Network and Security Patterns

Ajoy Kumar

Introduction

• Network Layer Security is something which has become the of prime importance in designing any network system.

• We look at the important layers of the network and try to identify the different Security Patterns associated with each layer. My work will be trying to fill the gaps at each layer where security patterns are missing or not well established.

VPN Security

• We first look at the available patterns in the system.

• And as the next step, we try to understand the VPN architecture and we try to develop a Security pattern for the VPN Architecture.

Network Architecture

FireWall IDS VPN Protocol

Application XML FW XML IDS XML VPN SAML

TCP Proxy FW TCP IDS TLS/SSL VPN TLS

IP Packet FW Packet IDS IPSec VPN IPSec

AUTHENTICATION

SECRECY

AUTHORIZATION

IDENTIFICATION

Security Objects

Class Diagram for XML Firewall[Ne06]

Class Diagram for a Packet FW[Fe06]

address addressPFFirewall

ExplicitRule DefaultRule

ExternalHost LocalHost

Rule

in/out

{ordered}*

1

1 1**requestService requestService

RuleBase

addRuledeleteRulemodifyRulereorderRules

Class Diagram for Proxy FireWall[Fe03]

Class Diagram for IDS.[Fer05]

VPN Architecture

• VPN make use of public network resources to connect to the private network of the enterprise. Within the VPN, the transmission is protected by security principles to assure confidentiality of the user(s) and data integrity. So a “private” network is established in the public domain. Since this network exists in a logical sense, it has been termed as virtual private network.

Features of a good VPN

– Security– Reliability– Scalability– Network management– Policy management

Problem

• In the company where I work we have a lot of remote employees who log in from different parts of the world such as St. Louis, USA or Israel. These developers log into a machine in Boca and work virtually from Boca. These connections are done using an VPN architecture. We need to develop the most safe architecture so that the work is done most efficiently and with the least threats to security.

Context

• Local networks with applications being executed in distributed systems. Access to the network can be from the Internet or from other external networks using a VPN connection.

Forces• There are many remote users trying to connect to the same network

from different end points. A good VPN system must accommodate all these users.

• There may be different end users that may require different levels of security. We need to define appropriate policies for each of these VPN connections.

• The company has various employees joining and leaving the company. Hence the security policies need to be constantly modified. Hence the VPN configuration should be easily configurable.

• The number of users and applications may increase significantly; adding more users or applications should be done transparently and at proper cost.

• A VPN set up should avoid access to the corporate network from all harmful external elements

• There are many ways to perform authentication. The VPN must support the different methods.

Pattern Diagram

TCP VPN IP VPN XML VPN

Authentication Secure Channel Authorization

IPSecTLS

AuthenticationSecrecy Message Authentication

VPN

PKI RM

Class Diagram for a VPN

End User Secure Network

VPN Network

End User Auth Point Secure Channel

Identity Base Policy Base

Identity Policy

Sequence Diagram for a VPN Authentication

:End User :VPN :EndUserAuthPT

:IdentityBase :Policy Base :SecureCh :SecureN/W

accessAllowed

openSecConn

authenticated

rqstConn

Established

rqstConn

Established

checkAccess

authenticate

Solution

• Whenever an end user tries to connect to a VPN, the network should ask for authorization. An user can access a network only if a specific policy authorizes it to do.

• Policy enforcing includes authenticating the end user who is trying to connect to the network.

• The VPN Tunnel created should maintain its confidentiality and data integrity.

Consequences• Advantages

– Company can define the policies for VPN end users thus centralizing the policies and makes the administration better.

– Since authorization is used, company can keep a log of end users connected in the present and in the past.

– A secure tunnel guarantees data integrity and secrecy. Usually a PKI system of encryption is used for sending data over the tunnel.

– As authentication of end users are performed, users can be held responsible for their actions .

– We can also incorporate RBAC based on the role of the end user.

– Usually a Firewall complements a VPN setup..

Consequences (Contd…)

• Liabilities– If the VPN is compromised, then the attacker gets full

access to the internal network too.– VPN traffic is often invisible to IDS monitoring.If the

IDS probe is outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN tunnel because it is encrypted. Therefore if a hacker gains access to the VPN, he can attack the internal systems without being picked up by the IDS.

– Whatever type of VPN we use, VPN is only as secure as the remote computer connected to it.

• Liabilities (Contd…)– The pattern does not discuss the attack at the

end points. – VPN Tunnel is only as strong as the

cryptography that enables it.

Known Users

• Citrix. Citrix provides a site to site VPN connection for remote users to log into the secure network as well as access applications on the company (secure) network.

Related Patterns

• Patterns for Application Firewalls using PEP and PAP.– Nelly Delessy-Gassant, Eduardo B.

Fernandez, Saeed Rajput,and Maria M. Larrondo Petrie

Future Work

• Expand on the VPN Pattern and create separate patterns for IP, SSL and XML VPNs.

• Developing the patterns missing in the network security diagram shown before.

Thank You

• Q&A

• Suggestions

• Concerns