VIRTUAL PRIVATE NETWORKS SECURITY

Transcription

1 DATA SECURITY MANAGEMENT VIRTUAL PRIVATE NETWORKS SECURITY John R. Vacca INSIDE Public Key Encryption; Public Key-Based Certificates; Audit Verification between Discovered Security Policy and Service Policy Definition; Automatic Discovery of Inter-VPN Connectivity and Exclusivity; Automatic Cross-Policy Audit to Ensure that Service or Configuration Changes Do Not Affect Other Policies; Centralized Reporting of Group Memberships; Automatic Implementation of Selected, Custom Security Services, Such as Encryption; Secure Access to Management Data; Secure Access to Control; Multiple Levels of Authorization; Logging, Reporting, and Auditing of Changes; Advanced Security Features; Symmetric Encryption vs. Asymmetric Encryption (Private Key vs. Public Key); Certificates; Extensible Authentication Protocol (EAP); IP Security (IPSec) INTRODUCTION With the explosive growth of the Internet, enterprises are beginning to ask: How can we best exploit the Internet for our enterprise? Initially, enterprises were using the Internet to promote their enterprise s image, products, and services by providing World Wide Web access to enterprise Web sites. Today, however, to improve overall efficiency and gain a competitive advantage, enterprises are moving toward Internet-enabled enterprise processes. As a result, enterprises are considering virtual private network (VPN) solutions that take advantage of the Internet s extensive, cost-effective access, while ensuring data security. In this article, one will learn how to help enterprises transition to this Internet-enabled enterprise model, and how to obtain standards-based secure access to enterprise computing resources. One will also learn how to securely and costeffectively extend the reach of applications and data across the world through the implementation of virtual private network (VPN) solutions. Finally, this article will cover public key encryption and public key-based certificates (since these will play a role in the new EAP and IPSec security features now in development by Microsoft, IBM, Cisco, and other software suppliers). PAYOFF IDEA When organizations discovered the efficiencies and cost-effectiveness of using the capabilities of the Internet to conduct business, they realized the need to protect sensitive information transiting unsecured areas. The implementation of virtual private networks provided the mechanism to achieve this needed protection. This article covers the use of virtual private networks and their related encryption technologies. 08/99 Auerbach Publications 1999 CRC Press LLC

2 Security for virtual private networks (VPNs) must go beyond simply controlling secure access to network resources. It must also provide mechanisms for managing the implementation and enforcement of the policies that define partitioning between VPNs. Most VPN-aware networks extend traditional VPN concepts of intranet and extranet service to enable valuable services based on sophisticated policies of separation and designated intercommunication; security policy management becomes a valuable component to the success of VPN deployment. New standards are being set by tools that enable easy specification, implementation, management, and enforcement of security policies. While initially focused on intra-vpn separation and intercommunication, network management functionality will be enhanced to support other value-added services such as encryption, data sharing, and broadcast distribution between customers and secure remote access. Generally, provider operators need to control access and visibility into network elements, control points, management systems, and data so that their networks cannot be sabotaged and sensitive information compromised. VPN services that support network management add a new twist to security management functional requirements in that visibility and control of a VPN subset of the provider network can now extend beyond the provider to the subscriber. Traditionally, only service provider operators required authorization to their own network management systems and data. However, regular network management subscribers need access to information that provides insight into how they use VPN services. Customers want to know the performance of the transport over the provider backbone and receive indicators when, or before, there are problems with the service. As network management applications mature, customers will control how they use the service (e.g., how service responds to data classification), and they will be able to change or procure new services. To ensure correct partitioning of management data such that visibility, delivery, control, and access of the appropriate information are given only to authorized customers/owners of the data; and because the Internet facilitates the creation of VPNs from anywhere, networks need strong security features to prevent unwelcome access to private networks and to protect private data as it traverses the public network. User authentication and data encryption are strong security features, but there are stronger authentication and encryption capabilities that will be available with Extensible Authentication Protocol (EAP) and Internet protocol security (IPSec). WHY VPN SECURITY? A virtual private network (VPN) is an extension of an enterprise s private intranet across a public network such as the Internet, creating a secure

