Beruflich Dokumente
Kultur Dokumente
• VPN Overview
• VPN Topologies
• VPN Technologies
• IPSec
• The main function that a VPN offers for this protection is encryption through a tunnel:
– Tunnels provide logical, point-to-point connections across a connectionless IP
network. Encryption is applied to the tunneled connection to make data legible only
to authorized senders and receivers.
– Encryption ensures that messages cannot be read by anyone but the intended
recipient. Encryption transforms content information into a ciphertext that is
meaningless in its encrypted form. The decryption function restores the ciphertext
back into content information intended for the recipient.
8
• Designing a VPN using IPSec for connectivity between peers has inherent limitations.
These are:
– IPSec can encrypt/decrypt only IP traffic.
– IP traffic destined to a multicast or broadcast IP address cannot be handled by
IPSec, which means that IP multicast traffic cannot traverse the IPSec tunnel. Also,
many routing protocols (such as EIGRP, OSPF, and RIPv2) use a multicast or a
broadcast address; therefore, dynamic routing using these routing protocols cannot
be configured between IPSec peers.
• These limitations can be overcome by configuring an IP-encapsulated GRE tunnel
between the peers and applying IPSec protection on the GRE/IP tunnel.
11
• When GRE is used in conjunction with IPSec, either tunnel mode or transport
mode can be used.
• Tunnel mode adds an IPSec IP header to the GRE packet whereas IPSec
transport mode uses the original GRE packet's IP header.
12
Hub-and-Spokes
• A variety of networking devices can use VPN tunnels to carry encrypted data.
• Virtual Private Networking can be done from anywhere using routers, firewalls,
or dedicated VPN concentrators.
13
18
24
25
26
• Encryption
– When packets are traveling on the Internet, they are vulnerable to
eavesdropping. Clear-text messages can be intercepted and read by
anybody. Therefore, to keep the data secure, it can be encrypted.
– For encryption to work, both the sender and the receiver need to
know the rules that were used to encrypt the original message.
• There are 2 types of encryption:
– Symmetric
– Asymmetric
27
• Data Integrity
– Data integrity is also a critical function of VPN because data is sent over a
public network and can be intercepted and modified.
– To guard against this interception, every message has an attached hash.
This hash guarantees the integrity of the message. The receiver checks this
by comparing the received hash with the hash it calculates from the
message itself. If both values are equal, the message has not been
tampered with.
• IPSec uses the Hashed Message Authentication Codes (HMAC) protocol to
calculate the hash.
• Two HMAC algorithms are commonly used:
– HMAC-MD5 This protocol uses a 128-bit shared key. The key and the
message are combined to a 128-bit hash.
– HMAC-SHA-1 This protocol uses a 160-bit shared key. The length of the
hash is 160 bits. This protocol is considered stronger because of the longer
key.
28
• Origin Authentication
– Another important function is origin authentication. In the electronic era, a
document is signed with the sender's private encryption key. This is also
called a digital signature.
– This signature can be authenticated by decrypting it with the sender's public
key.
– When doing business over a long distance, it is important to know who is at
the other side of the phone, fax, and so on. The same is true for VPNs. The
devices at the other end of the tunnel must be authenticated before the path
is considered secure.
• There are 3 peer authentication methods:
– Preshared keys A secret key is entered into each peer manually.
– RSA signatures The exchange of digital certificates authenticates the
peers.
– RSA encryption nonces Nonces (a random number generated by the
peers) are encrypted and then exchanged between peers. The two nonces
are used during the peer authentication process.
29
• Preshared Keys
– If preshared keys are used, the same key is configured on each IPSec
peer.
– At each end, the preshared keys are combined with other information
(device-specific information) to form the authentication key.
– They are both sent through a hash algorithm to form a hash. Then the hash
is sent to the other site.
30
• RSA Signatures
– With RSA signatures, both hashes are not only authenticated but
also digitally signed.
– At the local end, the authentication key and identity information are
sent through the hash algorithm to form the hash, a process similar
to that used with preshared keys. But with RSA signatures, the
hash is then encrypted using the local peer's private key.
– The result of this procedure is a digital signature
31
32
33
34
35
• RSA-Encrypted Nonces
– RSA-encrypted nonces require that each site generate a nonce.
– Nonce is a pseudorandom number.
– The generated nonces are then encrypted and exchanged.
– When the other side receives the nonces, it makes an
authentication key from both nonces and some other information.
– That nonce-based key is then combined with device-specific
information and run though the hash algorithm
36
37
38
39
• Antireplay Protection
– Antireplay protection verifies that each packet is unique and not
duplicated.
– IPSec packets are protected by comparing the sequence number of
the received packets and a sliding window on the destination host.
– Packets in which the sequence number is before the sliding window
are considered late, or duplicate. These packets are dropped.
40
• Protocol Framework
– The previous sections discussed encryption, integrity, and authentication.
Now let's apply these three concepts to the IPSec protocol suite.
– IPSec is a framework of open standards.
– IPSec relies on existing technology, such as DES and 3DES, to secure the
communication between two entities.
