Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer



Similar documents
Application Note: Onsight Device VPN Configuration V1.1

Cisco Which VPN Solution is Right for You?

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

VPN. Date: 4/15/2004 By: Heena Patel

Virtual Private Networks

AN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Network Security Part II: Standards

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Network Access Security. Lesson 10

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

Virtual Private Network and Remote Access Setup

Overview. Protocols. VPN and Firewalls

Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6

Virtual Private Networks

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

Chapter 7 Transport-Level Security

Virtual Private Networks: IPSec vs. SSL

CS 393/682 Network Security. Nasir Memon Polytechnic University Module 7 Virtual Private Networks

Joe Davies Principal Writer Windows Server Documentation

Chapter 10 Security Protocols of the Data Link Layer

VPN. VPN For BIPAC 741/743GE

Site to Site Virtual Private Networks (VPNs):

How To Understand And Understand The Security Of A Key Infrastructure

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Firewalls and Virtual Private Networks

Connecting Remote Users to Your Network with Windows Server 2003

Matrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Data Link Protocols. TCP/IP Suite and OSI Reference Model

Windows Server 2003 Remote Access Overview

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

LECTURE 4 NETWORK INFRASTRUCTURE

CCNA Security 1.1 Instructional Resource

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

7.1. Remote Access Connection

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Virtual Private Network and Remote Access

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Network Security. Chapter 10 Security Protocols of the Data Link Layer

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

CS419: Computer Networks. Lecture 9: Mar 30, 2005 VPNs

Securing IP Networks with Implementation of IPv6

T Cryptography and Data Security

Intranet Security Solution

Network Security. Lecture 3

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Network Security Essentials Chapter 5

Chapter 12 Supporting Network Address Translation (NAT)

VPN Solutions. Lesson 10. etoken Certification Course. April 2004

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Chapter 17. Transport-Level Security

How Virtual Private Networks Work

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

VIRTUAL PRIVATE NETWORKS: SECURE REMOTE ACCESS OVER THE INTERNET

GPRS / 3G Services: VPN solutions supported

Post-Class Quiz: Telecommunication & Network Security Domain

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Chapter 9. IP Secure

MCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access

Creating a VPN Using Windows 2003 Server and XP Professional

What Is a Virtual Private Network?

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

November Defining the Value of MPLS VPNs

How to configure VPN function on TP-LINK Routers

SLIP and PPP. Gursharan Singh Tatla

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

NETWORK SECURITY (W/LAB) Course Syllabus

Security Protocols/Standards

Internet Protocol: IP packet headers. vendredi 18 octobre 13

VIRTUAL PRIVATE NETWORKS SECURITY

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

ETSF10 Part 3 Lect 2

Introduction to Security and PIX Firewall

As enterprises conduct more and more

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

IP Office Virtual Private Networking

Communication Security for Applications

Network Security Fundamentals

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Comparison of VPN Protocols IPSec, PPTP, and L2TP

Web Security Considerations

Security Engineering Part III Network Security. Security Protocols (II): IPsec

"Charting the Course...

Chapter 32 Internet Security

Transcription:

Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer

Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec) ( 1/29 )

Why using VPNs? fast, secure and reliable connection between separated networks full access on ressources from everywhere -> building a virtual local connection reasonable access: building connection only to local ISP ( 2/29 )

What are VPNs? A virtual private network is the extension of a private network that encompasses links across shared or public networks like the internet (Microsoft, White Paper Virtual Private Networking in Windows 2000) ( 3/29 )

VPN technologies Secure VPNs Networks that are constructed using encryption IPSec, L2TP/IPSec, TLS/SSL Trusted VPNs VPN customer trusted the VPN provider to maintain integrity of the circuits Layer 2 frames over MPLS Hybrid VPNs Combined use of secure & trusted VPNs Secure parts controlled by customer or provider providing the trusted part ( 4/29 )

Common uses (1/3) Remote access User-to-LAN connection Dial-up to local ISP Employee needs external access on corporate network ( 5/29 )

Common uses (2/3) Connecting networks over internet Dedicated lines to connect a branch office to corporate LAN Dial-up line to connect a branch office to corporate LAN ( 6/29 )

Common uses (3/3) Connecting computers over intranet e.g. departments LAN physically disconnected from intranet because of very sensitive data Connection via separated VPN server ( 7/29 )

VPN requirements User Authentication Address Managment Data Encryption Key Management Multiprotocol support ( 8/29 )

Tunneling (1/3) Method for transfering data of a private network over a public network Tunnel: Logical path through which encapsulated packets travel ( 9/29 )

Tunneling (2/3) Voluntary tunnel: User or client computer is tunnel endpoint Acts as tunnel client ( 10/29 )

Tunneling (3/3) Compulsory tunnel: User or client computer is not tunnel endpoint VPN-capable access server creates tunnel and is tunnel endpoint ( 11/29 )

