Virtual Private Network (VPN) is defined as network connectivity deployed on a
shared infrastructure with the same policies and security as a private network.
A VPN can be between two end systems, or it can be between two or more
networks.
A VPN can be built using tunnels and encryption. VPNs can occur at any layer
of the OSI protocol stack.
A VPN is an alternative WAN infrastructure that replaces or augments existing
private networks that use leased-line or enterprise-owned Frame Relay or ATM
networks.
VPNs provide three critical functions:
Confidentiality (encryption) – The sender can encrypt the packets before
transmitting them across a network.
– By doing so, no one can access the communication without permission.
– If intercepted, the communications cannot be read.
Data integrity – The receiver can verify that the data was transmitted through
the Internet without being altered.
Origin authentication – The receiver can authenticate the source of the
packet, guaranteeing and certifying the source of the information.
VPN Overview
The primary benefits include:
VPNs offer lower cost than private networks.
– LAN-to-LAN connectivity costs are typically reduced by 20 to 40 percent over
domestic leased-line networks.
VPNs offer flexibility for enabling the Internet economy.
– VPNs are inherently more flexible and scalable network architectures than classic
WANs.
VPNs offer simplified management burdens compared to owning and
operating a private network infrastructure.
VPNs provide tunneled network topologies that reduce management
burdens.
– An IP backbone eliminates static permanent virtual circuits (PVCs) associated
with connection-oriented protocols such as Frame Relay and ATM.
Encryption Algorithms
Common Symmetrical algorithms
– 56 bit Data Encryption Standard (DES)
– 168 bit 3DES, “triple DES”
– 128 or 256 bit Advanced Encryption Standard (AES)
Advantages of Symmetrical algorithms
– Speed, fast
– Mathematical computations are easy to implement in hardware
– Good for large amounts of data
Disadvantage of Symmetrical algorithms
– Sender and receiver share same passwords.
– There is the problem of how to share the password (key management)
Common Asymmetrical algorithms
– RSA, ElGamal, elliptic curves
Advantages of Asymmetrical algorithms
– No problems with key management, one key is kept private and the other key is
public and given to anyone that needs to encrypt data.
– Great for authentication because you are the only one with the private key used to
decrypt the data.
– Can be used for digital signatures, authenticated key exchanges, email or small
amounts of data.
– Based on very hard mathematical equations.
Disadvantage of Asymmetrical algorithms
– Slower in encrypting than symmetrical algorithms
Some qualities to consider in a good encryption algorithm:
– Security against cryptographic attacks
– Scalable, variable length keys
– Any change to the clear-text input should result in a large change to the
encrypted output
– No restrictions on import of export
Symmetrical
Asymmetrical
Symmetrical algorithm – A shared key algorithm that is used to
encrypt and decrypt a message.
– Use the same key to encrypt and decrypt the message.
Asymmetrical algorithm – Uses a pair of keys to secure encrypt and
decrypt a message.
– Uses one key to encrypt and a different, but related, key to decrypt.
Hashing
Hashing is used for data integrity.
Hashing algorithms is a one-way algorithm that produces a fixed-length
output, no matter what the size of the input is.
Analogy:
– Blender with 3 small oranges and 3 big oranges
– Blend it and make one cup of juice
– Your neighbor can do the exact same thing
– You can never reverse-engineer the output to get the input.
– You can’t determine that 3 big and 3 small oranges were used to make the one
glass of juice.
Two common hashing algorithms:
– MD5: fixed-length 128 bit output
– SHA-1: fixed-length 160 bit output (preferred, less likely to result in a collision
(two different inputs giving the same output).
Qualities in a good hashing algorithm:
– High resistance to cryptographic attack
– Any change to the clear-text input results in a large change in the encrypted
output.
– The probability of collision is low.
Diffie-Hellman algorithm
In a VPN network, fast, strong encryption is a must.
This is why most implementations use a symmetrical algorithm to do payload
encryption.
Problem with symmetrical algorithms is key management.
Diffie-Hellman helps solve this.
Used for automatic secure key exchange of symmetrical “shared” keys (and
other types of keys) across an insecure network for IPSec.
shared infrastructure with the same policies and security as a private network.
