NETW 05A: APPLIED WIRELESS SECURITY Wireless VPN Technology By Mohammad Shanehsaz Spring 2005 This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Objectives Virtual Private Networks Implement, configure, and manage the following VPN solutions in a wireless LAN environment: PPTP IPSec L2TP Explain the importance and benefits of session persistence in a wireless VPN environment Describe benefits of mobile VPN solutions This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Objectives Explain the differences, strengths, and limitations of each of the following as a wireless VPN solution Routers VPN Concentrators Firewalls This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Objectives Software solutions Implement software solutions for the following: This work is supported by the National Science Foundation under Grant Number DUE-0302909. SSH2 Tunneling Securing wireless thin clients Port redirection Transport Layer Security (TLS) Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Virtual Private Network Provides a means for a computer and network to securely communicate over public or unsecured network connections VPN uses both authentication and encryption to ensure that only authorized users access the network and read data while data integrity is maintained from cryptographic checksums VPN typically employs a form of encapsulation where one protocol is carried inside of another (Tunneling) This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Wireless VPN The use of VPN technology over wireless medium Allows mobile users to securely access a corporate network from remote locations (such as a wireless hot spot) This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. VPN Process A device that initiates a connection to a VPN server (VPN concentrator) is a VPN client A VPN client can be an individual computer obtaining remote access or a router that obtains a peer-to-peer (router-to-router) VPN connection The connection is referred to as a tunnel (encapsulating one protocol inside another) During tunnel setup, the devices on each side of the tunnel agree on the details of authentication and encryption This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. VPN Process Passwords, smart cards, biometrics and other methods are commonly deployed for VPN authentication Some standard tunneling protocols are: PPTP (Point-to-Point Tunneling Protocol) L2TP Layer 2 Tunneling Protocol) IPSec (Internet Protocol Security) This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Wireless VPN Considerations Wireless VPNs do not always fulfill every security design requirement For maximum security in wireless VPN both layer 2 and layer 3 of the OSI model should be secured This level of security carries a high price tag, high administrative overhead and reduced throughput This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Wireless VPN Considerations Advantages vs Disadvantages (coming slides) Security Issues (unintentional sharing of the VPN connection) Administration (VPNs administered remotely) Scalability (solutions will grow with the organization without constant replacement and retraining ) Subnet Roaming (MobileIP VPNs solution needed to solve the roaming, but it is complicated to configure and manage in large environment) This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Wireless VPN Considerations Role-based Access Control (assign privileges based on user’s role in network) VLANs (since VPNs servers are encrypting routers with authentication support, segmentation will happen at layer 3 in the network and requires skilled & experienced IT professionals) This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Advantages of using Wireless VPNs Very secure encryption is available Connections are point-to-point Well established standards are readily available from many vendors Many security administrators already understand VPN technology Most VPN servers work with established authentication methods like RADIUS Class-of-Service mechanisms like RBAC can be deployed VPNs reduce broadcast domains in comparison with 802.1x/EAP solutions Authentication can be performed through a web browser This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Disadvantages of Wireless VPNs Expensive Hot failover designs are very expensive Advanced routing is difficult Lack of interoperability between vendors Lack of OS support across multiple platforms Configuration of clients and servers and deployment can be difficult High encryption/decryption overhead VPN connections can be broken by roaming across layer 3 boundaries This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. VPN Connections types Remote Access Connections - created when a client initiates a connection to a VPN server Peer-to-Peer Connections - connect two private networks This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. PPTP VPN protocol Point-to-Point-Tunneling Protocol supports multiple encapsulated protocols, authentication and encryption It uses a client/server architecture Microsoft developed it so most of Microsoft’s desktop and server OS support it natively It is based on the point-to-point protocol PPTP supports Microsoft Point-to-Point encryption (MPPE) using the RC4 algorithm with a 128-bit key PPTP support has been implemented in the Linux server software called POPTOP The authentication methods used by PPTP are typically PAP. MS-CHAP or MS-CHAPv2 This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. How does PPTP works? Starts by forming a tunnel between the client and server Many protocols can be encapsulated inside of IP for use with PPTP, but by far IP-in-IP is the most common Client/server connection has an IP subnet, and the tunnel itself has a different subnet DHCP can be used for both subnets inside and outside the tunnel VPN server