AWERProcedia Information Technology & Computer Science
|
|
- Raymond Rodgers
- 8 years ago
- Views:
Transcription
1 AWERProcedia Information Technology & Computer Science 1 (2012) nd World Conference on Information Technology (WCIT-2011) Using penetration testing to discover VPN security vulnerabilities a Defta (Ciobanu) Costinela - Luminit * PhD student, Doctoral School, University of Pitesti, Department of Computer Science, Str. Targu din Vale, nr.1, Arges and Postcode , Romania Abstract A VPN is a private network constructed within a public network infrastructure, such as Internet. VPNs are widely used to create wide area networks (WANs) that span large geographic areas, to provide site-to-site connections to branch offices and to allow mobile users to dial up their company LANs. VPNs are generally considered to have strong protection for data communications, but if they are incorrectly configured they are still vulnerable, just as any other Internet-facing system. In the first part of this paper we will analyze and compare the key VPN security technologies, like IPsec and SSL. In the second part we will describe a common penetration testing methodology for VPNs. The objective is to discover vulnerabilities in the VPN implementation that an attacker may be able to exploit. Keywords: VPN, SSL, IPSec, Penetration testing, Network; Selection and peer review under responsibility of Prof. Dr. Hafize Keser Academic World Education & Research Center. All rights reserved. 1. Introduction Virtual private networks extend the reach of LANs without requiring owned or leased private lines. Companies can use VPNs to provide remote and mobile users with network access, connect geographically separated branches into a unified network and enable the remote use of applications that rely on internal servers. VPN can be used also on distributed systems. Distributed system model best suits on the organizational structure of companies that, because of their business needs, are geographically distributed. * ADDRESS FOR CORRESPONDENCE: Defta (Ciobanu) Costinela, Luminita. PhD student, Doctoral School, University of Pitesti, Department of Computer Science, Str. Targu din Vale, nr.1, Arges and Postcode , Romania. address: lumi.defta@yahoo.com/ Tel.:
2 VPNs can be divided into three categories, depending on the mechanisms that they use: Trusted VPNs, secure VPNs, Hybrid VPNs. Companies who use trusted VPNs do so because they want to know that their data is moving over a set of paths that has specified properties and is controlled by one ISP or a trusted confederation of ISPs. This allows the customer to use their own private IP addressing schemes, and possibly to handle their own routing. The major technologies used for implementing trusted VPNs over IP networks are ATM circuits, frame-relay circuits and Multiprotocol Label Switching (MPLS). The main reason that companies use secure VPNs is so that they can transmit sensitive information over the Internet without needing to worry about who might see it. Everything that goes over a secure VPN is encrypted to such a level that even if someone captured a copy of the traffic, they could not read the traffic even if they used hundreds of millions of dollars worth of computers. For the organizations that are expanding globally, the data exchange between multiple databases and applications has become more important. Further, using a secure VPN allows the company to know that an attacker cannot alter the contents of their transmissions, such as by changing the value of financial transactions. Secure VPNs are particularly valuable for remote access where a user is connected to the Internet at a location not controlled by the network administrator, such as from a hotel room, airport kiosk, or home. Secure VPNs can use IPsec with encryption, IPsec inside of Layer 2 Tunnelling Protocol (L2TP), SSL 3.0 or Transport Layer Security (TLS) with encryption, Layer Two Forwarding (L2F) or Pointto-Point Tunnelling Protocol (PPTP). It is clear that secure VPNs and trusted VPNs have very different properties. Secure VPNs provide security but no assurance of paths. Trusted VPNs provide assurance of properties of paths such as QoS, but no security from snooping or alternation. Because of these strengths and weaknesses, hybrid VPNs has started to appear, although the list of scenarios where they are desired is still evolving. A typical situation for hybrid VPN deployment is when a company already has a trusted VPN in place and some parts of the company also need security over part of the VPN. Hybrid VPN uses both IPsec and Secure Sockets Layer (SSL). In this paper we will present a common methodology for testing a VPN to discover security issues and also we will outline a number of VPN technologies, among which IPsec and SSL VPN are the most common. 2. VPN Protocols The most used VPN protocols are: PPTP, L2TP, IPSec, SSL. PPTP (Point-to-Point Tunneling Protocol) it s the most widely supported VPN method among Windows users and it was created by Microsoft in association with other technology companies. The disadvantage of PPTP is that it does not provide encryption and it relies on the PPP (Point-to-Point Protocol) protocol to implement security measures. But compared to other methods, PPTP is faster and it is also available for Linux and Mac users. L2TP (Layer 2 Tunneling Protocol) it s another tunneling protocol that supports VPNs. Like PPTP, L2TP does not provide encryption and it relies on PPP protocol to do this. The difference between PPTP and L2TP is that the second one provides not only data confidentiality but also data integrity. L2TP was developed by Microsoft and Cisco as a combination between PPTP and L2F(Layer 2 Forwarding)., Dos (Denial of Service). IPsec protocol can be used for encryption in correlation with L2TP tunneling protocol. It is used as a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPSec requires expensive, time consuming client installations and this can be considered an important disadvantage. SSL (Secure Socket Layer) is a VPN accessible via https over web browser. The advantage of this SSL VPN is that it doesn t need any software installed because it uses the web browser as the client application. Through SSL VPNs the user s access can be restrict to specific applications instead of allowing access to the whole network. 74
