Analysis of VPN Protocols

Similar documents
Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

VPNS BY RICK FREY.

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

Virtual Private Networks

VPN Ports and LAN-to-LAN Tunnels

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

Virtual Private Networks (VPNs)

CTS2134 Introduction to Networking. Module 08: Network Security

VPN. Virtual Private Network. Mario Baldi. Synchrodyne Networks, Inc. VPN - 1 M.

Review on protocols of Virtual Private Network

NGF0401 Instructor Slides

VPN. Agenda VPN VPDN. L84 - VPN and VPDN in IP. Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP)

Virtual Private Network

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Firewalls, Tunnels, and Network Intrusion Detection

Securely Deliver Remote Monitoring and Service to Critical Systems. A White Paper from the Experts in Business-Critical Continuity TM

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Hillstone IPSec VPN Solution

Virtual Private Networks.

Performance Analysis and Special Issues of VPN Technologies in Communication: Trusted VPNs, Secure VPNs and Hybrid VPNs

Configuring L2TP over IPsec

Cisco How Virtual Private Networks Work

CS519: Computer Networks. Lecture 8: Apr 21, 2004 VPNs

Network Security. Rev 1.0.

CIT 480: Securing Computer Systems


Virtual Private Networks (VPN)

material. For more information on how to get additional questions, please see a.

Virtual private networks

Secure VPNs for Enterprise Networks

CSE509: (Intro to) Systems Security

VPN Virtual Private Networks

CSCE 715: Network Systems Security

Cisco PPPoE Baseline Architecture for the Cisco UAC 6400

VPN. Virtual Private Network. Mario Baldi Luigi Ciminiera. Politecnico di Torino. VPN - 1 M. Baldi L. Ciminiera: see page 2

BCRAN. Section 9. Cable and DSL Technologies

Introduction to VoIP. Cisco Networking Academy Program Cisco Systems, Inc. All rights reserved. Cisco Public. IP Telephony

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Building Mobile L2TP/IPsec Tunnels

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

VPN Overview. VPN Types

IPSec. Overview. Overview. Levente Buttyán

1.264 Lecture 23. Telecom Enterprise networks MANs, WANs

SSL VPN Virtual Private Networks based on Secure Socket Layer

By VPNet Technologies. What s a VPN Anyway? A Virtual Private Networking Primer

isco Cisco PPPoE Baseline Architecture for the Cisco UAC

Product information begins on page 2. Lucent and Ascend have merged.

Remote Connectivity for SAP Solutions over the Internet Technical Specification

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN. Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Data and Computer Communications

Cryptography and Network Security. Sixth Edition by William Stallings

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

SYSTEMS ADMINISTRATION USING CISCO (315)

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

ECCouncil EC-Council Network Security Administrator. Download Full Version :

HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls

Configuring OpenVPN on pfsense

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

Integration Guide. Oracle Bare Metal BOVPN

Read addressing table and network map

HP Instant Support Enterprise Edition (ISEE) Security overview

Added Features. 1. PPTP (Point-to-Point Tunneling Protocol)

Hands-On TCP/IP Networking

IPsec NAT Transparency

Sharing IPsec with Tunnel Protection

CLIENT SERVER SYNERGY USING VPN

Table of Contents. Cisco Quality of Service Options on GRE Tunnel Interfaces

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

Chapter 5 OSI Network Layer

Network+ Guide to Networks 6 th Edition

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

Evaluating networking technologies

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

CS 356 Internet Security Protocols. Fall 2013

A device that bridges the wireless link on one side to the wired network on the other.

Implementation Guide - VPN Network with Static Routing

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

Authentication, Encryption, Transport, IP Version and VPN Routing

Cisco IP Fragmentation and PMTUD

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Virtual Dispersive Networking Spread Spectrum IP

Network Security. Chapter 11 Security Protocols of the Data Link Layer. Scope of Link Layer Security Protocols

CSC 4900 Computer Networks: Security Protocols (2)

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

IP Tunneling. GRE Tunnel IP Source and Destination VRF Membership. Tunnel VRF CHAPTER

based computing that takes place over the Internet, basically a step on from Utility Computing.