Layer 2 VPNs - PPP Point-to-Point Protocol (PPP) [RFC 1661, RFC 2153] Standard method for transporting multiprotocol datagrams over point-topoint links Originally developed as encapsulation protocol for IP traffic Protocol Structure: Flag... indicates beginning or end of frame (b^01111110) Address... contains standard broadcast address Control... calls for transmission in user data Protocol... identifier for encapsulated protocol in information field Information... datagram for protocol FCS... Frame Check Sequence ( 12/29 )

Layer 2 VPNs PPTP (1/4) Point-to-Point Tunneling Protocol (PPTP) [RFC 2637] Mainly implemented and used by Microsoft Extension of PPP Allows tunneling of PPP datagrams over IP networks Easy to use and to implement Use of 2 connections Control connection Tunnel connection ( 13/29 )

Layer 2 VPNs PPTP (2/4) Protocol only implemented by PPTP-Access- Concentrator (PAC) and PPTP-Network-Server (PNS) Uses Generic Routing Encapsulation (GRE) to carry PPP packets Many sessions multiplexed on a single tunnel ( 14/29 )

Layer 2 VPNs PPTP (3/4) Creating a tunnel: 1. Establishing control connection between PAC and PNS on port 1723 2. Exchanging information between PAC and PNS (e.g. encryption) 3. Establishing tunnel connection ( 15/29 )

Layer 2 VPNs PPTP (4/4) Structure of PPTP packet: PPP payload can be encrypted and/or compressed GRE header contains information about tunnel protocol and encryption algorithm ( 16/29 )

Layer 2 VPNs L2F (1/2) Layer 2 Forwarding (L2F) Developed by CISCO Allows multiple tunnels and multiple connections on every tunnel Tunneling PPP and SLIP frames Supports UDP, Frame Relay, X.25 ( 17/29 )

Layer 2 VPNs L2F (2/2) Establishing connection: 1. Remote user initiates PPP connection to ISP 2. ISP undertakes authentication via CHAP or PAP 3. No tunnel exists: Tunnel will be created Tunnel exists: New multiplex ID will be allocated -> notification to home gateway Home gateway accepts or declines new connection ( 18/29 )

Layer 2 VPNs L2TP (1/2) Layer 2 Tunneling Protocol (L2TP) [RFC 2661] Combines best features of L2F and PPTP Uses UDP Can be transported over Frame Relay, ATM, X.25,... Allows multiple tunnels with mutliple sessions inside every tunnel Commonly used with IPSec -> L2TP/IPSec ( 19/29 )

Layer 2 VPNs L2TP (2/2) Structure of L2TP packet: payload can be encrypted (IPSec ESP) and/or compressed ( 20/29 )

Layer 2 VPNs L2TP/IPSec Uses IPSec Encapsulating Security Payload (ESP) Structure of encrypted packet: ( 21/29 )

Layer 2 VPNs L2TP/IPSec vs. PPTP PPTP data encryption begins after PPP connection is established use Microsoft Point-to-Point Encryption (MPPE) -> stream cipher using RSA RC-4 (40, 56, 128 Bits) requires only user-level authentication L2TP/IPSec data encryption begins before connection is established by negotiating an IPSec Security Association (SA) use Data Encryption Standard (DES) or 3-DES -> block cipher (56 Bits) user-level and computer-level authentication still implemented in Windows VPN Client software needed ( 22/29 )

SSL/TLS (1/6) Developed by Netscape, actual version SSL 3.0 -> basis for TLS 1.0 Goals: Cryptographic security: secure connection between two parties Interoperability: independent programmers should be able develop applications Extensibility: encryption methods can be incorporated as necessary Relative efficiency: reduced CPU usage by using session caching scheme ( 23/29 )

SSL/TLS (2/6) Uses certificates for identification Private key used to prove identity SSL server provides all encryption keys Originally for HTTP/Web applications Encryption implemented in all todays browsers -> millions of clients ( 24/29 )

SSL/TLS (3/6) SSL between Application Layer and TCP/IP ( 25/29 )

SSL/TLS (4/6) SSL protocol stack: Handshake, cipher change and alert protocol for establishing connection Record protocol for encryption and integrity ( 26/29 )

SSL/TLS (5/6) Handshake Protocol: ( 27/29 )

SSL/TLS (6/6) Record protocol: Fragment data Encapsulate data with appropriate header Primary data + padding + MAC Encrypting data e.g. DES, 3-DES, AES Sending completed record ( 28/29 )

Bibliography WindowSecurity, Secure Socket Layer [http://www.windowsecurity.com/articles/secure_socket_layer.html] Microsoft, Virtual Private Networking in Windows 2000 Netscape, SSL Version 3.0 Draft [http://wp.netscape.com/eng/ssl3/draft302.txt] NetworkDictonary, Protocols [http://www.networkdictionary.com/protocols] Virtual Private Network Consortium [http://www.vpnc.org] ( 29/29 )

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information