Virtual Private Networking - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Virtual Private Networking

Description:

Virtual Private Networking. Irfan Khan. Myo Thein. Nick Merante. VPN IPSec ... Enable two remote networks to appear as one network via the internet. ... – PowerPoint PPT presentation

Number of Views:76
Avg rating:3.0/5.0
Slides: 26
Provided by: oakl3
Category:

less

Transcript and Presenter's Notes

Title: Virtual Private Networking


1
Virtual Private Networking
  • Irfan Khan
  • Myo Thein
  • Nick Merante

2
VPN IPSec
  • VPN Virtual Private Network
  • Enable two remote networks to appear as one
    network via the internet.
  • IPSec Internet Protocol Security Extensions
  • Enable machines to securely communicate over an
    insecure medium

3
What We Will Cover
  • The need for security
  • Benefits of a VPN/IPSec combination
  • The necessary tools
  • How to set everything up
  • How to verify everything is working

4
The Need for Security
  • Internet not like it used to be
  • The hunt for bugs
  • Automated tools do most of the dirty work
  • Systems targets regardless of content value
  • Business need for securing client/customer data
    in global network

5
Why Use VPN
  • Confidentiality
  • Integrity
  • Authenticity
  • Replay Protection

6
Who can benefit
  • Peer to peer security encryption of traffic
    between people.
  • PGP Desktop Security www.pgpi.org
  • Corporate security encryption of traffic
    between offices.

7
Benefits to personal users
  • Create a secure path between two machines
  • Enhance the level of trust with authentication

8
Benefits for corporate users
  • Can do away with leased lines connecting offices
    without sacrificing privacy.
  • Can then make use of the internet
  • More reliable
  • More portable
  • More cost-effective

9
A method of security
  • Implementing a Virtual Private Network (VPN)
  • Using IPSec to encrypt all traffic
  • Authenticating data sent

10
What is IPSec
  • IPSec AH ESP IKE

11
Different ModesAH vs ESP
  • AH Authentication Header
  • Attaches checksum to packets
  • Ensures packet not modified in transit
  • ESP Encapsulating Security Payload
  • Encrypts data
  • Ensures authentication

12
Different ModesTunnel vs Transport
  • Tunnel Mode
  • Encapsulate packet into new IPv4/v6 header
  • Used for VPN Gateways
  • Transport Mode
  • Encrypts normal traffic between peers

13
Tunnel vs Transport
Transport Mode
Host 1
Host 2
Tunnel Mode
Host 1
Gateway 1
Host 2
Gateway 2
14
Necessary Tools
  • Two unix machines with properly configured
    kernels to serve as gateways
  • Racoon for key exchange
  • Internet connection

15
Preparing the machine
  • Modify the kernel
  • bpf Berkeley packet filter
  • IPFIREWALL Enable Firewall
  • IPDIVERT Divert IP sockets (Used for NAT)
  • IPSEC IP security
  • IPSEC_ESP IP security (crypto define w/
    IPSEC)
  • IPSEC_DEBUG debug for IP sec
  • Install Racoon
  • Obtain source code or install from ports
    collection

16
Creating the tunnel
  • Set up tunnel between 2 private networks
  • gif Generic tunnel interface
  • Diagram A
  • Tunnel Script (Step 3)

17
Diagram A
VPN Tunnel
vpn-gw2 gif0 192.168.5.1
van-gw1 gif0 192.168.6.1
Internet
Gateway B
Gateway A
192.52.220.22
192.52.220.152
192.168.5.100
192.168.5.101
192.168.5.102
192.168.6.100
192.168.6.101
192.168.6.102
18
Adding the Encryption
  • Creating the policies
  • Manual keying
  • Automatic keying (racoon)
  • Racoon configuration
  • Different algorithms
  • des, 3des, blowfish, etc.
  • Step 4 / Figure A

19
Figure A
  • Ident ipsec.conf
  • Usage setkey f ipsec.conf
  • flush Flush the Security Association
    Database
  • spdflush Flush the Security Policy Database
  • add 192.52.220.22 192.52.220.152 esp 9111 -E
    blowfish-cbc "12345"
  • add 192.52.220.152 192.52.220.22 esp 9112 -E
    blowfish-cbc "12345"
  • spdadd 192.168.6.0/24 192.168.5.0/24 any -P out
    ipsec esp/tunnel/192.52.220.22-192.52.220.152/requ
    ire
  • spdadd 192.168.5.0/24 192.168.6.0/24 any -P in
    ipsec esp/tunnel/192.52.220.152-192.52.220.22/defa
    ult

20
Changes to the Packet
IP v4
Before applying ESP
Orig IP hdr
TCP
Data
After applying ESP
ESP Trailer
ESP Auth
ESP Header
Orig IP hdr
TCP
Data
encrypted
authenticated
ESP Encapsulating Security Payload
21
Manual vs Automatic Keying
  • Benefits of manual keying
  • Simplicity
  • Less overhead
  • Benefits of automatic keying
  • Much more secure
  • Encryption keys periodically changed based on
    time or amount transferred.

22
Encryption Algorithms
  • Data Encryption Standard (DES)
  • 64 bits
  • Triple DES
  • 192 bits
  • Blowfish
  • 40 to 448 bits
  • Rijndael (AES)
  • 128/192/256 bits

23
Verification
  • An analysis before and after
  • Key Policies (Figure B)
  • Dump Security Association Database with setkey
    D (Figure C)
  • TCP Dump of Headers (Figure D)
  • TCP Dump of Data (Figure E)

24
Diagram A
VPN Tunnel
vpn-gw2 gif0 192.168.5.1
van-gw1 gif0 192.168.6.1
Internet
Gateway B
Gateway A
192.52.220.22
192.52.220.152
192.168.5.100
192.168.5.101
192.168.5.102
192.168.6.100
192.168.6.101
192.168.6.102
25
Conclusion
  • Different tools for different jobs
  • PGP for encrypting data
  • SSL for encrypting sockets
  • SSH for encrypting logons
  • IPSec for encrypting all traffic
  • Another tool for the administrators toolbox
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Virtual Private Networking" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!