3 3. IPSec vs. SSL IPSec VPNs are best suited for point-to-point access. Open tunneling protects data between two private networks or between IT-managed machines and a private network. IPSec is a perfectly viable solution when a permanent connection is required between two specific locations, for example between a branch or remote office and a corporate headquarters. It can also be used successfully to provide access to a small finite number of remote workers using tightly-controlled corporate-issued laptops. At one time, a traditional Internet Protocol Security (IPSec) virtual private network (VPN) was the only option for secure remote access. However, because IPSec solutions were designed for trusted site-to-site connectivity and not with a highly-mobile workforce in mind, IPSec solutions had limitations for supporting untrusted end point locations that were not directly managed by IT. In response to increasing user demands for remote access, a new kind of VPN emerged - SSL VPNs. These new VPNs, based on the Secure Sockets Layer (SSL) protocol that safeguards the world of e-commerce, quickly became the leading option for remote access. As organizations grow and become more mobile, many are shifting to SSL VPNs, as they offer everywhere access while retaining complete control and security. Recent advances in SSL VPN technology offer many benefits for both users and companies. When compared to IPSec, SSL VPNs are typically less costly to manage, eliminate concerns related to open-by-default tunnels and offer a more flexible experience for employees and business partners using untrusted end point environments. Many existing IPSec implementations can continue to work well for these use cases for which they were originally deployed. IT might consider keeping IPSec in these limited areas and extend remote access to other areas, such as trusted partners or extranet users, via a parallel SSL VPN solution. While a parallel VPN implementation is a viable choice for some enterprises, transitioning all access use cases through a single SSL VPN gateway might ultimately cost less and be easier to manage. In the following table we compare the advantages and disadvantages of each protocol: Table 1. IPSec vs SSL SSL IPSec Advantages Ubiquity of web browsers enables nearly universal access. Allow granular access control to applications. Easy access to Web-enabled applications. Lower ownership costs than IPSec. Easier scalability than IPSec. Client software provides strong device authentication. Remote machines easily augmented with AV & policy enforcement software. Network layer connection provides complete application access. Disadvantages Users may come in from unknow untrusted machines. Tokens or digital certificates required for authentication stronger than user name/password. Sensitive information may be left on public terminals. Demands some amount of integration for legacy applications. Ties user to a single machine. Requires deployment and configuration to every user you want to give remote access. Support services may be costly. Firewalls and NAT may interfere with access. 4. VPN security testing Like any other gateway, your VPN needs to go through a thorough penetration test to check for vulnerabilities. It's easy to overlook VPNs when administering a network penetration test, as it's often assumed that they're the most secure part of it. But, they're not and they're a magnet for hackers. IPSec VPN is a network- 75
4 based VNP, while SSL is a web-based, so each of them should be tested as such. But, regardless the type, there are three steps to penetration testing a VPN: - scanning open ports and fingerprinting - exploitation of known vulnerabilities and assessing PSK - exploitation of default user accounts 4.1. Scanning open ports and fingerprinting We need to determine the type of VPN implementation (IPsec, PPTP, or SSL), the VPN vendor information and corresponding version numbers. This is necessary to execute a focused attack against the target VPN environment. The first step entails port scanning the VPN server to make an educated guess on the type of VPN implementation. The following table provides a mapping of open ports to VPN type, using default ports: Table 2. VPN default ports Port UDP 500 TCP 1723 TCP 443 Type of VPN IPSec PPTP/L2TP SSL A port scan can easily be made with free tools, such as Nmap, ScanLine and SuperScan. Scan the network where the VPN may be located. If the scan shows that port 500 is open, the VPN is IPSec. Port 500 is the standard port for the Internet Key Exchange (IKE) protocol used for the key exchange required in IPSec. IKE protocol provides a means to securely exchange the secret key, which is essential for the effective operation of the Authentication Header (AH) and Encapsulating Security Payload (ESP) between the communicating subjects. If the scan shows port 443 to be open, the standard port for SSL, then the VPN is SSL. An SSL VPN uses the same port as any other SSL communication. It is possible that the scan may have false positives. This is most likely to happen if the subject of the scan is a firewall-vpn combination device. In such cases, the firewall is likely to drop packets targeted to it, resulting in false positives. Next we need to determine what we are up against by finding out the vendor and version of the VPN server. The IKE Scan tool (developed by NTA Monitor) can be used to fingerprint many VPN vendors and models. With that information, hacker