School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

Size: px
Start display at page:

Download "School of Computer Sciences Universiti Sains Malaysia Pulau Pinang"

Transcription

1 School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1

2 Table of Content Introduction 3 What is Virtual Private Network (VPN) 3 Why VPN 4 Categories of VPN 5 VPN Topology 7 Type of VPN 8 Internet Protocol Security (IPsec) 12 Two Modes in IPsec 15 Risk and Limitation of VPN 17 Conclusion 18 References 18 Page 2

3 Introduction In this new high technology digital world, the usage of internet is increase rapidly. A lot of data or information may obtain from the internet. However, there is a problem for the usage of internet. That is the privacy. Data or information may be stealing or attacked by hacker in the process of transmission. There are various ways to protect our data. One of the examples is by using Virtual Private Network (VPN). VPN is a secure and private network connection between the system that use the data communication capability of an unsecured and public network. What is Virtual Private Network (VPN) Virtual mean in a different state of being or mean not real. In a VPN, private communication between two devices is achieved through a public network but the communication is virtually. Private mean that to keep the information or the communication between two users in secret. Network is a medium which consist of two or more devices which can communicate with each other via cable or wire. Therefore, a VPN is a secure and private network connection between the system that use the data communication capability of an unsecured and public network. In other word, VPN is a communications environment where the access is controlled to perform peer connections only within a trusted network and is constructed through some of the common underlying communication medium with the aim to maintaining privacy through the use of tunneling protocol and security procedures. [1] Page 3

4 VPN are commonly used to extend the intranets worldwide to disseminate information and news to a wide user base. There are three types of VPN which are Trusted VPN, Secure VPN and Hybrid VPN. Besides that, there are two mode of VPN which are Tunnel Mode and the Transport Mode. Why VPN? When we talk about Virtual Private Network (VPN), the key word private is the main issues. VPN is the best technology in the recent time to protect our data as it completely secures our data through military grade encryption in the transmission of important data. It creates a tunnel for the transmission and therefore not outsiders are allowed to view the data except the receiver. Hence, it is secure and privacy is protected. Besides that, VPN services will conceal the real IP and replace it with one of the IP of the services provider. In doing so, the connection or internet activity is anonymous and therefore prevent the attack from attacker or hacker to tracking your IP address. In addition, information transfer through public Wi-Fi is unsecure. There are a sentences that saying using Public Wi-Fi is like you are walking naked on the road but you don t want anyone to see you naked. The uses of VPN will ensure the public Wi-Fi connection in a secure mode. VPN will form tunnel around the connection that cannot be intercepted by any hacker or attacker. [2] Page 4

5 Categories of VPN There are three main categories of VPN which are Trusted VPN, Secure VPN and Hybrid VPN. Trusted VPN Trusted VPN uses leased circuit from services provider and conducts packet switching over there leased circuit. The privacy afforded by Trusted VPN or also known as legacy VPN was only the communications provider assured the customer that no one else would use the same circuit. This allows customer who use it to have its own IP addressing and their own security policies. In addition, the VPN customer trusted the VPN services provider to maintain the integrity of the circuits and to use the best available business practices to avoid snooping of the network traffic. [1][5] Secure VPN Secure VPN are the network or the communication environment is constructed using encryption. It use security protocol and encrypt traffic transmitted across the communication network. Secure VPN will encrypt the traffic or data at the edge of one network or the sender and moved over the internet like any other data. Data will decrypt when it reached the receiver. This encrypt traffic will act like a secure Page 5

6 tunnel between the two network (sender and receiver). Even if there are any attacker can see the traffic, they cannot read it or change the direction of the traffic. Hence the communication is secure. [1][5] Hybrid VPN A Secure VPN can be run as a part of a Trusted VPN as well and this created the third type of VPN in the market which is Hybrid VPN. Hybrid VPN is the VPN that combine the characteristic of the two VPN discussed before which are Trusted VPN and Secure VPN. It provides the encrypted traffic or transmissions as in the Secure VPN over the entire Trusted VPN network. The secure part of the Hybrid VPN might be controlled by the customer or by the VPN services provider that provide Trusted VPN. [1][5] Page 6

