VPN Overview


A virtual private network (VPN) enables private networks to communicate securely over the unsecured public network (that is, the Internet). These connections behave as a single virtual network, despite being geographically separated. VPNs provide inexpensive alternatives to expensive leased lines WANs. VPNs also enable employees to remotely access the office network through the Internet.

A VPN works by setting up a tunnel between the two nodes. The data is then encapsulated and sent through this tunnel. Optionally, the encapsulated data can be encrypted to provide additional security. From the user's perspective, VPNs are classified into the following two categories:

  • Site-to-site This is a VPN between remote networks at fixed locations; it is also called a LAN-to-LAN or intranet VPN. These VPNs require a VPN gateway at each location but no changes to the end users' machines. Site-to-site VPNs provide replacement for leased lines-based WANs.

  • Remote-access This is a VPN that originates from a mobile user to the corporate network, through the Internet; it is also called a road-warrior or telecommuter VPN. Remote-access VPNs provide replacement for dial-up lines for access to the corporate network. Remote-access VPNs are comprised of a VPN gateway at the corporate network and a VPN client installed on each remote computer. The remote client must initiate and establish a VPN tunnel to the gateway.

Both site-to-site and remote-access VPNs can be implemented using various protocols. Some common protocols used in VPN implementations are as follows:

  • IPSec IPSec is the protocol of choice for implementing VPNs. IPSec works at Layer 3 of the OSI model by encrypting the Internet protocol (IP).

  • SSL (Secure Socket Layer) SSL-based VPNs are getting popular for deploying remote-access VPNs because they do not need the client software to be installed on the remote desktop (or laptop); the users instead use the SSL-capable browser.

  • SSH SSH works at Layer 4 of the OSI model by encrypting the Transmission Control Protocol (TCP) traffic.

  • GRE (generic routing encapsulation) GRE is a Cisco-proprietary protocol for tunneling (encapsulating) non-IP traffic. GRE does not provide encryption.

  • L2TP (Layer 2 Tunnel Protocol) L2TP works at Layer 2 by encapsulating Point-to-Point Protocol (PPP) traffic; it provides the benefits of MS-PPTP (Point-to-Point Tunneling Protocol) and the Cisco Layer 2 Forwarding (L2F) Protocol. L2TP provides no encryption.

  • MPLS (Multiprotocol Label Switching) MPLS-based VPNs are deployed at the Internet service provider (ISP) level according to the Internet Engineering Task Force (IETF) RFC 2547bis specifications for the Border Gateway Protocol (BGP).

IPSec Overview

This chapter discusses the interoperability of IPSec-based VPNs with Cisco devices. IPSec provides strong data protection and is the most popular protocol for implementing VPNs. IPSec is designed to offer access control, connectionless integrity, data origin authentication, protection against replays, and confidentiality through encryption. Because IPSec works at the IP layer (the Network layer or Layer 3 of the OSI model), all types of Internet traffic can be protected with no modifications on the upper-layer protocols or applications. IPSec can protect any traffic carried over IP, unlike other encryption-oriented protocols such as SSH and SSL, which generally protect only a particular higher-level protocol. IPSec can run on routers, firewalls, application servers, and end-user desktops and laptops. Dedicated IPSec gateway machines can protect the traffic flowing between private networks. Any two nodes that originate and terminate IPSec tunnels between each other are referred to as IPSec peers. Although referred to as a protocol, IPSec is a collection of various protocols that together constitute the IPSec framework, as described by RFCs 2401 2411 and 2451.

The following sections describe the IPSec protocols in detail.

Protocol and Algorithm

Before discussing IPSec in detail, you must be familiar with the following protocols and algorithms:

  • Authentication Header (AH) A security protocol, defined by RFC 2402, that provides data origin authentication, data integrity, and optional replay-detection services. AH does not provide data encryption but can be used either by itself or in conjunction with an Encapsulating Security Payload (ESP). It is represented as protocol 51 in the IP header.

  • Encapsulating Security Payload (ESP) A security protocol, defined by RFC 2406, that provides data confidentiality and protection with optional authentication and replay-detection services. ESP provides data encryption using the Data Encryption Standard (DES) and the Triple Data Encryption Standard (3DES). Data authentication is provided by Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1). ESP can be used either by itself or in conjunction with AH. It is represented as protocol 50 in the IP header.

  • Data Encryption Standard (DES) A secret key encryption algorithm based on IBM's Lucifer algorithm. DES encrypts a 56-bit-long block of plain text into a block of ciphertext of the same size by using the secret key. In 3DES, three stages of DES are applied with a separate key for each stage, yielding an effective key length of 168 bits. The decryption process uses the same key, thus making DES/3DES a symmetric key cipher.

  • Advanced Encryption Standard (AES) A new cipher block chaining (CBC) mode encryption algorithm that was developed by the National Institute of Standards and Technology (NIST) as a replacement for DES. AES uses 128-, 192-, and 256-bit key lengths and is more secure than DES.

  • Message Digest 5 (MD5) A one-way hashing algorithm that produces a 128-bit hash digest that can be used to authenticate the data packet.

  • Secure Hash Algorithm (SHA) A one-way hashing algorithm, originally defined by the National Security Agency (NSA), that produces a 160-bit hash digest. SHA is stronger than MD5 but slower because of the 160-bit hash.

  • Internet Key Exchange (IKE) A combination of SKEME (Secure Key Exchange MEchanism), Oakley, and Internet Security Association and Key Management Protocol (ISAKMP) used to establish a shared security policy and authenticated keys for IPSec. IKE allows automated authentication and key exchange over a public network without loss of confidentiality. IKE communicates through UDP port 500. IKE uses the following two-step process:

    Phase 1 establishes ISAKMP security associations to secure the Phase 2 IPSec negotiations.

