Professional Documents
Culture Documents
Dominik Herkel
agenda 1 / 3
1. important informations 2. general
3. history
4. benefits for business
agenda 2 / 3
5. implementation
GRE
Ipsec GRE over Ipsec SSL/TLS
agenda 3 / 3
7.
8. live configuration
important informations
general
end-to-end private network connection
security as a big concern access to internal network resources
history
mostly no need to lease dedicated lines small companies are no longer left out
scalability
compatibility
implementation
GRE IPsec VPNs GRE over IPsec SSL/TLS VPNs
general
originally developed by cisco
GRE tunnels are stateless still widely in use
process
advantages
multiprotocol support
routing protocol support multicast and broadcast support
disadvantages
no security measurements
big overhead
general
isnt bound to any specific security technologies
framework of open standards in theory operates over all data link layer (OSI model) protocols
modes
tunnel mode
transport mode
protocols
Authentication Header (AH):
appropriate when confidentiality not required only authentication and integrity provided
confidentiality
symmetric algorithms are used ensures bulk encryption examples:
Data Encryptions Standard (DES) Triple Data Encryption Standard (3DES) Advanced Encryption Standard (AES)
integrity
Keyed-Hash Message Authentication Code (HMAC)
additional shared secret added to plaintext data hash value calculated from key-data combination
authentication
examples:
Diffie-Hellman (DH)
process
1. 2. 3. 4. 5.
Host A (behind R1) sends interesting traffic to Host B (behind R2). R1 and R2 negotiate an IKE phase one session secure channel is set up. Router R1 and R2 negotiate an IKE phase two session matching parameter needed. Securely transmit data. IPsec tunnel is terminated.
advantages
security
disadvantages
solely IP support
only unicasts no routing protocol support
Decision
general
SSL is predecessor of TLS
both work at presentation layer of OSI model several security measurements
process
(http://www.youtube.com/watch?v=SJJmoDZ3il8)
advantages
security
almost everywhere available third party regulation
disadvantages
DoS attacks
bibliography 1 / 5
AnexGATE. (n.d.). AnexGATE. Retrieved from http://www.anexgate.com/downloads/whitepapers/vpnprimer.pdf AnexGATE. (n.d.). AnexGATE. Retrieved from http://www.anexgate.com/downloads/whitepapers/vpnprimer.pdf Cisco. (n.d.). Cisco. Retrieved from http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_exampl e09186a008009438e.shtml Cisco. (n.d.). Cisco Netacademy. Retrieved from http://www.cisco.com/web/learning/netacad/index.html
bibliography 2 / 5
Cisco. (n.d.). Cisco Netacademy. Retrieved from http://www.cisco.com/web/learning/netacad/index.html Covenant. (n.d.). DSLreports. Retrieved from http://www.dslreports.com/faq/8228 Edwards, J. (n.d.). ITsecurity. Retrieved from http://www.itsecurity.com/features/vpn-popularity-021108/ Itif. (n.d.). Itif. Retrieved from http://www.itif.org/files/Telecommuting.pdf Kilpatrick, I. (n.d.). IT Pro Portal. Retrieved from http://www.itproportal.com/2007/05/18/benefits-and-disadvantages-of-ssl-vpns/
bibliography 3 / 5
bibliography 4 / 5
Suida, D. (n.d.). WordPress. Retrieved from
http://waynetwork.wordpress.com/2011/07/02/video-tutorial-ipsec-over-agre-tunnel/
bibliography 5 / 5