vpn
play

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN - PowerPoint PPT Presentation

Jul 24, 2023 •735 likes •942 views

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private network that encompasses links across shared or public networks like the Internet. Enable to send data between two computers across a shared or

  1. VPN Virtual Private Network

  2. Computer Center, CS, NCTU What is VPN  Extension of a private network that encompasses links across shared or public networks like the Internet.  Enable to send data between two computers across a shared or public internetwork in a manner that emulates the properties of a point-to-point private link. 2

  3. Computer Center, CS, NCTU Why ?  Cheap • Legacy private network uses remote connectivity through dial-up modems or through leased line connections, it’s expensive.  Scalable • Extending a leased line connection is complex. • Easy to administer.  Security • Provide encryption and file integrity. 3

  4. Computer Center, CS, NCTU Common Uses of VPNs – 1  Remote Access Over the Internet 4

  5. Computer Center, CS, NCTU Common Uses of VPNs – 2  Connecting Networks Over the Internet (Site to Site VPN) 5

  6. Computer Center, CS, NCTU Common Uses of VPNs – 3  Connecting Computers over an Intranet 6

  7. Computer Center, CS, NCTU Basic VPN Requirements  User Authentication  Key Management  Address Management  Data Encryption 7

  8. Computer Center, CS, NCTU Basic VPN Requirements – 1  User Authentication • Verify the VPN client's identity and restrict VPN access to authorized users only. • Provide audit and accounting records to show who accessed what information and when. • X . 509, pre- share key….  Key Management • Generate and refresh encryption keys for the client and the server. • Simple Key Management for IP, ISAKMP/Oakley … 8

  9. Computer Center, CS, NCTU Basic VPN Requirements – 2  Address Management • Assign a VPN client's address on the intranet and ensure that private addresses are kept private.  Data Encryption • No one outside the VPN can alter the VPN. • Data carried on the public network must be rendered unreadable to unauthorized clients on the network. 9

  10. Computer Center, CS, NCTU Tunneling  VPN consists of a set of point to point connections tunneled over the Internet.  In order to achieve tunneling, the packets are encapsulated as the payload of packets. • Payloads, to and from addresses, port numbers and other standard protocol packet headers • As seen by the external routers carrying the connection 10

  11. Computer Center, CS, NCTU Common Implementations  Point-to-Point Tunneling Protocol (PPTP) [RFC 2637]  Layer Two Tunneling Protocol (L2TP) [RFC 2661]  IPSec Tunnel Mode [RFC 2401]  Secure Socket Tunneling Protocol (SSTP) [Spec]  BGP/MPLS IP VPN [RFC 4364]  SSL VPN …, etc 11

  12. Computer Center, CS, NCTU PPP  Point-to-Point Protocol [RFC 1661]  PPP was designed to send data across dial-up or dedicated point-to-point connections. • PPP encapsulates IP, IPX, and NetBEUI packets within PPP frames, and then transmits the PPP-encapsulated packets across a point-to- point link.  User Authentication • Password Authentication Protocol (PAP) • Challenge Handshake Authentication Protocol (CHAP) • M$ Challenge Handshake Authentication Protocol (M$-CHAP) • M$-CHAPv2  Data can be compressed or encrypted before transmission. • Microsoft Point to Point Compression / Encryption (MPPC / E) 12

  13. Computer Center, CS, NCTU PPTP  Point-to-Point Tunneling Protocol • PPTP doesn’t describe encryption or authentication  Rely on the PPP protocol • PPTP encapsulates PPP frames in IP datagrams for transmission over an IP internetwork by TCP connection. • PPTP uses a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for tunneled data. 13

  14. Computer Center, CS, NCTU Security of PPTP  PPTP has been the subject of many security analyses and serious security vulnerabilities have been found • MS-CHAP is fundamentally insecure. • MS-CHAPv2 is vulnerable to dictionary attack on the captured challenge response packets.  EAP-TLS (Extensible Authentication Protocol – TLS) is the superior authentication choice for PPTP. 14

  15. Computer Center, CS, NCTU L2TP  Layer Two Tunneling Protocol • PPTP+L2F (Layer Two Forwarding) • L2TP over IP internetworks uses UDP and a series of L2TP messages for tunnel maintenance. • A tunnel can contain multiple connection at once. 15

  16. Computer Center, CS, NCTU L2TP/IPsec  Usually use IPsec ESP (Encapsulating Security Payload) to encrypt the L2TP packet. • Data encryption begins before the PPP connection process by negotiating an IPSec security association. • Require computer-level authentication using computer certificates. 16

  17. Computer Center, CS, NCTU IPsec Tunnel Mode  Internet Protocol Security Tunnel Mode • IPSec tunnel mode encapsulates and encrypts entire IP packets, and the encrypted payload is then encapsulated again with a plain-text IP header.  Internet Key Exchange (IKE) • ISAKMP+OAKLEY  Two functions that ensure confidentiality: • Authentication Header (AH)  Provide source authentication and integrity without encryption. • Encapsulating Security Payload (ESP)  Provide both data authentication, data integrity and data encryption. 17

  18. Computer Center, CS, NCTU SSL VPN  A form of VPN that can be used with a standard Web browser.  The traffic is encrypted with the SSL protocol or Transport Layer Security (TLS) protocol. 18

  19. Computer Center, CS, NCTU Appendix  Seven Myths about VPN Logging and Anonymity  https://technet.microsoft.com/zh-tw/library/bb742566.aspx 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where

PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where

PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where is PPP used What is the task of LCP What is the task of NCP SLIP Serial Line IP Predecessor of PPP We don't even think of it

519 views • 10 slides
AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to

AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to

AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to Authorization uthorization : does the person (computer) we are talking to have the necessary privileges to the source / use of service / ...

1.32k views • 71 slides
PROTOCOLS ETI 2506 Telecommunication Systems Monday, 7 November 2016 TELECOMMUNICATION

PROTOCOLS ETI 2506 Telecommunication Systems Monday, 7 November 2016 TELECOMMUNICATION

POINT TO POINT DATALINK PROTOCOLS ETI 2506 Telecommunication Systems Monday, 7 November 2016 TELECOMMUNICATION SYLLABUS Principles of Telecom (IP Telephony and IP TV) - Key Issues to remember PPP Frame and Phases Password Authentication

825 views • 15 slides
Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues

Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues

Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues Windows Protocol Protocol Analysis: Analysis: Windows Various Protocols and Problems Various Protocols and Problems MSCHAP &

411 views • 6 slides
the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26,

the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26,

AAA Support by the RADIUS and the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26, 2016 Overview 1. Authentication, Authorization and Accounting (AAA). 2. AAA Services, Protocols and Architecture. 3.

1.7k views • 40 slides
Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da

Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da

WNP-MPR-Sec 1 Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da Universidade do Porto WNP-MPR-Sec 2 Topics Scheduled for Today Authentication and access control Security basic

775 views • 49 slides
Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists

Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists

Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists of individual systems that are connected to each other. SLIP and PPP Basically, it is wide are network that is built up from point-to-point

412 views • 4 slides
Authentication and Secure Communication Jeff Chase Duke University technology people Where

Authentication and Secure Communication Jeff Chase Duke University technology people Where

Authentication and Secure Communication Jeff Chase Duke University technology people Where are the boundaries of the system that you would like to secure? Where is the weakest link? What happens when the weakest link fails? The First

1.19k views • 60 slides
SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and IPsec 1 What are we trying to accomplish? Alice, Bob want to talk to each other But theyre worried about attack How do you know

1k views • 56 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Messaging Layer Security The Beginning Richard Barnes , Benjamin Beurdouche, Karthik Bhargavan,

Messaging Layer Security The Beginning Richard Barnes , Benjamin Beurdouche, Karthik Bhargavan,