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Multiprotocol BGP 1 MPLS VPN. Agenda. Multiprotocol BGP 2

Network Services Internet VPN

Cross Layer Protocol Design. Radio Communication III

Transcription:

Analysis of VPN Protocols ECE 646 Final Project Presentation Tamer Mabrouk Touhidur Satiar

Overview VPN Definitions Emergence of VPN Concept of Tunneling VPN Classification Comparison of Protocols Customer Premise Equipment (CPE) Provider Provisioned Future of VPN

Definition of VPN A virtual private network (VPN) is a private network that uses a public network (usually the Internet) to connect remote sites or users together. HQ VPNs can use the Internet to connect: Branch Office Partners/Vendors Internet Telecommuters Mobile User Data centers and branch offices Mobile users and telecommuters Customers, partners and vendors

Emergence of VPN Previous private Networks used to be comprised of leased lines and frame relay or ATM connections to service provider s cloud. Agency B Frame Relay/ATM Switches Agency A Frame Relay/ATM Network Agency A Leased lines Agency B

Emergence of VPN VPNs utilizes public Internet to provide same functionality of legacy private networks. Agency B Routers Agency A Agency A Agency B Internet

Concept of Tunneling Tunnel - virtual connection that uses the internet to transfer data between networks. Tunneling - encapsulation, transmission, and decapsulation of packets Basic building block for VPNs Requires three different protocols: Carrier Protocol Encapsulating Protocol Passenger Protocol

VPN Classifications Two Categories: A. Customer Premise Equipment (CPE) CPE-based VPNs, are implemented within customer premise equipment, where a customer can create their own VPN across an Internet connection without any specific knowledge or cooperation from the service provider.

VPN Classification B. Provider provisioned VPN do not require the deployment of any CPE devices beyond basic internet access. All VPN services and equipment are provided by the service provider s core infrastructure. CPE Based VPN PPTP L2F L2TP Provider provisioned VPN MPLS Layer 2 VPN MPLS Layer 3 VPN IPSec

Comparison of CPE Based Protocols Security Issues: PPTP L2TP IPSec Authentication PPP: PAP, CHAP, EAP PPP: PAP, CHAP, EAP AH(MD5 or SHA), ESP Encryption NONE NONE DES, 3DES Key Management NONE NONE IKE

Comparison of CPE Based Protocols Vulnerabilities: PPTP L2TP IPSec Buffer Overflow NOT RESISTENT NOT RESISTENT NOT RESISTENT Man-In-The-Middle NOT RESISTENT NOT RESISTENT RESISTENT Key-Management NOT APPLICABLE NOT APPLICABLE VULNERABLE Timing Attack NOT RESISTENT NOT RESISTENT NOT RESISTENT

Comparison of CPE Based VPN Interoperability : Worth mentioning L2TP and IPSec

Comparison of CPE Based VPN Performance: Based on throughput and Latency. L2TP utilizes more command and control messages. So throughput may be less than PPTP. But it performs better in high latency network because it uses UDP for its control packets PPTP uses TCP for control packets and also uses less control message which makes it high throughput protocol but makes is vulnerable to high latency network. IPSec uses lot of security related overhead which degrades the performance from both throughput and latency prospective.

Comparison of CPE based VPN Routed Desktop Protocols IPSec IP only PPTP IP, IPX, AppleTalk NetBEUI L2TP IP, IPX, AppleTalk NetBEUI

Comparison of CPE based VPN Implementation of Protocols in OSI reference model SSL SOCKS v.5 Sun.Net, TCP IPSec L2TP, PPTP,L2F KG, KIV 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data link 1.Physical

Comparison of Provider Provisioned Based VPNs Security issues: Both MPLS Layer 2 and Layer 3 VPNs do not provide Encryption, Authentication or Key management functionalities.

Comparison of Provider Provisioned Based VPNs Deployment Considerations: MPLS Layer 3 MPLS Layer 2 Implementation Configuration & Management Requires high end devices. Complex and more challenging Can be implemented with simpler devices. Simple Cost More expensive Less expensive

Comparison of Provider Provisioned Based VPNs Interoperability: IPSec can be incorporated with layer 2 and layer 3 MPLS infrastructure to provide strong authentication, encryption and confidentiality.

Comparison of Provider Provisioned Based VPNs Performance: MPLS layer 2 VPNs are more efficient and produce higher throughput because of the overall less complexity of route look-ups and less encapsulation then layer 3 VPNs.

Comparison of Provider Provisioned Based VPNs Multi protocol Support: MPLS Layer 3 VPN MPLS Layer 2 VPN Protocols IP only Any layer 3 protocol ( IP,IPX, DecNet etc) IPV6 Support None Capable and integrated into the protocol

Future of VPN Voice and Video over VPN: Integration of IP telephony, Quality of Service and IPSec guarantees timely delivery of latency sensitive voice of video data. SSL VPN: Provides IPSec VPN functionality without using client software by using Secure Socket Layer technology.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback