Virtual Private NetworksVPN: What is itHow do VPNs workHow VPNs WorkSecuritySlide 6SpeedChoosing a VPNReferencesJan 14, 2019 Jeff Rupp CS691 1Virtual Private Networks•What is a Virtual Private Network (VPN)?•How do VPNs work?•How is security achieved?•How secure is a VPN?•What sort of VPN is right for your application?Jan 14, 2019 Jeff Rupp CS691 2VPN: What is it•VPNs provide a means to have access to an internal network from a remote location via the Internet•They are called ‘Virtual’ since the data is still traveling through the public network, but both the data and the header can be encryptedJan 14, 2019 Jeff Rupp CS691 3How do VPNs work•VPNs consist of a gateway to the internal network and any number of remote clients•The gateway is the machine to which the clients connect•The gateway provides the server side encryption/decryption and user authenticationJan 14, 2019 Jeff Rupp CS691 4How VPNs Work•The most common standard in use today is IPSec as established by the Internet Engineering Task Force (IETF)•IPSec allows for 2 modes of operation:–Transport: only the packet data is encrypted, the header is in the clear–Tunnel: both header and data are encryptedJan 14, 2019 Jeff Rupp CS691 5Security•The first step in a VPN session is authentication, where the user and host authenticate each other via X.509, LDAP•The next step is to establish a key typically using the Diffie/Hellman protocol (public/private keys)–Packets are encrypted with this shared secret key, as public/private key cryptography is slower than secret key–The secret key may be changed may times during a single VPN session.Jan 14, 2019 Jeff Rupp CS691 6Security•IPSec does not dictate the encryption algorithm that is used•Most common is Triple DES –apply DES 3 times with unique keys each time•Some vendors have their own proprietary algorithm–These vendors would be worth avoiding, since if their algorithm is ever broken, then your system may be compromisedJan 14, 2019 Jeff Rupp CS691 7Speed•The limiting factor in the speed of a VPN system is the complexity of the encryption/decryption.•A software only solution provides acceptable bandwidth for 1-2 clients –Speed is dependent on the platform, and other loads on the VPN gateway•Large scale VPNs require a hardware solution, called a VPN Appliance–These appliances range in speed from 20Mbit - 200MbitJan 14, 2019 Jeff Rupp CS691 8Choosing a VPN•All VPNs provide a software solution for the client, so the only hardware piece needs to be the gateway•If your system will support more than 2 simultaneous clients then a VPN appliance is the best choice–If you restrict the VPN gateway’s duties to VPN (not firewall, etc) then a software server side solution is acceptable for 1-2 simultaneous clientsJan 14, 2019 Jeff Rupp CS691 9References•G2 Firewall Solutions Brief–http://www.securecomputing.com–Mar 05, 2003•Virtual Private Network Consortium–http://www.vpnc.org/vpn-standards.html–Mar 05, 2003•Windows 2000 Step-by-Step Guid to Internet Protocol Security (IPSec)–http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp–Mar 05, 2003•Scott, Charlie; Wolfe, Paul; Erwin, Mike Virtual Private Networks, Second Edition–O’Reilly & Associates, Inc 1999•Network World, Inc., 2002 –Product database from
View Full Document
Unlocking...