Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Published byGarey Jessie Cameron Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014."— Presentation transcript:

1 Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014

2 Lecture 16 Page 2 Advanced Network Security Outline Another aspect of the perimeter defense problem Virtual private networks –What are they? –How do they handle this problem? –Their practical use

3 Lecture 16 Page 3 Advanced Network Security Another Aspect of the Problem What if you need to work across the Internet? You want to get the same protection on both ends that firewalls would give But those running the Internet won’t install firewalls for you So there’s an untrusted hole in your perimeter

4 Lecture 16 Page 4 Advanced Network Security Illustrating the Problem Your Los Angeles office Your Saigon office Your Los Angeles firewall Your Saigon firewall The Internet SAFE! No firewall NOT SAFE!

5 Lecture 16 Page 5 Advanced Network Security Cryptography to the Rescue We can’t ensure bad guys don’t see the packets we send outside our firewalls But we can ensure they don’t understand them and can’t alter them We can use cryptography to do that Essentially, a different way to provide perimeter defense –When physical boundaries don’t apply

6 Lecture 16 Page 6 Advanced Network Security How To Do That? Encrypt all traffic between our trusted endpoints –Literally everything For preference, even hide sender and receiver information –To prevent attackers from knowing details of our networks

7 Lecture 16 Page 7 Advanced Network Security Virtual Private Networks VPNs The formal name for the solution we just outlined A dedicated virtual closed network Running across an untrusted open network Security provided by cryptography

8 Lecture 16 Page 8 Advanced Network Security Encryption and Virtual Private Networks Use encryption to convert a shared line to a private line Set up a firewall at each installation’s network Set up shared encryption keys between the firewalls Encrypt all traffic using those keys

9 Lecture 16 Page 9 Advanced Network Security Actual Use of Encryption in VPNs VPNs run over the Internet Internet routers can’t handle fully encrypted packets Obviously, VPN packets aren’t entirely encrypted They are encrypted in a tunnel mode –Often using IPSec Gives owners flexibility and control

10 Lecture 16 Page 10 Advanced Network Security Key Management and VPNs All security of the VPN relies on key secrecy How do you communicate the key? –In early implementations, manually –Modern VPNs use IKE or proprietary key servers How often do you change the key? –Better be often –And better be largely automated

11 Lecture 16 Page 11 Advanced Network Security Some Other VPN Issues Interactions between VPNs and firewalls New models of VPN deployment

12 Lecture 16 Page 12 Advanced Network Security VPNs and Firewalls VPN encryption is typically done between firewall machines –VPN often integrated into firewall product Do I need the firewall for anything else? How much do I trust the remote office...? Remember, you must not only trust honesty –You must also trust caution

13 Lecture 16 Page 13 Advanced Network Security Placing the Firewall Outside the VPN Placing the firewall “outside” the VPN is pointless –Traffic is encrypted, at that point –Also, true IP addresses, ports, etc. are hidden by the tunneling –Can’t usefully analyze packets here

14 Lecture 16 Page 14 Advanced Network Security Placing the Firewall Inside the VPN Meaning, after the VPN encryption has been removed And the tunneling undone Allows firewall to analyze the packets that would actually be delivered “Inside” means “later in same box” usually –One machine handles both VPN and firewalls

15 Lecture 16 Page 15 Advanced Network Security New Models of VPNs Original model sets up VPN between two endpoints –Static endpoints –Semi-permanent VPN Modern needs have suggested other ways to use VPNs

16 Lecture 16 Page 16 Advanced Network Security VPNs and Portable Computing Increasingly, workers connect to offices remotely –While on travel –Or when working from home We can use VPNs to offer a secure solution

17 Lecture 16 Page 17 Advanced Network Security Securing the Mobile Worker Set up VPN software on his computer Capturing all incoming/outgoing packets Applying encryption Using a key shared with the home office Wherever the user goes, his VPN endpoint goes with him

18 Lecture 16 Page 18 Advanced Network Security Temporary VPNs What if a group of users want to communicate securely? They’ve never done so before They might never do so again They will never meet in person They want it set up quickly

19 Lecture 16 Page 19 Advanced Network Security Arranging a Temporary VPN Get the same VPN software to all participants Securely set up a key distributed to all of them For the period of the conversation, send just relevant packets through VPN Throw it all away when you’re done

20 Lecture 16 Page 20 Advanced Network Security Practical Use of Temporary VPNs Often set up by video/teleconferencing companies Using a web interface for –Administration –Software distribution –Key distribution Requires customers to trust that company –SW could be bogus –Key distribution could be bugged –They claim, of course, they don’t do that

21 Lecture 16 Page 21 Advanced Network Security Major Security Issues for Temporary VPNs Key distribution –Typically want to distribute same symmetric key to all Authentication –How does everyone know that the other participants are proper Bogus software Compromised user machines

22 Lecture 16 Page 22 Advanced Network Security How It Usually Works Clients get access from any machine Using downloaded code –Connect to web server, download VPN applet, away you go –Crypto usually leverages existing SSL code –Authentication via user ID/password –Implies you trust the applet...

23 Lecture 16 Page 23 Advanced Network Security Conclusion VPNs offer a reasonable way to get some degree of perimeter defense across the Internet VPNs are really just a case of applied cryptography If you use one, think about what components you’re trusting –Should you trust them?

Download ppt "Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014."

Similar presentations

Secure Mobile IP Communication

Secure Mobile IP Communication
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Remote Desktop Connection Techniques Wireless Communication Networks.

Remote Desktop Connection Techniques Wireless Communication Networks.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.

Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CS682 – Network Management and Security Session 7.

CS682 – Network Management and Security Session 7.
Virtual Private Networking Karlene R. Samuels COSC513.

Virtual Private Networking Karlene R. Samuels COSC513.

Similar presentations

Ads by Google