3 EXHIBIT 1 Virtual Private Networks private connection, essentially through a private tunnel. VPNs securely convey information across the Internet, connecting remote users, branch offices, and enterprise partners/suppliers into an extended enterprise network, as shown in Exhibit 1. Internet service providers (ISPs) offer costeffective access to the Internet (via direct lines or local telephone numbers), enabling enterprises to eliminate their current, expensive leased lines, long-distance calls, and toll-free telephone numbers. A 1997 VPN Research Report, by Infonetics Research, Inc. (based in San Jose, CA), estimates savings from 20 percent to 47 percent of wide area network (WAN) costs by replacing leased lines to remote sites with VPNs. And, for remote access VPNs, savings can be 60 percent to 80 percent of enterprise remote access dial-up costs. Additionally, Internet access is available worldwide, where other connectivity alternatives may not be available. The technology to implement these VPNs, however, is just becoming standardized. Some networking vendors today are offering non-standards-based VPN security solutions that make it difficult for an enterprise to incorporate all its employees or enterprise partners/suppliers into an extended enterprise network. However, VPN security solutions based on Internet Engineering Task Force (IETF) standards will provide support for the full range of VPN security scenarios, with more interoperability and expansion capabilities. The key to maximizing the value of VPN security is the ability of enterprises to evolve their VPNs as their enterprise needs change and to easily upgrade to future TCP/IP technology. Vendors that support a broad range of hardware and software VPN security products provide the

4 flexibility to meet these requirements. VPN security solutions today run mainly in the IPv4 environment, but it is important that they have the capability of being upgraded to IPv6 to remain interoperable with an enterprise partner s or supplier s VPN security solutions. Perhaps equally critical is the ability to work with a vendor that understands the issues of deploying VPN security. The implementation of a successful VPN security solution involves more than technology. The vendor s networking experience plays heavily into this equation. Now consider the role that software suppliers like IBM and Microsoft are playing with regard to the VPN security solution. Public key encryption and public key-based certificates will also be considered because they play a role in the new EAP and IPSec security features now in development by Microsoft, IBM, Cisco, and other software suppliers. UNDERSTANDING IBM VPN SECURITY IBM uses IPSec (an open, IETF-standard security technology) as an integral element in it enetwork VPN security solutions. IPSec provides cryptography-based protection of all data at the IP layer of the communications stack. It provides secure communications transparently, with no changes required to existing applications. IPSec is the IETF-chosen, industry-standard network security framework for use in both the IPv4 and IPv6 environments. It is also currently the technology of choice for more than a dozen networking vendors, such as Sun, Attachmate, and Bay Networks. IPSec protects data traffic in three ways, using robust cryptographic techniques: authentication: the process by which the identity of a host or end point is verified encryption: the process of hiding information while in transit across the network in order to ensure privacy integrity checking: the process of ensuring that no modifications were made to the data while in transit across the network In addition, as described next, IPSec can address the security requirements of all key VPN enterprise security scenarios and provides a growth path covering VPN expansion and security requirement changes. In 1997, the IETF Security Working Group completed the initial work on IP- Sec extensions that provide automated Internet Security Association and Key Management Protocol (ISAKMP) capabilities combined with a key distribution protocol (Oakley). This solution includes both a mechanism for negotiating security associations to achieve the degree of protection needed (enabling automated tunnel setup) and a mechanism for automated secure distribution and refresh of strong cryptographic keys. According to IBM, by supporting IPSec with ISAKMP/Oakley, IBM

