Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Similar documents
Security Engineering Part III Network Security. Security Protocols (II): IPsec

Protocol Security Where?

Securing IP Networks with Implementation of IPv6

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

IP Security. Ola Flygt Växjö University, Sweden

Network Security. Lecture 3

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Lecture 17 - Network Security

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Branch Office VPN Tunnels and Mobile VPN

Computer Networks. Secure Systems

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Introduction to Security and PIX Firewall

CS 4803 Computer and Network Security

21.4 Network Address Translation (NAT) NAT concept

Internet Protocol Security IPSec

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Chapter 10. Network Security

Chapter 5: Network Layer Security

Network Security Part II: Standards

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Chapter 32 Internet Security

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Using IPSec in Windows 2000 and XP, Part 2

Laboratory Exercises V: IP Security Protocol (IPSec)

Case Study for Layer 3 Authentication and Encryption

IP SECURITY (IPSEC) PROTOCOLS

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

VPN. VPN For BIPAC 741/743GE

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

IPsec Details 1 / 43. IPsec Details

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Introduction to Computer Security

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Internetwork Security

Network Security Fundamentals

Chapter 9. IP Secure

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Overview. Protocols. VPN and Firewalls

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Virtual Private Networks

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Crypt O Pack in security

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Chapter 4 Virtual Private Networking

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Implementing and Managing Security for Network Communications

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Virtual Private Network and Remote Access Setup

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

CCNA Security 1.1 Instructional Resource

Michal Ludvig, SUSE Labs, 01/30/2004, Secure networking, 1

Chapter 4: Security of the architecture, and lower layer security (network security) 1

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

How To Configure L2TP VPN Connection for MAC OS X client

VPN Solutions. Lesson 10. etoken Certification Course. April 2004

Introduction to Computer Security

Application Note: Onsight Device VPN Configuration V1.1

Security vulnerabilities in the Internet and possible solutions

The BANDIT Products in Virtual Private Networks

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

IPSec and SSL Virtual Private Networks

ETSF10 Part 3 Lect 2

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Chapter 49 IP Security (IPsec)

Internet Privacy Options

How To Understand And Understand The Security Of A Key Infrastructure

Virtual Private Networks

ASA and Native L2TP IPSec Android Client Configuration Example

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

Parallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Introduction to Internet Security

Computer and Network Security Exercise no. 4

LinkProof And VPN Load Balancing

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

z/os Firewall Technology Overview

Simple, Secure and Flexible VPN solution for home and business

Transcription:

Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné vzdelávanie pre vedomostnú spoločnosť/projekt je spolufinancovaný zo zdrojov EÚ

Security of IT infrastructure Virtual Private Networks (VPN) RNDr. Jaroslav Janáček, PhD.

Motivation physical private networks means of physical security can be used to protect transmitted data against external attackers can be easily used only for small range networks in protected environment difficult for long range networks e.g. interconnection of remote branches inflexible needs physical secure communication lines

Motivation Is not it sufficient to deal with security on higher network layers (transport, application)? it is not always possible it requires cooperation with the applications it is often good security practise to have multiple protection layers software contains bugs that can be often exploited the probability of simultaneous occurrence of two phenomena is often much lower that the probabilities of occurrence of the individual phenomena

The Role of VPN creation of secure communication channel protection of confidentiality and integrity of the transmitted data and authentication of the endpoints on network or link layer transparent for higher layers without the need of cooperation with the applications

Implementation of VPN cryptographic means encryption HMAC authentication key management PKI static pre-shared secret

VPN Scenarios secure interconnection of several private physical networks across a public network e.g. interconnection of several physically dislocated branches secure connection of a remote computer across a public network to a protected network e.g. connection of a home computer, or of a notebook in some remote location to a protected network (e.g. to the office)

Negative Aspects of VPN VPN creates a hole to the protected network the remote computer connected via a VPN is usually treated in the same way as a computer connected directly to the protected network, but it also has (or can have) other connections to the outside world that are not under control of the protected network's administrator. Usage of VPN has to be controlled using means of organizational security.

Specific solutions IPsec optional part of IPv6 and IPv4 protocols AH, ESP, ISAKMP/IKE, IKEv2 different implementations on many platforms not always fully compatible OpenVPN open-source product key management based on SSL/TLS Linux, Windows, Mac OS X, Solaris,...BSD,...

IPsec cryptographic protection of confidentiality and/or integrity and authentication of endpoints on the network layer operations are driven by a policy (SPD = Security Policy Database) accept the packet without modification drop the packet apply an IPsec transformation to the packet

Security Policy Database (SPD) the record for the packet being processed is looked up in SPD according to the source and destination IP address the transport layer protocol and port numbers the record specifies the transformation IPsec mode IPsec protocol tunnel endpoint IP addresses (in tunnel mode)

Security Association (SA) SA describes security parameters of a unidirectional communication channel providing specific security services to protect the transmitted data SPI (Security Parameters Index) identifies SA at the recipient mode protocol cryptographic algorithms cryptographic keys

Transport vs. tunnel mode transport mode IPsec header (AH, ESP) is inserted between the IP header and the transport layer header provides for security between the endpoint computers tunnel mode the original IP packet is wrapped into a new packet new IP header and IPsec header are added the new IP packet can have different source and destination addresses the endpoints of the tunnel typically used for VPN between networks

AH Protocol (51) integrity protection of fixed fields of the IP header preceding the AH header of transport layer (and higher) data of the entire original IP packet in the tunnel mode protection against replay-attack 32 (or 64) bit sequence number AH fields next header, payload length, SPI, seq #, ICV

ESP Protocol (50) protection of confidentiality and/or integrity of transport layer (and higher) data of the entire original IP packet in the tunnel mode protection against replay-attack ESP fields SPI, seq # data, padding, padding length, next header ICV

AH vs. ESP both can provide integrity protection AH covers fixed fields of the IP header ESP does not cover the IP header interaction with NAT AH cannot be used if there is a NAT in the network path ESP can be partially used it may be difficult to distinguish individual ESP flows solution encapsulation to UDP datagrams

SA and key management manually ISAKMP/IKE ISAKMP SA management protocol and a framework for key management IKE key management protocol 2 phases 1 st phase establishment of ISAKMP SA bidirectional secure communication channel 2 nd phase creation of pairs of SA for AH/ESP authentication using PKI or a pre-shared secret

SA and key management IKEv2 an attempt to improve ISAKMP/IKE functionally similar (2 phases as well) incompatible authentication PKI pre-shared secret EAP

IPsec support ISAKMP/IKE Windows 2000/XP/Vista Windows Server 2008/2008 Linux, OpenBSD,... IKEv2 Windows 7 Windows Server 2008 R2 Linux, OpenBSD,...

OpenVPN protection of confidentiality and integrity and authentication of endpoints protection against replay-attack UDP or TCP no problems with passing through NAT (in TCP mode it even supports passing through CONNECT capable web proxy) IP or L2 (link layer) tunnel tun/tap network interface

OpenVPN key management static (pre-shared) keys SSL/TLS server authentication using PKI client authentication using PKI name + password

IPsec vs. OpenVPN IPsec transport mode was mandatory in IPv6 (later proposed to become optional) supported by many OS OpenVPN simpler key management protocols no problems with passing through NAT and firewalls tunnel presented as a virtual network interface common implementation 100% compatibility across platforms also supports L2 tunnels

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information