• There are 2 main IPSec framework protocols available:
– Authentication header (AH)
– Encapsulating security payload (ESP)
41
42
43
45
• AH provides:
– the packet authentication,
– integrity assurance,
– and replay detection/protection via sequence numbers.
• However, no confidentiality or encryption is provided .
46
47
• A 32-bit Security Parameter Index (SPI) value shows the Security Association
(SA) used for this packet
• A 64-bit sequence number prevents packet replay:
– The receiver can verify that each packet is unique and is not duplicated.
• Authentication data is a HMAC value of the packet
• The following are reasons to use AH even though ESP seems to do all the
security services:
– AH requires less overhead than ESP.
– AH is never export-restricted.
– AH is mandatory for IPv6 compliance.
48
50
51
• The security parameter index (SPI) in the ESP header is a 32-bit value that,
combined with the destination address and protocol in the preceding IP header,
identifies the security association (SA) to be used to process the packet.
• The SPI is an arbitrary number chosen by the destination peer during Internet Key
Exchange (IKE) negotiation between the peers. It functions like an index number
that can be used to look up the SA in the security association database (SADB).
• The sequence number is a unique monotonically increasing number inserted into
the header by the sender.
• Sequence numbers, along with the sliding receive window, provide anti-replay
services. The anti-replay protection scheme is common to both ESP and AH.
52
53
56
• New ESP headers, optional tunnel headers, and a trailer are added to the
packet.
– In transport mode, the ESP header/trailer normally adds up to 37 bytes to
each packet .
– In tunnel mode, the tunnel IP and ESP headers and trailer add up to 57
bytes to each packet . Using both AH and ESP in tunnel mode can add up
to 101 bytes to each packet. 58
Transport Mode
• Although the original header remains intact in both situations, the AH transport
does not support Network Address Translation (NAT) because changing the
source address in the IP header would cause the authentication to fail.
• If NAT is needed with AH transport mode, make sure that NAT happens before
IPSec.
• ESP transport mode does not have this problem. The IP header remains
outside the authentication and encryption area.
59
60
61
62
63
64
65
68
69
70
71
73
74
• For secure communication, both parties must be able to negotiate keys and decide
which encryption and authentication algorithms to use.
• The default IPSec method for secure key negotiation is the Internet Key Exchange
(IKE) protocol.
• The Internet Key Exchange (IKE) protocol (formerly known as ISAKMP/Oakley)
provides authentication of all peers, handles the security policies each can perform,
and controls the exchange of keys.
• IKE is a hybrid of the ISAKMP framework and the Oakley and SKEME protocols.
– ISAKMP provides a framework for authentication and key exchange but does
not define them. It is designed to be key exchange independant; that is, it is
designed to support many different key exchanges.
– Oakley describes a series of key exchanges, known as modes, and details the
services provided by each (e.g. perfect forward secrecy for keys, identity
protection, and authentication).
– SKEME describes a versatile key exchange technique which provides
anonymity, repudiability, and quick key refreshment.
• Perfect Forward Secrecy is supported. PFS guarantees that session keys are
generated independently from previous session keys. With PFS enabled, would-be
attackers are unable to use old session keys that have been compromised to
compromise the integrity and confidentiality of current and future session keys.
• IKEv2 does not interoperate with IKEv1, but it has enough of the header format in
common that both versions can unambiguously run over the same UDP port.
75
• IKE enhances IPSec by providing additional features and flexibility. It makes IPSec
easier to configure.
• IKE, defined in RFC 2409, is a hybrid protocol which implements the Oakley key
exchange and SKeme key exchange inside the Internet Security Association and Key
Management Protocol (ISAKMP) framework.
• ISAKMP is defined in RFC 2408. ISAKMP, Oakley, and SKeme are security protocols
implemented by IKE.
• IKE provides authentication of the IPSec peers, negotiates IPSec keys, and negotiates
IPSec security associations.
76
78
• The goal of IPSec is to protect the desired data with the necessary
security and algorithms .
• The operation of IPSec can be broken down into 5 primary steps.
79
• IPSec, in Cisco IOS software, processes packets as shown in this figure. The process
assumes that public and private keys have already been created and that at least one
access list exists.
• Step 1 – Access lists are used by Cisco IOS software to select interesting traffic to be
encrypted.
• Step 2 – If the SA has not been established, Cisco IOS software checks to see if an
ISAKMP SA has been configured and set up. If the ISAKMP SA has been set up, the
ISAKMP SA governs negotiation of the IPSec SA as specified in the ISAKMP policy. The
packet is then encrypted by IPSec and is transmitted.
80
• Step 3 – If the ISAKMP SA has not been set up, Cisco IOS software checks to see if
certification authority has been configured to establish an ISAKMP policy.
• Step 4 – The router then encrypts and transmits the packet.
81
• IPsec VPN capabilities are included in many models of Cisco routers, as well
as in the PIX Security Appliance. The following products also have IPSec
capabilities.
• VPN 3000 Series Concentrators
The Cisco VPN 3000 Series offers best-in-class remote-access VPN devices
that provide businesses with flexible, reliable, and high-performance remote-
access solutions. The Cisco VPN 3000 Series offers solutions for diverse
remote-access deployments by offering both IPSec and SSL-based VPN
connectivity on a single platform.
82
86