5 enetwork VPN security offerings will minimize manual configuration and thus provide a more robust, user-friendly, maintenance-free solution. At the April 1998 IETF meeting, the IPSec Working Group agreed to advance all of the base IPSec documents to proposed standards. Having completed work on the base IPSec functions (authentication, encryption, integrity, key management, and security association management), the IPSec Working Group will now turn its attention to developing new protocols to complement the base set. For example, it will consider ease-ofuse issues such as VPN policy databases, extended authentication methods for use with ISAKMP/Oakley, and interoperability across several certificate authorities. IPSec can also be used in conjunction with security protocols that may already exist in other layers of the communications stack. According to IBM, they also support the Secure Electronic Transaction (SET) protocol, Secure Sockets Layer (SSL), and a variety of other security technologies that can be incorporated into an IPSec-based VPN security solution. Object-layer security such as SET can be used to secure electronic payment transactions over the Internet, and SSL technology can be used to secure specific applications. However, independent of whether any applicationlevel security such as SSL has been implemented, IPSec can provide an authenticated and encrypted tunnel that protects all IP traffic. IPSec can also provide robust security in conjunction with other tunneling protocols, such as the Layer 2 Tunneling Protocol (L2TP) used in remote access dial-up configurations. L2TP, which is also an IETF standard, has the capability of establishing dial-up connections from clients using the point-to-point protocol (PPP). In addition, L2TP can be used to carry multiprotocol traffic, such as NetBIOS. However, L2TP lacks strong security properties. When IPSec is used in conjunction with L2TP, cryptographically strong access control is provided. IPSec will provide authentication, integrity checking, and encryption for each packet transmitted. It also provides automated key management functions and can protect data all the way to the target server. According to IBM, its VPN customer security scenarios (IBM enetwork VPN offerings) are designed to allow enterprises to easily construct solutions that meet its enterprise needs. Consider three enterprise scenarios well-suited to the implementation of a VPN security solution: enterprise partner/supplier network branch office connection network remote access network Enterprise Partner/Supplier Network Industry-leading enterprises will be those that can communicate inexpensively and securely with their enterprise partners, subsidiaries, and

6 vendors. Many enterprises have chosen to implement Frame Relay or purchase leased lines to achieve this interaction. But this is often expensive, and geographic reach may be limited. VPN security technology offers an alternative for enterprises to build a private and cost-effective extended enterprise network with worldwide coverage, exploiting the Internet or other public network. Suppose one is a major parts supplier to a manufacturer. Because it is critical to have the specific parts and quantities at the exact time required by the manufacturing firm, one always needs to be aware of the manufacturer s inventory status and production schedules. If handling this interaction manually, and finding it to be time consuming, expensive, and maybe even inaccurate, perhaps there is an easier, faster, and more effective way of communicating. However, given the confidentiality and timesensitive nature of this information, the manufacturer does not want to publish this data on its enterprise Web page or distribute this information monthly via an external report. To solve these problems, the parts supplier and manufacturer can implement an enetwork secured VPN, as shown in Exhibit 2. A secured VPN can be built directly between a client workstation (in the parts supplier s intranet) and the server residing in the manufacturer s intranet. The clients can authenticate themselves either to the firewall protecting the manufacturer s intranet, directly to the manufacturer s server (validating that they are who they say they are), or to both, depending on the supplier s security policy. Then, a tunnel could be established, encrypting all data packets from the client, through the Internet, to the required server. With the establishment of this secured VPN, the parts supplier can have global, online access to the manufacturer s inventory plans and production schedule at all times during the day or night, minimizing manual errors and eliminating the need for additional resources for this communication. In addition, the manufacturer can be assured that the data is securely and readily available to only the intended parts supplier(s). According to IBM, one way to implement this scenario is for the enterprises to purchase Internet access from an Internet service provider (ISP) (such as IBM Global Services, etc.). Then, given the lack of security of the Internet, either an IPSec-enabled firewall or a server with firewall functionality can be deployed as required to protect the intranets from intruders. If end-to-end protection is desired, then both the client and server machines need to be IPSec-enabled as well. Through the implementation of this VPN security technology, the manufacturer would easily be able to extend the reach of its existing enterprise intranet to include one or more parts suppliers essentially building an extended enterprise network while enjoying the cost-effective benefits of using the Internet as its backbone. And, with the flexibility of open IPSec technology, the ability for this manufacturer to incorporate more external suppliers is limitless.

