1. VIRTUAL PRIVATE NETWORKS Lab 8

2. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers, links, DNS infrastructure.  With a VPN, institution’s inter-office traffic is sent over public Internet instead.  But inter-office traffic is encrypted before entering public Internet

3. 3 IP header IP header IPsec header IPsec header Secure payload Secure payload IP header IP header IPsec header IPsec header Secure payload Secure payload IP header IP header IPsec header IPsec header Secure payload Secure payload IP header IP header payload IP header IP header payload headquarters branch office salesperson in hotel Public Internet laptop w/ IPsec Router w/ IPv4 and IPsec Router w/ IPv4 and IPsec Virtual Private Network (VPN)

4. What is VPN  Virtual Private Network is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated connection such as leased line, a VPN uses “virtual” connections routed though the internet.  A method of ensuring private, secure communication between hosts over an insecure medium using tunneling

5. What is tunneling? ECE 4112 - Internetwork Security  Most VPNs rely on tunneling to create a private network that reaches across the Internet.  Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network.

6. Tunneling Payload Original IP Header New IP Header Original IP Header

7. Types of VPN ECE 4112 - Internetwork Security  Uses some means of encryption to secure communications  IPSec  SSH  Software could be written to support any type of encryption scheme  Two main types of VPNs –  Remote-Access  Site-to-Site

8. What is a VPN? (cont…) ECE 4112 - Internetwork Security  Remote-Access  The typical example of this is a dial-up connection from home or for a mobile worker, who needs to connect to secure materials remotely  Site-to-Site  The typical example of this is a company that has offices in two different geographical locations, and wants to have a secure network connection between the two

9. Remote-Access VPN  Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations.  A good example of a company that needs a remote- access VPN would be a large firm with hundreds of sales people in the field.  Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider.

10. Remote-Access Example ECE 4112 - Internetwork Security

11. Site-to-Site VPN  Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN.  Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.

12. Site-to-Site Example ECE 4112 - Internetwork Security

13. VPN

14. VPN Protocols  There are three main protocols that power the vast majority of VPN’s:  PPTP  L2TP  IPsec  All three protocols emphasize encryption and authentication; preserving data integrity that may be sensitive and allowing clients/servers to establish an identity on the network

15. VPN Protocols (In depth)  Point-to-point tunneling protocol (PPTP)  PPTP is widely supported by Microsoft as it is built into the various flavors of the Windows OS  PPTP initially had weak security features, however, Microsoft continues to improve its support  Layer Two tunneling protocol (L2TP)  L2TP was the original competitor to PPTP and was implemented primarily in Cisco products  L2TP is a combination of the best features of an older protocol L2F and PPTP  L2TP exists at the datalink layer (Layer 2) of the OSI model

16. VPN Protocols and Their Uses Slide 16 Firewalls & Network Security, 2nd ed. - Chapter 11

17. Why Use a VPN? ECE 4112 - Internetwork Security  Originally designed as inexpensive alternative WAN over leased lines  Now mostly used to securely connect computers over the internet  Convenient  Lot’s of cheap and convenient protocols are insecure (IP, 802.11, etc)  Can now communicate securely over these insecure protocols

18. VPN Advantages ECE 4112 - Internetwork Security  Improved Security  Consolidation of Scattered Resources  Reduced Cost (vs. Leased Lines)

19. VPN Disadvantages ECE 4112 - Internetwork Security  Time Consuming Setup  Possibly Frustrating Troubleshooting  Interoperability with other Networks/VPNs  Small performance overhead

20. VPN Security ECE 4112 - Internetwork Security  In academic terms, VPN can provide Confidentiality, Integrity, and Authenticity  Security against determined hacker depends largely upon underlying protocols used  Assuming security of SSH, IPSec, or other protocol used, should be secure

21. Summary  To enable remote user to connect to a VPN, issue that user VPN client software  Make sure user’s computer has anti-virus software and a firewall  May need to obtain key for remote user if using IPSec to make VPN connection  VPN best practices include:  Security policy rules specific to the VPN  Integration of firewall packet filtering and VPN traffic  Auditing VPN to ensure acceptable performance Slide 21 Firewalls & Network Security, 2nd ed. - Chapter 11

22. IPSEC

23. Security at different layers  Link layer: WEP / 802.11i  Application layer: PGP  Transport layer: SSL  Network layer: IPsec IPsec approach: IPsec TCP/UDP/ICMP HTTP/SMTP/IM IPsec can provide security between any pair of network-layer entities (eg, between two hosts, two routers, or a host and a router).

