Wireless VPN Technology NETW 05A: APPLIED WIRELESS SECURITY By Mohammad Shanehsaz

advertisement
NETW 05A: APPLIED WIRELESS
SECURITY
Wireless VPN Technology
By Mohammad Shanehsaz
Spring 2005
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Objectives
Virtual Private Networks
Implement, configure, and manage the
following VPN solutions in a wireless LAN
environment:

PPTP
IPSec
L2TP
Explain the importance and benefits of
session persistence in a wireless VPN
environment
Describe benefits of mobile VPN solutions
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Objectives
Explain the differences, strengths, and
limitations of each of the following as a
wireless VPN solution




Routers
VPN
Concentrators
Firewalls
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Objectives
Software solutions
Implement software solutions for the
following:




This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
SSH2 Tunneling
Securing wireless thin clients
Port redirection
Transport Layer Security (TLS)
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Virtual Private Network
Provides a means for a computer and network
to securely communicate over public or
unsecured network connections
VPN uses both authentication and encryption
to ensure that only authorized users access the
network and read data while data integrity is
maintained from cryptographic checksums
VPN typically employs a form of encapsulation
where one protocol is carried inside of another
(Tunneling)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Wireless VPN
The use of VPN technology over
wireless medium
Allows mobile users to securely access a
corporate network from remote
locations (such as a wireless hot spot)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
VPN Process
A device that initiates a connection to a VPN
server (VPN concentrator) is a VPN client
A VPN client can be an individual computer
obtaining remote access or a router that
obtains a peer-to-peer (router-to-router) VPN
connection
The connection is referred to as a tunnel
(encapsulating one protocol inside another)
During tunnel setup, the devices on each side
of the tunnel agree on the details of
authentication and encryption
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
VPN Process
Passwords, smart cards, biometrics and
other methods are commonly deployed
for VPN authentication
Some standard tunneling protocols are:



PPTP (Point-to-Point Tunneling Protocol)
L2TP Layer 2 Tunneling Protocol)
IPSec (Internet Protocol Security)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Wireless VPN Considerations
Wireless VPNs do not always fulfill every
security design requirement
For maximum security in wireless VPN
both layer 2 and layer 3 of the OSI
model should be secured
This level of security carries a high price
tag,


high administrative overhead and
reduced throughput
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Wireless VPN Considerations
Advantages vs Disadvantages (coming slides)
Security Issues (unintentional sharing of the
VPN connection)
Administration (VPNs administered remotely)
Scalability (solutions will grow with the
organization without constant replacement
and retraining )
Subnet Roaming (MobileIP VPNs solution
needed to solve the roaming, but it is
complicated to configure and manage in large
environment)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Wireless VPN Considerations
Role-based Access Control (assign
privileges based on user’s role in
network)
VLANs (since VPNs servers are
encrypting routers with authentication
support, segmentation will happen at
layer 3 in the network and requires
skilled & experienced IT professionals)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Advantages of using Wireless VPNs
Very secure encryption is available
Connections are point-to-point
Well established standards are readily available from
many vendors
Many security administrators already understand VPN
technology
Most VPN servers work with established authentication
methods like RADIUS
Class-of-Service mechanisms like RBAC can be deployed
VPNs reduce broadcast domains in comparison with
802.1x/EAP solutions
Authentication can be performed through a web browser
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Disadvantages of Wireless VPNs
Expensive
Hot failover designs are very expensive
Advanced routing is difficult
Lack of interoperability between vendors
Lack of OS support across multiple platforms
Configuration of clients and servers and
deployment can be difficult
High encryption/decryption overhead
VPN connections can be broken by roaming
across layer 3 boundaries
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
VPN Connections types
Remote Access Connections - created
when a client initiates a connection to a
VPN server
Peer-to-Peer Connections - connect two
private networks
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
PPTP VPN protocol
Point-to-Point-Tunneling Protocol supports multiple
encapsulated protocols, authentication and encryption
It uses a client/server architecture
Microsoft developed it so most of Microsoft’s desktop and
server OS support it natively
It is based on the point-to-point protocol
PPTP supports Microsoft Point-to-Point encryption (MPPE)
using the RC4 algorithm with a 128-bit key
PPTP support has been implemented in the Linux server
software called POPTOP
The authentication methods used by PPTP are typically
PAP. MS-CHAP or MS-CHAPv2
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
How does PPTP works?
Starts by forming a tunnel between the client and server
Many protocols can be encapsulated inside of IP for use
with PPTP, but by far IP-in-IP is the most common
Client/server connection has an IP subnet, and the
tunnel itself has a different subnet
DHCP can be used for both subnets inside and outside
the tunnel
VPN server handles tunnel IP address
Client connects with the server by dialing the server
The server then authenticates the user, establishes
tunnel addresses and begins passing traffics
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
L2TP VPN Protocol
Developed jointly by Cisco and Microsoft
L2TP is a combination of Cisco’s Layer2
Forwarding (L2F) and Microsoft’s PPTP
There are two distinct parts to the L2TP
network:


