School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

Similar documents
Virtual private networks

Cryptography and Network Security. Sixth Edition by William Stallings

CSCE 715: Network Systems Security

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Secure VPNs for Enterprise Networks

Firewalls, Tunnels, and Network Intrusion Detection

Service Managed Gateway TM. Configuring IPSec VPN

Creating VPN s with IPsec

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Network Encryption 3 4/20/17

Virtual Private Networks

Intranets and Virtual Private Networks (VPNs)

Cisco How Virtual Private Networks Work

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Virtual Private Networks (VPNs)

Sample excerpt. Virtual Private Networks. Contents

Virtual Private Networks

Automating VPN Management

Wireless LAN Security (RM12/2002)

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

IP Security. Have a range of application specific security mechanisms

Virtual Private Networks.

Hillstone IPSec VPN Solution

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

IPSec. Overview. Overview. Levente Buttyán

CTS2134 Introduction to Networking. Module 08: Network Security

Virtual Private Networks

Network Security Protocols NET 412D

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Networking interview questions

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Analysis of VPN Protocols

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

ENSC 427: Communication Networks. Spring Final Report Analysis of Applications Through IP VPN.

CSC 6575: Internet Security Fall 2017

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Standard For IIUM Wireless Networking

Virtual Private Network

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

Custom Connect. All Area Networks. customer s guide to how it works version 1.0

TABLE OF CONTENTS CHAPTER TITLE PAGE

Wireless technology Principles of Security

IP Mobility vs. Session Mobility

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

based computing that takes place over the Internet, basically a step on from Utility Computing.

Children s Health System. Remote User Policy

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

MTA_98-366_Vindicator930

CyberP3i Course Module Series

Network Security and Cryptography. December Sample Exam Marking Scheme

CLIENT SERVER SYNERGY USING VPN

Achieving End-to-End Security in the Internet of Things (IoT)

CIT 480: Securing Computer Systems

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

VPN Overview. VPN Types

On the Internet, nobody knows you re a dog.

CSC 4900 Computer Networks: Security Protocols (2)

Indicate whether the statement is true or false.

What is Eavedropping?

INTRODUCTION TO ICT.

The following chart provides the breakdown of exam as to the weight of each section of the exam.

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood

By VPNet Technologies. What s a VPN Anyway? A Virtual Private Networking Primer

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48

Virtual Private Networks (VPN)

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Area Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low

Virtual Dispersive Networking Spread Spectrum IP

VPN Auto Provisioning

Chapter 6/8. IP Security

SECURE DATA EXCHANGE

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

The EN-4000 in Virtual Private Networks

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

The IPsec protocols. Overview

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Internet security and privacy

Cryptography and Network Security

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Industrial Control System Security white paper

Time Synchronization Security using IPsec and MACsec

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Network Security and Cryptography. 2 September Marking Scheme

Complete B-2: Comparing firewall-based secure topologies, complete questions 1 through 3 on

Using Mobile Computers Lesson 12

Making life simpler for remote and mobile workers

VPN. The Remote Access Solution. A Comprehensive Guide to Evaluating: Security Administration Implementation. the virtual leader

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Wireless LAN, WLAN Security, and VPN

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Remote Connectivity for SAP Solutions over the Internet Technical Specification

GHz. VPN Router with RangeBooster User Guide WRV200 WIRELESS. Model No.

Transcription:

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1

Table of Content Introduction 3 What is Virtual Private Network (VPN) 3 Why VPN 4 Categories of VPN 5 VPN Topology 7 Type of VPN 8 Internet Protocol Security (IPsec) 12 Two Modes in IPsec 15 Risk and Limitation of VPN 17 Conclusion 18 References 18 Page 2