7 EXHIBIT 2 Enterprise Partner/Supplier Network

8 Yet, inherent in network expansion are concerns of manageability. Tools should be implemented to ensure that one s network remains easy to maintain. Management functions to be included in enetwork VPN security solutions are: policy management, automated ISAKMP/Oakley key management capabilities (previously mentioned), certificate management, secure domain name server (DNS), and lightweight directory access protocol (LDAP) support. When implementing a VPN, a set of security configuration criteria must be established. Decisions such as which security algorithms are to be used by each IPSec-enabled box and when the keys are to be refreshed are all aspects of policy management. And, with respect to key technology, almost all of today s currently popular security protocols begin by using public key cryptography. Each user is assigned a unique public key. Certificates, in the form of digital signatures, validate the authenticity of one s identity and one s encryption key. These certificates can be stored in a public key database, such as a secure DNS, that can be accessible via a simple protocol, such as the Lightweight Directory Access Protocol (LDAP). An automated IP address management system is especially important for secured VPNs in order to assign and manage one s network s IP addresses. Also, along the lines of managing IP addresses is the network address translation (NAT) (available today in IBM AIX Firewall). It allows one to use a globally unique (public) address on the Internet, while enabling the use of private IP addresses within one s own intranet. Branch Office Connection Network The branch office scenario, unlike the enterprise partner/supplier network scenario, securely connects two trusted intranets within an enterprise. This is a key difference, because the security focus is on both protecting the enterprise s intranet against external intruders and securing the enterprise s data while it flows over the public Internet. This differs from the enterprise partner/supplier network, where the focus is on enabling the enterprise partners/suppliers access to data in the enterprise intranet. For example, suppose an enterprise headquarters wants to minimize the costs incurred from communicating to and among its own branches. Today, the enterprise might use Frame Relay or leased lines, but wants to explore other options for transmitting its internal confidential data that will be less expensive, more secure, and globally accessible. By exploiting the Internet, branch office connection secured VPNs can easily be established to meet the enterprise s needs. As shown in Exhibit 3, one way to implement this VPN security connection between the enterprise headquarters and one of its branch offices is for the enterprise to purchase Internet access from an ISP (such as IBM Global Services). According to IBM, enetwork firewalls, or routers with integrated firewall functionality, would be placed at the boundary

9 EXHIBIT 3 Branch Office Connection Network

10 of each of the intranets to protect the enterprise traffic from Internet hackers. With this scenario, the clients and servers need not support IP- Sec technology because the IPSec-enabled firewalls (or routers) would be providing the necessary data packet authentication and encryption. With this approach, the inventory and pricing information would be hidden from untrusted Internet users, with the firewall denying access to potential attackers. And, as previously described in the secured VPN enterprise partner/supplier network scenario, enetwork secured VPN management functions can also be used to manage the VPN branch office connection network. With the establishment of branch office connection secured VPNs, the enterprise headquarters will be able to communicate securely and costeffectively with its branches, whether located locally or miles away. Through VPN security technology, each branch can also extend the reach of its existing intranet to incorporate the other branch intranets, building an extended, enterprisewide network. And, as in the enterprise partner/supplier network scenario, this enterprise can easily expand this newly created environment to include its enterprise partners, suppliers, and remote users through the use of open IPSec technology. Remote Access Network A remote user, whether at home or on the road, wants to be able to communicate securely and cost-effectively back to his or her enterprise intranet. Although many still use expensive long-distance and toll-free telephone numbers, this cost can be greatly minimized by exploiting the Internet. For example, the user is at home or on the road, but needs a confidential file on a server within the intranet. By obtaining Internet access in the form of a dial-in connection to an ISP, the user can communicate with the server in the intranet and access the required file. One way to implement this scenario is to use an enetwork VPN IPSecenabled remote client and firewall, as shown in Exhibit 4. The client accesses the Internet via dial-up to an ISP, and then establishes an authenticated and encrypted tunnel between itself and the firewall at the intranet boundary. By applying IPSec authentication between the remote client and the firewall, one can protect the intranet from unwanted and possibly malicious IP packets. And by encrypting traffic that flows between the remote host and the firewall, one can prevent outsiders from eavesdropping on the information. Once again, the previously described enetwork VPN security management capabilities can also be utilized. UNDERSTANDING MICROSOFT VPN SECURITY Microsoft VPN uses proven Windows NT RAS security. Enterprises can ensure secure communication between remote users and the private network using Windows NT RAS encryption and authentication protocols.

