1 ip vpn nikolay scarbnik. 2 agenda...
Post on 20-Dec-2015
224 views
TRANSCRIPT
1
IP VPN
Nikolay Scarbnik
2
AgendaIntroduction………………………………………………………….3VPN concept definition……………………………………………..4VPN advantages……………...…………………………………….5VPN types……………………………………………………………6OSI……………………………………………………………………7VPNs classification………………………………………………….8Example:IPSec Tunnel Mode…………………………………………10VPN example- IPSec………………………………………………11IPSec Overview…………………………………………………….12Algorithms for encryption ………………...…………………………11Public Key Encryption……………………………………………...14Diffie-Hellman Key Exchange……………………………………..15IPSec Security Protocols…………………………………………..16IPSec AH & ESP …………………………………………….………17Secure Protocol- ESP……………………………………………...18Secure Protocol- AH………………………………………………..20References…………………………………………………………..22
3
Introduction
This project describes VPNs, or Virtual Private Networks.
I’ll try to briefly describe the main components, technologies and advantages.
The audience is expected to have some basic knowledge the TCP/IP protocols, as well as general security concepts.
4
VPN concept definition
VPN- Virtual Private Network.
The VPN concept is all about combining several separated Private Networks using public infrastructure.
• Virtual- because it’s dynamic connection over public infrastructure.
• Private- data security is preserved.
• Network- connects several LANs or single computers to a mainframe/LAN
5
VPN advantages
• Cost saving.
• Accessibility& secure connection.
• Application transparent .
6
VPN types
• PPTP- point-to-point tunneling protocol • L2F- layer-2 forwarding• L2TP- layer-2 tunneling protocol• IPSec- IP security protocol • GRE- generic routing encapsulation• MPLS- multiprotocol label switching• ATM- asynchronous transfer mode• Frame Relay
7
7 Layers Model
VPN uses the 2’nd or the 3’d layer of the OSI model.
8
VPNs classification
Layer 2 VPN
P2P over VC
ATMFrameRelay
Layer 3 VPN
P2P , Any2Any
GRE MPLS IPSec
9
VPNs classification
ATM
Site-to-site VPNs
Static
FrameRelay
GRE MPLS
Remote access VPNs
Dynamic
IPSec LT2P
10
Example:IPSec Tunnel Mode
11
VPN example- IPSec
Whats IPSec?
IPSecs goal is to secure IP packets (IPv6/v4) .
What is it good for?
IPSec provides authentication, integrity, access control, and confidentiality.
12
IPSec Overview
Fundamental components of IPSec :
• Algorithms for encryption
• Key management ISAKMP, IKE, SKEME
• Security protocols Authentication header (AH) and encapsulation security payload (ESP)
13
Algorithms for encryption
• Symmetric Algorithms: DES, 3DES, and AES .
• Asymmetric Algorithms-public key algorithms: IKE (Internet Key Exchange )
In 1999, the DES key was cracked in less than 24 hours by using an exhaustive key
search. IPSec
14
Public Key Encryption
15
Diffie-Hellman Key Exchange
16
IPSec Security Protocols
• Encapsulating security payload (ESP) • Authentication header (AH)
>> IP datagram security <<
17
IPSec AH & ESP
Packet in IPSec Transport Mode
IP Packet in IPSec Tunnel Mode
18
Secure Protocol- ESP
IP Packet Protected by ESP
19
Secure Protocol- ESPIP Packet Protected by ESP in Transport Mode
IP Packet Protected by ESP in Tunnel Mode
20
Secure Protocol- AH
AH provides: connectionless integrity,
data authentication, and optional replay protection.
IP Packet Protected by AH
21
Secure Protocol- AHIP Packet Protected by AH in Transport Mode
IP Packet Protected by AH in Tunnel Mode
22
References
• http://www.iec.org/
• http://www.raduniversity.com/2004/vpn/
• Cisco Press IPSec VPN Design
• Cisco - Safe VPN - IPSec In Depth