The L2TP Access Concentrator (LAC) where the
client’s physical connection terminates
The L2TP Network Server (LNS) where the
upstream LNS terminates the PPP session
Since it does not define any encryption
standard, L2TP is often combined with IPSec
for security
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Similarities between PPTP and L2TP
Both provide a logical transport mechanism to
send PPP frames
Both provide tunneling and encapsulation so
that PPP frames based on any protocol can
be sent across an IP network
Both rely on the PPP connection process to
perform user authentication, typically using


a user name and password, and
protocol configuration
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Differences between PPTP and L2TP
With PPTP data encryption begins after the PPP
connection process is completed, so the user
authentication process is not encrypted, while
L2TP/IPSec user authentication is encrypted
PPTP uses MPPE encryption which is RC4 with
40,56,128 bit encryption keys where L2TP/IPSec uses
DES ( 56 bit key) or 3DES.( Note: Microsoft
L2TP/IPSec VPN client only supports DES )
PPTP requires only user-level authentication while
L2TP/IPSec connections require two levels, to create
SAs (for protecting encapsulated data), first client
must perform a computer-level authentication with a
certificate or pre-shared key , then user-level
authentication will be performed
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Advantages of using L2TP
IPSec provides per-packet data origin
authentication, data integrity, replay
protection, and data confidentiality, where
PPTP provides only per-packet data
confidentiality
L2TP/IPSec requires stronger
authentication. (two level authentication)
PPP frames exchanged during user-level
authentication are encrypted
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
IPSec/IKE
Collection of IETF standards specify key management
protocols and encrypted packet formats/protocols
(RFCs 2401 to 241X)
Supports a wide variety of encryption algorithms
(DES,3DES,AES,RC4)
It supports a variety of data integrity mechanisms
(128-bit MD5,160-bit SHA-1)
Standards supports pre-shared secrets and X.509
digital certificates for authenticating VPN peers
IPSec is a network layer VPN technology independent
of the applications that use it
IPSec encapsulates the original IP data packet with
its own packet
The IPSec standards support IP unicast traffic only
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
IPSec Security Features
Prevent Eavesdropping by encrypting headers and data
Prevent Data modification by including a checksum with
each packets
Prevent Forgery by keying the data and the encryption of
identities
Replay attacks are prevented by sequencing the packets
Mutual authentication and shared keys prevent man-inthe-middle attacks
The packet filtering features of IPSec prevent denial-ofservice by blocking the packets that do not come from a
valid IP range
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
IPSec protocols
There are two main protocols used with
IPSec:


Authentication Header
Encapsulating Security Payload
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Authentication Header
Provides datagram authentication and integrity by
applying a key (secret shared key between two systems)
to create a one-way hash message digest
The AH function is applied to the entire datagram except
for any mutable IP header fields that change in transit
The IP header and data payload is hashed for integrity
The hash is used to build a new header, which is
appended to the original packet
After receiving the new packet ,the peer router hashes
the IP header and data payload, and compares that with
the transmitted hash from AH header
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Encapsulating Security Payload
Provides confidentiality (encryption at IP
layer), data origin authentication, integrity,
optional anti-replay service, and limited
traffic-flow confidentiality
ESP provides confidentiality by encrypting
at the IP layer (original IP header is
unencrypted)
It supports a variety of symmetric
encryption algorithms, but for
interoperability it uses 56-bit DES
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Modes of IPSec
Transport mode, is used between end
stations or between end station and a
gateway, if it is being treated as a host (telnet
session to a router from workstation ) where
only the data portion of each packet gets
encrypted
Tunnel mode, is the most commonly used
between gateways or at the end station to a
gateway where both the header and payload
get encrypted
See figures 13.11 and 13.12 for comparison
of AH and ESP with transport and tunnel
modes
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Choosing between AH or ESP
If you need to transfer data with
integrity and don’t need confidentiality,
use the AH protocol
If you need to transfer data with
integrity and confidentiality, use the ESP
protocol, because ESP will encrypt the
upper-layer protocols in transport mode
and the entire IP datagram in tunnel
mode
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
IPSec/IKE Remote Access
The IP connection uses special
encapsulation or header between two
end-points
Client configuration is done through client
software (native or third party), and
consists of setting authentication and
encryption rule (also called a policy)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Policies
Policy items may include most, if not all, of the
following:










