Computer Net Lab/Praktikum Datenverarbeitung 2 1 Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Guide to Network Defense and Countermeasures Second Edition
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
Virtual Private Networks Globalizing LANs Timothy Hohman.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Virtual Private Networking Karlene R. Samuels COSC513.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.
Chapter 20: Network Security Business Data Communications, 4e.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
WAN Technologies Dial-up modem connections
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
Virtual Private Networking Irfan Khan Myo Thein Nick Merante.
TCP/IP Protocols Contains Five Layers
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
The University of Oklahoma Virtual Private Network How it works.
Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
Virtual Private Network (VPN)
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
K. Salah1 Security Protocols in the Internet IPSec.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Virtual Private Network
Virtual Private Networks
IPSec Detailed Description and VPN
Virtual Private Network (VPN)
Virtual Private Networks (VPN)
Virtual Private Network (VPN)
Advanced Computer Networks
Chapter 6 IP Security.
Presentation transcript:

Computer Net Lab/Praktikum Datenverarbeitung 2 1 Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Computer Net Lab/Praktikum Datenverarbeitung 2 2 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission over insecure connection. VPNs connect computer and/or networks (on various locations) to a common network by use of public communication structures.

Computer Net Lab/Praktikum Datenverarbeitung 2 3 VPN Scheme Internet Client LAN Client LAN VPN VPN-Tunnel

Computer Net Lab/Praktikum Datenverarbeitung 2 4 VPN - terms Virtual, due to the usage of a public communication infrastructure there is no permanent physical connection but a logical one. If there are some data to transmit then the bandwith is occupied and data is transmitted according the routing information. Private, because only valid users should have access to the network respectively the data. Additionally all data have to be transmitted confidential.

Computer Net Lab/Praktikum Datenverarbeitung 2 5 VPN requirements Data security must ensure Confidentiality Integrity Authentication Quality of Service Guarantees availability of connectivity Support of all applications Additional requirements Reasonable administration effort Effectiveness and extendibility

Computer Net Lab/Praktikum Datenverarbeitung 2 6 Confidentiality means that no unauthorized person, who got illegal access to data, is able to read respectively understand data. Is realized by encryption. The data are coded by an encryption algorithm and an encryption key. Only owner of the appropriate decryption key are able to decrypt the coded data.

Computer Net Lab/Praktikum Datenverarbeitung 2 7 Integrity means that no data has been changed/manipulated during transmission. is realised by checksum of transferred data. By use of a mathematical function a checksum is build over the data which has to be transmitted. This checksum is unique. The checksum together with the data is sent to the recipient.

Computer Net Lab/Praktikum Datenverarbeitung 2 8 A Authentication means that a recipient of a message is able to ensure that he got the message from the right person and not from a person who pretend to be the right one. is realized by use of digital signatures. Digital signatures are like a „normal“ signature in a document which unambiguously identifies the author.

Computer Net Lab/Praktikum Datenverarbeitung 2 9 Symmetric Encryption Each communication partner has the same key N (N-1)/2 keys, for N communication partner which communicate pair wise High effort for Key maintenance Key length with 128 Bit are said to be sure, typical values 40,56,128 Fast Method DES, Triple DES, Blowfish

Computer Net Lab/Praktikum Datenverarbeitung 2 10 Asymmetric Encryption Distinction between private (my) and public keys (for others) Communication with N participants means N public keys Key length higher than symetric keys typical length: 512,1024,2048 Slower than symmetric encryption Example: PGP, RSA

Computer Net Lab/Praktikum Datenverarbeitung 2 11 Tunnel Tunneling means the embedding of a complete data package (header and payload) within the payload segment of an other protocol in the same protocol level. Advantage: Data can be coded/encrypted Orig IP HdrNew IP HdrTCP HdrData Orig IP HdrTCP HdrData

Computer Net Lab/Praktikum Datenverarbeitung 2 12 End-to-End Constellation Internet Computer 1Computer 2

Computer Net Lab/Praktikum Datenverarbeitung 2 13 End-to-Site Constellation mobile computer VPN Gateway Internet ISP Dial-up mobile computer Intranet

Computer Net Lab/Praktikum Datenverarbeitung 2 14 Site-to-Site Constellation VPN Gateway 1 Internet VPN Gateway 2 Intranet 1Intranet 2

Computer Net Lab/Praktikum Datenverarbeitung 2 15 VPN-Types Application- level (Layer 5-7) Transport-/ network level (Layer 3-4) Link-/ physical level (Layer 1-2) Application-Layer encryption Network-Layer encryption Link-Layer encryption