24. IP Security  IP datagrams have no inherent security  IP source address can be spoofed  Content of IP datagrams can be sniffed  Content of IP datagrams can be modified  IP datagrams can be replayed  IPSec is a method for protecting IP datagrams  Only sender and receiver have to be IPsec compliant Rest of network can be regular IP

25. What is IPsec?  A collection of protocols for securing Internet Protocol (IP) communications by encrypting and authenticating all IP packets 1  Progressive standard  Defined in RFC 2401 thru 2409  Purpose:  To protect IP packets  To provide defense against network attacks 1: From wikipedia.org

26. What is IPsec? (cont)  Created November 1998  Created by IETF  Deployable on all platforms  Windows  Unix  Etc..  Can be implemented and deployed on:  End hosts  Gateways  Routers  Firewalls

27. IPSec r IP Sec ≠ VPN m IP Sec is a protocol used in many VPNs r Two main modes m Transport m Tunnel r components: m – an authentication protocol (Authentication Header – AH) m – a combined encryption and authentication protocol (Encapsulated Security Payload – ESP) m – Security Association and key establishment protocol (IKEv2)

28. What is confidentiality at the network- layer? Between two network entities:  Sending entity encrypts the payloads of datagrams. Payload could be:  TCP segment, UDP segment, ICMP message,, and so on.  All data sent from one entity to the other would be hidden:  Web pages, e-mail, P2P file transfers, TCP SYN packets, and so on.  That is, “blanket coverage”.

29. IPsec services  Data integrity  Origin authentication  Replay attack prevention  Confidentiality  Two protocols providing different service models:  AH  ESP

30. Modes of connection: 1- The transport method  Is used when connecting between two computers directly. In this method, the application and transport layer information is encrypted, but the source and estination IP addresses are visible.

31. IPsec Transport Mode IPsec

32. Modes of connection: 2 -The tunnel method  is used in host-to-server and server-to-server configurations.  In this method, the upper-layer data is encrypted, including the IP header.  The IP addresses of the hosts behind the servers are hidden from the packet information.  This adds an extra layer of protection and thus makes it more difficult for an attacker to get information about your network.

33. IPsec – tunneling mode (1)  End routers are IPsec aware. Hosts need not be. IPsec

34. IPsec – tunneling mode (2)  Also tunneling mode. IPsec

35. Two protocols r Authentication Header (AH) protocol m provides source authentication & data integrity but not confidentiality r Encapsulation Security Protocol (ESP) m provides source authentication,data integrity, and confidentiality m more widely used than AH

36. Four combinations are possible! Host mode with AH Host mode with ESP Tunnel mode with AH Tunnel mode with ESP Most common and most important

37. Authentication header - AH

38. Encapsulating Security Payload – ESP

39. ESP in transport and tunnel mode

40. Security associations (SAs)  Before sending data, a virtual connection is established from sending entity to receiving entity.  Called “security association (SA)”  SAs are simplex: for only one direction  Both sending and receiving entites maintain state information about the SA  Recall that TCP endpoints also maintain state information.  IP is connectionless; IPsec is connection-oriented!

41. 193.68.2.23 200.168.1.100 172.16.1/24 172.16.2/24 SA Internet Headquarters Branch Office R1 R2 Example SA from R1 to R2 R1 stores for SA  32-bit identifier for SA: Security Parameter Index (SPI)  the origin interface of the SA (200.168.1.100)  destination interface of the SA (193.68.2.23)  type of encryption to be used (for example, 3DES with CBC)  encryption key  type of integrity check (for example, HMAC with with MD5)  authentication key

42. IPsec datagram Focus for now on tunnel mode with ESP new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP auth encrypted “enchilada” authenticated padding pad length next header SPI Seq #

43. What happens? 193.68.2.23 200.168.1.100 172.16.1/24 172.16.2/24 SA Internet Headquarters Branch Office R1 R2 new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP auth encrypted “enchilada” authenticated padding pad length next header SPI Seq #

44. R1 converts original datagram into IPsec datagram  Appends to back of original datagram (which includes original header fields!) an “ESP trailer” field.  Encrypts result using algorithm & key specified by SA.  Appends to front of this encrypted quantity the “ESP header, creating “enchilada”.  Creates authentication MAC over the whole enchilada, using algorithm and key specified in SA;  Appends MAC to back of enchilada, forming payload;  Creates brand new IP header, with all the classic IPv4 header fields, which it appends before payload.

45. Inside the enchilada:  ESP trailer: Padding for block ciphers  ESP header:  SPI, Security Parameter Index so receiving entity knows what to do  Sequence number, to thwart replay attacks  MAC in ESP auth field is created with shared secret key new IP header ESP hdr original IP hdr Original IP datagram payload ESP trl ESP auth encrypted “enchilada” authenticated padding pad length next header SPI Seq #

46. IPsec sequence numbers  For new SA, sender initializes seq. # to 0  Each time datagram is sent on SA:  Sender increments seq # counter  Places value in seq # field  Goal:  Prevent attacker from sniffing and replaying a packet Receipt of duplicate, authenticated IP packets may disrupt service  Method:  Destination checks for duplicates  But doesn’t keep track of ALL received packets; instead uses a window

47.  replay: the attacker obtains an authenticated packet and later transmits (replays) it to the intended destination  ƒ receiver has an anti-replay window of default size W = 64

48. Summary of IPsec  An IPsec used in VPN  Either the AH or the ESP protocol (or both)  The AH protocol provides integrity and source authentication  The ESP protocol (with AH) additionally provides encryption  IPsec peers can be two end systems, two routers/firewalls, or a router/firewall and an end system