Scribd Logo
Upload

Welcome to Scribd!

  • VPNs - Presentation PDF

    Uploaded by

    Dominik Herkel
    98 views42 pages
    Virtual Private Networks (vpns) Dominik Herkel agenda 1 / 3 1. Important informations 2. General 3. History 4. Benefits for business agenda 2 / 3 5. Implementation GRE Ipsec GRE over Ipsec SSL / TLS access network resources paved the way for telecommuting benefits for business cost efficiency security scalability compatibility.

    Original Description:

    Original Title

    VPNs - Presentation.pdf

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Virtual Private Networks (vpns) Dominik Herkel agenda 1 / 3 1. Important informations 2. General 3. History 4. Benefits for business agenda 2 / 3 5. Implementation GRE Ipsec GRE over Ipsec SSL / TLS access network resources paved the way for telecommuting benefits for business cost efficiency security scalability compatibility.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    98 views42 pages

    VPNs - Presentation PDF

    Uploaded by

    Dominik Herkel
    Virtual Private Networks (vpns) Dominik Herkel agenda 1 / 3 1. Important informations 2. General 3. History 4. Benefits for business agenda 2 / 3 5. Implementation GRE Ipsec GRE over Ipsec SSL / TLS access network resources paved the way for telecommuting benefits for business cost efficiency security scalability compatibility.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 42

    Virtual Private Networks (VPNs)

    Dominik Herkel

    agenda 1 / 3
    1. important informations 2. general

    3. history
    4. benefits for business

    agenda 2 / 3
    5. implementation

    GRE
    Ipsec GRE over Ipsec SSL/TLS

    6.Cisco VPN solutions

    agenda 3 / 3

    7.

    access network resources

    8. live configuration

    important informations

    always refer to the OSI model, not TCP/IP

    complex topic listen carefully

    general
    end-to-end private network connection
    security as a big concern access to internal network resources

    history

    mostly no need to lease dedicated lines small companies are no longer left out

    use already existing infrastructure


    paved the way for telecommuting

    benefits for business



    cost efficiency security

    scalability
    compatibility

    implementation

    GRE IPsec VPNs GRE over IPsec SSL/TLS VPNs

    Generic Routing Encapsulation (GRE)

    general
    originally developed by cisco
    GRE tunnels are stateless still widely in use

    process

    original IP packet encapsulated again

    additional overhead of 24 bytes

    advantages
    multiprotocol support
    routing protocol support multicast and broadcast support

    disadvantages

    no security measurements

    big overhead

    Internet Protocol Security (IPsec)

    general
    isnt bound to any specific security technologies
    framework of open standards in theory operates over all data link layer (OSI model) protocols

    modes

    tunnel mode

    transport mode

    protocols
    Authentication Header (AH):

    appropriate when confidentiality not required only authentication and integrity provided

    Encapsulating Security Payload (ESP):


    different to AH, also supports encryption

    confidentiality

    symmetric algorithms are used ensures bulk encryption examples:

    Data Encryptions Standard (DES) Triple Data Encryption Standard (3DES) Advanced Encryption Standard (AES)

    integrity
    Keyed-Hash Message Authentication Code (HMAC)

    additional shared secret added to plaintext data hash value calculated from key-data combination

    examples of hash calculation operations:


    Message-Digest Algorithm 5 (MD5), Secure Hash Algorithm (SHA-1, SHA-2, SHA-3)

    authentication

    parties authenticate each other either pre-shared secrets or signatures used

    examples:

    pre-shared secret Rivest-Shamir-Adleman (RSA) signature

    secure key exchange

    Diffie-Hellman (DH)

    asymmetric algorithm defines several groups

    allows generation of identical shared secret


    shared-secret never exchanged between parties examples:

    ranges from group 1 24

    differ relating to encryption strength

    process
    1. 2. 3. 4. 5.
    Host A (behind R1) sends interesting traffic to Host B (behind R2). R1 and R2 negotiate an IKE phase one session secure channel is set up. Router R1 and R2 negotiate an IKE phase two session matching parameter needed. Securely transmit data. IPsec tunnel is terminated.

    advantages

    security

    based on existing algorithms

    disadvantages
    solely IP support
    only unicasts no routing protocol support

    Decision

    GRE over IPsec


    often no need to decide between IPsec or GRE
    combines the benefits of both solutions into one flexibility provided by GRE and security ensured by IPsec

    Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

    general
    SSL is predecessor of TLS
    both work at presentation layer of OSI model several security measurements

    process

    (http://www.youtube.com/watch?v=SJJmoDZ3il8)

    advantages
    security
    almost everywhere available third party regulation

    disadvantages

    faked SSL/TLS certificates

    DoS attacks

    Cisco VPN solutions



    Cisco Integrated Services Router (ISR) with enabled VPN Cisco Private Internet eXchange (PIX) end of life (EOL), end of sale (EOS) Cisco Adaptive Security Appliance (ASA) 5500 Series Cisco VPN 3000 Series Conentrator end of life (EOL), end of sale (EOS) Small and Home Office (SOHO) Routers

    access network resources


    Site to Site configuration
    Cisco VPN Client Cisco AnyConnect VPN Client

    bibliography 1 / 5

    AnexGATE. (n.d.). AnexGATE. Retrieved from http://www.anexgate.com/downloads/whitepapers/vpnprimer.pdf AnexGATE. (n.d.). AnexGATE. Retrieved from http://www.anexgate.com/downloads/whitepapers/vpnprimer.pdf Cisco. (n.d.). Cisco. Retrieved from http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_exampl e09186a008009438e.shtml Cisco. (n.d.). Cisco Netacademy. Retrieved from http://www.cisco.com/web/learning/netacad/index.html

    bibliography 2 / 5

    Cisco. (n.d.). Cisco Netacademy. Retrieved from http://www.cisco.com/web/learning/netacad/index.html Covenant. (n.d.). DSLreports. Retrieved from http://www.dslreports.com/faq/8228 Edwards, J. (n.d.). ITsecurity. Retrieved from http://www.itsecurity.com/features/vpn-popularity-021108/ Itif. (n.d.). Itif. Retrieved from http://www.itif.org/files/Telecommuting.pdf Kilpatrick, I. (n.d.). IT Pro Portal. Retrieved from http://www.itproportal.com/2007/05/18/benefits-and-disadvantages-of-ssl-vpns/

    bibliography 3 / 5

    Mason, A. (n.d.). CiscoPress. Retrieved from http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=7

    Pearson. (n.d.). Pearsoncmg. Retrieved from http://ptgmedia.pearsoncmg.com/images/9781587201509/samplechapter/158720150X_CH14.pd f


    Rager, A. T. (n.d.). SourceForge. Retrieved from http://ikecrack.sourceforge.net/ SANS Institute. (n.d.). GoogleDocs. Retrieved from https://docs.google.com/viewer?a=v&q=cache:LcJ_BIRpFl4J:www.sans.org/reading_room/whit epapers/vpns/vulnerabilitys-ipsec-discussion-weaknesses-ipsec-implementationpro_760+ipsec+vulnerabilities&hl=de&gl=at&pid=bl&srcid=ADGEESjc5VtF9axW6pM9jnZscnGx hS2U9roAq

    bibliography 4 / 5
    Suida, D. (n.d.). WordPress. Retrieved from
    http://waynetwork.wordpress.com/2011/07/02/video-tutorial-ipsec-over-agre-tunnel/

    Unknown. (n.d.). ETutorials. Retrieved from


    http://etutorials.org/Networking/network+security+assessment/Chapter+11 .+Assessing+IP+VPN+Services/11.2+Attacking+IPsec+VPNs/

    Unknown. (n.d.). Journey2CCIE. Retrieved from


    http://journey2ccie.blogspot.co.at

    bibliography 5 / 5

    Unknown. (n.d.). Teleworkers Research Network. Retrieved from http://www.teleworkresearchnetwork.com/telecommuting-statistics

    Unknown. (n.d.). The Hackers Choice. Retrieved from http://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos/


    Wikipedia. (n.d.). Wikipedia. Retrieved from http://en.wikipedia.org/wiki/Telecommuting#Telecommuting_and_telework_statistics Wikipedia. (n.d.). Wikipedia. Retrieved from http://en.wikipedia.org/wiki/Transport_Layer_Security

    Zandi, S. (n.d.). Cisco LearningNetwork. Retrieved from https://learningnetwork.cisco.com/docs/DOC2457


    dtommy1979 (n.d.). YouTube. Retrieved from http://www.youtube.com/watch?v=SJJmoDZ3il8

    You might also like