Network and Security Patterns - PowerPoint PPT Presentation

About This Presentation
Title:

Network and Security Patterns

Description:

Network and Security Patterns Ajoy Kumar Introduction Network Layer Security is something which has become the of prime importance in designing any network system. – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 25
Provided by: cseFauEd
Learn more at: https://www.cse.fau.edu
Category:

less

Transcript and Presenter's Notes

Title: Network and Security Patterns


1
Network and Security Patterns
  • Ajoy Kumar

2
Introduction
  • Network Layer Security is something which has
    become the of prime importance in designing any
    network system.
  • We look at the important layers of the network
    and try to identify the different Security
    Patterns associated with each layer. My work will
    be trying to fill the gaps at each layer where
    security patterns are missing or not well
    established.

3
VPN Security
  • We first look at the available patterns in the
    system.
  • And as the next step, we try to understand the
    VPN architecture and we try to develop a Security
    pattern for the VPN Architecture.

4
Network Architecture
Security Objects
5
Class Diagram for XML FirewallNe06
6
Class Diagram for a Packet FWFe06
7
Class Diagram for Proxy FireWallFe03
8
Class Diagram for IDS.Fer05
9
VPN Architecture
  • VPN make use of public network resources to
    connect to the private network of the enterprise.
    Within the VPN, the transmission is protected by
    security principles to assure confidentiality of
    the user(s) and data integrity. So a private
    network is established in the public domain.
    Since this network exists in a logical sense, it
    has been termed as virtual private network.

10
Features of a good VPN
  • Security
  • Reliability
  • Scalability
  • Network management
  • Policy management

11
Problem
  • In the company where I work we have a lot of
    remote employees who log in from different parts
    of the world such as St. Louis, USA or Israel.
    These developers log into a machine in Boca and
    work virtually from Boca. These connections are
    done using an VPN architecture. We need to
    develop the most safe architecture so that the
    work is done most efficiently and with the least
    threats to security.

12
Context
  • Local networks with applications being executed
    in distributed systems. Access to the network can
    be from the Internet or from other external
    networks using a VPN connection.

13
Forces
  • There are many remote users trying to connect to
    the same network from different end points. A
    good VPN system must accommodate all these users.
  • There may be different end users that may require
    different levels of security. We need to define
    appropriate policies for each of these VPN
    connections.
  • The company has various employees joining and
    leaving the company. Hence the security policies
    need to be constantly modified. Hence the VPN
    configuration should be easily configurable.
  • The number of users and applications may increase
    significantly adding more users or applications
    should be done transparently and at proper cost.
  • A VPN set up should avoid access to the corporate
    network from all harmful external elements
  • There are many ways to perform authentication.
    The VPN must support the different methods.

14
Pattern Diagram
15
Class Diagram for a VPN
End User
Secure Network
VPN Network
Secure Channel
End User Auth Point
Identity Base
Policy Base
Identity
Policy
16
Sequence Diagram for a VPN Authentication
End User
VPN
EndUserAuthPT
IdentityBase
Policy Base
SecureCh
SecureN/W
rqstConn
rqstConn
authenticate
authenticated
checkAccess
accessAllowed
openSecConn
Established
Established
17
Solution
  • Whenever an end user tries to connect to a VPN,
    the network should ask for authorization. An user
    can access a network only if a specific policy
    authorizes it to do.
  • Policy enforcing includes authenticating the end
    user who is trying to connect to the network.
  • The VPN Tunnel created should maintain its
    confidentiality and data integrity.

18
Consequences
  • Advantages
  • Company can define the policies for VPN end users
    thus centralizing the policies and makes the
    administration better.
  • Since authorization is used, company can keep a
    log of end users connected in the present and in
    the past.
  • A secure tunnel guarantees data integrity and
    secrecy. Usually a PKI system of encryption is
    used for sending data over the tunnel.
  • As authentication of end users are performed,
    users can be held responsible for their actions .
  • We can also incorporate RBAC based on the role of
    the end user.
  • Usually a Firewall complements a VPN setup..

19
Consequences (Contd)
  • Liabilities
  • If the VPN is compromised, then the attacker gets
    full access to the internal network too.
  • VPN traffic is often invisible to IDS
    monitoring.If the IDS probe is outside the VPN
    server, as is often the case, then the IDS cannot
    see the traffic within the VPN tunnel because it
    is encrypted. Therefore if a hacker gains access
    to the VPN, he can attack the internal systems
    without being picked up by the IDS.
  • Whatever type of VPN we use, VPN is only as
    secure as the remote computer connected to it.

20
  • Liabilities (Contd)
  • The pattern does not discuss the attack at the
    end points.
  • VPN Tunnel is only as strong as the cryptography
    that enables it.

21
Known Users
  • Citrix. Citrix provides a site to site VPN
    connection for remote users to log into the
    secure network as well as access applications on
    the company (secure) network.

22
Related Patterns
  • Patterns for Application Firewalls using PEP and
    PAP.
  • Nelly Delessy-Gassant, Eduardo B. Fernandez,
    Saeed Rajput,and Maria M. Larrondo Petrie

23
Future Work
  • Expand on the VPN Pattern and create separate
    patterns for IP, SSL and XML VPNs.
  • Developing the patterns missing in the network
    security diagram shown before.

24
Thank You
  • QA
  • Suggestions
  • Concerns
Write a Comment
User Comments (0)
About PowerShow.com