    Phase 2 establishes a pair of unidirectional IPSec security associations.

  • Diffie-Hellman (D-H) A public key cryptography mechanism used to exchange secret keys over an insecure medium with no prior knowledge of the secrets. D-H is specified in terms of groups, such as D-H group 2 or group 5. The type of group depends on the size of the prime number used in the keying algorithm. Group 5 is more secure than group 2.

  • Perfect forward secrecy (PFS) A security mechanism that prevents an attacker from decrypting future data, even if he knows the current encryption keys. PFS enforces the additional D-H exchange to recompute the secret key.

  • Digital certificates and certification authorities (CA) Contains the certificate holder's public key, expiration dates, and the digital signature of the certificate-issuing authority and other details, such as host name and serial number. Most digital certificates conform to the X.509 standard defined by the International Telecommunication Union Telecommunication Standardization Sector (ITU-T). To get a digital certificate, a client registers with a trusted entity called a certificate authority. After a CA verifies the client's credentials, a certificate is issued.

Note

While both hashing and encryption algorithms convert the clear-text data into ciphertext, the hashing mechanism is a one-way mechanism. A hashed data packet cannot be recovered into clear text. In contrast, an encrypted data packet can be recovered to its clear-text form.


IPSec Components

IPSec architecture consists of the following four fundamental components:

  • Security protocols The core functionality of IPSec for encapsulating the data to be protected, using either the AH or ESP, or both.

  • Security associations (SA) Unidirectional logical connections, created to provide security services to the traffic. To secure mutual communication between two security gateways, two security associations (one in each direction) are required. An SA consists of a security parameter index (SPI), an IP destination address, and a security protocol (AH or ESP) identifier.

  • Key management IPSec relies heavily on the use of secret keys for authentication, integrity, and encryption services. The key management mechanism enables the use of the public key based IKE protocol for handling the manual and automatic key exchanges.

  • Algorithms for authentication and encryption Various algorithms, such as DES, 3DES, MD5, and SHA, carry out the encryption, decryption, and message authentication to provide data integrity and protection against eavesdropping.

IPSec Operation Steps

IPSec operation can be summarized in the following five steps:

1.

The peers start the IPSec process after receiving interesting traffic. The data meant to be encapsulated and sent across the VPN tunnel is called interesting traffic.

2.

IKE phase 1 negotiates and establishes IKE SA parameters.

3.

IKE phase 2 negotiates and establishes IPSec SA parameters.

4.

Data is transferred between IPSec peers.

5.

IPSec SAs terminate because of timeouts or deletions.

In IKE phase 1, the two ISAKMP peers negotiate and establish a secure and authenticated channel, also called the IKE Security Association. The primary goal of phase 1 is to protect the phase 2 message exchanges. Phase 1 can be carried out using one of two modes Main Mode and Aggressive Mode. Main Mode involves an exchange of six messages, while Aggressive Mode involves an exchange of three messages. Although slower, Main Mode is more secure and hence preferred over Aggressive Mode. By default, the Cisco IPSec implementation uses Main Mode.

IKE phase 2 has only one mode, called Quick Mode. The goal of Quick Mode is to negotiate and establish IPSec SAs. The IPSec SAs are then used to protect the data that is flowing through the IPSec tunnel. Quick Mode also generates the keying material used by the IPSec SAs. The messages exchanged during phase 2 (Quick Mode) are protected by the IKE SAs that were established during phase 1.

Additionally, during the phase 1 negotiations, IPSec peers must authenticate each other using one of the following three authentication methods:

  • Preshared key The same preshared key (a text string) is manually distributed through an out-of-band mechanism to each IPSec peer. Peer A computes a hash using the preshared key and sends it to peer B. Peer B creates a hash using its own preshared key and compares the result with the hash received from peer A. If both hashes are the same, the peers are authenticated. Despite being easy to configure, preshared keys must be individually configured for each pair of the IPSec peers. For example, in a fully meshed network with ten peers, each peer must be configured with the preshared keys of the remaining nine peers. Consequently, 10 * 9 = 90 instances of preshared key configurations exist. Hence, preshared keys do not scale well with large-scale deployments.

  • Digital signatures For digital signature based authentication, peer A creates a hash of the payload, signs the hash with its own private key, and sends it to peer B. Peer B then verifies the signed hash by using the public key of peer A. The certificate that contains the public keys can be exchanged during IKE negotiations.

  • Public key encryption Public key encryption involves the use of a private and a public key pair to encrypt and decrypt the payload. Peer A encrypts the payload with peer B's public key and sends the encrypted data to peer B. Peer B can decrypt the payload only by using its own private key. The certificates that contain the public key must be obtained, through CAs, prior to IKE negotiations.

IPSec Modes: Tunnel Versus Transport

Based on the traffic encapsulation, IPSec operates in the following two modes:

  • Transport Mode Only encapsulates the upper-layer payload (data) of the original IP datagram. An IPSec header is inserted between the original IP header and the modified data payload. This mode can only be used when the peers are the endpoints of the communication because the original IP header is used to route the packet.

  • Tunnel Mode Completely encapsulates the original IP datagram. New IP headers and IPSec headers are added to the encapsulated datagram, as shown in Figure 10-1. Because the original IP header is encapsulated, Tunnel Mode is ideal for connecting private networks, using the RFC 1918 address, through the Internet. Tunnel Mode is widely used for site-to-site IPSec VPNs using an IPSec gateway, thus eliminating the need to modify the end systems.

    Figure 10-1. IPSec Tunnel Versus Transport Mode




Network Administrators Survival Guide
Network Administrators Survival Guide
ISBN: 1587052113
EAN: 2147483647
Year: 2006
Pages: 106

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net