A security pattern for a virtual private network
Sponsored Links
This presentation is the property of its rightful owner.
1 / 19

A Security Pattern for a Virtual Private Network PowerPoint PPT Presentation


  • 51 Views
  • Uploaded on
  • Presentation posted in: General

A Security Pattern for a Virtual Private Network. Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca Raton, FL , USA. Introduction.

Download Presentation

A Security Pattern for a Virtual Private Network

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


A Security Pattern for a Virtual Private Network

Ajoy Kumar and Eduardo B. Fernandez

Dept. of Computer Science and Eng.

Florida Atlantic University

Boca Raton, FL , USA


Introduction

  • Virtual Private Networks (VPN) make use of public network resources to access internal nodes of an enterprise. Within the VPN, the transmission is protected by security mechanisms to provide confidentiality and integrity. So a “private” network is established. Since this network exists only in a virtual sense, it has been termed a virtual private network.


VPN

  • VPN uses a technique called tunneling, in which data is transmitted across a public network in a cryptographic tunnel that simulates an end to end connection. The end connections could be both private or one end private with the other end being a public domain.


VPN

R1 – Router at Site A.

R2 – Router at Site B.


Figure 2. Network Layers and Patterns


VPN

Pattern Diagram for VPN

TLS VPN

IP VPN

XML VPN

TLS

IPSec

Secure Channel

Authentication


Problem

  • In today’s world, a lot of people work remotely. They need a secure connection to their company network. We need to develop a secure architecture so that confidential work can be performed. Many companies have offices distributed all over the globe. The employees of such companies need to communicate securely.


Forces

  • The number of users remotely connected may be growing; the system should be scalable.

  • The system should be flexible enough to accommodate different ways of providing security.

  • We should restrict access to the system to only authorized users.

  • We need to use the Internet or public networks to reduce the cost; in turn subjecting the private network established within the public network to numerous threats faced by the public networks such as Denial of Services and other attacks.


Solution

  • A secure VPN connection is established between the end user and the local network. A cryptographic tunnel is set up between the end user and the local network This VPN Tunnel may provide data integrity and confidentiality if properly implemented. The network is able to authenticate a user accessing an end point.


Class Diagram

Network

VPN

*

*

Network

End Point

1

1

*

Authenticator

Secure Channel

1

Identity Base

*

Identity


:End

Point

:VPN

:Identity

:Identity Base

:Secure Channel

:Network

RequestAuth

authenticate

check

authenticated

Establish Secure Channel

Established

VPN Connection Established

Sequence Diagram


Variants

  • Virtual Priivate Networks can be established at the Application layer, IP Layer or the TCP layer. XML VPN are established at the application layer and IP VPN are established at the IP Layer and TSL VPN are established at the TCP Layer.


Known Uses

  • Ctrix provides a site to site SSL VPN connection for remote users to log into the secure network as well as access applications on the company (secure) network. [Cit]

  • Cisco VPN on the other hand uses a IPSec VPN. [Cis]

  • Nokia VPN provides VPN connection for Nokia Mobile Users. [Nok]


Advantages

  • Users are authenticated by the system to control their access to the VPN.

  • We could add a logging system for the users logging in at the end points for future audits.

  • If we use secure encryption, we can provide data confidentiality and integrity for the messages sent through the VPN.


Disadvantages

  • If the VPN connection is compromised, the attacker could get full access to the internal network.

  • Because of encryption, VPN traffic is invisible to IDS monitoring. If the IDS probe is outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN tunnel. Therefore if a hacker gains access to the VPN, he can attack the internal systems without being detected by the IDS.


Disadvantages (Contd…)

  • In case of VPN with a private end user, the remote computer used by the private user is vulnerable to outside attacks which in turn can attack the network it is connected to.

  • The VPN Tunnel is only as strong as the cryptographic protocol used.


Related Patterns

  • Firewalls can be added to each network layer to make the network layer more secure. [Fer03]

  • IDS can also coexist in each of these network layers to detect attack. [Fer05]

  • Secure Channel and Authenticator establishes the security mechanisms.


Conclusions

  • A VPN is a basic component in network architectures. We presented here a pattern for its architecture and security properties. Future work will integrate this pattern with other patterns shown in Figure 3.


Q & A

  • Suggestions

  • Modifications

  • Corrections


  • Login