can search the Web for details of attacks against specific vendors. The tool can't fingerprint every VPN model, but it can reveal the type of authentication used in the VPN useful information for a cracker. For example, in the case of IPSec VPNs, we can use IKE Scan to provide a reasonably accurate fingerprint of the VPN server vendor and the version number. This tool performs the fingerprinting by checking the values of specific variables in the IPsec packets being exchanged, and compares these against its signature database. The IKE scan execution output may look like this: ike-scan auth=1 -A Starting ike-scan 1.6 with 1 hosts ( Aggressive Mode Handshake returned SA=(Enc=3DES Hash=MD5 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x ) KeyExchange(128 bytes) Nonce(20 bytes) ID(Type=ID_IPV4_ADDR, Value= ) Hash(16 bytes) Ending ike-scan 1.6: 1 hosts scanned in seconds (0.07 hosts/sec). 1 returned handshake; 0 returned notify 76
5 If the packet exchange patterns observed by ike-scan match any of those within its signature database, it provides a best guess of the VPN server platform and outputs the data as follows: Implementation guess: Netscreen Or Implementation guess: Cisco IOS/PIX. The fingerprint information allows a potential attacker the ability to execute a more focused attack against the VPN. With this knowledge, the attacker may not only attempt platform specific exploits against the system, but may also attempt a brute-force attack using the appropriate client software Exploitation of known vulnerabilities and assessing PSK Other tools, like IKEProbe and IKECrack, take advantage of weaknesses in the pre-shared key (PSK) authentication used in IPSec VPNs. The hashes captured by these tools can then be run through ordinary password crackers, such as Cain and Abel, to steal passwords for malicious access to the VPN and, of course, the corporate network. IKEProbe can be used to determine vulnerabilities in the PSK implementation of the VPN server. It tries out various combinations of ciphers, hashes and Diffie-Helman groups and attempts to force the remote server into aggressive mode. IKEProbe output may look like this: ikeprobe IKEProbe 0.1beta (c) 2003 Michael Thumann ( Portions Copyright (c) 2003 Cipherica Labs ( Read license-cipherica.txt for LibIKE License Information IKE Aggressive Mode PSK Vulnerability Scanner (Bugtraq ID 7423) Supported Attributes Ciphers : DES, 3DES, AES-128, CAST Hashes : MD5, SHA1 Diffie Hellman Groups: DH Groups 1,2 and 5 IKE Proposal for Peer: Aggressive Mode activated... Once the PSK has been cracked, software such as PGPNet can be used to connect to the vulnerable VPN server. An attacker may also attempt to exploit vulnerabilities in the vendor's implementation of the specific protocols. For SSL VPNs, the same tools for scanning a web application can be used. Tools, such as Webinspect and Watchfire, can check for web threats like cross-site scripting (XSS), SQL injection, buffer overflows, weak authentication and old-fashioned parameter manipulation. The scan results can be followed by either automatic or manual tests to verify the vulnerabilities Exploitation of default user accounts The default user accounts (with default passwords) is a common vulnerability in VPN systems (and in many others). These accounts are used for initial installation and aren't needed after that. They should be either removed or changed, where possible. The same goes for any administrative accounts used for routine maintenance. In addition to blind penetration testing (without a valid user account), assessing the VPN using a valid user account ID provides added value. This normally yields a larger number of critical vulnerabilities than the blind penetration testing phase. This can be attributed to the added VPN functionality and attack surface exposed to an authenticated user as compared to a zero-knowledge attacker. 77
6 5. Conclusion Even if VPNs provides a secure way of communication, if they are incorrectly configured they are still vulnerable. The compromise of a VPN server may have an extremely negative impact on the organization's business as it may provide unauthorized access to internal company resources. Thus, organizations should pay special attention to the implementation, configuration and ensure a proper penetration test has been completed in a VPN system. Also, whether an IPSec or SSL VPN is the right choice ultimately depends on the extent of the company s secure remote access needs: - IPSec VPN technology is designed for site-to-site VPNs or for remote access from a small finite number of tightly-controlled corporate assets - SSL VPN technology, on the other hand, works much better for secure remote access. SSL VPN technology is an ideal replacement for - or adjunct to - PSec, because it increases productivity by allowing access to more resources from more end points. References [1]. A. Conry-Murray, SSL VPN Basics. Network Magazine, [2]. M. Heller, Whay you need to know about VPN technologies. Computerworld, [3]. ComputerWeekly.com, VPN security: testing, troubleshooting and deploying [4]. IbVPN.com, Types of VPN protocols [5]. R. Belani and K.K. Mookhley, Penetration Testing IPSec VPNs. Symantec, [6]. N. Iacob, Data Replication in Distributed Environments. Proceedings of International Scientific Conference ECO-TREND: Brancusi University Targu Jiu,
Simple Steps to Securing Your SSL VPN
Simple Steps to Securing Your SSL VPN A five-point strategy for secure remote access Managing secure remote access is a tough job. Because remote systems may directly connect to the Internet rather than
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationVPN Technologies: Definitions and Requirements
VPN Technologies: Definitions and Requirements 1. Introduction VPN Consortium, January 2003 This white paper describes the major technologies for virtual private networks (VPNs) used today on the Internet.
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationVirtual Private Networks Solutions for Secure Remote Access. White Paper
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
More informationSite to Site Virtual Private Networks (VPNs):
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationVPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationBuilding scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF
Building scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF Presenter information Tomas Kirnak Network design Security, wireless Servers Virtualization MikroTik Certified Trainer Atris,
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More information"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationVirtual Private Networks: IPSec vs. SSL
Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies
More informationI. What is VPN? II. Types of VPN connection. There are two types of VPN connection:
Table of Content I. What is VPN?... 2 II. Types of VPN connection... 2 III. Types of VPN Protocol... 3 IV. Remote Access VPN configuration... 4 a. PPTP protocol configuration... 4 Network Topology... 4
More informationIPsec VPN Security between Aruba Remote Access Points and Mobility Controllers
IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers Application Note Revision 1.0 10 February 2011 Copyright 2011. Aruba Networks, Inc. All rights reserved. IPsec VPN Security
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationVirtual Private Networks
Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security
More informationSecure Network Design: Designing a DMZ & VPN
Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network
More informationConfiguring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router
print email Article ID: 4938 Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router Objective Virtual Private
More informationAT&T. ip vpn portfolio. integrated. IP VPN solutions. for the enterprise. Communication Systems International Incorporated
AT&T ip vpn portfolio integrated IP VPN solutions for the enterprise Communication Systems International Incorporated Applications of IP VPN Technology Applications of IP VPN Technology Sales Force Automation
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationThis chapter describes how to set up and manage VPN service in Mac OS X Server.
6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure
More informationSSL VPN Technology White Paper
SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and
More informationDeploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels
Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels This article provides a reference for deploying a Barracuda Link Balancer under the following conditions: 1. 2. In transparent (firewall-disabled)
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationSession Hijacking Exploiting TCP, UDP and HTTP Sessions
Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being
More informationSSL VPN vs. IPSec VPN
SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White
More informationHow To Fix A Username Enumeration On A Vpn On A Pc Or Ipv (Vpn) On A Password Protected Ipv 2 (Vvv) On An Ipv 3 (Vp) On Pc Or Password Protected (V
Common VPN Security Flaws Roy Hills, NTA Monitor Ltd. http://www.nta-monitor.com/ January 2005 Abstract This paper outlines some of the common VPN security flaws that NTA Monitor have found during the
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationRemote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6
Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6 Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani The Higher Institute of Industry Misurata, Libya goha_99@yahoo.com
More informationHughesNet Broadband VPN End-to-End Security Using the Cisco 87x
HughesNet Broadband VPN End-to-End Security Using the Cisco 87x HughesNet Managed Broadband Services includes a high level of end-to-end security features based on a robust architecture designed to meet
More informationInformation security in E-learning Platforms
Available online at www.sciencedirect.com Procedia Social and Behavioral Sciences 15 (2011) 2689 2693 WCES- 2011 Information security in E-learning Platforms Defta (Ciobanu) Costinela Luminita a * a Phd
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationVirtual Private Network and Remote Access Setup
CHAPTER 10 Virtual Private Network and Remote Access Setup 10.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks
More informationHow To Configure Apple ipad for Cyberoam L2TP
How To Configure Apple ipad for Cyberoam L2TP VPN Connection Applicable to Version: 10.00 (All builds) Layer 2 Tunneling Protocol (L2TP) can be used to create VPN tunnel over public networks such as the
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSSL VPN Technical Primer
4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses
More informationHughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R
HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Managed Broadband Network Services include a high level of end-toend security utilizing a robust architecture designed by
More informationVirtual Private Networks (VPN) Connectivity and Management Policy
Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections
More informationNetwork Security and Firewall 1
Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationCisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X
Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationIPSec vs. SSL: Why Choose?
