SSL VPN Virtual Private Networks based on Secure Socket Layer

Similar documents
NCP VPN Path Finder for Juniper SRX Gateways

Advanced Security and Mobile Networks

Using the Terminal Services Gateway Lesson 10

Politecnico di Milano Scuola di Ingegneria Industriale e dell Informazione. 09 Intranetting. Fundamentals of Communication Networks

Configuring VPN from Proventia M Series Appliance to NetScreen Systems

Authentication, Encryption, Transport, IP Version and VPN Routing

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

Configuration of an IPSec VPN Server on RV130 and RV130W

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

CIT 480: Securing Computer Systems

CTS2134 Introduction to Networking. Module 08: Network Security

1. Ultimate Powerful VPN Connectivity

Virtual Private Networks (VPN)

INBOUND AND OUTBOUND NAT

Configuring VPN from Proventia M Series Appliance to Symantec 5310 Systems

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Analysis of VPN Protocols

Configuring L2TP over IPsec

Authentication, Encryption, Transport, and VPN Routing

Hillstone IPSec VPN Solution

Why Firewalls? Firewall Characteristics

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

IT 341: Introduction to System

How to Configure Forcepoint NGFW Route-Based VPN to AWS with BGP TECHNICAL DOCUMENT

VPNS BY RICK FREY.

Over Cellular. Jim Weikert Strategic Marketing Manager ProSoft Technology Technical Track

IPsec NAT Transparency

Training UNIFIED SECURITY. Signature based packet analysis

Network Security and Cryptography. December Sample Exam Marking Scheme

Microsoft Microsoft TS: MS Internet Security & Acceleration Server 2006, Configuring. Practice Test. Version:

VPN Ports and LAN-to-LAN Tunnels

Virtual Private Network

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

HP Instant Support Enterprise Edition (ISEE) Security overview

Creating VPN s with IPsec

HC-711 Q&As. HCNA-CBSN (Constructing Basic Security Network) - CHS. Pass Huawei HC-711 Exam with 100% Guarantee

CSE543 Computer and Network Security Module: Network Security

Virtual Private Networks.

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Firewalls, Tunnels, and Network Intrusion Detection

Network Address Translation (NAT)

Hands-On TCP/IP Networking

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

CS 356 Internet Security Protocols. Fall 2013

Secure VPNs for Enterprise Networks

Firewall. Access Control, Port Forwarding, Custom NAT and Packet Filtering. Applies to the xrd and ADSL Range. APPLICATION NOTE: AN-005-WUK

Firewalls for Secure Unified Communications

- PIX Advanced IPSEC Lab -

4. The transport layer

CSC Network Security

Advanced Security and Forensic Computing

A Technical Overview of the Lucent Managed Firewall

VPN2S. Handbook VPN VPN2S. Default Login Details. Firmware V1.12(ABLN.0)b9 Edition 1, 5/ LAN Port IP Address

Virtual private networks

VPN Routers DSR-150/250/500/1000AC. Product Highlights. Features. Overview. Comprehensive Management Capabilities. Web Authentication Capabilities

Expert Reference Series of White Papers. DirectAccess: The New VPN

L2TP over IPsec. About L2TP over IPsec/IKEv1 VPN

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Unified Services Routers

Added Features. 1. PPTP (Point-to-Point Tunneling Protocol)

Network Interconnection

PPP Tunneling. Step by step explanation and configuration for creating PPP Tunnel

IPSec. Overview. Overview. Levente Buttyán

A Proposal for a Remote Access Method using GSCIP and IPsec

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Configuring OpenVPN on pfsense

Internet Security Firewalls

Fundamentals of Linux Platform Security

Internet security and privacy

System i. Version 5 Release 4

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

Network Security. Thierry Sans

Security and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California

Exam Questions SY0-401

Network Security Fundamentals

VNS3 IPsec Configuration. Connecting VNS3 Side by Side via IPsec

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

Junos Security (JSEC)

Sample excerpt. Virtual Private Networks. Contents

Standard For IIUM Wireless Networking

VPN Connection through Zone based Firewall Router Configuration Example

Leverage the Citrix WANScaler Software Client to Increase Application Performance for Mobile Users