Introduction In this new high technology digital world, the usage of internet is increase rapidly. A lot of data or information may obtain from the internet. However, there is a problem for the usage of internet. That is the privacy. Data or information may be stealing or attacked by hacker in the process of transmission. There are various ways to protect our data. One of the examples is by using Virtual Private Network (VPN). VPN is a secure and private network connection between the system that use the data communication capability of an unsecured and public network. What is Virtual Private Network (VPN) Virtual mean in a different state of being or mean not real. In a VPN, private communication between two devices is achieved through a public network but the communication is virtually. Private mean that to keep the information or the communication between two users in secret. Network is a medium which consist of two or more devices which can communicate with each other via cable or wire. Therefore, a VPN is a secure and private network connection between the system that use the data communication capability of an unsecured and public network. In other word, VPN is a communications environment where the access is controlled to perform peer connections only within a trusted network and is constructed through some of the common underlying communication medium with the aim to maintaining privacy through the use of tunneling protocol and security procedures. [1] Page 3

VPN are commonly used to extend the intranets worldwide to disseminate information and news to a wide user base. There are three types of VPN which are Trusted VPN, Secure VPN and Hybrid VPN. Besides that, there are two mode of VPN which are Tunnel Mode and the Transport Mode. Why VPN? When we talk about Virtual Private Network (VPN), the key word private is the main issues. VPN is the best technology in the recent time to protect our data as it completely secures our data through military grade encryption in the transmission of important data. It creates a tunnel for the transmission and therefore not outsiders are allowed to view the data except the receiver. Hence, it is secure and privacy is protected. Besides that, VPN services will conceal the real IP and replace it with one of the IP of the services provider. In doing so, the connection or internet activity is anonymous and therefore prevent the attack from attacker or hacker to tracking your IP address. In addition, information transfer through public Wi-Fi is unsecure. There are a sentences that saying using Public Wi-Fi is like you are walking naked on the road but you don t want anyone to see you naked. The uses of VPN will ensure the public Wi-Fi connection in a secure mode. VPN will form tunnel around the connection that cannot be intercepted by any hacker or attacker. [2] Page 4

Categories of VPN There are three main categories of VPN which are Trusted VPN, Secure VPN and Hybrid VPN. Trusted VPN Trusted VPN uses leased circuit from services provider and conducts packet switching over there leased circuit. The privacy afforded by Trusted VPN or also known as legacy VPN was only the communications provider assured the customer that no one else would use the same circuit. This allows customer who use it to have its own IP addressing and their own security policies. In addition, the VPN customer trusted the VPN services provider to maintain the integrity of the circuits and to use the best available business practices to avoid snooping of the network traffic. [1][5] Secure VPN Secure VPN are the network or the communication environment is constructed using encryption. It use security protocol and encrypt traffic transmitted across the communication network. Secure VPN will encrypt the traffic or data at the edge of one network or the sender and moved over the internet like any other data. Data will decrypt when it reached the receiver. This encrypt traffic will act like a secure Page 5

tunnel between the two network (sender and receiver). Even if there are any attacker can see the traffic, they cannot read it or change the direction of the traffic. Hence the communication is secure. [1][5] Hybrid VPN A Secure VPN can be run as a part of a Trusted VPN as well and this created the third type of VPN in the market which is Hybrid VPN. Hybrid VPN is the VPN that combine the characteristic of the two VPN discussed before which are Trusted VPN and Secure VPN. It provides the encrypted traffic or transmissions as in the Secure VPN over the entire Trusted VPN network. The secure part of the Hybrid VPN might be controlled by the customer or by the VPN services provider that provide Trusted VPN. [1][5] Page 6

VPN Topology In this section, we will discuss about how a VPN work. To begin using VPN, first we may need an internet connection which can be leashed from an Internet Services Provider (ISP). Then a specially designed router or switch is needed for each Internet access circuit to provide access from the origin network to the VPN. A virtual circuit that resembles a leashed line is created through tunnels which allow the sender to encrypt their data in an IP packet that hide the underlying routing and switching infrastructure of the internet from both the senders and receiver is created. This circuit is known as Permanent Virtual Circuit (PVCs). The sender devices will then take the outgoing packet and encapsulates it to move through the VPN tunnel across the Internet to the receiver. This transmission of packet form the sender to the receiver is transparent to both of the sender and the receiver and even transparent to the ISP and the whole internet user. When it reached to the receiver, the receiver will strip off the VPN frame and deliver the original packet to the destination network. [3] Figure 1 show the two networks connected over an intranet. Figure 1 VPN of two networks connected over an intranet. [3] Page 7