Computer Net Lab/Praktikum Datenverarbeitung 2 16 VPN and ISO/OSI Layer Application Transport Network Link SSH, Kerberos, Virusscans, Content Screening, IPSEC (IKE)… SSL, Socks V5, TLS IPSEC (AH, ESP), Paket Filtering, NAT Tunneling Protocols (L2TP, PPTP, L2F), CHAP, PAP,…

Computer Net Lab/Praktikum Datenverarbeitung 2 17 PPTP-Protocol P oint To P oint T unneling, widespread because simple Layer-2 Protocol Only user authentification => Security = Password Set up of communication: 1.PPP connection with user –Authentification 2.Link and control (TCP Port 1723) 3.Tunnel: PPP Payload PPP Header GRE (IP 47) Header IP- Header opt. with MPPE (RC4) encrypted IP-Adresses Client+Server, => NAT and dynam. IP-Adresses ok

Computer Net Lab/Praktikum Datenverarbeitung 2 18 PPTP-Protocol 2

Computer Net Lab/Praktikum Datenverarbeitung 2 19 IPSec 1 I nternet P rotocol S ecurity is a protocol family Allows encryption and integrity check –integrity check (Authentication Header Protocol): –encryption (Encapsulating Security Payload Protocol): Open for enhancements, encryption method is not fixed –Authentification: Diffie-Hellmann key exchange –confidentiality: Triple,-DES, IDEA, Blowfish –Integrity by use of Hash building: MD5 und SHA Two mode of operation modes –Tunnel mode protects address information and payload –Transport mode protects only payload

Computer Net Lab/Praktikum Datenverarbeitung 2 20 IPSec AH Orig IP HdrAH HeaderNew IP HdrTCP HdrData Orig IP HdrTCP HdrData AH allows only check of integrity AH Header Orig IP HdrTCP HdrData Original packet: Tunnel mode: Transport mode:

Computer Net Lab/Praktikum Datenverarbeitung 2 21 IPSec ESP Orig IP Hdr ESP HdrOrigESP TrailerESP AuthNew IP Hdr TCP HdrData Original packet: Tunnel mode: Transport mode: ESP HdrESP TrailerESP AuthOrig IP HdrTCP HdrData ESP allows encryption

Computer Net Lab/Praktikum Datenverarbeitung 2 22 VPN and Firewall Idea of the Firewall The Firewall is the only connection to the Internet. All other computers (even the VPN-Gateway) are located behind the Firewall. Problem The firewall ist not able to analyze the data because they are encrypted.

Computer Net Lab/Praktikum Datenverarbeitung 2 23 Internet VPN behind Firewall LAN (center) Firewall VPN-Gateway VPN Client VPN LAN (branch office) decrypted Data

Computer Net Lab/Praktikum Datenverarbeitung 2 24 VPN and Firewall together Internet LAN (center) Firewall and VPN-Gateway VPN Client VPN decrypted Daten LAN (branch office)

Computer Net Lab/Praktikum Datenverarbeitung 2 25 VPN Gateway in DMZ Internet LAN (center) inner Firewallouter Firewall VPN-Gateway VPN client VPN decrypted Data DMZ LAN (branch office) Internet

Computer Net Lab/Praktikum Datenverarbeitung 2 26 NAT Nat = Network Adress Translation Allows through mapping the assignment of official IP-Addresses to private one. Therefore it is possible to gain access to the internet with private IP-Addresses. Internet Sender-IP Sender-IP New Sender-IP New Sender-IP Webbrowser NAT New Target-IP New Target-IP Target-IP Target-IP

Computer Net Lab/Praktikum Datenverarbeitung 2 27 IP It carries the transport protocols TCP and UDP. It builds IP-Packages out of the data which have to be transmitted. It adds additional information, the IP-Header. It contains source and destination address.

Computer Net Lab/Praktikum Datenverarbeitung 2 28 TCP TCP (Transmission Control Protocol) confirms every received data package. TCP repeats each data package until its receiving is confirmed. TCP is reliable, that means the transmission is guaranteed.

Computer Net Lab/Praktikum Datenverarbeitung 2 29 IP-Forwarding private, local Net IP-Forwarding Port 1723 or Gre-Protocol 47 IP-Paket with Target: IP-Paket with target: Firewall VPN Gateway

Computer Net Lab/Praktikum Datenverarbeitung 2 30 VPN-Practical training Internet private, local net Firewall private, local net Firewall VPN-Gateway =Tunnel

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.