A security pattern for a virtual private network
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

A Security Pattern for a Virtual Private Network PowerPoint PPT Presentation


  • 46 Views
  • Uploaded on
  • Presentation posted in: General

A Security Pattern for a Virtual Private Network. Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca Raton, FL , USA. Introduction.

Download Presentation

A Security Pattern for a Virtual Private Network

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


A security pattern for a virtual private network

A Security Pattern for a Virtual Private Network

Ajoy Kumar and Eduardo B. Fernandez

Dept. of Computer Science and Eng.

Florida Atlantic University

Boca Raton, FL , USA


Introduction

Introduction

  • Virtual Private Networks (VPN) make use of public network resources to access internal nodes of an enterprise. Within the VPN, the transmission is protected by security mechanisms to provide confidentiality and integrity. So a “private” network is established. Since this network exists only in a virtual sense, it has been termed a virtual private network.


A security pattern for a virtual private network

VPN

  • VPN uses a technique called tunneling, in which data is transmitted across a public network in a cryptographic tunnel that simulates an end to end connection. The end connections could be both private or one end private with the other end being a public domain.


A security pattern for a virtual private network

VPN

R1 – Router at Site A.

R2 – Router at Site B.


Figure 2 network layers and patterns

Figure 2. Network Layers and Patterns


A security pattern for a virtual private network

VPN

Pattern Diagram for VPN

TLS VPN

IP VPN

XML VPN

TLS

IPSec

Secure Channel

Authentication


Problem

Problem

  • In today’s world, a lot of people work remotely. They need a secure connection to their company network. We need to develop a secure architecture so that confidential work can be performed. Many companies have offices distributed all over the globe. The employees of such companies need to communicate securely.


Forces

Forces

  • The number of users remotely connected may be growing; the system should be scalable.

  • The system should be flexible enough to accommodate different ways of providing security.

  • We should restrict access to the system to only authorized users.

  • We need to use the Internet or public networks to reduce the cost; in turn subjecting the private network established within the public network to numerous threats faced by the public networks such as Denial of Services and other attacks.


Solution

Solution

  • A secure VPN connection is established between the end user and the local network. A cryptographic tunnel is set up between the end user and the local network This VPN Tunnel may provide data integrity and confidentiality if properly implemented. The network is able to authenticate a user accessing an end point.


A security pattern for a virtual private network

Class Diagram

Network

VPN

*

*

Network

End Point

1

1

*

Authenticator

Secure Channel

1

Identity Base

*

Identity


Sequence diagram

:End

Point

:VPN

:Identity

:Identity Base

:Secure Channel

:Network

RequestAuth

authenticate

check

authenticated

Establish Secure Channel

Established

VPN Connection Established

Sequence Diagram


Variants

Variants

  • Virtual Priivate Networks can be established at the Application layer, IP Layer or the TCP layer. XML VPN are established at the application layer and IP VPN are established at the IP Layer and TSL VPN are established at the TCP Layer.


Known uses

Known Uses

  • Ctrix provides a site to site SSL VPN connection for remote users to log into the secure network as well as access applications on the company (secure) network. [Cit]

  • Cisco VPN on the other hand uses a IPSec VPN. [Cis]

  • Nokia VPN provides VPN connection for Nokia Mobile Users. [Nok]


Advantages

Advantages

  • Users are authenticated by the system to control their access to the VPN.

  • We could add a logging system for the users logging in at the end points for future audits.

  • If we use secure encryption, we can provide data confidentiality and integrity for the messages sent through the VPN.


Disadvantages

Disadvantages

  • If the VPN connection is compromised, the attacker could get full access to the internal network.

  • Because of encryption, VPN traffic is invisible to IDS monitoring. If the IDS probe is outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN tunnel. Therefore if a hacker gains access to the VPN, he can attack the internal systems without being detected by the IDS.


Disadvantages contd

Disadvantages (Contd…)

  • In case of VPN with a private end user, the remote computer used by the private user is vulnerable to outside attacks which in turn can attack the network it is connected to.

  • The VPN Tunnel is only as strong as the cryptographic protocol used.


Related patterns

Related Patterns

  • Firewalls can be added to each network layer to make the network layer more secure. [Fer03]

  • IDS can also coexist in each of these network layers to detect attack. [Fer05]

  • Secure Channel and Authenticator establishes the security mechanisms.


Conclusions

Conclusions

  • A VPN is a basic component in network architectures. We presented here a pattern for its architecture and security properties. Future work will integrate this pattern with other patterns shown in Figure 3.


A security pattern for a virtual private network

Q & A

  • Suggestions

  • Modifications

  • Corrections


  • Login