This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
7/28/2019 9854_c019
http://slidepdf.com/reader/full/9854c019 1/18
19IPv6, IPSec, and VPNs
19.1 Introduction
19.2 Security RequirementsTypes of Security Security Framework • Security Services
19.3 IP Version 6 (IPv6)
Introduction • IPv6 Packet Format19.4 IPSec
Introduction • What is IPSec? • IPSec Services • Transport and
Host security : Controlling access to, and processing on each computer.
Network security : Securing a network, where the network itself acts as an access medium.
Administration: Ensuring that proper functional procedures and operational rules are put in place
and adhered to.
Personnel : Making sure that personnel are properly trained, authorized, and alerted to security awareness.
Physical security : Cont\rolling physical access to assets and infrastructure.
Security Framework
Virtual private networks are intended to provide suitable cryptographic services and mechanisms to pro-
tect a network. The ITU-T Recommendation X.800, Security Architecture for OSI , defines a comprehen-
sive framework in terms of security threats, services, and mechanisms of networks.
Security threat : A threat is anything that poses some form of danger to a network and related resources.
Security service: A service that counters security threats and attacks and enhances the security of a net-
work, by applying a range of available security mechanisms.
Security mechanisms: A mechanism that is intended to detect, prevent, or recover from a security attack.
Security Services
A security service enhances the security of the network and its related components. In general, services
function in one of the following categories:
● Prevention● Detection or● Recovery
X.800 lists the following five categories of security services:
Authentication: Ensure the authenticity of the identity of all communicating entities, as well as the ori-
gin of data or information.
Data Confidentiality : Protect transmitted data or information against eavesdropping or leakage to
unauthorized entities.
Data Integrity : Prevent the unauthorized creation, alteration, replay, or destruction of transmitted data.
Access Control : Limit and control access to resources to legitimate users.
Accountability : Ensure the maintenance of a complete record of the actions of every user in the system.
19.3 IP Version 6 (IPv6)
Introduction
The Internet Protocol (IP) is part of the TCP/IP suite, and is the most widely used internetworking pro-
tocol [2]. For decades, the keystone of the TCP/IP protocol architecture has been IP version 4 (IPv4).
However, IPv4 has several shortcomings and limitations, which prompted the IETF to start working on a
next version of IP. In 1995, the specification for a next-generation IP protocol, then known as IPng, was
issued. In 1996, this specification was turned into a standard, referred to as IPv6 [4].
IPv6 provides a number of functional enhancements over the existing IPv4, designed to accommodate
the higher speeds of today’s networks and the mix of data streams, including graphic and video, whichare becoming more prevalent. But the prime driving force behind the development of IPv6 was the need
for more addresses. IPv4 uses a 32-bit address to specify the source or destination. With the explosive
growth of the Internet, and the private networks attached to the Internet, this address length is rapidly
becoming insufficient. Ultimately, all installations using TCP/IP are expected to migrate from the current
IPv4 to IPv6; but this process may take many years, if not decades.
As shown in Figure 19.1, IPv6 contains 128-bit source and destination address fields (compared to the
32-bit address space of IPv4). Also, instead of the dotted decimal notation used in IPv4, IPv6 uses a dif-
ferent notation to depict an Internet address, that is, hexadecimal numbers separated by colons:
0123:4567:89ab:cdef:0123:4567:89ab:cdef
The IPv6 header has a length of 40 octets, consisting of the following fields:
Version (4 bits): Internet Protocol version number; for IPv6, the value is 6.
Traffic Class (8 bits): To distinguish between different classes or priorities of IPv6 packets.
Flow Label (20 bits): The flow label is intended to assist with resource reservation and real-time traffic
processing.
Payload Length (16 bits): Gives the total length of all of the extension headers plus the transport-level
payload.
Next Header (8 bits): Identifies the type of header immediately following the IPv6 header.
Hop Limit (8 bits): The hop limit is set to some desired maximum value by the source and decremented
by 1 by each node that forwards the packet.