11 EXHIBIT 4 Remote Access

12 Windows NT RAS supports password authentication protection (PAP), the more sophisticated Challenge Handshake Authentication Protocol (CHAP), a special Microsoft adaptation called MS-CHAP, as well as RSA RC4 and DES encryption technologies. Authentication And Encryption Client accounts are validated against the Windows NT 4.0 and Windows 2000 (formerly Windows NT 5.0) user database, and only those with valid permissions are allowed to connect. The keys used to encrypt data are derived from user credentials, and are not transferred on the wire. When authentication is completed, the user s identity is verified, and the authentication key is used for encryption. Windows 2000 uses 40-bit RC4 encryption. For the United States and Canada, Microsoft will provide an optional add-on pack for 128-bit encryption, which provides security so tight that exporting it elsewhere is prohibited today by U.S. law. Understanding PPTP Security PPTP extends the strict authentication and encryption security available to computers running RAS under Windows 2000 Server and Windows 2000 Workstation to PPTP clients on the Internet. PPTP can also protect the PPTP server and the VPN by ignoring all but PPTP traffic. Despite the strict security, it is very simple to use PPTP with existing firewalls. This section will help understand and plan the following: authentication and access control data encryption PPTP packet filtering using third-party firewalls Authentication. Initial dial-in authentication may be required by an ISP network access server. If this authentication is required, it is strictly to log on to the ISP network access server. It is not related to Windows based authentication. Check with the ISP for its authentication requirements. One applies these requirements in the Dial-Up Networking entry for that ISP. On the other hand, if the Windows 2000 Server is configured as a PPTP server, it controls all access to the VPN. That is, the PPTP server is a gateway to the VPN. The PPTP server requires a standard Windows based log-on. All PPTP clients must supply a user name and password. Therefore, remote access log-on using a computer running under Windows 2000 Server or Windows 2000 Workstation is as secure as logging on from a Windows 2000-based computer connected to the local LAN. Authentication of remote PPTP clients is accomplished using the same PPP authentication methods used for any RAS client dialing directly to a

13 RAS server. Microsoft s implementation of the Remote Access Service (RAS) supports the Challenge Handshake Authentication Protocol (CHAP), the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), and the Password Authentication Protocol (PAP) authentication schemes. 1 As with all user accounts, the user accounts of remote users reside in the Windows 2000 Server directory service and are administered through User Manager for Domains. This provides centralized administration that is integrated with the existing user accounts on the VPN. Only accounts that have been granted specific access to the network through a trusted domain are permitted. Careful user accounts management is necessary to reduce security risks. Having a secure password model in place is critical to the successful deployment of PPTP because Internet connections are more susceptible to speed or demon dialer programs, which can literally crunch through thousands of password and username combinations. The only way to minimize this type of attack is to implement secure password policies. Passwords should be difficult to guess. For example, one can require passwords to contain upper case letters, lower case letters, numbers, and special characters. It is recommended that at least three different types of characters be required in order to ensure password uniqueness. Access Control. After authentication, all access to a private LAN continues to use the Windows 2000-based security model. Access to resources on NTFS drives, or to other network resources, requires the proper permissions. It is recommended that the NTFS file system be used for file resources that are accessed by PPTP clients. Data Encryption. For data encryption, PPTP uses the RAS shared-secret encryption process. It is referred to as a shared secret because both ends of the connection share the encryption key. In the Microsoft implementation of RAS, the shared secret is the user password. Other encryption methods base the encryption on some key available in public. This second method of encryption is known as public key encryption. PPTP uses the PPP encryption and PPP compression schemes. The CCP (Compression Control Protocol) used by PPP is used to negotiate encryption. The user name and password of the PPTP client is available to the PPTP server and supplied by the PPTP client. An encryption key is derived from the hashed password stored on both the client and server. The RSA RC4 standard is used to create this 40-bit session key, based on the client password. This key is used to encrypt all data that is passed over the Internet, keeping the remote connection private and secure. The data in PPP packets is encrypted. The PPP packet containing a block of encrypted data is then encapsulated into a larger IP datagram for

