230 likes | 299 Views
Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014. Outline. Another aspect of the perimeter defense problem Virtual private networks What are they? How do they handle this problem? Their practical use. Another Aspect of the Problem.
E N D
Perimeter Defense in Networks: Virtual Private NetworksAdvanced Network Security Peter ReiherAugust, 2014
Outline • Another aspect of the perimeter defense problem • Virtual private networks • What are they? • How do they handle this problem? • Their practical use
Another Aspect of the Problem What if you need to work across the Internet? You want to get the same protection on both ends that firewalls would give But those running the Internet won’t install firewalls for you So there’s an untrusted hole in your perimeter
Illustrating the Problem NOT SAFE! SAFE! SAFE! Your Los Angeles firewall No firewall Your Saigon firewall Your Los Angeles office Your Saigon office The Internet
Cryptography to the Rescue • We can’t ensure bad guys don’t see the packets we send outside our firewalls • But we can ensure they don’t understand them and can’t alter them • We can use cryptography to do that • Essentially, a different way to provide perimeter defense • When physical boundaries don’t apply
How To Do That? • Encrypt all traffic between our trusted endpoints • Literally everything • For preference, even hide sender and receiver information • To prevent attackers from knowing details of our networks
Virtual Private Networks • VPNs • The formal name for the solution we just outlined • A dedicated virtual closed network • Running across an untrusted open network • Security provided by cryptography
Encryption and Virtual Private Networks • Use encryption to convert a shared line to a private line • Set up a firewall at each installation’s network • Set up shared encryption keys between the firewalls • Encrypt all traffic using those keys
Actual Use of Encryption in VPNs • VPNs run over the Internet • Internet routers can’t handle fully encrypted packets • Obviously, VPN packets aren’t entirely encrypted • They are encrypted in a tunnel mode • Often using IPSec • Gives owners flexibility and control
Key Management and VPNs • All security of the VPN relies on key secrecy • How do you communicate the key? • In early implementations, manually • Modern VPNs use IKE or proprietary key servers • How often do you change the key? • Better be often • And better be largely automated
Some Other VPN Issues • Interactions between VPNs and firewalls • New models of VPN deployment
VPNs and Firewalls • VPN encryption is typically done between firewall machines • VPN often integrated into firewall product • Do I need the firewall for anything else? • How much do I trust the remote office . . .? • Remember, you must not only trust honesty • You must also trust caution
Placing the Firewall Outside the VPN • Placing the firewall “outside” the VPN is pointless • Traffic is encrypted, at that point • Also, true IP addresses, ports, etc. are hidden by the tunneling • Can’t usefully analyze packets here
Placing the Firewall Inside the VPN • Meaning, after the VPN encryption has been removed • And the tunneling undone • Allows firewall to analyze the packets that would actually be delivered • “Inside” means “later in same box” usually • One machine handles both VPN and firewalls
New Models of VPNs • Original model sets up VPN between two endpoints • Static endpoints • Semi-permanent VPN • Modern needs have suggested other ways to use VPNs
VPNs and Portable Computing • Increasingly, workers connect to offices remotely • While on travel • Or when working from home • We can use VPNs to offer a secure solution
Securing the Mobile Worker Set up VPN software on his computer Capturing all incoming/outgoing packets Applying encryption Using a key shared with the home office Wherever the user goes, his VPN endpoint goes with him
Temporary VPNs What if a group of users want to communicate securely? They’ve never done so before They might never do so again They will never meet in person They want it set up quickly
Arranging a Temporary VPN Get the same VPN software to all participants Securely set up a key distributed to all of them For the period of the conversation, send just relevant packets through VPN Throw it all away when you’re done
Practical Use of Temporary VPNs • Often set up by video/teleconferencing companies • Using a web interface for • Administration • Software distribution • Key distribution • Requires customers to trust that company • SW could be bogus • Key distribution could be bugged • They claim, of course, they don’t do that
Major Security Issues for Temporary VPNs • Key distribution • Typically want to distribute same symmetric key to all • Authentication • How does everyone know that the other participants are proper • Bogus software • Compromised user machines
How It Usually Works • Clients get access from any machine • Using downloaded code • Connect to web server, download VPN applet, away you go • Crypto usually leverages existing SSL code • Authentication via user ID/password • Implies you trust the applet . . .
Conclusion • VPNs offer a reasonable way to get some degree of perimeter defense across the Internet • VPNs are really just a case of applied cryptography • If you use one, think about what components you’re trusting • Should you trust them?