handles tunnel IP address Client connects with the server by dialing the server The server then authenticates the user, establishes tunnel addresses and begins passing traffics This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. L2TP VPN Protocol Developed jointly by Cisco and Microsoft L2TP is a combination of Cisco’s Layer2 Forwarding (L2F) and Microsoft’s PPTP There are two distinct parts to the L2TP network: The L2TP Access Concentrator (LAC) where the client’s physical connection terminates The L2TP Network Server (LNS) where the upstream LNS terminates the PPP session Since it does not define any encryption standard, L2TP is often combined with IPSec for security This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Similarities between PPTP and L2TP Both provide a logical transport mechanism to send PPP frames Both provide tunneling and encapsulation so that PPP frames based on any protocol can be sent across an IP network Both rely on the PPP connection process to perform user authentication, typically using a user name and password, and protocol configuration This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Differences between PPTP and L2TP With PPTP data encryption begins after the PPP connection process is completed, so the user authentication process is not encrypted, while L2TP/IPSec user authentication is encrypted PPTP uses MPPE encryption which is RC4 with 40,56,128 bit encryption keys where L2TP/IPSec uses DES ( 56 bit key) or 3DES.( Note: Microsoft L2TP/IPSec VPN client only supports DES ) PPTP requires only user-level authentication while L2TP/IPSec connections require two levels, to create SAs (for protecting encapsulated data), first client must perform a computer-level authentication with a certificate or pre-shared key , then user-level authentication will be performed This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Advantages of using L2TP IPSec provides per-packet data origin authentication, data integrity, replay protection, and data confidentiality, where PPTP provides only per-packet data confidentiality L2TP/IPSec requires stronger authentication. (two level authentication) PPP frames exchanged during user-level authentication are encrypted This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. IPSec/IKE Collection of IETF standards specify key management protocols and encrypted packet formats/protocols (RFCs 2401 to 241X) Supports a wide variety of encryption algorithms (DES,3DES,AES,RC4) It supports a variety of data integrity mechanisms (128-bit MD5,160-bit SHA-1) Standards supports pre-shared secrets and X.509 digital certificates for authenticating VPN peers IPSec is a network layer VPN technology independent of the applications that use it IPSec encapsulates the original IP data packet with its own packet The IPSec standards support IP unicast traffic only This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. IPSec Security Features Prevent Eavesdropping by encrypting headers and data Prevent Data modification by including a checksum with each packets Prevent Forgery by keying the data and the encryption of identities Replay attacks are prevented by sequencing the packets Mutual authentication and shared keys prevent man-inthe-middle attacks The packet filtering features of IPSec prevent denial-ofservice by blocking the packets that do not come from a valid IP range This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. IPSec protocols There are two main protocols used with IPSec: Authentication Header Encapsulating Security Payload This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Authentication Header Provides datagram authentication and integrity by applying a key (secret shared key between two systems) to create a one-way hash message digest The AH function is applied to the entire datagram except for any mutable IP header fields that change in transit The IP header and data payload is hashed for integrity The hash is used to build a new header, which is appended to the original packet After receiving the new packet ,the peer router hashes the IP header and data payload, and compares that with the transmitted hash from AH header This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Encapsulating Security Payload Provides confidentiality (encryption at IP layer), data origin authentication, integrity, optional anti-replay service, and limited traffic-flow confidentiality ESP provides confidentiality by encrypting at the IP layer (original IP header is unencrypted) It supports a variety of symmetric encryption algorithms, but for interoperability it uses 56-bit DES This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Modes of IPSec Transport mode, is used between end stations or between end station and a gateway, if it is being treated as a host (telnet session to a router from workstation ) where only the data portion of each packet gets encrypted Tunnel mode, is the most commonly used between gateways or at the end station to a gateway where both the header and payload get encrypted See figures 13.11 and 13.12 for comparison of AH and ESP with transport and tunnel modes This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Choosing between AH or ESP If you need to transfer data with integrity and don’t need confidentiality, use the AH protocol If you need to transfer data with integrity and confidentiality, use the ESP protocol, because ESP will encrypt the upper-layer protocols in transport mode and the entire IP datagram in tunnel mode This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. IPSec/IKE Remote Access The IP connection uses special encapsulation or header between two end-points Client configuration is done through client software (native or third party), and consists of setting authentication and encryption rule (also called a