14 routing over the Internet to the PPTP server. If an Internet hacker intercepted your IP datagram, he or she would find only media headers, IP headers, and then the PPP packet containing a block of encrypted data. It would be indecipherable. 2 PPTP Packet Filtering. PPTP filtering is an important security feature. An administrator can decide to only allow PPTP-enabled users to connect to the enterprise network from the Internet. Filtering out non-pptp packets avoids the risk of somebody attacking the enterprise network through the PPTP gateway server. Network security from malicious activity can be enhanced by enabling PPTP filtering on the PPTP server. When PPTP filtering is enabled, the PPTP server on the VPN accepts and routes only PPTP packets from authenticated users. This prevents all other packets from entering the PPTP server and the VPN. In conjunction with PPP encryption, this ensures that only authorized encrypted data enters or leaves the private LAN. PPTP filtering is enabled on the PPTP server using the Protocols tab in the Network option of Control Panel. Using PPTP with Firewalls and Routers. PPTP traffic uses TCP port 1723, and IP protocol uses ID 47, as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for port 1723 to be routed through the firewall or router. Firewalls ensure enterprise network security by strictly regulating data that comes into the VPN from the Internet. An enterprise can deploy a PPTP server running Windows 2000 Server behind its firewall. The PPTP server accepts PPTP packets passed to the VPN from the firewall and extracts the PPP packet from the IP datagram, decrypts the packet, and forwards the packet to the computer on the VPN. Front-End Processors PPTP is designed to allow front-end processors (FEPs) to be connected with Windows 2000 servers, so clients that call into the FEP have transparent access to the server s network. This means the client will not notice whether it is going straight to the server, or to an FEP that is tunneling through the server. According to Microsoft, because its secure VPN provides transparent access to a PPP client, it can work with UNIX, Win 16, MS-DOS, Macintosh, and other clients. FEPs can be operated by telephone companies because FEPs do not allow access to the data exchange between the client and the server. The FEP is just a pass-through that lacks the intelligence to evaluate the information passing through it. From a security standpoint, this means an enterprise will not lose control of who gets access to its network. Data

15 privacy is maintained. This is very important for enterprises that outsource dial-up access because they need their data to be secure. Another important point is to keep control of who has access to the server on the server itself, rather than on the FEP. The server authenticates the clients calling in; the FEP only looks at the callers identity and establishes the tunnel to the server. Because the FEP has a passive role, security is tight. Advanced VPN Security Features Because the Internet facilitates the creation of VPNs from anywhere, networks need strong security features to prevent unwelcome access to private networks and to protect private data as it traverses the public network. User authentication and data encryption have already been discussed. This final part of the article provides a brief look ahead to the stronger authentication and encryption capabilities that will be available with EAP and IPSec. One can begin with an overview of public key encryption and public key-based certificates because these will play a role in the new EAP and IPSec security features now in development by Microsoft and other software suppliers. Symmetric Encryption vs. Asymmetric Encryption (Private Key vs. Public Key). Symmetric, or private key, encryption (also known as conventional encryption) is based on a secret key that is shared by both communicating parties. The sending party uses the secret key as part of the mathematical operation to encrypt (or encipher) plaintext to ciphertext. The receiving party uses the same secret key to decrypt (or decipher) the ciphertext to plaintext. Examples of symmetric encryption schemes are the RSA RC4 algorithm (which provides the basis for Microsoft Point-to-Point Encryption (MPPE), Data Encryption Standard (DES), the International Data Encryption Algorithm (IDEA), and the Skipjack encryption technology proposed by the U.S. government (and implemented in the Clipper chip). Asymmetric or public key encryption uses two different keys for each user: one is a private key known only to one user; the other is a corresponding public key, which is accessible to anyone. The private and public keys are mathematically related by the encryption algorithm. One key is used for encryption and the other for decryption, depending on the nature of the communication service being implemented. In addition, public key encryption technologies allow digital signatures to be placed on messages. A digital signature uses the sender s private key to encrypt some portion of the message. When the message is received, the receiver uses the sender s public key to decipher the digital signature as a way to verify the sender s identity.

16 Certificates. With symmetric encryption, both sender and receiver have a shared secret key. The distribution of the secret key must occur (with adequate protection) prior to any encrypted communication. However, with asymmetric encryption, the sender uses a private key to encrypt or digitally sign messages, while the receiver uses a public key to decipher these messages. The public key can be freely distributed to anyone who needs to receive the encrypted or digitally signed messages. The sender needs to carefully protect the private key only. To secure the integrity of the public key, the public key is published with a certificate. A certificate (or public key certificate) is a data structure that is digitally signed by a certificate authority (CA) an authority that users of the certificate can trust. The certificate contains a series of values, such as the certificate name and usage, information identifying the owner of the public key, the public key itself, an expiration date, and the name of the CA. The CA uses its private key to sign the certificate. If the receiver knows the public key of the CA, the receiver can verify that the certificate is indeed from the trusted CA, and therefore contains reliable information and a valid public key. Certificates can be distributed electronically (via Web access or ), on smart cards, or on floppy disks. Therefore, public key certificates provide a convenient, reliable method for verifying the identity of a sender. IPSec can optionally use this method for end-to-end authentication. Remote access servers can use public key certificates for user authentication, as described next. Extensible Authentication Protocol (EAP). As stated previously, most implementations of PPP provide very limited authentication methods. EAP is an IETF-proposed extension to PPP that allows for arbitrary authentication mechanisms to be employed for the validation of a PPP connection. EAP was designed to allow the dynamic addition of authentication plug-in modules at both the client and server ends of a connection. This allows vendors to supply a new authentication scheme at any time. EAP provides the highest flexibility in authentication uniqueness and variation. EAP is also implemented in Windows Transaction-Level Security (EAP-TLS). EAP-TLS has been submitted to the IETF as a draft proposal for a strong authentication method based on public key certificates. With EAP-TLS, a client presents a user certificate to the dial-in server, while at the same time, the server presents a server certificate to the client. The first provides strong user authentication to the server; the second provides assurance that the user has reached the server he or she expected. Both systems rely on a chain of trusted authorities to verify the validity of the offered certificate. The user s certificate could be stored on the dial-up client PC, or stored in an external smart card. In either case, the certificate cannot be

