CSCI 465 D ata Communications and Networks Lecture 26

1. CSCI 465Data Communications and NetworksLecture 26 Martin van Bommel CSCI 465Data Communications & Networks

2. Virtual Private Network (VPN) • A set of computers or secure networks interconnected in a secure way through encryption and other security protocols despite using unsecure networks • Unsecure networks contain unauthorized users • Need to prevent eavesdropping • Proprietary solutions insufficient • Little reassurance as to level of security • Limited in choice of network devices CSCI 465Data Communications & Networks

3. IPSec • Security features part of Internet standards • Authentication and encryption protocols • Applications needing security include • Branch office connectivity • Remote access over Internet • Extranet and intranet connections with partners • E-commerce security CSCI 465Data Communications & Networks

4. IPSec Functions • Authentication Header • For authentication only • Encapsulating Security Payload (ESP) • Combined authentication/encryption • Key exchange function • Either manual – systems administrator configures keys • Or automated – on-demand key creation • VPNs need both authentication/encryption CSCI 465Data Communications & Networks

5. IPSec Tunnel Mode • Provides protection to the entire IP Packet • Original IP Packet is encrypted (ESP trailer) • New packet is authenticated (ESP header) • New outer IP header is added • No routers along path will examine inner IP header

6. IP Security Scenario CSCI 465Data Communications & Networks

7. Benefits of IPSec • Provides strong security for external traffic • Resistant to bypass • Operates below transport layer hence transparent to applications • Can be transparent to end users • Can provide security for individual users if needed CSCI 465Data Communications & Networks