Source Address (128 bits): The address of the originator of the packet.Destination Address (128 bits): The address of the intended recipient of the packet.
IPv6 Packet Format
An IPv6 packet has the following general form, as shown in Figure 19.2:
The only mandatory header is simply referred to as the IPv6 Header,and has a fixed length of 40 octets.
Although the IPv6 Header is longer than the mandatory portion of the IPv4 header (20 octets), the IPv6
packet contains fewer fields (8 vs. 12). Thus, routers have less processing to carry out per packet, which
should speed up routing.
The following extension headers are defined for IPv6:Hop-by-Hop Options Header : Defines special options that require hop-by-hop processing.
Routing Header : Provides extended routing, similar to IPv4 source routing.
Fragment Header : Contains fragmentation and reassembly information.
Authentication Header : Provides packet integrity and authentication (required for IPSec).
Encapsulating Security Payload Header : Provides privacy (required for IPSec).
Destination Options Header : Contains optional information to be examined by the destination node.
Figure 19.3 shows an example of an IPv6 packet that includes an instance of each nonsecurity header.
Observe that each extension header includes a Next Header field. This field identifies the type of subse-
quent header. If the subsequent header is an extension header, then this field contains the type identifier
of that header.
19.4 IPSec
Introduction
In 1994, the Internet Architecture Board (IAB) issued a report entitled “Security in the Internet
Architecture” (RFC 1636) [11]. The report stated the need for security on the Internet, and identified the
following three functional areas for security mechanisms:
Authentication: To ensure that a received packet was transmitted by the claimed source in the packet
header, and also that the packet was not altered in transit.
Confidentiality (encryption): Provide encryption of packets to prevent eavesdropping by third parties,
as well as the unauthorized monitoring and control of network traffic.
Key management : Establish an infrastructure for the secure management and exchange of crypto-
graphic keys.
In response, the IPSec working group was formed within the IETF, and a framework for network layersecurity was developed that is usable both with the current IPv4 and the future IPv6.
What is IPSec?
The acronym IPSec, a short form of the term “Internet Protocol Security,” is an evolving standard for secu-
rity at the network or packet layer of network communication. In essence, IPSec is a set of protocols that may
be used to implement VPNs that operate over the Internet [5, 8]. The principal feature of IPSec is that it can
encrypt and/or authenticate all traffic at the IP level, so that all distributed higher-layer applications, includ-
ing remote logon, client/server, e-mail, file transfer, Web access, etc. can be secured, as shown in Figure 19.4.
Thus, IPSec is transparent to end users and applications and facilitates a general-purpose solution.
Furthermore, IPSec includes a filtering capability so that only selected traffic is affected by the overhead
of IPSec processing.
The IPSec specification consists of numerous documents. The most important of these, issued in
November 1998, are:
● RFC 2401: An overview of a security architecture.● RFC 2402: Description of a packet authentication extension to IPv4 and IPv6.● RFC 2406 : Description of a packet encryption extension to IPv4 and IPv6.● RFC 2408: Specification of key management capabilities.
Support for IPSec is mandatory for IPv6 and optional for IPv4. In both cases, the security features are
implemented as two extension headers that follow the main IP header.
IPSec Services
The following security services are provided by IPSec:
Data origin authentication: Verifies that each datagram was originated by the claimed sender.
Data integrity : Verifies that the contents of the datagram were not changed in transit, either deliber-ately or due to random errors.
Data confidentiality : Protects the plaintext of a message by means of encryption.
Replay protection: Assures that an attacker cannot intercept a datagram and send it back at some later time.
Key management : Generation and distribution of cryptographic keys across a distributed network
environment.
IPSec provides these security services by means of two protocols: an authentication protocol designated
by the header of the protocol, Authentication Header (AH), and a combined encryption/authentication
protocol designated by the format of the packet for that protocol, Encapsulating Security Payload (ESP).
Authentication Header (AH): Provides data origin authentication, data integrity, and replay protection.Encapsulating Security Payload (ESP): Provides data confidentiality, data origin authentication, data
integrity, and replay protection.