A VPN can be between two end systems, or it can be between two or more
networks.
A VPN can be built using tunnels and encryption. VPNs can occur at any layer
of the OSI protocol stack.
A VPN is an alternative WAN infrastructure that replaces or augments existing
private networks that use leased-line or enterprise-owned Frame Relay or ATM
networks.
VPNs provide three critical functions:
Confidentiality (encryption) – The sender can encrypt the packets before
transmitting them across a network.
– By doing so, no one can access the communication without permission.
– If intercepted, the communications cannot be read.
Data integrity – The receiver can verify that the data was transmitted through
the Internet without being altered.
Origin authentication – The receiver can authenticate the source of the
packet, guaranteeing and certifying the source of the information.
VPN Overview
The primary benefits include:
VPNs offer lower cost than private networks.
– LAN-to-LAN connectivity costs are typically reduced by 20 to 40 percent over
domestic leased-line networks.
VPNs offer flexibility for enabling the Internet economy.
– VPNs are inherently more flexible and scalable network architectures than classic
WANs.
VPNs offer simplified management burdens compared to owning and
operating a private network infrastructure.
VPNs provide tunneled network topologies that reduce management
burdens.
– An IP backbone eliminates static permanent virtual circuits (PVCs) associated
with connection-oriented protocols such as Frame Relay and ATM.
Encryption Algorithms
Common Symmetrical algorithms
– 56 bit Data Encryption Standard (DES)
– 168 bit 3DES, “triple DES”
– 128 or 256 bit Advanced Encryption Standard (AES)
Advantages of Symmetrical algorithms
– Speed, fast
– Mathematical computations are easy to implement in hardware
– Good for large amounts of data
Disadvantage of Symmetrical algorithms
– Sender and receiver share same passwords.
– There is the problem of how to share the password (key management)
Common Asymmetrical algorithms
– RSA, ElGamal, elliptic curves
Advantages of Asymmetrical algorithms
– No problems with key management, one key is kept private and the other key is
public and given to anyone that needs to encrypt data.
– Great for authentication because you are the only one with the private key used to
decrypt the data.
– Can be used for digital signatures, authenticated key exchanges, email or small
amounts of data.
– Based on very hard mathematical equations.
Disadvantage of Asymmetrical algorithms
– Slower in encrypting than symmetrical algorithms
Some qualities to consider in a good encryption algorithm:
– Security against cryptographic attacks
– Scalable, variable length keys
– Any change to the clear-text input should result in a large change to the
encrypted output
– No restrictions on import of export
Symmetrical
Asymmetrical
Symmetrical algorithm – A shared key algorithm that is used to
encrypt and decrypt a message.
– Use the same key to encrypt and decrypt the message.
Asymmetrical algorithm – Uses a pair of keys to secure encrypt and
decrypt a message.
– Uses one key to encrypt and a different, but related, key to decrypt.
Hashing
Hashing is used for data integrity.
Hashing algorithms is a one-way algorithm that produces a fixed-length
output, no matter what the size of the input is.
Analogy:
– Blender with 3 small oranges and 3 big oranges
– Blend it and make one cup of juice
– Your neighbor can do the exact same thing
– You can never reverse-engineer the output to get the input.
– You can’t determine that 3 big and 3 small oranges were used to make the one
glass of juice.
Two common hashing algorithms:
– MD5: fixed-length 128 bit output
– SHA-1: fixed-length 160 bit output (preferred, less likely to result in a collision
(two different inputs giving the same output).
Qualities in a good hashing algorithm:
– High resistance to cryptographic attack
– Any change to the clear-text input results in a large change in the encrypted
output.
– The probability of collision is low.
Diffie-Hellman algorithm
In a VPN network, fast, strong encryption is a must.
This is why most implementations use a symmetrical algorithm to do payload
encryption.
Problem with symmetrical algorithms is key management.
Diffie-Hellman helps solve this.
Used for automatic secure key exchange of symmetrical “shared” keys (and
other types of keys) across an insecure network for IPSec.
No comments:
Post a Comment