Industrial Strength Security for an Insecure World

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

Secure Mobile IP Communication

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Security at the Network Layer: IPSec

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

SCSC 455 Computer Security Virtual Private Network (VPN)

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Virtual Private Networks and IPSec

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

K. Salah1 Security Protocols in the Internet IPSec.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Advanced Unix 25 Oct 2005 An Introduction to IPsec.

CSCE 715: Network Systems Security

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

Karlstad University IP security Ge Zhang

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Chapter 8: Implementing Virtual Private Networks

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.

1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.

Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.

FreeS/WAN & VPN Cory Petkovsek VPN: Virtual Private Network – a secure tunnel through untrusted networks. IP Security (IPSec): a standardized set of authentication.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.

Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

Network Layer Security Network Systems Security Mort Anvari.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Security Data Transmission and Authentication Lesson 9.

8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,

CSCI 465 Data Communications and Networks Lecture 26

VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

Chapter 18 IP Security  IP Security (IPSec)

Internet and Intranet Fundamentals

VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

Virtual Private Network zswu

Presentation transcript:

Industrial Strength Security for an Insecure World IPSec VPNs Industrial Strength Security for an Insecure World

Introduction Companies, research institutions, and government organizations have long maintained private networks between central offices and branch offices. Employees/contractors want to work from home or external offices. Road warriors, all the way from salesmen to CEO’s, want to be mobile and connect to the home office for whatever purpose. There are fast, cheap, and plentiful connections to the Internet to be had in locations as varied as libraries, airports, and Starbucks. How do you go about securing what is basically an unsecured medium?

Enter VPNs VPNs (Virtual Private Networks) provide secure tunneling of communications over insecure networks. Where physical private networks existed, VPNs are becoming commonplace not only among road warriors, branch offices, and central offices but also business-to-business partners exchanging data through a secure tunnel wrapped around the communications traffic.

VPN Topologies Network-to-Network Host-to-Network Host-to-Host

VPN Tunneling Technologies IPSec IKE Internet Key Exchange ESP Encapsulated Security Payload AH Authentication Header PPTP L2TP SSL

IPSec Modes – An Overview IPSec protocol consists of several parts that define two security protocols, AH and ESP. ISAKMP is a framework for management of keys and other vital information such as security associations. IKE provides the cryptographic algorithm negotiation and key distribution utilized by AH and ESP, ESP provides data origin authentication, connectionless integrity, anti-replay service, and data confidentiality. AH provides data origin authentication, connectionless integrity, and anti-replay service.

Security Associations Both AH and ESP rely on security associations (SAs) negotiating the properties of a secure connection using IKE. The SA holds the information negotiated between the two VPN participants.

ISAMP and IKE ISAKMP (IPSec Key Exchange and Management Protocol) is part of the IPSec suite that defines procedures for negotiation, establishment, modification, and deletion of SAs. IKE (Internet Key Exchange) is based on the ISAKMP framework. IKE consists of two different mode or phases. Phase 1 is used to establish a secure channel later used to protect all negotiations in Phase 2. Phase 2 is used to negotiate the IPSec SAs to set up the IPSec tunnel to protect the communications traffic.

ESP ESP provides for encapsulation of the unprotected IP packet, its encryption, and authentication. Some newer IPSec implementations use stronger algorithms such AES, Blowfish, and Twofish.

AH AH allows you to check the authenticity of the data and the header of the IP packet sent to you. It does not provide a mechanism for data encryption but does provide a hash that code that allows you to check whether the packet was tampered with along the way.

IP Compression As you might guess, all this extra security comes at the price of extra encapsulation of the IP packet. This translates into decreased throughput. IPSec seeks to overcome this problem with a built-in IP compression protocol.

Conclusion IPSec VPNs provide strong security for business-to-business and person-to-business needs. IPSec has two protocols, AH and ESP, that give confidentiality, integrity, and authentication. IPSec also has protocols and frameworks for key negotiation and data compression. FreeS/WAN used to be the only IPSec game in town as far as Linux was concerned. With the advent of the 2.6 kernel series, there is now integrated support for IPSec in the kernel in addition to the survivor of FreeS/WAN, OpenSWAN.