lecture 16 page 1 advanced network security perimeter defense in networks: virtual private networks...

Lecture 16Advanced Network Security

Perimeter Defense in Networks: Virtual Private Networks

Advanced Network Security Peter ReiherAugust, 2014


Outline

• Another aspect of the perimeter defense problem

• Virtual private networks

– What are they?

– How do they handle this problem?

– Their practical use


Another Aspect of the Problem• What if you need to work across the

Internet?• You want to get the same protection on both

ends that firewalls would give• But those running the Internet won’t install

firewalls for you• So there’s an untrusted hole in your

perimeter


Illustrating the Problem

Your Los Angeles office

Your Saigon office

Your Los Angeles firewall

Your Saigon firewall

The Internet

SAFE! SAFE!

No firewall

NOTSAFE!


Cryptography to the Rescue

• We can’t ensure bad guys don’t see the packets we send outside our firewalls

• But we can ensure they don’t understand them and can’t alter them

• We can use cryptography to do that

• Essentially, a different way to provide perimeter defense

– When physical boundaries don’t apply


How To Do That?

• Encrypt all traffic between our trusted endpoints

– Literally everything

• For preference, even hide sender and receiver information

– To prevent attackers from knowing details of our networks


Virtual Private Networks• VPNs• The formal name for the solution we

just outlined• A dedicated virtual closed network • Running across an untrusted open

network• Security provided by cryptography


Encryption and Virtual Private Networks

• Use encryption to convert a shared line to a private line

• Set up a firewall at each installation’s network

• Set up shared encryption keys between the firewalls

• Encrypt all traffic using those keys


Actual Use of Encryption in VPNs

• VPNs run over the Internet

• Internet routers can’t handle fully encrypted packets

• Obviously, VPN packets aren’t entirely encrypted

• They are encrypted in a tunnel mode

– Often using IPSec

• Gives owners flexibility and control


Key Management and VPNs• All security of the VPN relies on key secrecy• How do you communicate the key?

– In early implementations, manually– Modern VPNs use IKE or proprietary key

servers• How often do you change the key?

– Better be often– And better be largely automated


Some Other VPN Issues

• Interactions between VPNs and firewalls

• New models of VPN deployment


VPNs and Firewalls

• VPN encryption is typically done between firewall machines– VPN often integrated into firewall product

• Do I need the firewall for anything else?• How much do I trust the remote office . . .?• Remember, you must not only trust honesty

– You must also trust caution


Placing the Firewall Outside the VPN

• Placing the firewall “outside” the VPN is pointless

– Traffic is encrypted, at that point

– Also, true IP addresses, ports, etc. are hidden by the tunneling

– Can’t usefully analyze packets here


Placing the Firewall Inside the VPN

• Meaning, after the VPN encryption has been removed

• And the tunneling undone

• Allows firewall to analyze the packets that would actually be delivered

• “Inside” means “later in same box” usually

– One machine handles both VPN and firewalls


New Models of VPNs

• Original model sets up VPN between two endpoints

– Static endpoints

– Semi-permanent VPN

• Modern needs have suggested other ways to use VPNs


VPNs and Portable Computing• Increasingly, workers connect to

offices remotely

– While on travel

– Or when working from home

• We can use VPNs to offer a secure solution


Securing the Mobile Worker• Set up VPN software on his computer

• Capturing all incoming/outgoing packets

• Applying encryption

• Using a key shared with the home office

• Wherever the user goes, his VPN endpoint goes with him


Temporary VPNs

• What if a group of users want to communicate securely?

• They’ve never done so before

• They might never do so again

• They will never meet in person

• They want it set up quickly


Arranging a Temporary VPN• Get the same VPN software to all

participants

• Securely set up a key distributed to all of them

• For the period of the conversation, send just relevant packets through VPN

• Throw it all away when you’re done


Practical Use of Temporary VPNs

• Often set up by video/teleconferencing companies• Using a web interface for

– Administration– Software distribution– Key distribution

• Requires customers to trust that company– SW could be bogus– Key distribution could be bugged– They claim, of course, they don’t do that


Major Security Issues for Temporary VPNs

• Key distribution

– Typically want to distribute same symmetric key to all

• Authentication

– How does everyone know that the other participants are proper

• Bogus software

• Compromised user machines


How It Usually Works• Clients get access from any machine• Using downloaded code

– Connect to web server, download VPN applet, away you go

– Crypto usually leverages existing SSL code– Authentication via user ID/password– Implies you trust the applet . . .


Conclusion • VPNs offer a reasonable way to get some

degree of perimeter defense across the Internet

• VPNs are really just a case of applied cryptography

• If you use one, think about what components you’re trusting– Should you trust them?

lecture 16 page 1 advanced network security perimeter defense in networks: virtual private networks...

Documents