Whether to secure a single connection or all connections
Connection type and ID (such as a secure gateway tunnel
and IP address)
Mode ( Transport or Tunnel )
ID Type ( Digital Certificate or Pre-Shared Key )
Negotiation Mode (Main or Aggressive)
Perfect Forward Secrecy (enabled/disabled)
PFS Key Group (Diffie-Hellman type)
Replay Detection (enabled/disabled)
Phase 1 proposal (encryption algorithm, hash algorithm SA
life key group)
Phase II proposal (SA life, compression, ESP/AH)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
IPSec VPNs Pros
All IP types and services are supported
Failover without dropping sessions is available
from multiple vendors
High performance is available
Dynamic re-keying, strong algorithms, and
long key lengths make encryption very strong
Same technology base works in client-to-site,
site-to-site, and client-to-client
Supports strong authentication technologies
and directory integration
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
IPSec VPNs Pros (continue)
VPN server/gateway is typically co-resident, and
therefore integrated, with firewall functions for
access control, content screening, and other
security controls
IPSec client solution manufacturers are starting
to bundle personal firewall, and other security
functions (e.g. anti-virus and intrusion detection)
with IPSec client products
Once a key exchange is complete, many
connections can utilize the established tunnel
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
IPSec VPNs Cons
Typically requires a client software installation; not all
required client OS may be supported
Connectivity can be adversely affected by firewalls between
the client and gateway
Connectivity can be adversely affected by NAT or proxy
devices between the client and gateway
Requires client configuration before the tunnel is established
Weak interoperability between IPSec clients and
servers/gateways due to configuration issue
Once a client has a tunnel into an organization, this can be a
target of hackers, unless mitigated by personal firewalls or
access controls at the VPN gateway
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Advantages and Disadvantages of Using
Digital Certificate for Authentication
Users no longer have to maintain a set
passwords for entities that need to be
authenticated when using certificates
L2TP/IPSec connections still need passwords
for user authentication (entity being
authenticated using certificate is a computer)
CAs issue certificates only to trusted entities
It is difficult to impersonate a certificate
holder
The main disadvantage is that a PKI needed
to issue certificates to users
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Advantages and disadvantages of
Pre-Shared Key Authentication
The advantage is that it does not require PKI
The disadvantages are:




A single key for all L2TP/IPSec connections in
WIN2k server and Microsoft L2TP/IPSec VPN
client
The key can be mistyped
The difficulty in method of distribution
The origin, history and valid lifetime can not be
determined
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
SSH2
IETF open standard
Provides secure TCP/IP tunnel between two
computers with authentication
Encryption at transport layer while authentication is
implemented within the application
Requires client and server software
Clients get authenticated using its public key or
username and password or both methods
Uses public key/private key encryption scheme
Uses Message Authentication Code (MAC) algorithms
for data integrity (SSH1 uses 32-bit CRC)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
SSH2 protocol
SSH2 provides three main capabilities:



Secure command shell
Secure file transfer
Port forwarding (uses IP port 22 to route encrypted traffic
from client to server and vice versa )
 Can be handled “locally” on the client computer Client is
preconfigured with redirected ports
 Can be handled “remotely" on the server
SSH2 mitigates the following attacks:



Eavesdropping
Man-in-the middle attacks
Insertion and Replay attacks
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Mobile IP
Specified in RFC 2002
It is combined with IPSec to provide security
Made up of two primary components:



Home Agent (HA) a server or router with static IP address
that serves as VPN tunnel server
Client with a mobile IP software (vendor-specific) installed
registers with HA
When client roams to a foreign network, it registers (notifies
the HA) its new address, “ care-of ” address
Foreign Agent (FA), which is preconfigured with HA
connectivity information that act as liaison between
the client and the HA, when there is no DHCP server
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Mobile IP Process
The mobile node roams onto a foreign network and requests
an IP address from DHCP server
If there is no DHCP, the client locates the FA, through
broadcasting
The FA registers the mobile node’s new care-of address with
HA
The HA accepts packets destined to the mobile node on its
behalf
The HA redirects the packets to mobile node by creating a
new IP header with a destination address of the care-of
address
The FA unwraps the packet and forwards it to the destination
Whenever the mobile node moves, it registers a new care-of
address with its HA
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Mobile IP security
The Mobile IP specification addresses
only redirection attacks
All other security issues open for
resolution by employing additional
security layering
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Resources
CWSP certified wireless security
professional, from McGraw-Hill
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Download