Scribd
Upload
27 views25 pages

11 VPN

The document discusses Virtual Private Networks (VPNs) and Internet Protocol Security (IPSec), highlighting how VPNs enable private traffic to traverse public networks seamlessly. It explains the concept of tunneling, which involves encapsulating data packets, and outlines the protocols involved in this process. Additionally, it details IPSec's role in securing IP communications through authentication and encryption, along with its modes and protocols like Authentication Header (AH) and Encapsulation Security Payload (ESP).

Uploaded by

romaisamureed35
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
27 views25 pages

11 VPN

The document discusses Virtual Private Networks (VPNs) and Internet Protocol Security (IPSec), highlighting how VPNs enable private traffic to traverse public networks seamlessly. It explains the concept of tunneling, which involves encapsulating data packets, and outlines the protocols involved in this process. Additionally, it details IPSec's role in securing IP communications through authentication and encryption, along with its modes and protocols like Authentication Header (AH) and Encapsulation Security Payload (ESP).

Uploaded by

romaisamureed35
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Network Security

Virtual Private Network (VPN)

Amir Ali
[Link]@[Link]
Outline
 Virtual Private Network (VPN)
 Internet Protocol Security (IPSec)
Virtual Private
Network (VPN)
Private Network
Hybrid Network
Virtual Private
Network (VPN)

 VPN provides the same connectivity and


privacy as that of a private network on the
public network as two networks are physically
apart but virtually on the same network
Virtual Private
Network (VPN)
 A VPN is a means of carrying private traffic
over a public network.
 Often used to connect two private
networks, over a public network, to form a
virtual network
 The word virtual means that, to the users
on either end, the two private networks
seem to be seamlessly connected to each
other.
 That is, they are part of a single virtual
private network (although physically they
are two separate networks).
 The word ‘private’ means VPN should
A Typical VPN
Setup
Tunneling
 Most VPNs rely on tunneling to create a
private network that reaches across the
Internet
 Tunneling is the process of placing an
entire packet within another packet and
sending it over a network.
 The protocol of the outer packet is
understood by the network and both
points, called tunnel interfaces, where the
packet enters and exits the network
Tunneling:
Protocols
 Tunneling requires three different
protocols:
 Passenger protocol - The original data (IPX,
NetBeui, IP) being carried
 Encapsulating protocol - The protocol
(GRE, IPSec, L2F, PPTP, L2TP) that is
wrapped around the original data
 Carrier protocol - The protocol used by the
network
Tunneling
Internet Protocol
Security (IPSec)
IP Security
 Internet Protocol Security (IPSec) is a
protocol suite for securing Internet
Protocol (IP) communications by
authenticating and encrypting each IP
packet of a communication session.
Application of
IPSec
 IPSec can provide secure communication
across a LAN, across private and public
WANs and across Internet.
 Secure branch office connectivity over
the Internet
 Secure remote access over the Internet
 Establishing extranet and intranet
connectivity with partners
 Enhancing electronic commerce security
A typical scenario
of IPSec usage
IPSec Modes
 Transport Mode
 Tunnel Mode
IPSec Transport
Mode
IPSec Tunnel Mode
IPSec Protocols
 Authentication Header (AH)
 Encapsulation Security Payload (ESP)
IPSec Protocols:
Authentication

Header (AH)
Provides data integrity and authentication
of IP packets
 The data integrity ensures undetected
modification of IP packets in transit is not
possible
 The authentication part ensures
authentication of the source (application
or user)
 Authentication is based on the use of a
message authentication code (MAC)
 Guards against spoofing attack

IPSec Protocols:
Encapsulation Security
Payload (ESP)
 Provides message content
confidentiality & limited traffic flow
confidentiality
 Can optionally provide the same
authentication services as AH
 Supports range of ciphers, modes,
padding
 Including DES, Triple-DES, etc
 CBC & other modes
 padding needed to fill block-size, fields,
for traffic flow
ESP or AH?

 The ESP Protocol was designed after


the AH Protocol was already in use. ESP
does whatever AH does with additional
functionality (privacy)
 The question is, Why do we need AH?
 The answer is, we don’t. However, the
implementation of AH is already
included in some commercial products,
which means that AH will remain part
of the Internet until the products are
phased out.

You might also like