Virtual Private Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Virtual Private Networks

Description:

Public networks are used to move information between trusted network segments ... Blowfish variable-length key, up to 448 bits. Public Key Encryption Example. Message ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 51
Provided by: F285
Category:

less

Transcript and Presenter's Notes

Title: Virtual Private Networks


1
Virtual Private Networks
  • Fred Baker

2
What is a VPN
Public networks are used to move information
between trusted network segments using shared
facilities like frame relay or atm
A VIRTUAL Private Network replaces all of the
above utilizing the public Internet Performance
and availability depend on your ISP and the
Internet
3
Why?
4
HomeNet to the office.
5
VPN Types
6
VPN Implementations
7
VPN as your Intranet
8
What a VPN needs
  • VPNs must be encrypted
  • so no one can read it
  • VPNs must be authenticated
  • No one outside the VPN can alter the VPN
  • All parties to the VPN must agree on the security
    properties

9
VPN Components
10
Parts of a VPN
11
VPN works via crypto/Encapsulation
12
Encryption and Decryption
Clear-Text
Clear-Text
8vyaleh31d ktu.dtrw8743 FienP093h
Cipher Text
13
Basic Crypto Keys are key
14
2 Kinds Key Systems
15
Symmetric Key Algorithms
  • DES56-bit key
  • Triple-DESencrypt, decrypt, encrypt, using
    either two or three 56-bit keys
  • IDEA128-bit key
  • Blowfishvariable-length key, up to 448 bits

16
Public Key Encryption Example
  • Alice wants to send Bob encrypted data
  • Alice gets Bobs public key
  • Alice encrypts the data with Bobs public key
  • Alice sends the encrypted data to Bob
  • Bob decrypts the data with his private key

Alice
Bob
Message
Encrypted Message
Message
Decrypt
Encryption
Bobs Public Key
Bobs Private Key
17
PKI vs Symmetric Key
  • PKI easier as you dont have to manage keys on a
    per user basis
  • But MUCH more compute intensive (up to 1000 times
    faster)
  • Many systems do a combination I.e. PGP
  • Use PKI to send a symmetric key
  • Then use the symmetric key to crypto the data

18
Using Crypto in real life
19
PKI to send Private Keys
20
PKI Certs a way to authenticate
21
Prove the user cert Certificates of authority
22
Digital Signature to verify data not changed in
transit
23
PKI the full picture
24
Where you do Crypto
25
Technologies
26
Application Layer SSL
27
Transport Layer IPSEC
  • A standard
  • is composed of
  • Diffie-Huffman key exchange
  • PKI for the DH exchanges
  • DES and other bulk encryption
  • Hash to authenticate packets
  • Digital Certificates to validate keys

28
Transport Layer IPSEC VPNs3 parts
29
Tunnel vs Transport
  • Transport
  • Implemented by the end point systems
  • Real address to real address
  • Cannot go through other networks
  • Tunnel
  • Encapsulation of the original IP packet in
    another packet
  • Can go through other networks
  • End systems need not support this
  • Often PC to a box on the inside

30
Diffie-Hellman Key Exchange (1976)
  • By openly exchanging non-secret numbers, two
    people can compute a unique shared secret number
    known only to them

31
Modular Exponentiation
Both g and p Are Shared and Well-Known
  • Generator, g
  • Modulus (prime), p
  • Y gX mod p

2237276162930753723 mod 79927397984597926572651
32
Diffie-HellmanPublic Key Exchange
Private Value, XA Public Value, YA
Private Value, XB Public Value, YB
Alice
Bob
YA
YB
XB
XA XB
XA
YB mod p g mod p YA mod p
(shared secret)
33
Security Association is the agreement on how to
secure
34
create the ISAKMP SA (Internet Security
Association Key Management Protocol)
35
IPSEC Key Exchange (IKE)
36
IKE allows scale as I do not need to hard code
passwords for each pair
37
Link Layer L2TP for VPDN (Vir Pvt Dial Net)
38
PPTP Free from Microsoft
39
PPTP Security
40
VPN Comparisons
41
So why have a private network QOS not fully
cooked
  • Very dependent on your ISP
  • Real hard to do across ISPs
  • So no guarantee of performance

42
Other Issues
43
Like Nat
44
Wireless a new big driver, WAS (Work At
Starbucks)
45
Many security protocols, depends on deployer
46
VPN means I dont care how you connect
47
Example
48
So what could be wrong?
  • VPN clients hit the network stack
  • May not play well with personal firewalls
  • Or other software
  • May not need full access to the target network
    just encrypted access

49
One answer clientless VPN
  • Use SSL as the transport protocol to an appliance
  • Can add NT authentication to the appliance
  • Clientless mode Use web enabled applications
    over the Internet, the appliance SSLifies web
    sites
  • Java Applet Use an downloadable applet to send
    traffic over SSL, get more support for
    applications.
  • Can work well if you want to have encrypted web
    based apps without redoing the application
  • to use SSL you need certs and have to change
    EVERY link to HTTPs
  • Also big hit on the server cpu

50
Summary VPNs
  • Very big in the work access space
  • Exploit High speed
  • Wireless
  • in the office
  • public hot spots like Borders
  • Replaces direct dial into the work network
  • Replace dedicated Business partners
  • May replace the corporate WAN
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Virtual Private Networks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!