7 VPN Topology In this section, we will discuss about how a VPN work. To begin using VPN, first we may need an internet connection which can be leashed from an Internet Services Provider (ISP). Then a specially designed router or switch is needed for each Internet access circuit to provide access from the origin network to the VPN. A virtual circuit that resembles a leashed line is created through tunnels which allow the sender to encrypt their data in an IP packet that hide the underlying routing and switching infrastructure of the internet from both the senders and receiver is created. This circuit is known as Permanent Virtual Circuit (PVCs). The sender devices will then take the outgoing packet and encapsulates it to move through the VPN tunnel across the Internet to the receiver. This transmission of packet form the sender to the receiver is transparent to both of the sender and the receiver and even transparent to the ISP and the whole internet user. When it reached to the receiver, the receiver will strip off the VPN frame and deliver the original packet to the destination network. [3] Figure 1 show the two networks connected over an intranet. Figure 1 VPN of two networks connected over an intranet. [3] Page 7

8 Types of VPN VPN are traditionally used for the three main purposes: Intranets, Remote Access and Extranets. Intranet VPN Intranets are used for the connection within an organization. The connection normally is created between the headquarters offices and its branch office. VPN is created within this location to protect the information of the organization from being stolen or attacked by any outsider. The connection within this organization is often used for some or file sharing. Intranet provides a virtual circuit between the organizations over the Internet. Figure 2 show the intranet VPN within organizations. The advantage of using Intranet VPN is it will reduce the WAN bandwidth cost of the organization. Intranet VPN allow the organization to use the WAN bandwidth efficiency and hence congestion avoidance with the use of bandwidth management traffic shaping. [3][5] Page 8

9 Figure 2 Intranet VPN [3] Remote Access VPN Remote Access through VPN enables telecommuters and mobile workers to access e- mail and business application. Although a dial-up connection enable the user to do so, but the cost for the dial-up connection is much higher than the Remote Access VPN. Remote Access VPN enable the mobile worker to connect to the local internet connection and the set up a secure IPsec-based BPN communication to their organization. The user connect to a local ISP that support VPN using plain old line (DSL) or etc. the VPN devices at the ISP accept the user s login and then will establishes the tunnel to the VPN device at the organization s office. Then the tunnel will beginning forward packet over the Internet. The advantage of using Remote Access VPN is it will reduce the capital cost associated with connection if using dial-up connection as discuss before. Besides that, these techniques allow the organization to add new user easily and have a Page 9

10 greater scalability. Figure 3 show the Remote Access VPN implemented in an organization. [3][5] Figure 3 Remote Accesses VPN [3] There are two types of Access VPS which are Client-Initiated VPN and NAS-Initiated Access VPN. In the Client-Initiated VPN, the business operation initiate the VPN task by manage the client software to initiate the tunnel. This also ensures end-to-end security between the client and the host. Besides that, the client software will also be installed at the remote site which can terminate into a firewall for termination into the corporate network. The biggest advantage of this type of VPN is the service provider access network used for dialing to the point of presence is much more secured. In a NAS-Initiated VPN, the client software element is eliminated. The remote access user starts the connection by dialing to the services provider and obtains the Page 10

11 authentication from the services provider and in turn, initiates a secure, encrypted tunnel to the corporate network. This will then eliminated the client software issue and hence reduce the client management burden associated with the remote access VPN. In the other word, there is no end user client software for the corporate to maintain. Extranet VPN Extranet are secure connection between two or more organization. Due to the connection cost, time delays and access availability, IPsec-based VPN are ideal for extranet connection that connects two organizations. The concept of setting up an extranet VPN is similar to the intranet VPN. The only different is the user which is within an organization and one is between two or more organization. Figure 4 show the implementation of an Extranet VPN. [3][5] Figure 4 Extranet VPN [3] Page 11

12 Internet Protocol Security (IPsec) IPsec is a set of protocol developed by the IETF to support the exchange of secure packet or to protect the communication at the IP layer. It is also a standard suite of protocol that provides data integrity, confidentiality and authentication along the transmission of data between the communication points in the IP network. IPsec is then deployed widely and contribute in the implementation of VPN. [5] There are three main components in IPsec which are Encapsulating Security Payload (ESP), Authentication Header (AH) and Internet Key Exchange (IKE). Encapsulating Security Payload (ESP) Encapsulating Security Payload (ESP) provide the authentication, integrity and confidentiality of data. It protects the data and provides message content protection. Besides that, ESP also provides the encryption services in IPsec. First, ESP will translate the message into some secret code or unreadable message with the aim that to hide the content of the message. This will prevent the unauthorized user from viewing the content of the message. ESP will also provide ESP authentication which will provide authentication for the payload and not the IP header. The ESP header is inserted into the package. Due to the encryption done by ESP, the payload changed. [5] Page 12

