IPSec VPN Chapter 13 of Malik.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
Gursharan Singh Tatla SLIP and PPP 27-Mar
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Layer 2 Tunneling Protocol (L2TP)
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
WAN Technologies Dial-up modem connections Cheap Slow
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.
WAN Technologies Dial-up modem connections
Robert E. Meyers CCNA, CCAI Youngstown State University Cisco Regional Academy Instructor Cisco Networking Academy Program Semester 4, v Chapter.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Point-to-Point Access: PPP PPP Between Routers  Used for Point-to-Point Connections only  Used as data link control (encapsulates network layer.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
FreeS/WAN & VPN Cory Petkovsek VPN: Virtual Private Network – a secure tunnel through untrusted networks. IP Security (IPSec): a standardized set of authentication.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
IPSec VPN Chapter 13 of Malik. 2 Outline Types of IPsec VPNs IKE (or Internet Key Exchange) protocol.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
IP Security
Virtual Private Network
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Module 4: Configuring Site to Site VPN with Pre-shared keys
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Virtual Private Networks
Chapter 5 Network Security Protocols in Practice Part I
IPSecurity.
Virtual Private Networks
PPP Protocol.
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
Understand Wide Area Networks (WANs)
Virtual Private Networks
Chapter 18 IP Security  IP Security (IPSec)
Virtual Private Networks (VPN)
SECURING NETWORK TRAFFIC WITH IPSEC
CSE 4905 IPsec II.
IT443 – Network Security Administration Instructor: Bo Sheng
UNIT.4 IP Security.
PPP – Point to Point Protocol
Virtual Private Networks (VPN)
Understand Networking Services
Virtual Private Network (VPN)
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Slides have been taken from:
תרגול 11 – אבטחה ברמת ה-IP – IPsec
Virtual Private Networks (VPNs)
– Chapter 3 – Device Security (B)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
NET 536 Network Security Lecture 5: IPSec and VPN
Introduction to Network Security
Virtual Private Network zswu
Topic 12: Virtual Private Networks
Presentation transcript:

IPSec VPN Chapter 13 of Malik

Outline Types of IPsec VPNs IKE (or Internet Key Exchange) protocol http://sce.uhcl.edu/yang/teaching/.../VPN.ppt

Types of IPsec VPNs Site-to-site (aka LAN-to-LAN) IPsec VPN Figure 13-1 Question: no concentrator? Remote-access client IPsec VPN Figure 13-2 Unique challenges: (see p.317) IPsec clients use unknown-to-gateway IP addresses to connect to the gateway Client’s IP address assigned by the ISP is not compatible with the private network’s addressing. The clients must use the DNS server, DHCP server, and other such servers on the private network. PAT can no longer function as normal (because ESP encrypts all the port info in the TCP or UDP header). * dialup POTS: Plain Old Telephone System Also called PSTN (Public Switched Telephone Network) * LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable. http://sce.uhcl.edu/yang/teaching/.../VPN.ppt

Phases of IPsec Connection initiated IKE main mode or aggressive mode Results: creation of an IKE Security Association (SA) between the two IPsec peers A set of 3 session keys are established Quick mode creation of two IPsec SAs between the two peers (incoming SA and outgoing SA) Generate a pair of IPsec keys (one for each of the SAs) Data communication (using ESP or AH) * dialup POTS: Plain Old Telephone System Also called PSTN (Public Switched Telephone Network) * LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable. http://sce.uhcl.edu/yang/teaching/.../VPN.ppt

IPsec Negotiation using IKE P.279: Authentication methods vs modes Preshared key Digital signature Encrypted nonces Main mode Aggressive mode * dialup POTS: Plain Old Telephone System Also called PSTN (Public Switched Telephone Network) * LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable. http://sce.uhcl.edu/yang/teaching/.../VPN.ppt

IPsec Negotiation using IKE Example 1: Main mode using preshared key authentication followed by Quick mode negotiation pp.280-298 Example 2: Main mode using DS authentication followed by Quick mode negotiation pp.298-302 Example 3: Aggressive mode using Preshared key authentication (followed by Quick mode negotiation) pp. 302-306 * dialup POTS: Plain Old Telephone System Also called PSTN (Public Switched Telephone Network) * LCP negotiation: Short for Link Control Protocol, a protocol that is part of the PPP. In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information that will be required for the data transmission. The LCP checks the identity of the linked device and either accepts or rejects the peer device, determines the acceptable packet size for transmission, searches for errors in configuration and can terminate the link if the parameters are not satisfied. Data cannot be transmitted over the network until the LCP packet determines that the link is acceptable. http://sce.uhcl.edu/yang/teaching/.../VPN.ppt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.