Transcript Class 26 - Nov. 27

CSCI 465
Data Communications and Networks
Lecture 26
Martin van Bommel
CSCI 465
Data Communications & Networks
1
Virtual Private Network (VPN)
• A set of computers or secure networks
interconnected in a secure way through
encryption and other security protocols
despite using unsecure networks
– Unsecure networks contain unauthorized users
– Need to prevent eavesdropping
• Proprietary solutions insufficient
– Little reassurance as to level of security
– Limited in choice of network devices
CSCI 465
Data Communications & Networks
2
IPSec
• Security features part of Internet standards
– Authentication and encryption protocols
• Applications needing security include
– Branch office connectivity
– Remote access over Internet
– Extranet and intranet connections with partners
– E-commerce security
CSCI 465
Data Communications & Networks
3
IPSec Functions
• Authentication Header
– For authentication only
• Encapsulating Security Payload (ESP)
– Combined authentication/encryption
• Key exchange function
– Either manual – systems administrator configures keys
– Or automated – on-demand key creation
• VPNs need both authentication/encryption
CSCI 465
Data Communications & Networks
4
IPSec Tunnel Mode
• Provides protection to the entire IP Packet
– Original IP Packet is encrypted (ESP trailer)
– New packet is authenticated (ESP header)
– New outer IP header is added
• No routers along path will examine inner IP header
5
IP Security Scenario
CSCI 465
Data Communications & Networks
6
Benefits of IPSec
• Provides strong security for external traffic
• Resistant to bypass
• Operates below transport layer hence
transparent to applications
• Can be transparent to end users
• Can provide security for individual users if
needed
CSCI 465
Data Communications & Networks
7