17 accessed without some form of user identification (PIN number or name/password exchange) between the user and the client PC. This approach meets the something-you-know-plus-something-you-have criteria recommended by most security experts. EAP-TLS is the specific EAP method that will be implemented in Windows Like MS-CHAP, EAP-TLS will return an encryption key to enable subsequent data encryption by MPPE. IP Security (IPSec). Internet Protocol Security (IPSec) was designed by the IETF as an end-to-end mechanism for ensuring data security in IPbased communications. IPSec has been defined in a series of RFCs, notably RFCs 1825, 1826, and 1827, which define the overall architecture, an authentication header for verifying data integrity, and an encapsulation security payload (ESP) for both data integrity and data encryption. IPSec defines two functions that ensure confidentiality: data encryption and data integrity. As defined by the Internet Engineering Task Force, IPSec uses an authentication header (AH) to provide source authentication and integrity without encryption, and the encapsulated security payload (ESP) to provide authentication and integrity along with encryption. With IPSec, only the sender and recipient know the security key. If the authentication data is valid, the recipient knows that the communication came from the sender, and that it was not changed in transit. IPSec can be envisioned as a layer below the TCP/IP stack. This layer is controlled by a security policy on each machine and a negotiated security association between the sender and receiver. The policy consists of a set of filters and associated security behaviors. If a packet s IP address, protocol, and port number matche a filter, then the packet is subject to the associated security behavior. Negotiated Security Association. The first such packet triggers a negotiation of a security association between the sender and receiver. ISAK- MP/Oakley is the standard protocol for this negotiation. During an ISAKMP/Oakley exchange, the two machines agree on authentication and data security methods, perform mutual authentication, and then generate a shared key for subsequent data encryption. After the security association has been established, data transmission can proceed for each machine applying data security treatment to the packets that it transmits to the remote receiver. The treatment can simply ensure the integrity of the transmitted data, or it can encrypt it as well. These options are discussed next. Authentication Header. Data integrity and data authentication for IP payloads can be provided by an authentication header located between the IP header and the transport header. The authentication header includes authentication data and a sequence number, which together are

18 used to verify the sender, ensure that the message has not been modified in transit, and prevent a replay attack. The IPSec authentication header provides no data encryption. Clear text messages can be sent and the authentication header ensures that they originated from a specific user and were not modified in transit. Encapsulation Security Header. For both data confidentiality and protection from third-party capture, the encapsulation security payload (ESP) provides a mechanism to encrypt the IP payload. ESP also provides data authentication and data integrity services. Therefore, ESP headers are an alternative to AH headers in IPSec packets. CONCLUSION AND SUMMARY A primary concern must be whether the public Internet can possibly be secure enough to carry enterprise-sensitive information. The answer lies not in the network itself, but in the measures taken to secure information both at the boundaries of the enterprise and in transit across the Internet. There is a wide range of affordable security technologies that can protect the enterprise s need for privacy and access control while exploiting all the benefits of speed and global reach each offered by the worldwide network. Encryption products ensure privacy; authentication devices and techniques can prove user identities; and, there is a vast array of firewall products to give the customer detailed access control. With a wide range of affordable security technologies on the market, an Internet VPN is certainly an attainable goal. Encryption products ensure privacy. Authentication devices and techniques can prove user identities. And there is a vast array of firewall products to give the customer detailed access control. Suppliers know that to get the enterprise community on to the Internet, security is an absolute priority. Conventional private WANs have attracted much less scrutiny than Internet-based solutions and still tend to use insecure address-based authentication and access control for restricting user activity. With carefully designed architecture, Internet VPNs can be made as secure as traditional WAN implementations. And, one must not forget that the most security breaches come from inside an enterprise s own perimeters. This article has covered, in depth, the concepts behind the definition and the implementation of a secure VPN and described the value of IBM enetwork VPN security solutions based on IPSec. However, given the multitude of network environments and enterprise needs, all scenarios are beyond the scope of this article. It is quite possible, for example, that an enterprise may require elements of all three VPN security scenarios described. For instance, what if one needs to run multiple VPNs one for the enterprise s internal communications (the branch office connec-

