logging in or signing up vpn mymailbox83 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 232 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: April 22, 2010 This Presentation is Public Favorites: 0 Presentation Description technology Comments Posting comment... Premium member Presentation Transcript Virtual Private Networks : Virtual Private Networks Fred Baker What is a VPN : What is a VPN Public networks are used to move information between trusted network segments using shared facilities like frame relay or atm A VIRTUAL Private Network replaces all of the above utilizing the public Internet Performance and availability depend on your ISP and the Internet Why? : Why? HomeNet to the office. : HomeNet to the office. VPN Types : VPN Types VPN Implementations : VPN Implementations VPN as your Intranet : VPN as your Intranet What a VPN needs : What a VPN needs VPNs must be encrypted so no one can read it VPNs must be authenticated No one outside the VPN can alter the VPN All parties to the VPN must agree on the security properties VPN Components : VPN Components Parts of a VPN : Parts of a VPN VPN works via crypto/Encapsulation : VPN works via crypto/Encapsulation Encryption and Decryption : Encryption and Decryption Clear-Text Clear-Text Cipher Text 8vyaleh31&d ktu.dtrw8743 $Fie*nP093h Basic Crypto – Keys are key : Basic Crypto – Keys are key 2 Kinds Key Systems : 2 Kinds Key Systems Symmetric Key Algorithms : Symmetric Key Algorithms DES—56-bit key Triple-DES—encrypt, decrypt, encrypt, using either two or three 56-bit keys IDEA—128-bit key Blowfish—variable-length key, up to 448 bits Public Key Encryption Example : Public Key Encryption Example Message Alice Bob Encrypted Message Message Bob’s Public Key Bob’s Private Key Decrypt Alice wants to send Bob encrypted data Alice gets Bob’s public key Alice encrypts the data with Bob’s public key Alice sends the encrypted data to Bob Bob decrypts the data with his private key Encryption PKI vs Symmetric Key : PKI vs Symmetric Key PKI easier as you don’t have to manage keys on a per user basis But MUCH more compute intensive (up to 1000 times faster) Many systems do a combination I.e. PGP Use PKI to send a symmetric key Then use the symmetric key to crypto the data Using Crypto in real life : Using Crypto in real life PKI to send Private Keys : PKI to send Private Keys PKI Certs a way to authenticate : PKI Certs a way to authenticate Prove the user cert Certificates of authority : Prove the user cert Certificates of authority Digital Signature to verify data not changed in transit : Digital Signature to verify data not changed in transit PKI the full picture : PKI the full picture Where you do Crypto : Where you do Crypto Technologies : Technologies Application Layer: SSL : Application Layer: SSL Transport Layer: IPSEC : Transport Layer: IPSEC A standard is composed of: Diffie-Huffman key exchange PKI for the DH exchanges DES and other bulk encryption Hash to authenticate packets Digital Certificates to validate keys Transport Layer: IPSEC VPNs3 parts : Transport Layer: IPSEC VPNs3 parts Tunnel vs Transport : Tunnel vs Transport Transport Implemented by the end point systems Real address to real address Cannot ‘go through’ other networks Tunnel Encapsulation of the original IP packet in another packet Can ‘go through’ other networks End systems need not support this Often PC to a box on the ‘inside’ Diffie-Hellman Key Exchange (1976) : Diffie-Hellman Key Exchange (1976) By openly exchanging non-secret numbers, two people can compute a unique shared secret number known only to them Modular Exponentiation : Modular Exponentiation Generator, g Modulus (prime), p Y = gX mod p 2^237276162930753723 mod 79927397984597926572651 Both g and p Are Shared and Well-Known Diffie-HellmanPublic Key Exchange : Diffie-HellmanPublic Key Exchange Private Value, XA Public Value, YA Private Value, XB Public Value, YB (shared secret) Alice Bob YB mod p = g mod p = YA mod p XB XA XB YA YB XA Security Association is the agreement on how to secure : Security Association is the agreement on how to secure create the ISAKMP SA (Internet Security