Internet Security Association and Key Management Protocol (ISAKMP): Provides a framework for the
generation, distribution, and management of cryptographic keys.
In the sequel, each of these protocols will be discussed in some detail.
IPv6 header
Hop-by-Hop option header
Routing header
Fragment header
Destination options header
TCP header
Application data
Octets
40
Variable
Variable
Variable
8
20 (optionalvariable part)
MandatoryIPv6 header
Optionalextensionheaders
IPv6 packetbody
FIGURE 19.3 Illustration of an IPv6 packet with Extension Headers.
HTTP FTP SMTP
TCP
IP/IPSec
FIGURE 19.4 Placement of security in the TCP/IP stack.
AH and ESP support two modes of use: the transport mode and the tunnel mode.
● The transport mode provides protection primarily for upper-layer protocols. Typically, the trans-
port mode is used for end-to-end communication, for example, between client and server or
between two workstations.● The tunnel mode is normally used between two entities when at least one of them is not a con-
nection end-point. For example, if secure communication is desired between two gateways that are
located between a client and a server, these gateways would utilize IPSec in the tunnel mode.
Authentication Header (AH)
The Authentication Header provides connectionless integrity and data origin authentication for IP data-
grams, as well as protection against replay [7]. The format of the AH header is illustrated in Figure 19.5.
The data integrity feature prevents undetected modification of a datagram. Data authentication
enables an end system or network device to authenticate the user, and also prevents address spoofingattacks. The AH protects the entire contents of an IP datagram except for certain fields in the IP header,
called mutable fields, that are being modified while the datagram is in transit. A checksum, generated by
means of a (keyed) message authentication code (MAC), is included in the AH header. Hence, the two
communication parties must share a secret key. The checksum is calculated using the HMAC algorithm,
based on either MD5 or SHA-1. During calculation of the checksum, the mutable fields are treated as if
they contained all zeros. Replay is prevented by including a sequence number field within the AH Header,
which is increased for each transmitted package.
AH can be applied in the transport or tunnel mode, as shown in Figure 19.6.
In the transport mode, the AH is inserted after the original IP header and before the IP payload. The
AH is viewed as an end-to-end payload, that is, it is not examined or processed by intermediate routers.Therefore, the AH appears after the IPv6 base header and the hop-by-hop, routing, and fragment exten-
sion headers. Authentication covers the entire packet, excluding mutable fields, which are set to zero for
MAC calculation. Note that all information in the datagram is in plaintext form, and therefore is subject
to eavesdropping while in transit.
In tunnel mode, a new IP header is generated; the AH is inserted between the new, outer IP header
and the original (inner) IP header. The inner IP header carries the ultimate source and destination
addresses, while a new IP header may contain intermediate IP addresses (e.g., VPN address). The entire
new datagram (new IP Header, AH Header, IP Header, and IP Payload) is protected by the AH proto-
col. Any change to any field (except the mutable fields) in the tunnel mode datagram can be detected.
AH may be applied alone or in combination with the ESP header. The primary difference between the
authentication provided by ESP and AH is the extent of the coverage. Specifically, ESP does not protect
any IP header fields unless those fields are encapsulated by ESP (tunnel mode).
ESP
The ESP provides data confidentiality, and protection against replay; it can also optionally provide data
origin authentication and data integrity checking, similar to AH. The current IPSec specification man-
dates the use of the Data Encryption Standard (DES) in cipher block chaining (CBC) mode for encryp-
tion. Several other algorithms are also accepted, including triple DES, RC5, IDEA, CAST, and Blowfish.
When ESP is required to provide authentication as well, it uses the same HMAC algorithms (HMAC-
MD5 or HMAC-SHA-1) as the AH protocol. The format of an ESP package is shown in Figure 19.7.
