Friday, October 2, 2009

VPN



VPN (Virtual Private Network)

VPN can provide for us a secure communication link between such as leased line besides internet.VPN is a Flexible , scalable and Low-cost secure link.

VPN Features :
  1. Authentication
  2. Privacy
  3. Data integrity
  4. Anti reply
VPN types :
  1. Intranet VPN
  2. Extranet VPN
  3. Access VPN
VPN Devices :
  1. Router
  2. ASA(Adaptive Security Applience )
  3. Pix Firewall
  4. VPNconnection
  5. VPN client
Notes :
  • Modern VPN powerd by IP sec .
  • Because of VPN forms a tunnel through a public network , new IP headers must be generated and applied to the packet . this increase the network overhead for this type of connection.
  • When Desighning VPN you must choose the appropriate of levels of Encryption ,Authentication & Diffre-Hiffen
  • Protect data from the Transport Layer and above .
  • IP sec have large advantage than other encryption protocol such as SSH and SSL .
  • Encryption Protocol work at Transport layer ans restricted to specific ports .

IP Sec:
It's rule as an architecture and a frame for others VPN protocol .IP sec as a secure architecture use dynamic key exchange that is called Internet Key Exchange (IKE) and IKE calls for a process that called Diffie-Hellman (DH) key exchange .


AH & ESP
Two IP sec core protocol:
  1. Authentication Header (AH)
  2. Encapsulation Security Payload (ESP)

ESP

AH

Authentication

yes(weak)

yes(strong)

Message Integrity

yes

yes

Encyption

yes

No

Anti reply

yes

No

------------------------------------------------------------
  • AH is the older of the two IP sec core protocol .it supports only authentication and data integrity features .
use a pair of encryption algoritms :
  1. Encrypt
  2. Decrypt
IP packet + key =Encrypted Data

VPN encryption :
  1. DES : Data Encryption Standard (56 bit)
  2. 3 DES : 3*56 bit
  3. AES : Advanced Encryption Standard
  • AES currently offers the strongest level of encryption possible for symmetric encryption . it can reach up to 256 bit encryption .
Authentication :

the widely supported hashing algoritm are used :
  1. MD5(Message Digital 5)
  2. Secure Hash Algoritm (SH-1)
  • Hashing features pass data through a mathematical algorithm to generate a hash for data integrity nn

DH (Deffie-Hellman) :

The goog of DH algorithm is to give devices a way to security exchanges the shared key over a public network .
  • DH1 : 768 bit
  • DH2 : 1024 bit
  • H3 : 1536 bit



SSL:


SSL :Secure Socket Layer: SSL encrypt the segments of network connections at the Transport Layer end-to-end.

Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).(Wikipediya)

To support SSL vpm connection you need a router or cisco ASA that be configured with SSL VPN and the client can connect using standard web browser.SSL use port 443.(SSL is a transport layer protocol)

Cisco introduce web VPN server acts as a web server can be implemented by many devices including as ASA . this connection uses SSL for all communication.


SSL VPN types :

  • Clientless :Doesn't allow user to use application on their PC over the VPN
  • Thin Client : Install Activex or Java based plugins after the user has successfully authenticated to the VPN . this plugin allow user to use application (only TCP based application ). CISCO released a new implemention called "CISCO Secure Desktop".
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)