13 Figure 5 show the example of a packet of ESP. Figure 5 Packet with IPsec Encapsulated Security Payload [5] Authentication Header (AH) Authentication Header (AH) provides the same authentication and integrity like ESP. Besides that, AH also provides optional anti-replay protection which is a services that protect against the retransmission of packet of unauthorized user. However, AH does not protect the data confidentiality. This means that the identity of the sender and the receiver can be known and the content of the message can be viewed. Therefore, to increase the security of data, both ESP and AH can be used at the same time. Figure 6 show the example of packet of AH. [5] Page 13

14 Figure 6 Packets with IPsec Authentication Header [5] Internet Key Exchange (IKE) Internet Key Exchange (IKE) provides the key management and the Security Association (SA). IPsec introduce the concept of SA which is a connection between two devices. An SA provides a data protection for the traffic between two devices. In addition, SA also enables an enterprise to control the usage of resources that may communicate securely. Hence, multiple SA is set up to enable multiple secure VPN. [5] Page 14

15 Two Modes in IPsec There are two modes in IPsec which are the Transport Mode and the Tunnel Mode. Transport Mode In transport mode, the data is encrypted except the header information. Therefore, the IP packet can directly to be transmitting to the remote host by create a secure link between the sender and the receiver. The content of the packet is encrypted and protected. Transport mode VPN eliminates the need for special servers and tunneling software. Since the header of the packet is not encrypted in Transport mode, the destination of the packet may be known. Figure 7 show the package in Transport Mode. [1][6] Figure 7 Packets in Transport Mode [6] Transport Mode is normally to be used in the end-to-end transport of encrypted data. Figure 8 show the Transport Mode VPN Page 15

16 Figure 8 Transport Mode VPN [1] Tunnel Mode In Tunnel Mode, the entire packet is encrypted and protected. The original IP packet with its header or destination address is inserted into a new IP packet. ESP and AH are then applied to the new packet. It will then establish two perimeter tunnel server and the new IP header is pointed to the end point of the tunnel. Once the packet reach the destination point, the end point of the tunnel will then decrypt the packet. The advantage of using tunnel mode is the entire packet is protected and secure. The sender and the receiver location are not viewed by attacker. Figure 9 show the packet in Tunnel Mode. [1][6] Figure 9 Packets in Tunnel Mode [6] Figure 10 show the Tunnel Mode VPN Page 16

17 Figure 10 Tunnel Mode VPN [1] Risk and Limitation of VPN Although there are lot of benefit in using VPN to provide a secure connection between the sender and the receiver, there are some limitation and risk for using VPN. The first limitation and risk is the general attack from hacker. The client of VPN may become the target of an attack. Those attacks are like VPN hijacking or man-inthe-middle attack. Besides that, if the authentication of the VPN is not strong enough to restrict those unauthorized user, this could be vulnerable to the unauthorized third party to access to the connection between the VPN users. This is due to the default VPN setting like PAP used in PPTP which transport both of the user name and password in a clear text without any encryption. The third party then could capture this information and use it to gain access to the connected network. In addition, a client machine in VPN network sometime will also be shared with some third party users which are not aware of the security implementation. They may use the machine to connect to other network like wireless LAN in hotel or restaurant. Page 17

18 This will then explore the vulnerability of the machine. If the client machine is compromised without the knowledge of the owner, and the owner connect his machine to the secure VPN network, finally this will poses a risk to the connecting network. Conclusion VPN is an emerging technology that has come a long way. VPN s technology is still developing, and this is a great advantage to businesses, which need to have technology that is able to scale and grow along with them. With VPN businesses now have alternative benefits to offer to their employees, employees can work from home, take care of children while still doing productive, and have access work related information at any time. In conclusion, VPN did contribute to the security field and protect the communication between two networks. Page 18