Types of VPN VPN are traditionally used for the three main purposes: Intranets, Remote Access and Extranets. Intranet VPN Intranets are used for the connection within an organization. The connection normally is created between the headquarters offices and its branch office. VPN is created within this location to protect the information of the organization from being stolen or attacked by any outsider. The connection within this organization is often used for some e-mail or file sharing. Intranet provides a virtual circuit between the organizations over the Internet. Figure 2 show the intranet VPN within organizations. The advantage of using Intranet VPN is it will reduce the WAN bandwidth cost of the organization. Intranet VPN allow the organization to use the WAN bandwidth efficiency and hence congestion avoidance with the use of bandwidth management traffic shaping. [3][5] Page 8

Figure 2 Intranet VPN [3] Remote Access VPN Remote Access through VPN enables telecommuters and mobile workers to access e- mail and business application. Although a dial-up connection enable the user to do so, but the cost for the dial-up connection is much higher than the Remote Access VPN. Remote Access VPN enable the mobile worker to connect to the local internet connection and the set up a secure IPsec-based BPN communication to their organization. The user connect to a local ISP that support VPN using plain old line (DSL) or etc. the VPN devices at the ISP accept the user s login and then will establishes the tunnel to the VPN device at the organization s office. Then the tunnel will beginning forward packet over the Internet. The advantage of using Remote Access VPN is it will reduce the capital cost associated with connection if using dial-up connection as discuss before. Besides that, these techniques allow the organization to add new user easily and have a Page 9

greater scalability. Figure 3 show the Remote Access VPN implemented in an organization. [3][5] Figure 3 Remote Accesses VPN [3] There are two types of Access VPS which are Client-Initiated VPN and NAS-Initiated Access VPN. In the Client-Initiated VPN, the business operation initiate the VPN task by manage the client software to initiate the tunnel. This also ensures end-to-end security between the client and the host. Besides that, the client software will also be installed at the remote site which can terminate into a firewall for termination into the corporate network. The biggest advantage of this type of VPN is the service provider access network used for dialing to the point of presence is much more secured. In a NAS-Initiated VPN, the client software element is eliminated. The remote access user starts the connection by dialing to the services provider and obtains the Page 10

authentication from the services provider and in turn, initiates a secure, encrypted tunnel to the corporate network. This will then eliminated the client software issue and hence reduce the client management burden associated with the remote access VPN. In the other word, there is no end user client software for the corporate to maintain. Extranet VPN Extranet are secure connection between two or more organization. Due to the connection cost, time delays and access availability, IPsec-based VPN are ideal for extranet connection that connects two organizations. The concept of setting up an extranet VPN is similar to the intranet VPN. The only different is the user which is within an organization and one is between two or more organization. Figure 4 show the implementation of an Extranet VPN. [3][5] Figure 4 Extranet VPN [3] Page 11

Internet Protocol Security (IPsec) IPsec is a set of protocol developed by the IETF to support the exchange of secure packet or to protect the communication at the IP layer. It is also a standard suite of protocol that provides data integrity, confidentiality and authentication along the transmission of data between the communication points in the IP network. IPsec is then deployed widely and contribute in the implementation of VPN. [5] There are three main components in IPsec which are Encapsulating Security Payload (ESP), Authentication Header (AH) and Internet Key Exchange (IKE). Encapsulating Security Payload (ESP) Encapsulating Security Payload (ESP) provide the authentication, integrity and confidentiality of data. It protects the data and provides message content protection. Besides that, ESP also provides the encryption services in IPsec. First, ESP will translate the message into some secret code or unreadable message with the aim that to hide the content of the message. This will prevent the unauthorized user from viewing the content of the message. ESP will also provide ESP authentication which will provide authentication for the payload and not the IP header. The ESP header is inserted into the package. Due to the encryption done by ESP, the payload changed. [5] Page 12

Figure 5 show the example of a packet of ESP. Figure 5 Packet with IPsec Encapsulated Security Payload [5] Authentication Header (AH) Authentication Header (AH) provides the same authentication and integrity like ESP. Besides that, AH also provides optional anti-replay protection which is a services that protect against the retransmission of packet of unauthorized user. However, AH does not protect the data confidentiality. This means that the identity of the sender and the receiver can be known and the content of the message can be viewed. Therefore, to increase the security of data, both ESP and AH can be used at the same time. Figure 6 show the example of packet of AH. [5] Page 13