Association Key Management Protocol) : create the ISAKMP SA (Internet Security Association Key Management Protocol) IPSEC Key Exchange (IKE) : IPSEC Key Exchange (IKE) IKE allows scale as I do not need to hard code passwords for each pair : IKE allows scale as I do not need to hard code passwords for each pair Link Layer: L2TP for VPDN (Vir Pvt Dial Net) : Link Layer: L2TP for VPDN (Vir Pvt Dial Net) PPTP: Free from Microsoft : PPTP: Free from Microsoft PPTP: Security : PPTP: Security VPN Comparisons : VPN Comparisons So why have a private network: QOS not fully cooked : So why have a private network: QOS not fully cooked Very dependent on your ISP Real hard to do across ISPs So no guarantee of performance Other Issues : Other Issues Like Nat : Like Nat Wireless: a new big driver, WAS (Work At Starbucks) : Wireless: a new big driver, WAS (Work At Starbucks) Many security protocols, depends on deployer : Many security protocols, depends on deployer VPN means I don’t care how you connect : VPN means I don’t care how you connect Example : Example So what could be wrong? : So what could be wrong? VPN clients hit the network stack May not play well with personal firewalls Or other software May not need full access to the target network just encrypted access One answer: clientless VPN : One answer: clientless VPN Use SSL as the transport protocol to an appliance Can add NT authentication to the appliance Clientless mode: Use web enabled applications over the Internet, the appliance SSLifies web sites Java Applet: Use an downloadable applet to send traffic over SSL, get more support for applications. Can work well if you want to have encrypted web based apps without redoing the application to use SSL you need certs and have to change EVERY link to HTTPs Also big hit on the server cpu Summary: VPNs : Summary: VPNs Very big in the work access space Exploit High speed Wireless in the office public ‘hot spots’ like Borders Replaces direct dial into the work network Replace dedicated Business partners May replace the corporate WAN You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
vpn mymailbox83 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 232 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: April 22, 2010 This Presentation is Public Favorites: 0 Presentation Description technology Comments Posting comment... Premium member Presentation Transcript Virtual Private Networks : Virtual Private Networks Fred Baker What is a VPN : What is a VPN Public networks are used to move information between trusted network segments using shared facilities like frame relay or atm A VIRTUAL Private Network replaces all of the above utilizing the public Internet Performance and availability depend on your ISP and the Internet Why? : Why? HomeNet to the office. : HomeNet to the office. VPN Types : VPN Types VPN Implementations : VPN Implementations VPN as your Intranet : VPN as your Intranet What a VPN needs : What a VPN needs VPNs must be encrypted so no one can read it VPNs must be authenticated No one outside the VPN can alter the VPN All parties to the VPN must agree on the security properties VPN Components : VPN Components Parts of a VPN : Parts of a VPN VPN works via crypto/Encapsulation : VPN works via crypto/Encapsulation Encryption and Decryption : Encryption and Decryption Clear-Text Clear-Text Cipher Text 8vyaleh31&d ktu.dtrw8743 $Fie*nP093h Basic Crypto – Keys are key : Basic Crypto – Keys are key 2 Kinds Key Systems : 2 Kinds Key Systems Symmetric Key Algorithms : Symmetric Key Algorithms DES—56-bit key Triple-DES—encrypt, decrypt, encrypt, using either two or three 56-bit keys IDEA—128-bit key Blowfish—variable-length key, up to 448 bits Public Key Encryption Example : Public Key Encryption Example Message Alice Bob Encrypted Message Message Bob’s Public Key Bob’s Private Key Decrypt Alice wants to send Bob encrypted data Alice gets Bob’s public key Alice encrypts the data with Bob’s public key Alice sends the encrypted data to Bob Bob decrypts the data with his private key Encryption PKI vs Symmetric Key : PKI vs Symmetric Key PKI easier as you don’t have to manage