19 References 1. Michael E. Whitman, Herbert J. Mattord: Principles of Information Security, 2 nd Edition, Thomson Course Technology, reason VPN is a must taken from reasons-why-use-a-vpn 3. Virtual Private Network by Germaine Bacon, Lizzi Beduya, Jun Mitsuka, Betty Huang, Juliet Polintan in November 19, Virtual Private Network Architecture by T. Braun, M. Günter, M. Kasumi, I. Khalil 5. 1Introduction to VPN VPN Concepts, Tips, and Techniques Version 1.0, July VPN SECURITY February 2008 by The Government of the Hong Kong Special Administrative Region 7. What is a VPN? by Paul Ferguson, Geoff Huston published on April 1998 Page 19

Virtual private networks

Virtual private networks Technical papers Virtual private networks Virtual private networks Virtual private networks (VPNs) offer low-cost, secure, dynamic access to private networks. Such access would otherwise only be possible

More information

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and Network Security. Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security

More information

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009 VPN and IPsec Network Administration Using Linux Virtual Private Network and IPSec 04/2009 What is VPN? VPN is an emulation of a private Wide Area Network (WAN) using shared or public IP facilities. A

More information

Secure VPNs for Enterprise Networks

Secure VPNs for Enterprise Networks Secure Virtual Private Networks for Enterprise February 1999 Secure VPNs for Enterprise Networks This document provides an overview of Virtual Private Network (VPN) concepts using the. Benefits of using

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Service Managed Gateway TM. Configuring IPSec VPN

Service Managed Gateway TM. Configuring IPSec VPN Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling

More information

Creating VPN s with IPsec

Creating VPN s with IPsec 2014 Creating VPN s with IPsec SPRING ENTERPRISE INFO SECURITY 4040/601 WILSON CHANCE HINCHMAN This paper will define the term VPN, explain for what and why VPNs are used. IPsec, which is vital to the

More information

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure

More information

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1 IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service

More information

Network Encryption 3 4/20/17

Network Encryption 3 4/20/17 The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server

More information

Virtual Private Networks

Virtual Private Networks Chapter 12 Virtual Private Networks Introduction Business has changed in the last couple of decades. Companies now have to think about having a global presence, global marketing, and logistics. Most of

More information

Intranets and Virtual Private Networks (VPNs)

Intranets and Virtual Private Networks (VPNs) Intranets and Virtual Private Networks (VPNs) Definition Private networking involves securely transmitting corporate data across multiple sites throughout an entire enterprise. Creating a truly private

More information

Cisco How Virtual Private Networks Work

Cisco How Virtual Private Networks Work Table of Contents How Virtual Private Networks Work...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 Background Information...1 What Makes a VPN?...2 Analogy:

More information

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, 1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets

More information

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN Issue 1.1 Date 2014-03-14 HUAWEI TECHNOLOGIES CO., LTD. 2014. All rights reserved. No part of this document may be reproduced or

More information

Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs) CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure

More information

Sample excerpt. Virtual Private Networks. Contents

Sample excerpt. Virtual Private Networks. Contents Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................

More information

Virtual Private Networks

Virtual Private Networks EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,

More information

Automating VPN Management

Automating VPN Management Automating VPN Management By Scott Hilton, Vice President Product Management Assured Digital, Inc. Although many network managers, users and executives agree on the benefits of virtual private networking,

More information

Wireless LAN Security (RM12/2002)

Wireless LAN Security (RM12/2002) Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For

More information

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design

More information

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality

More information

IP Security. Have a range of application specific security mechanisms

IP Security. Have a range of application specific security mechanisms IP Security IP Security Have a range of application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS However there are security concerns that cut across protocol layers Would like security

More information

Virtual Private Networks.

Virtual Private Networks. Virtual Private Networks thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Virtual Private Networks VPN Basics Protocols (IPSec, PPTP, L2TP) Objectives of VPNs Earlier Companies

More information

Hillstone IPSec VPN Solution

Hillstone IPSec VPN Solution 1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private

More information

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide SonicWALL 6.2.0.0 Addendum A Supplement to the SonicWALL Internet Security Appliance User's Guide Contents SonicWALL Addendum 6.2.0.0... 3 New Network Features... 3 NAT with L2TP Client... 3 New Tools

More information

IPSec. Overview. Overview. Levente Buttyán

IPSec. Overview. Overview. Levente Buttyán IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet

More information

CTS2134 Introduction to Networking. Module 08: Network Security

CTS2134 Introduction to Networking. Module 08: Network Security CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting

