSL312 IP address. • Active Directory configuration isn't working, what is wrong?Confirm that the time is synchronized between your Active Directory server and SSL312 by configuring NTP on the System Configuration » Date and Time page. If you have added users into custom groups that you have defined on the Active Directory server, then you may need to use NT Domain or LDAP authentication in order to authenticate to your Windows authentication server. • Can I only allow certain Active Directory groups to log in? You can create specific rules for Active Directory users and groups by defining the users and groups in SSL312 and the configuring access policies for these different users and groups. However, you cannot prevent the users from logging in altogether. The only way to do this is to authenticate users based on Active Directory's LDAP directory services. Instead of defining an authentication domain on the Active Directory page, instead define the domain as an LDAP authentication domain. Then you can enter the specific LDAP organizational unit information.
FAQ-3 • How do I create policies or bookmarks for Active Directory, LDAP or RADIUS users?If you are using authentication by an external AAA server (LDAP, Active Directory, etc), then you do not need to define users in the SSL312. However, you are also unable to create bookmarks or policies by users. To create individual bookmarks by user or group, you must define the users in the SSL312. Because the users are authenticating to a AAA server, the users do not require passwords. Once defined, you can add bookmarks or policies per user or per group to which the user belongs. Because the SSL312 can query Active Directory to find out which group a user belongs to, you can create bookmarks and policies for Active Directory groups without defining every Active Directory user name. The way this works is that the SSL312 first verifies with the Active Directory server that the user is authorized to login. Then the SSL312 checks to see if the user is defined (in any Active Directory group) in the SSL312. If the user is defined, then the user and group policies and bookmarks will apply to that user. If no matching user is defined, The SSL312 will see if the Active Directory group to which the user belongs is defined in the SSL312. If so, then the group's bookmarks and policies will apply to the user. • Can I change the logo?Yes, you may upload new logos on the Portal Layouts » Custom Banner page in the web management interface. There are 3 logos to upload. The logos are displayed on the login page, the upper left corner of the portal page and also the upper left corner of the portal page when the portal is configured in the top menu navigation layout. The sizes of the 3 logos are indicated on the Company Log page. The logos must be in GIF format. Once the logos are uploaded, be sure to select Use Company Logo from the drop down menu and click Submit for the change to take effect. Be sure to refresh your browser window, in case the Cavium Networks logo is cached.