Messaging Layer Security The Beginning Richard Barnes , Benjamin Beurdouche, Karthik Bhargavan, Katriel Cohn-Gordon, Cas Cremers, Jon Millican, Emad Omara, Eric Rescorla, Raphael Robert RWC 2019, San Jose, CA YOUR NAME / LOGO HERE Objectives

673 views • 33 slides
Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

handshake 1 Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g , where K fg can be hash AB authentication not mutual connection hijacking off-line password attack compromise of database

424 views • 16 slides
EAP-TLS Smartcards, from Dream to Reality Pascal Urien, Mohamed Badra, Mesmin Dandjinou 4th

EAP-TLS Smartcards, from Dream to Reality Pascal Urien, Mohamed Badra, Mesmin Dandjinou 4th

EAP-TLS Smartcards, from Dream to Reality Pascal Urien, Mohamed Badra, Mesmin Dandjinou 4th Workshop on Applications and Services in Wireless Networks Boston University Massachusetts, USA August 9th, 2004 1 Pascal URIEN, Boston University,

219 views • 19 slides
Computer Communication Networks Network Security ICEN/ICSI 416 Fall 2016 Prof. Dola Saha 1

Computer Communication Networks Network Security ICEN/ICSI 416 Fall 2016 Prof. Dola Saha 1

Computer Communication Networks Network Security ICEN/ICSI 416 Fall 2016 Prof. Dola Saha 1 Network Security Goals: understand principles of network security: cryptography and its many uses beyond confidentiality

587 views • 57 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples

Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples

Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples Countermeasures against DoS Crypto Puzzles Stateless Protocols Avoid IP address spoofing / identifying malicious nodes Ingress filtering

937 views • 72 slides
Improved KRACK Attacks Against WPA2 Implementations Mathy Vanhoef @vanhoefm OPCDE, Dubai, 7

Improved KRACK Attacks Against WPA2 Implementations Mathy Vanhoef @vanhoefm OPCDE, Dubai, 7

Improved KRACK Attacks Against WPA2 Implementations Mathy Vanhoef @vanhoefm OPCDE, Dubai, 7 April 2018 Overview Key reinstalls in 4-way handshake New KRACKs Practical impact Lessons learned 2 Overview Key reinstalls in 4-way

991 views • 56 slides
The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs

The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs

The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs Bluetooth Security and Cooperation in Wireless Networks Georg-August University Gttingen Security in Wireless Networks Wireless networks are

519 views • 48 slides
I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche,

I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche,

I DPID It My Way! A Covert Timing Channel in Software-Defined Networks Robert Kro sche, Kashyap Thimmaraju , Liron Schiff and Stefan Schmid IFIP Networking 2018 14-16 May, 2018, Zurich, Switzerland 1 Outline 1. Motivation 2. Covert

999 views • 95 slides
Protocol Composition Logic Arnab Roy joint work with A. Datta, A. Derek, N. Durgin, J.C.

Protocol Composition Logic Arnab Roy joint work with A. Datta, A. Derek, N. Durgin, J.C.

CS259: Security Analysis of Network Protocols, Winter 2008 Protocol Composition Logic Arnab Roy joint work with A. Datta, A. Derek, N. Durgin, J.C. Mitchell, D. Pavlovic Todays Plan First half The meaning, importance and technique of

729 views • 24 slides
Challenge/Response Authentication Authentication by what questions you can answer correctly

Challenge/Response Authentication Authentication by what questions you can answer correctly

Challenge/Response Authentication Authentication by what questions you can answer correctly Again, by what you know The system asks the user to provide some information If its provided correctly, the user is authenticated

233 views • 20 slides
Practical Password Recovery on an Practical Password Recovery on an MD5 Challenge/Response such

Practical Password Recovery on an Practical Password Recovery on an MD5 Challenge/Response such

Practical Password Recovery on an Practical Password Recovery on an MD5 Challenge/Response such as MD5 Challenge/Response such as APOP * APOP * Yu Sasaki ( The University of Electro-Communications ) Go Yamamoto (NTT) Kazumaro Aoki (NTT)

436 views • 8 slides
CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,

449 views • 24 slides

More recommend