More information

Virtual Private Networks

Virtual Private Networks NEXTEP Broadband White Paper Virtual Private Networks Solutions for cost-effective, high-speed corporate extranets and wide-area networks. A Nextep Broadband White Paper May 2001 Broadband Networks Group

More information

Network Security Protocols NET 412D

Network Security Protocols NET 412D Kingdome of Saudi Arabia Ministry of Higher Education Princess Nora Bint Abdul Rahman University Faculty of Computer & Information Science Networking and Communication Systems Department المملكة العربية

More information

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical

More information

Networking interview questions

Networking interview questions Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected

More information

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Network Security - ISA 656 IPsec IPsec Key Management (IKE) Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating

More information

Analysis of VPN Protocols

Analysis of VPN Protocols Analysis of VPN Protocols ECE 646 Final Project Presentation Tamer Mabrouk Touhidur Satiar Overview VPN Definitions Emergence of VPN Concept of Tunneling VPN Classification Comparison of Protocols Customer

More information

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist VPN World MENOG 16 Istanbul-Turkey By Ziad Zubidah Network Security Specialist What is this Van used for?! Armed Van It used in secure transporting for valuable goods from one place to another. It is bullet

More information

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS P. Fidry, V. Rakotomanana, C. Ausanneau Pierre.fidry@alcatel-lucent.fr Alcatel-Lucent, Centre de Villarceaux, 91620, Nozay, France Abstract: As a consequence of

More information

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,

More information

ENSC 427: Communication Networks. Spring Final Report Analysis of Applications Through IP VPN.

ENSC 427: Communication Networks. Spring Final Report Analysis of Applications Through IP VPN. ENSC 427: Communication Networks Spring 2014 0 Final Report Analysis of Applications Through IP VPN www.sfu.ca/~leetonyl/ensc427group12.html Group 12 Lee, Tony Nguyen, Anthony Truong, Henson 301111050

More information

CSC 6575: Internet Security Fall 2017

CSC 6575: Internet Security Fall 2017 CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

Standard For IIUM Wireless Networking

Standard For IIUM Wireless Networking INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version

More information

Virtual Private Network

Virtual Private Network Running head: Virtual Private Network Virtual Private Network Ann Funk ICTN 6870 ADVANCED NETWORK SECURITY Virtual Private Network Page 1 of 13 Table of Contents Abstract... 2 Introduction... 3 What is

More information

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers 31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers CONTENTS Focus Questions... 2 Chapter 1: Explore the Network... 2 Chapter 2: Configure a Network Operating System... 5 Chapter 3: Network

More information

Custom Connect. All Area Networks. customer s guide to how it works version 1.0

Custom Connect. All Area Networks. customer s guide to how it works version 1.0 All Area Networks Custom Connect customer s guide to how it works version 1.0 The information in this technical user guide and the glossary of terms has been prepared in good faith and is correct at the

More information

TABLE OF CONTENTS CHAPTER TITLE PAGE

TABLE OF CONTENTS CHAPTER TITLE PAGE vii TABLE OF CONTENTS CHAPTER TITLE PAGE DECLARATION ACKNOWLEDGMENT ABSTRACT ABSTRAK TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF APPENDICES ii iv v vi vii xiii xiv xvi 1 OVERVIEW 1 1.1 Introducation

More information

Wireless technology Principles of Security

Wireless technology Principles of Security Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the

More information

IP Mobility vs. Session Mobility

IP Mobility vs. Session Mobility IP Mobility vs. Session Mobility Securing wireless communication is a formidable task, something that many companies are rapidly learning the hard way. IP level solutions become extremely cumbersome when

More information

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE. INTERNET PROTOCOL SECURITY (IPSEC) GUIDE www.insidesecure.com INTRODUCING IPSEC NETWORK LAYER PACKET SECURITY With the explosive growth of the Internet, more and more enterprises are looking towards building

More information

based computing that takes place over the Internet, basically a step on from Utility Computing.

based computing that takes place over the Internet, basically a step on from Utility Computing. REVIEW OF LITERATURE Joseph Davies & Elliot Lewis (2003) In this paper Cloud Computing is a general term used to describe a new class of network based computing that takes place over the Internet, basically