Figure 6 Packets with IPsec Authentication Header [5] Internet Key Exchange (IKE) Internet Key Exchange (IKE) provides the key management and the Security Association (SA). IPsec introduce the concept of SA which is a connection between two devices. An SA provides a data protection for the traffic between two devices. In addition, SA also enables an enterprise to control the usage of resources that may communicate securely. Hence, multiple SA is set up to enable multiple secure VPN. [5] Page 14

Two Modes in IPsec There are two modes in IPsec which are the Transport Mode and the Tunnel Mode. Transport Mode In transport mode, the data is encrypted except the header information. Therefore, the IP packet can directly to be transmitting to the remote host by create a secure link between the sender and the receiver. The content of the packet is encrypted and protected. Transport mode VPN eliminates the need for special servers and tunneling software. Since the header of the packet is not encrypted in Transport mode, the destination of the packet may be known. Figure 7 show the package in Transport Mode. [1][6] Figure 7 Packets in Transport Mode [6] Transport Mode is normally to be used in the end-to-end transport of encrypted data. Figure 8 show the Transport Mode VPN Page 15

Figure 8 Transport Mode VPN [1] Tunnel Mode In Tunnel Mode, the entire packet is encrypted and protected. The original IP packet with its header or destination address is inserted into a new IP packet. ESP and AH are then applied to the new packet. It will then establish two perimeter tunnel server and the new IP header is pointed to the end point of the tunnel. Once the packet reach the destination point, the end point of the tunnel will then decrypt the packet. The advantage of using tunnel mode is the entire packet is protected and secure. The sender and the receiver location are not viewed by attacker. Figure 9 show the packet in Tunnel Mode. [1][6] Figure 9 Packets in Tunnel Mode [6] Figure 10 show the Tunnel Mode VPN Page 16

Figure 10 Tunnel Mode VPN [1] Risk and Limitation of VPN Although there are lot of benefit in using VPN to provide a secure connection between the sender and the receiver, there are some limitation and risk for using VPN. The first limitation and risk is the general attack from hacker. The client of VPN may become the target of an attack. Those attacks are like VPN hijacking or man-inthe-middle attack. Besides that, if the authentication of the VPN is not strong enough to restrict those unauthorized user, this could be vulnerable to the unauthorized third party to access to the connection between the VPN users. This is due to the default VPN setting like PAP used in PPTP which transport both of the user name and password in a clear text without any encryption. The third party then could capture this information and use it to gain access to the connected network. In addition, a client machine in VPN network sometime will also be shared with some third party users which are not aware of the security implementation. They may use the machine to connect to other network like wireless LAN in hotel or restaurant. Page 17

This will then explore the vulnerability of the machine. If the client machine is compromised without the knowledge of the owner, and the owner connect his machine to the secure VPN network, finally this will poses a risk to the connecting network. Conclusion VPN is an emerging technology that has come a long way. VPN s technology is still developing, and this is a great advantage to businesses, which need to have technology that is able to scale and grow along with them. With VPN businesses now have alternative benefits to offer to their employees, employees can work from home, take care of children while still doing productive, and have access work related information at any time. In conclusion, VPN did contribute to the security field and protect the communication between two networks. Page 18

References 1. Michael E. Whitman, Herbert J. Mattord: Principles of Information Security, 2 nd Edition, Thomson Course Technology, 2005 2. 5 reason VPN is a must taken from http://www.bestvpnservice.com/blog/5- reasons-why-use-a-vpn 3. Virtual Private Network by Germaine Bacon, Lizzi Beduya, Jun Mitsuka, Betty Huang, Juliet Polintan in November 19, 2002 4. Virtual Private Network Architecture by T. Braun, M. Günter, M. Kasumi, I. Khalil 5. 1Introduction to VPN VPN Concepts, Tips, and Techniques Version 1.0, July 2003 6. VPN SECURITY February 2008 by The Government of the Hong Kong Special Administrative Region 7. What is a VPN? by Paul Ferguson, Geoff Huston published on April 1998 Page 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback