1 / 17

VPNs

VPNs. IETF developing IPsec security standards IP security At the internet layer Protects all messages at the transport and application layers. E-Mail, WWW, Database, etc. TCP. UDP. IPsec. VPNs. IPsec Transport Mode End-to-end security for hosts. Local Network. Internet. Local

afric
Download Presentation

VPNs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VPNs • IETF developing IPsec security standards • IP security • At the internet layer • Protects all messages at the transport and application layers E-Mail, WWW, Database, etc. TCP UDP IPsec

  2. VPNs • IPsec Transport Mode • End-to-end security for hosts Local Network Internet Local Network Secure Communication

  3. VPNs • IPsec Tunnel Mode • IPsec server at each site • Secure communication between sites Local Network Internet Local Network IPsec Server Secure Communication

  4. VPNs • IPsec Modes Can be Combined • End-to-end transport mode connection • Within site-to-site tunnel connection Local Network Internet Local Network Tunnel Mode Transport Mode

  5. VPNs • Another Security System for VPNs is the Point-to-Point Tunneling Protocol (PPTP) • For dial-up connections, based on PPP • Connects user with securely to a remote access server at a site Dial-Up Connection Local Network Internet PPTP Connection Remote Access Server

  6. PKIs • To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) • A PKI automates most aspects of using public key encryption and authentication • Uses a PKI Server PKI Server

  7. PKIs • PKI Server Creates Public Key-Private Key Pairs • Distributes private keys to applicants securely • Often, private keys are embedded in delivered software Private Key PKI Server

  8. PKIs • PKI Server Provides CRL Checks • Distributes digital certificates to verifiers • Checks certificate revocation list before sending digital certificates Digital Certificate PKI Server

  9. PKIs • CRL (Certificate Revocation List) Checks • If applicant gives verifier a digital certificate, • The verifier must check the certificate revocation list CRL PKI Server OK? OK or Revoked

  10. Integrated Security System • When two parties communicate … • Their software usually handles the details • First, negotiate security methods • Then, authenticate one another • Then, exchange symmetric session key • Then can communicate securely using symmetric session key and message-by-message authentication

  11. SSL Integrated Security System • SSL • Secure Sockets Layer • Developed by Netscape • TLS (now) • Netscape gave IETF control over SSL • IETF renamed it TLS (Transport Layer Security) • Usually still called SSL

  12. Location of SSL • Below the Application Layer • IETF views it at the transport layer • Protects all application exchanges • Not limited to any single application • WWW transactions, e-mail, etc. E-Mail WWW E-Mail WWW SSL SSL

  13. SSL Operation • Browser & Webserver Software Implement SSL • User can be unaware

  14. SSL Operation • SSL ISS Process • Two sides negotiate security parameters • Webserver authenticates itself • Browser may authenticate itself but rarely does • Browser selects a symmetric session key, sends to webserver • Adds a digital signature and encrypts all messages with the symmetric key

  15. Importance of SSL • Supported by Almost All Browsers • De facto standard for Internet application security • Problems • Relatively weak security • Does not involve security on merchant server • Does not validate credit card numbers • Viewed as an available but temporary approach to consumer security

  16. Other ISSs • SSL is merely an example integrated security system • Many other ISSs exist • IPsec • PPP and PPTP • Etc.

  17. Other ISSs • All ISSs have the same general steps • Negotiate security parameters • Authenticate the partners • Exchange a session key • Communicate with message-by-message privacy, authentication, and message integrity

More Related