More information

Children s Health System. Remote User Policy

Children s Health System. Remote User Policy Children s Health System Remote User Policy July 28, 2008 Reason for this Policy This policy defines standards for connecting to the Children s Health System (CHS) network from any remote host. These standards

More information

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security Operating System Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security White Paper Abstract The Microsoft Windows operating system includes technology to secure communications

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks CS 393 Network Security Nasir Memon Polytechnic University Module 13 Virtual Private Networks Course Logistics HW due Monday. HW 6 posted. Due in a week. Questions regarding homework are best answered

More information

MTA_98-366_Vindicator930

MTA_98-366_Vindicator930 MTA_98-366_Vindicator930 Number: 98-366 Passing Score: 700 Time Limit: 45 min File Version: 1.0 http://www.gratisexam.com/ Microsoft Technology Associate Networking Fundamentals MTA 98-366 Exam A QUESTION

More information

CyberP3i Course Module Series

CyberP3i Course Module Series CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls

More information

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security and Cryptography. December Sample Exam Marking Scheme Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers

More information

CLIENT SERVER SYNERGY USING VPN

CLIENT SERVER SYNERGY USING VPN CLIENT SERVER SYNERGY USING VPN 1 CHETAN S MORE, 2 AMAN ANNAD, 3 KUSHAGRA RAIZADA, 4 MANUJ SRIVASTAVA 1,2,3,4 Department of Electronics and Telecommunication Engineering, Bharati Vidyapeeth (Deemed To

More information

Achieving End-to-End Security in the Internet of Things (IoT)

Achieving End-to-End Security in the Internet of Things (IoT) Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of

More information

CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems CIT 480: Securing Computer Systems Tunneling and VPNs CIT 480: Securing Computer Systems Slide #1 Topics 1. Tunneling 1. Encapsulation 2. Security 3. SSH 2. Virtual Private Networks 1. Site-to-site 2.

More information

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA

More information

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a

More information

VPN Overview. VPN Types

VPN Overview. VPN Types VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat

More information

On the Internet, nobody knows you re a dog.

On the Internet, nobody knows you re a dog. On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing

More information

CSC 4900 Computer Networks: Security Protocols (2)

CSC 4900 Computer Networks: Security Protocols (2) CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication

More information

Indicate whether the statement is true or false.

Indicate whether the statement is true or false. Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.

More information

What is Eavedropping?

What is Eavedropping? WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks

More information

INTRODUCTION TO ICT.

INTRODUCTION TO ICT. INTRODUCTION TO ICT. (Introducing Basic Network Concepts) Lecture # 24-25 By: M.Nadeem Akhtar. Department of CS & IT. URL: https://sites.google.com/site/nadeemcsuoliict/home/lectures 1 INTRODUCTION TO

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood TM 1100 Dexter Avenue N Seattle, WA 98109 206.691.5555 www.netmotionwireless.com NetMotion Mobility Architecture A Look Under the Hood NetMotion Mobility Architecture A Look Under the Hood Wireless networking

More information

By VPNet Technologies. What s a VPN Anyway? A Virtual Private Networking Primer

By VPNet Technologies. What s a VPN Anyway? A Virtual Private Networking Primer By VPNet Technologies What s a VPN Anyway? A Virtual Private Networking Primer What s a VPN Anyway? What s a VPN Anyway? or The Cloud s Silver Lining Is Your Net 1998 VPNet Technologies Inc. All rights

More information

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question

More information

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48 I N D E X Numerics A 3DES (Triple Data Encryption Standard), 48 Access Rights screen (VPN 3000 Series Concentrator), administration, 316 322 Action options, applying to filter rules, 273 adding filter

More information

Virtual Private Networks (VPN)

Virtual Private Networks (VPN) CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1

More information

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice

More information

Area Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low

Area Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low Chapter 15 Networking Concepts 1. Define networking. It is the interconnection of independent computing devices for sharing of information over shared medium. 2. What is the need for networking? / What

More information

Virtual Dispersive Networking Spread Spectrum IP

Virtual Dispersive Networking Spread Spectrum IP Virtual Dispersive Networking Spread Spectrum IP DSI Proprietary 1 DSI Proprietary 2 Problem Lies Outside of Existing Security: On the Internet Internet Routers Virus Software Phishing Software etc POLICY