policy) This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Policies Policy items may include most, if not all, of the following: Whether to secure a single connection or all connections Connection type and ID (such as a secure gateway tunnel and IP address) Mode ( Transport or Tunnel ) ID Type ( Digital Certificate or Pre-Shared Key ) Negotiation Mode (Main or Aggressive) Perfect Forward Secrecy (enabled/disabled) PFS Key Group (Diffie-Hellman type) Replay Detection (enabled/disabled) Phase 1 proposal (encryption algorithm, hash algorithm SA life key group) Phase II proposal (SA life, compression, ESP/AH) This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. IPSec VPNs Pros All IP types and services are supported Failover without dropping sessions is available from multiple vendors High performance is available Dynamic re-keying, strong algorithms, and long key lengths make encryption very strong Same technology base works in client-to-site, site-to-site, and client-to-client Supports strong authentication technologies and directory integration This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. IPSec VPNs Pros (continue) VPN server/gateway is typically co-resident, and therefore integrated, with firewall functions for access control, content screening, and other security controls IPSec client solution manufacturers are starting to bundle personal firewall, and other security functions (e.g. anti-virus and intrusion detection) with IPSec client products Once a key exchange is complete, many connections can utilize the established tunnel This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. IPSec VPNs Cons Typically requires a client software installation; not all required client OS may be supported Connectivity can be adversely affected by firewalls between the client and gateway Connectivity can be adversely affected by NAT or proxy devices between the client and gateway Requires client configuration before the tunnel is established Weak interoperability between IPSec clients and servers/gateways due to configuration issue Once a client has a tunnel into an organization, this can be a target of hackers, unless mitigated by personal firewalls or access controls at the VPN gateway This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Advantages and Disadvantages of Using Digital Certificate for Authentication Users no longer have to maintain a set passwords for entities that need to be authenticated when using certificates L2TP/IPSec connections still need passwords for user authentication (entity being authenticated using certificate is a computer) CAs issue certificates only to trusted entities It is difficult to impersonate a certificate holder The main disadvantage is that a PKI needed to issue certificates to users This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Advantages and disadvantages of Pre-Shared Key Authentication The advantage is that it does not require PKI The disadvantages are: A single key for all L2TP/IPSec connections in WIN2k server and Microsoft L2TP/IPSec VPN client The key can be mistyped The difficulty in method of distribution The origin, history and valid lifetime can not be determined This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. SSH2 IETF open standard Provides secure TCP/IP tunnel between two computers with authentication Encryption at transport layer while authentication is implemented within the application Requires client and server software Clients get authenticated using its public key or username and password or both methods Uses public key/private key encryption scheme Uses Message Authentication Code (MAC) algorithms for data integrity (SSH1 uses 32-bit CRC) This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. SSH2 protocol SSH2 provides three main capabilities: Secure command shell Secure file transfer Port forwarding (uses IP port 22 to route encrypted traffic from client to server and vice versa ) Can be handled “locally” on the client computer Client is preconfigured with redirected ports Can be handled “remotely" on the server SSH2 mitigates the following attacks: Eavesdropping Man-in-the middle attacks Insertion and Replay attacks This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Mobile IP Specified in RFC 2002 It is combined with IPSec to provide security Made up of two primary components: Home Agent (HA) a server or router with static IP address that serves as VPN tunnel server Client with a mobile IP software (vendor-specific) installed registers with HA When client roams to a foreign network, it registers (notifies the HA) its new address, “ care-of ” address Foreign Agent (FA), which is preconfigured with HA connectivity information that act as liaison between the client and the HA, when there is no DHCP server This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Mobile IP Process The mobile node roams onto a foreign network and requests an IP address from DHCP server If there is no DHCP, the client locates the FA, through broadcasting The FA registers the mobile node’s new care-of address with HA The HA accepts packets destined to the mobile node on its behalf The HA redirects the packets to mobile node by creating a new IP header with a destination address of the care-of address The FA unwraps the packet and forwards it to the destination Whenever the mobile node moves, it registers a new care-of address with its HA This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Mobile IP security The Mobile IP specification addresses only redirection attacks All other security issues open for resolution by employing additional security layering This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Resources CWSP certified wireless security professional, from McGraw-Hill This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.