Secure Communication with BorderManager VPN 3

1
Secure Communication with BorderManager VPN 3

• Santi Prasanwongwuthi
• Corporate Integration Specialist
• Novell, Inc.

2
Concept of VPN

• Using the Internet as your own private network
• Communicate securely between various corporate
  sites
• Connect remote dial-up users securely to
  corporate networks
• Communicate securely within your own network via
  department to department

3
Advantages of VPNs

• Using the Internet lowers the cost of site to
  site communications over traditional leased lines
  and dial-up remote access
• Typical savings 2070
• Improve communication between field personnel,
  customers, and business partners

4
Why VPN?

• Flexibility and cost effectiveness
• The increasing in business-to-business
  connectivity
• business partners, service providers,
  contractors, and customers
• Advances in security

5
Requirements of VPNs

• Confidentiality
• Keeps data private
• Authenticity
• Assure senders identity
• Integrity
• Prevents data modification

6
BorderManager 3 VPN Overview

• Provides site-to-site encrypted tunnels
• Over a public network
• Within an intranet
• Provides client-to-site encrypted tunnels
• Point-to-Point Protocol (PPP) connection
• Through an Internet Service Provider (ISP)
• Direct connection (NetWare Connect)
• Windows 95/98 client

7
BorderManager 3 VPN Overview (cont.)

• Based on standards
• Simple Key Exchange Internet Protocol (SKIP)
• IP Security (IPSec)
• Authentication Header (AH)RFC 1826
• Encapsulated Security Payload (ESP)RFC 1827
• Provides
• Confidentiality
• Authenticity
• Integrity

8
Cryptographic Algorithms

• Export version
• Key encryption
• 64-bit RC2 in CBC
• 64-bit RC5 in CBC
• Data encryption
• 40-bit RC2 in CBC
• 40-bit RC5 in CBC
• Authentication
• 128-bit keyed MD5 128-bit HMAC MD5
• 160-bit keyed SHA 160-bit HMAC SHA

9
Inside The Connection
10
Site-to-Site VPN

• Concept of master and slave
• Centralized configuration and administration of
  VPN members
• Protects both IPX and IP networks
• Supports dynamic/static routing
• Automated tunnel establishments

11
Client-to-Site VPN

• Supports native Windows 95/98 client and
  Client32
• Integrated login with Client32 and dial-up
• Selective encryption (protected networks)
• Simple client configuration

12
Client-to-Site VPN (cont.)

• Novell Directory Services (NDS) enabled
• Client authentication
• Integrated access control
• Protects both IPX and IP networks

13
Client-to-Site VPN (cont.)
Admin
NDS server
Internet
ISP
ISP
Private network
VPN clientISP connection
BorderManager 3.5
Web server
VPN clientdirect connection
14
VPN Client Login Screen (cont.)
15
VPN Client Login Screen (cont.)
16
VPN Client Statistics Screen
17
References

• IPSec
• RFC 1825 (Architecture), 1826 (AH), 1827 (ESP)
• RFC 1828 (keyed MD5), 1829 (DES-CBC), 1851
  (3DES-CBC), 1852 (keyed SHA1), 2104 (HMAC
  MD5/SHA1)
• SKIP
• skip.incog.com/spec/SKIP.html

18
References (cont.)

• VPN with IPSec
• ftp//ftp.ietf.org/internet-drafts/draft-ietf-ipse
  c-vpn-00.txt
• Security links
• www.cs.purdue.edu/homes/spaf/hotlists/csec.html

19
Summary

• BorderManager 3 site-to-site VPN
• NDS-enabled
• Strong centralized administration
• Easy to administer the VPN
• Provides secure
• Site-to-site connectivity (Internet)
• LAN-to-LAN connectivity (intranet)
• Supports multiple protocols (IPX and IP)
• Standards-based (SKIP/IPSec)

20
Summary (cont.)

• BorderManager 3 client-to-site VPN
• NDS-enabled
• Strong centralized administration
• Provides secure
• Client-to-site connectivity (Internet)
• Supports native Windows 95/98 client and Client32
• In-line key exchange and management
• Selective encryption (protected networks)
• Supports multiple protocols (IPX and IP)
• Standards-based (SKIP/IPSec)
• Simple client configuration

21
Outsourcing VPN

• Outsourcing connectivity services has become the
  goal of organizations that want connectivity but
  dont want to become experts in WANs and
  security.
• That want to homogenize disparate networks and
  want to put the capital costs, service-level
  commitments, and management into someone elses
  hands

22
Success Story

• Pizza Hut Thailand
• Securely link 150 branch offices all around
  Thailand to the headquarter in Bangkok
• Based on Novell BorderManager Virtual Private
  Network -VPN
• Benefit from Firewall and FastCache service

23
Success Story

• Centralized management of Internet security and
  access through NDS contributes to the cost saving
  provided by the VPN solution. ..the underling NDS
  and NetWare platform provides the reliability
  Twentieth Century Fox needs to support mission
  critical applications worldwide on 24x7 basis
• Mike DeBrincat, Foxs director of Infrastructure
  Architecture

24
(No Transcript)