More information

VPN Auto Provisioning

VPN Auto Provisioning VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds

More information

Chapter 6/8. IP Security

Chapter 6/8. IP Security Chapter 6/8 IP Security Prof. Bhargavi H Goswami Department of MCA, Sunshine Group of Institutes, Rajkot, Gujarat, India. Mob: +918140099018. Email: bhargavigoswami@gmail.com Topic List 1. IP Security

More information

SECURE DATA EXCHANGE

SECURE DATA EXCHANGE POLICY-DRIVEN SOLUTIONS FOR SECURE DATA EXCHANGE Sending and receiving data is a fundamental part of daily business for nearly every organization. Companies need to share financial transaction details,

More information

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any

More information

The EN-4000 in Virtual Private Networks

The EN-4000 in Virtual Private Networks EN-4000 Reference Manual Document 8 The EN-4000 in Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission

More information

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually

More information

The IPsec protocols. Overview

The IPsec protocols. Overview The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview

More information

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN

More information

Internet security and privacy

Internet security and privacy Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University Chapter 6 IP Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. IP Security Overview 2. IP Security Architecture 3.

More information

Industrial Control System Security white paper

Industrial Control System Security white paper Industrial Control System Security white paper The top 10 threats to automation and process control systems and their countermeasures with INSYS routers Introduction With the advent of M2M (machine to

More information

Time Synchronization Security using IPsec and MACsec

Time Synchronization Security using IPsec and MACsec Time Synchronization using IPsec and MACsec Appeared in ISPCS 2011 Tal Mizrahi Israel ing Seminar May 2012 Time Synchronization Time synchronization is used for various applications. Securing the time

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

Network Security and Cryptography. 2 September Marking Scheme

Network Security and Cryptography. 2 September Marking Scheme Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,

More information

Complete B-2: Comparing firewall-based secure topologies, complete questions 1 through 3 on

Complete B-2: Comparing firewall-based secure topologies, complete questions 1 through 3 on COT410 LAN Fundamentals Week 5 Worksheet (WS5) Unit 8 / Unit 9 Assignments Name: Kevin Comer Unit 8 Security Practices Unit time: 180 minutes Read pages 8-1 through 8-48 Complete B-1: Examining firewalls

More information

Using Mobile Computers Lesson 12

Using Mobile Computers Lesson 12 Using Mobile Computers Lesson 12 Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data Use BitLocker Drive Encryption Use remote network connections

More information

Making life simpler for remote and mobile workers

Making life simpler for remote and mobile workers : Technology GoToMyPC Technology Making life simpler for remote and mobile workers Learn why GoToMyPC is the most secure, cost-effective and easy-to-use solution for providing remote access to the desktop.

More information

VPN. The Remote Access Solution. A Comprehensive Guide to Evaluating: Security Administration Implementation. the virtual leader

VPN. The Remote Access Solution. A Comprehensive Guide to Evaluating:  Security Administration Implementation. the virtual leader VPN The Remote Access Solution A Comprehensive Guide to Evaluating: Security Administration Implementation the virtual leader www.compatible.com VPN: The Remote Access Solution Contents The Promise of

More information

IP Security. Cunsheng Ding HKUST, Kong Kong, China

IP Security. Cunsheng Ding HKUST, Kong Kong, China IP Security Cunsheng Ding HKUST, Kong Kong, China Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database Building

More information

Wireless LAN, WLAN Security, and VPN

Wireless LAN, WLAN Security, and VPN Wireless LAN, WLAN Security, and VPN 麟瑞科技台南辦事處技術經理張晃崚 WLAN & VPN FAQ What is WLAN?802.11a?802.11b?802.11g? Which standard (product) should we use? How to deploy WLAN? How to block intruders? How to authenticate

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

Remote Connectivity for SAP Solutions over the Internet Technical Specification

Remote Connectivity for SAP Solutions over the Internet Technical Specification Remote Connectivity for SAP Solutions over the Technical Specification June 2006 Remote Connectivity for SAP Solutions over the page 2 1 Introduction SAP offers secure connections over the for support

More information

GHz. VPN Router with RangeBooster User Guide WRV200 WIRELESS. Model No.

GHz. VPN Router with RangeBooster User Guide WRV200 WIRELESS. Model No. GHz 2.4 802.11g Wireless-G VPN Router with RangeBooster User Guide WIRELESS Model No. WRV200 Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered trademark

More information