Presentation is loading. Please wait.

Presentation is loading. Please wait.

VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

Published byMaximillian Cross Modified over 6 years ago

Similar presentations

Presentation on theme: "VPNs and IPSec Review VPN concepts Encryption IPSec Lab."— Presentation transcript:

1 VPNs and IPSec Review VPN concepts Encryption IPSec Lab

2 VPN concepts Tunneling Encryption

3 Tunneling Encapsulation of a packet within another packet
Encapsulated packet may be another protocol IPX packet may be encapsulated in IP to transport IPX across an IP network Encapsulated packet may be encrypted

4 What is Encryption Converting clear or plain text into some other form – called ciphertext Transposition Substitution Encryption and decryption is performed by an algorithm using a key

5 Encryption History Dates back to early history 1 2 3 4 5 a b c d e f g
Greek system – Polybius square – each message letter replaced by two letters in grid. 1 2 3 4 5 a b c d e f g h I j k l m n o p q r s t u v w x y

6 Encryption History Ceasar Cipher Let’s make an encryption system-
Simply shift each letter Let’s make an encryption system-

7 Encryption Methods Block cipher Stream
Operates on fixed length group of bits Stream Operates on plaintext digits (usually single bits or bytes) Combined with pseudorandom cipher bit stream (keystream)

8 Encryption Symmetric key encryption Shared key – same on both ends
Encryption is fast Key management is issue DES, 3DES, AES, IDEA Used by IPSec for data encryption

9 Data Encryption Standard
Block cipher 56 bit key Now considered insecure 3DES is more secure but slower – DES is applied three times

10 Advanced Encryption Standard
Block cipher (128 bit block) Key sizes of 128, 192, 256 Became a standard in 2002

11 Asymmetric Encryption
Two different keys - private key & public key Encrypt with one, decrypt with the other More complex – slower encryption Pretty Good Privacy (PGP), Diffie-Hellman For confidentiality encrypt with public- only private key can decrypt For authentication encrypt with private – public can decrypt and verify

12 Hash Algorithm Mathematical function that coverts variable length input into constant length output When two inputs result in same output it is called a collision Hashes have many uses In CHAP, for example, used for authentication SHA-1 and MD5 are hash algorithms

13 IPSec Standard protocol
Purpose is to provide either a tamper-free and/or confidential transfer service Tamper-free means you can be sure it wasn’t altered in transit Confidential means no one else could read it May invoke both services Includes anti-replay service through use of sequence numbers IPSec is a protocol suite - consists of multiple protocols IKE - Internet Key Exchange ESP - Encapsulation security Protocol – confidential transfer AH - Authentication header – tamper-free transfer

14 IPSec implementation modes
Tunnel mode Usually formed between 2 routers (gateways). Can be host to host or host to gateway. Encrypted tunnel provided by ESP. Entire packet is encrypted and a new header is attached. DIP is peer address. Transparent to end user Frame makeup – IP header IPSec header IP datagram

15 IPSec implementation modes
Transport mode Original IP header used- encrypts payload only Suited for host to host on internal network Frame makeup IP header IPSec header TCP header/data

16 IKE Authentication and negotiation protocol.
Verifies the identity of each peer to the other Exchanges public keys; manages keys Negotiates which encryption method will be used Negotiates which protocol – ESP or AH Operates in 2 phases Uses SKEME, Oakley and ISAKMP protocols SKEME – key exchange protocol Oakley – allows different exchange modes ISAKMP – Defines how peers communicate

17 IKE phase 1 Remote user must first be authenticated
Pre-shared key can be used Digital certificates - covered below Kerberos – Windows with Active Directory Negotiates the parameters that will be used in phase 2. Phase 1 can be accomplished by 2 different modes - main mode and aggressive mode. Aggressive mode uses fewer packets and is less secure. Not supported by all vendors.

18 IKE phase 2 Negotiates the parameters of the IPSec SA.
Only uses quick mode - 3 packets All exchanges are encrypted

19 Security Association (SA)
Formed before any data is exchanged Agreement between 2 IPSec peers/endpoints as to parameters of data exchange such as- Encryption and hash algorithm to be used Protocols being used Communication modes Each IPSec peer may be communicating with other peers and have multiple SAs. SAs are maintained in an SA database. (SAD)

20 Authentication Header (AH)
Protocol ID 51 Provides authentication and integrity checking but not confidentiality Adds header to existing IP packet. Header contains digital signature verifying that packet hasn't been changed. Digital signature in this case is termed the Intergrity Check Value (ICV) and is a hash value. What is a digital signature? What is a hash?

21 Configuring IPSec Cisco Define traffic to protect with acl
Configure IPSec transform set Set peer address

Download ppt "VPNs and IPSec Review VPN concepts Encryption IPSec Lab."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
CSCE 715: Network Systems Security

CSCE 715: Network Systems Security
2003-2004 - Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
Karlstad University IP security Ge Zhang

Karlstad University IP security Ge Zhang
Network Security David Lazăr.

Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec. 18.1 Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

Similar presentations

Ads by Google