Scribd
Upload
9 views12 pages

Module 7

Virtual Private Networks (VPNs) provide a cost-effective alternative to leased lines for secure communication over public infrastructure. VPNs create encrypted tunnels using protocols like IPSec, ensuring data security through various modes such as Transport and Tunnel. The Internet Key Exchange (IKE) protocol facilitates secure key exchange and establishes security associations between communicating parties.

Uploaded by

dikerdiganto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views12 pages

Module 7

Virtual Private Networks (VPNs) provide a cost-effective alternative to leased lines for secure communication over public infrastructure. VPNs create encrypted tunnels using protocols like IPSec, ensuring data security through various modes such as Transport and Tunnel. The Internet Key Exchange (IKE) protocol facilitates secure key exchange and establishes security associations between communicating parties.

Uploaded by

dikerdiganto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Virtual Private Networks

Before companies used leased lines, but it was expensive, the cost effective
alternative is VPNs(Virtual Private Networks). A network that enables private
communication but still uses a public infrastructure. By using VPNS Companies can
achieve Cost-effectiveness, Flexibility, Scalability
A Virtual Private Network (VPN) creates a secure, encrypted tunnel over the public
Internet that connects two separate networks. This makes the communication
between them appear as if it were taking place over a private, dedicated link,
ensuring that sensitive data remains secure despite traversing a shared public
infrastructure.
There are 3 types of VPNs
1. Access VPN (Connection to Remote users)
2. Extranet VPN (Supplier/Partners/Clients)
3. WAN VPN (Branch Office)

How VPN Work


VPN establishes tunnels through the internet to send packets.
What is a tunnel?
It is a logical stream of packets in which each packet is encapsulated with an
additional header as it travels through the public network.
So, what do we need to set up a VPN tunnel? A VPN Tunneling Protocol that can
establish tunnels with appropriate security mechanisms. Many are available - PPTP,
L2F, L2TP, etc. Perhaps the most popular is IPSec(IP Security)
IPSec is in the network layer. Provides per-packet, end-to-end or segment-
by-segment protection. You can build a tunnel from firewall to another ,
or one host to another or a host to a firewall
Authentication Header
The authentication header provides integrity, authentication and non-repudiation ,
Doesn’t provide confidentiality

This digest is used to verify the packet's integrity and the authenticity of its sender,
ensuring that the packet has not been tampered with during transit.

Authentication Header(AH) can be added in 2 different styles:


IP address Header Payload

1. Transport Mode: The original IP address is kept, The AH is added between


the IP address header and the payload.

Original IP Header Authentication Header Payload

2. Tunnel Mode : A new IP header is added to the datagram . Source IP


address will be the starting point of the tunnel and destination IP will be the
end point

New IP Header Authentication IP address Payload


Header

Encapsulating Security Payload


Provides confidentiality, integrity and authentication,
 Authentication algorithms: HMAC-MD5, HMAC-SHA,
 Encryption algorithms: AES, DES, 3DES, RC5, IDEA, CAST128, etc.

Anything between the ESP header and trailer gets encrypted. That is the main
difference between ESP and AH
ESP can be used in two modes: Transport and Tunnel
1. Transport Mode :

Original IP ESP Header Payload(Encrypted ESP Trailer


Header )

2. Tunnel Mode:

New IP ESP Header Original IP Payload(Encrypt ESP Trailer


Header Header(Encrypt ed)
ed)

So far we have seen 4 modes, AH transport and AH tunnel, ESP transport and ESP
tunnel. ESP tunnel is the most secure , SO should we always use ESP tunnel
whenever we want to set up an IPSec VPN ? No, depending one the application we
can chose the mode, because higher the security ,lower the flexibility
Internet Key Exchange(IKE)
It is the key exchange protocol for IPSec. It has 2 pahses:
1. Phase 1: Establishment of a Security Association
2. Phase 2: Secure exchange of messages
Security association (SA) is the set of negotiated security parameters that
establishes a secure, authenticated channel between the two communicating
parties. It consists of:
1. Encryption algorithm and its key length
2. Authentication algorithm and its key length
3. Lifetime of the keys
4. Lifetime of the SA itself
Phase 1:
Phase 2:

You might also like