19 tion scenario) and another for the external enterprise communications (the enterprise partner/supplier network scenario)? Or, what if one wants to incorporate remote users into the supplier network? Or, what if one is a smaller enterprise and needs only a small firewall to protect employees from Internet hackers? Or, when might one require secure VPN-enabled routers in the network? These are all complex questions that should be discussed with experienced networking and security experts. According to IBM, the enetwork VPN security solutions provide capabilities that can link IT assets with Web technology to build secure E-enterprise (electronic enterprise) solutions. With the implementation of an enetwork VPN security solution, one should be able to cost-effectively extend the reach of the network, the applications, and the data. One can easily incorporate enterprise partners and suppliers, remote branch offices, and remote users enabling improved communication and enhanced enterprise processes. One can reduce enterprise expenses, both by exploiting the Internet or other public networks (instead of expensive private leased lines, dial-up lines, or toll-free telephone numbers) and by using VPN security management capabilities to minimize VPN maintenance costs. On the other hand, Microsoft s Virtual Private Network (VPN) security technology is based on the industry-standard Point-to-Point Tunneling Protocol (PPTP). It allows users to achieve secure connectivity between remote clients and the VPN via the Internet or other public carriers. According to Microsoft, their VPN security provides enterprises with an economical and easy-to-implement strategy for securely using the Internet as an extension of their private network. The security, reliability, ease of use, and speed of PPTP-enabled Windows 2000 Servers, combined with the DNS infrastructure, provides significantly enhanced enterprise-to-enterprise communications across the Internet. The movement to the open PPTP protocol standard signals an opportunity for remote access system vendors, ISPs, and firewall vendors to provide great value-added benefits for their customers. PPTP-enabled systems can be deployed now with the confidence that will ensure compatibility with the PPTP standard as it evolves through the IETF and into the future. Clearly, the future of VPN security activity must take account of these exciting developments. As Internet technology emerges, so does the compelling case for Internet-based VPN security. And, that is what this article is all about. John Vacca is an information technology consultant and internationally known author based in Pomeroy, OH. Since 1982, John has authored 27 books and more than 330 articles in the areas of Internet and intranet security, programming, systems development, rapid application development, multimedia, and the Internet. John was also

20 a configuration management specialist, computer specialist, and the computer security official for the NASA space station program (Freedom) and the International Space Station Program, from 1988 until his early retirement from NASA in His most recent books include Internet Security Secrets (IDG Books/Published Date: 1-96/Translations: Russian, German, Spanish and French); VRML: Bringing Virtual Reality to the Internet (AP Professional/Published Date: 4-96/Translations: German); JavaScript Development: Bringing Development and Customization to Intranets and the Internet (AP Professional/Published Date: 11-96/Translations: German); Official Netscape LiveWire Pro Book (Ventana/Published Date: 3-97); Intranet Security (Charles River Media/Published Date: 8-97/Translations: Russian); VRML Clearly Explained, 2nd edition (AP Professional/Published date ); The Cabling Handbook, (Prentice Hall/Publication date: 9-98); and, MCSE: Implementing and Supporting Microsoft Systems Management Server 2.0 (Prentice Hall/Publication date: 2-99). John can be reached on the Internet at Notes 1. MS-CHAP authentication supports the MD4 hash as well as the earlier authentication scheme used in Microsoft LAN Manager. 2. Users in the United States and Canada can obtain a 128-bit session key through a cryptography pack for use inside the United States.