keys on a per user basis But MUCH more compute intensive (up to 1000 times faster) Many systems do a combination I.e. PGP Use PKI to send a symmetric key Then use the symmetric key to crypto the data Using Crypto in real life : Using Crypto in real life PKI to send Private Keys : PKI to send Private Keys PKI Certs a way to authenticate : PKI Certs a way to authenticate Prove the user cert Certificates of authority : Prove the user cert Certificates of authority Digital Signature to verify data not changed in transit : Digital Signature to verify data not changed in transit PKI the full picture : PKI the full picture Where you do Crypto : Where you do Crypto Technologies : Technologies Application Layer: SSL : Application Layer: SSL Transport Layer: IPSEC : Transport Layer: IPSEC A standard is composed of: Diffie-Huffman key exchange PKI for the DH exchanges DES and other bulk encryption Hash to authenticate packets Digital Certificates to validate keys Transport Layer: IPSEC VPNs3 parts : Transport Layer: IPSEC VPNs3 parts Tunnel vs Transport : Tunnel vs Transport Transport Implemented by the end point systems Real address to real address Cannot ‘go through’ other networks Tunnel Encapsulation of the original IP packet in another packet Can ‘go through’ other networks End systems need not support this Often PC to a box on the ‘inside’ Diffie-Hellman Key Exchange (1976) : Diffie-Hellman Key Exchange (1976) By openly exchanging non-secret numbers, two people can compute a unique shared secret number known only to them Modular Exponentiation : Modular Exponentiation Generator, g Modulus (prime), p Y = gX mod p 2^237276162930753723 mod 79927397984597926572651 Both g and p Are Shared and Well-Known Diffie-HellmanPublic Key Exchange : Diffie-HellmanPublic Key Exchange Private Value, XA Public Value, YA Private Value, XB Public Value, YB (shared secret) Alice Bob YB mod p = g mod p = YA mod p XB XA XB YA YB XA Security Association is the agreement on how to secure : Security Association is the agreement on how to secure create the ISAKMP SA (Internet Security Association Key Management Protocol) : create the ISAKMP SA (Internet Security Association Key Management Protocol) IPSEC Key Exchange (IKE) : IPSEC Key Exchange (IKE) IKE allows scale as I do not need to hard code passwords for each pair : IKE allows scale as I do not need to hard code passwords for each pair Link Layer: L2TP for VPDN (Vir Pvt Dial Net) : Link Layer: L2TP for VPDN (Vir Pvt Dial Net) PPTP: Free from Microsoft : PPTP: Free from Microsoft PPTP: Security : PPTP: Security VPN Comparisons : VPN Comparisons So why have a private network: QOS not fully cooked : So why have a private network: QOS not fully cooked Very dependent on your ISP Real hard to do across ISPs So no guarantee of performance Other Issues : Other Issues Like Nat : Like Nat Wireless: a new big driver, WAS (Work At Starbucks) : Wireless: a new big driver, WAS (Work At Starbucks) Many security protocols, depends on deployer : Many security protocols, depends on deployer VPN means I don’t care how you connect : VPN means I don’t care how you connect Example : Example So what could be wrong? : So what could be wrong? VPN clients hit the network stack May not play well with personal firewalls Or other software May not need full access to the target network just encrypted access One answer: clientless VPN : One answer: clientless VPN Use SSL as the transport protocol to an appliance Can add NT authentication to the appliance Clientless mode: Use web enabled applications over the Internet, the appliance SSLifies web sites Java Applet: Use an downloadable applet to send traffic over SSL, get more support for applications. Can work well if you want to have encrypted web based apps without redoing the application to use SSL you need certs and have to change EVERY link to HTTPs Also big hit on the server cpu Summary: VPNs : Summary: VPNs Very big in the work access space Exploit High speed Wireless in the office public ‘hot spots’ like Borders Replaces direct dial into the work network Replace dedicated Business partners May replace the corporate WAN