Wireless Controller DWC-1000

IPsec NAT Transparency

Cisco CISCO Securing Networks with ASA Advanced. Practice Test. Version

Manual Key Configuration for Two SonicWALLs

How to configure the AT-AR450S Firewall using the Graphical User Interface (GUI)

Service Managed Gateway TM. How to Configure and Debug Generic Routing Encapsulation (GRE)

Load Balancing Technology White Paper

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

CSC 4900 Computer Networks: Security Protocols (2)

Transcription:

SSL VPN Virtual Private Networks based on Secure Socket Layer Mario Baldi Politecnico di Torino (Technical Univesity of Turin) http://staff.polito.it/mario.baldi

SSL VPN: What is that? SSL as the central mechanism on which to base secure access Site-to-site VPN Remote access VPN Secure service access Loose interpretation of VPN SSL (pseudo)vpn Tunneling based on TCP or UDP SSL-VPN - 2

Why Not IPsec VPN? IPsec too difficult and/or too expensive to use securely Too many options to be configured and administered Operates in kernel space Failures potentially catastrophic Installation difficult and risky Concerns fade with maturity SSL-VPN - 3

Why SSL VPN Lower complexity Installation Configuration Management Non-interference with kernel Most widely used SSL-VPN - 4 Higher, more robust security

Compared to IPsec VPN No problem with NAT traversal No authentication of IP header ESP (encapsulation securty payload) IPsec to be used Packets dropped at a higher level Critical with DOS attacks SSL-VPN - 5

Compared to PPTP Initially proprietary (Microsoft) Initially weak security Fixed later Poor interoperability with non- Microsoft platforms GRE (generic routing encapsulation) tunneling Possibly blocked by routers SSL-VPN - 6

SSL (pseudo)vpn IPsec VPNs connect networks Or hosts to networks SSL VPNs connect Users to services Application clients to application servers SSL-VPN - 7

Why SSL (pseudo)vpn No client code is to be installed Usable anywhere (kyosk) Applications available through web browser Deploying HTTPS Not a general security solution Specific solutions suitable to selected applications SSL-VPN - 8

In Summary SSL VPNs have a good chance of working on any network scenario TCP or UDP tunneling enable NAT traversal Firewall traversal Router traversal SSL (pseudo)vpn enable universal client (web browser) SSL-VPN - 9

SSL VPN Flavors Web proxying Application translation Port forwarding SSL ed protocols Application proxying Network extension Site-to-site connectivity Pseudo VPN SSL-VPN - 10

Proxying VPN Gateway downloads web pages through HTTP Ship them through HTTPS Web server HTTPS HTTP Client VPN Gateway SSL-VPN - 11

Application Translation Native protocol between VPN server and application server E.g., FTP, STMP, POP Application user interface as a web page HTTP(S) between VPN server and client Not suitable for all applications Look&feel might be lost SSL-VPN - 12

Application Translation HTTPS POP3 Mail server SSL-VPN - 13

Port Forwarding SSL/HTTPS POP3 POP3 (TCP port 110) Port Forwarder TCP port 443 HTTPS SSL-VPN - 14

Port Forwarding SSL/HTTPS POP3 TCP port 443 HTTPS TCP port 110 POP3 Port Forwarding SSL-VPN - 15

Port Forwarding Works only with fixed port protocols Problems with address and port in application layer protocol SSL-VPN gateway must know application protocol to translate Application layer gateway (ALG) SSL-VPN - 16

SSL ed Protocols Secure application protocols Protocol-over-SSL E.g., POP-over-SSL, IMAPover-SSL, SMTP-over-SSL Client and server support required POP-over-SSL TCP port 995 SSL-VPN - 17

Application Proxying Compatibility with older servers Client points at SSL-VPN gateway TCP port 995 TCP port 110 POP-o-SSL POP3 SSL-VPN - 18

Network Extension Tunnel over SSL POP3 Tunnel over SSL POP3 FTP FTP SSL-VPN - 19

Products and Vendors SSL-VPN - 20 Open VPN (openvpn.net) AEP F5 Networks NetScreen Technologies Netilla Nokia Symantec Whale Communications

Main Issues Interoperability Product specific features Implementation weaknesses Availability of client on specific platforms SSL-VPN - 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback