VPNs - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

VPNs

Description:

CIT 384: Network Administration VPNs – PowerPoint PPT presentation

Number of Views:117
Avg rating:3.0/5.0
Slides: 23
Provided by: nku86
Category:
Tags: imap | protocol | vpns

less

Transcript and Presenter's Notes

Title: VPNs


1
CIT 384 Network Administration
  • VPNs

2
Topics
  1. VPNs
  2. Tunneling
  3. ssh
  4. SSL
  5. IPsec
  6. L2TP

3
VPNs
  • VPNs try to provide leased line features
  • Privacy preventing unauthorized people from
    being able to read VPN traffic.
  • Authentication verifying that sender of VPN is
    an authorized device.
  • Integrity verifying data is not changed in
    transit.
  • using a public network at lower cost.

4
VPN Example
  1. PC1 sends IP packet to S1
  2. Router encapsulates IP in VPNIP headers
  3. No one can read packet in the middle
  4. ASA-1 checks security and de-encapsulates.
  5. S1 receives IP packet from PC1.

5
VPN Types
  • Remote Access individual user to network.
  • Intranet connect networks of two sites.
  • Extranet connect networks of two partnering
    organizations.

6
Tunneling
  • Tunneling Encapsulation of one network protocol
    in another protocol
  • Carrier Protocol protocol used by network
    through which the information is travelling
  • Encapsulating Protocol protocol (GRE, IPsec,
    L2TP) that is wrapped around original data
  • Passenger Protocol protocol carries original data

7
Tunneling Protocols by Layer
Application
Transport
Network
Data Link
  • ssh, SSL
  • IPsec
  • L2TP, MPLS

8
ssh
  • Secure Shell
  • Replaces
  • telnet
  • ftp
  • rlogin
  • rsh
  • rcp

9
SSH Security Features
10
ssh tunneling
  • .Use ssh tunneling to encrypt TCP connections
  • ssh L lportrhostrport rhost
  • Carrier Protocol IP
  • Encapsulating Protocol ssh
  • Passenger Protocol TCP on a specific port

11
SSL/TLS
  • Secure Sockets Layer
  • Commonly used to encrypt web connections.
  • Also used for IMAP, LDAP, POP, etc.
  • Transport Layer Security supersedes SSLv3
  • Can be used to create tunnels
  • Configure similarly to ssh tunnels.
  • Stunnel is open source SSL tunnel software.

12
IPsec
  • IPsec includes three major protocols
  • Internet Key Exchange (IKE) Provides a framework
    for negotiating security parameters.
  • Encapsulating Security Payload (ESP) Provides a
    framework for encrypting, authenticating, and
    securing data.
  • Authentication Header (AH) provides a framework
    for authenticating and securing data.

13
IPsec General Operation
  • To communicate with IPsec, devices must
  • Agree on a set of security protocols.
  • Agree on an encryption algorithm.
  • Exchange cryptographic keys.
  • Use above to encode and decode data.

14
IPsec Packet Encapsulation
  • Transport Mode
  • Original IP header of packet that is being
    encrypted is used to transport the packet.
  • ESP or AH header inserted btw IP header and
    payload.
  • Tunnel Mode
  • New IP header is added in front of ESP/AH header.
    This header contains IP addresses of the two IP
    peers as source destination.

15
IKE
  • IKE handles
  • Negotiating protocol parameters
  • Exchanging public keys
  • Authenticating both sides
  • Managing keys after exchange
  • IKE is a UDP-based protocol.

16
ESP
  • Encapsulates IP packet to provide
  • Authentication
  • Encryption
  • Integrity validation
  • Anti-replay
  • IP protocol 50, described in RFC 2406

17
AH
  • Authentication Header provides auth integrity
  • Uses keyed hash algorithm as checksum.
  • Unlike CRC, cannot be reproduced w/o key.
  • Also protects against replay attacks.
  • Does not encrypt packet contents.

18
NAT Transparency
  • PAT cant change encrypted transport header.
  • Solution add an extra UDP header.

19
GRE
  • Generic Routing Encapsulating
  • Cisco IP tunneling protocol.
  • Allows use of multicast protocols.
  • Combine with IPsec to allow routing information
    to be passed btw networks.
  • IP protocol 47

20
L2TP
  • Open successor to
  • L2F (Cisco)
  • PPTP (MS)
  • Layer 2 tunnel so it supports any layer 3
    protocols.
  • Encapsulates in UDP datagram to port 1701
  • Does not provide encryption or authentication.
  • Use with IPsec

21
Key Points
  • Tunneling
  • Carrier Protocol
  • Encapsulating Protocol
  • Passenger Protocol
  • VPNs
  • layer 4 ssh, SSL
  • layer 3 IPsec
  • layer 2 L2TP
  • IPsec
  • ESP
  • AH
  • IKE
  • Tunnel mode vs transport mode

22
References
  1. Daniel J. Barrett, Robert G. Byrnes, Richard
    E. Silverman, SSH, The Secure Shell, 2nd edition,
    OReilly, 2005.
  2. Vijay Bollapragda, IPsec VPN Design, Cisco Press,
    2005.
  3. James Boney, Cisco IOS in a Nutshell, 2nd
    edition, OReilly, 2005.
  4. Cisco, Cisco Connection Documentation,
    http//www.cisco.com/univercd/home/home.htm
  5. Cisco, Internetworking Basics, http//www.cisco.co
    m/univercd/cc/td/doc/cisintwk/ito_doc/introint.htm
  6. Saadat Malik, Network Security Principles and
    Practices, Cisco Press, 2002.
  7. Wendell Odom, CCNA Official Exam Certification
    Library, 3rd edition, Cisco Press, 2007.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "VPNs" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!