Remote VPN Access from Anywhere An OpenReach Backgrounder Comparing VPN Technologies 660 Main Street Woburn, MA 01801 888.783.0383 www.openreach.com Copyright 2002,, which is solely responsible for its
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationUsing a VPN with CentraLine AX Systems
Using a VPN with CentraLine AX Systems User Guide TABLE OF CONTENTS Introduction 2 What Is a VPN? 2 Why Use a VPN? 2 How Can I Set Up a VPN? 2 Important 2 Network Diagrams 2 Network Set-Up with a VPN 2
More informationVodafone MachineLink 3G. IPSec VPN Configuration Guide
Vodafone MachineLink 3G IPSec VPN Configuration Guide Copyright Copyright 2013 NetComm Wireless Limited. All rights reserved. Copyright 2013 Vodafone Group Plc. All rights reserved. The information contained
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationCreating a VPN Using Windows 2003 Server and XP Professional
Creating a VPN Using Windows 2003 Server and XP Professional Recommended Instructor Preparation for Learning Activity Instructor Notes: There are two main types of VPNs: User-to-Network This type of VPN
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationHow To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (
UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationObjectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how
More informationUsing a VPN with Niagara Systems. v0.3 6, July 2013
v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationASA and Native L2TP IPSec Android Client Configuration Example
ASA and Native L2TP IPSec Android Client Configuration Example Document ID: 113572 Contributed by Atri Basu and Rahul Govindan, Cisco TAC Engineers. Oct 29, 2013 Contents Introduction Prerequisites Requirements
More informationSSL VPN. Virtual Private Networks based on Secure Socket Layer. Mario Baldi. Politecnico di Torino. Dipartimento di Automatica e Informatica
SSL VPN Virtual Private Networks based on Secure Socket Layer Mario Baldi Politecnico di Torino Dipartimento di Automatica e Informatica mario.baldi[at]polito.it staff.polito.it/mario.baldi Nota di Copyright
More informationOverview. Protocols. VPN and Firewalls
Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls VPN-Definition VPNs (Virtual Private Networks)
More informationMatrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client
Matrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client 22/07/2014 Dear Friends, This mailer helps you in understanding and configuring PPTP VPN of Matrix NAVAN CNX200 with Windows
More informationFirewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
More informationGPRS / 3G Services: VPN solutions supported
GPRS / 3G Services: VPN solutions supported GPRS / 3G VPN soluti An O2 White Paper An O2 White Paper Contents Page No. 3 4-6 4 5 6 6 7-10 7-8 9 9 9 10 11-14 11-12 13 13 13 14 15 16 Chapter No. 1. Executive
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationFirewalls. Outlines: By: Arash Habibi Lashkari July 2010. Network Security 06
Firewalls Outlines: What is a firewall Why an organization ation needs a firewall Types of firewalls and technologies Deploying a firewall What is a VPN By: Arash Habibi Lashkari July 2010 1 Introduction
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationHow Virtual Private Networks Work
How Virtual Private Networks Work Document ID: 14106 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information What Makes a VPN? Analogy: Each LAN Is an IsLANd
More informationChapter 4 Virtual Private Networking
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationElectronic Service Agent TM. Network and Transmission Security And Information Privacy
Electronic Service Agent TM and Transmission Security And Information Privacy Electronic Services January 2006 Introduction IBM Electronic Service Agent TM is a software application responsible for collecting
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationVPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls
Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationWhy Switch from IPSec to SSL VPN. And Four Steps to Ease Transition
Why Switch from IPSec to SSL VPN And Four Steps to Ease Transition Table of Contents The case for IPSec VPNs 1 The case for SSL VPNs 2 What s driving the move to SSL VPNs? 3 IPSec VPN management concerns
More informationWireless Controller DWC-1000
Network Architecture Manage up to 6 wireless APs, upgradable to 24 APs 1 per controller Control up to 24 wireless APs, maximum 96 APs 1 per cluster Robust Network Security Wireless Instruction Detection
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationUsing Rsync for NAS-to-NAS Backups
READYNAS INSTANT STORAGE Using Rsync for NAS-to-NAS Backups Infrant Technologies 3065 Skyway Court, Fremont CA 94539 www.infrant.com Using Rsync For NAS-To-NAS Backups You ve heard it before, but it s
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More information