ESP can be applied in either transport or tunnel mode. Transport mode may be used, for example, to
provide encryption (and optionally authentication) between two directly connected hosts. On the other
hand, a VPN may be established over the Internet between various private, corporate networks by imple-
menting ESP tunnel mode on the security gateways that connect the internal networks to the Internet. In
this way, implementation of security on every internal host is avoided. This is illustrated in Figure 19.8.
● In the transport mode,ESP is viewed as an end-to-end payload, that is, it is not examined or processed
by intermediate routers. Therefore, the ESP header appears after the IPv6 base header and the hop-by-
hop, routing, and fragment extension headers. Encryption covers the entire transport-level segment
plus the ESP trailer. Note that the IP Header itself is neither authenticated nor encrypted. Hence, theaddressing information in the outer header is visible to an attacker while the datagram is in transit.
● In the tunnel mode, a new IP header is generated. The entire original IP datagram (including both IP
Header and IP Payload) and the ESP Trailer are encrypted. Because the original IP Header is
encrypted, its contents are not visible to an attacker while it is in transit. Tunneling offers the advan-
tage of hiding original source and destination addresses from users on the Internet, thus diminishing
TCP DataOriginal IP
headerExtension headers (if present)
TCP
TCP
Data
Data
Original IP
header
Original
IP header
(a) Before applying AH
Authenticated except mutable fields
Hop-by-hop
destinationAH
AH
Desti-
nation
(b) Transport Mode
Extension
headers
Extension
headers
New IP
header
(c) Tunnel Mode
Authenticated except mutable fields in new IP headers
A Security Association (SA) is a relationship between two or more entities that describes how the entities
will use security services to communicate securely. The security association is unidirectional, meaning
that for each pair of communicating systems, there are at least two security connections — one from A
to B and one from B to A. The security association is uniquely identified by three parameters:
Security Parameters Index (SPI): A randomly chosen unique number that is carried in AH and ESP head-
ers to enable the receiving system to select the SA under which a received packet will be processed.
IP Destination Address: This is the address of the destination endpoint of the SA, which may be an end-
user system or a network system such as a fire wall or router.
Security Protocol Identifier : This indicates whether the association is an AH or ESP security association.
In an SA, ESP may be applied alone, in combination with AH, or even nested within another instance
of itself. With these combinations, authentication can be provided between a pair of communicating
hosts, between a pair of communicating firewalls, or between a host and a firewall. An SA contains all the
relevant information that communicating systems need in order to execute the IPSec protocols, such as:
● The mode of the authentication algorithm used in the AH, and the keys for the algorithm.● The encryption algorithm mode for ESP, and the required keys.● Authentication algorithm-related information used in the ESP.● Key management information, such as key lifetime.● The SA lifetime.
Key Management in IPSec
The operation of IPSec in either AH or ESP mode requires the availability of shared secret keys between
communicating entities. Typically, four keys are required for communication between two applications:
transmit and receive pairs for both AH and ESP. The IPSec Architecture document mandates support fortwo types of key management:
Manual : A system administrator manually configures each system with its own keys and with the keys
of other communicating systems. This is practical for small, relatively static environments.
Automated : An automated system enables the on-demand creation of keys for SAs and facilitates the
use of keys in a large distributed system with an evolving configuration.
The default automated key management protocol for IPSec consists of the following elements:
ISAKMP : ISAKMP defines a standardized framework to support negotiation of SA, initial generation
of all cryptographic keys, and subsequent refreshing of these keys [6, 9].
Oakley Key Determination Protocol : This key exchange protocol is based on the Diffie–Hellman algo-
rithm, modified to provide security against known attacks.
ISAKMP by itself does not dictate a specific key exchange algorithm, but consists of a set of message
types that enable the use of a variety of key exchange algorithms. Oakley is the specific key exchange
algorithm mandated for use with the initial version of ISAKMP. The ISAKMP/Oakley protocol combina-
tion was named Internet Key Exchange (IKE), and is specified in RFC 2409.
TABLE 19.1 An overview of IPSec Security Services
Security service AH ESP(encryption only) ESP(encryption and authentication)
The ISAKMP methods have been designed with the explicit goal of providing protection against sev-
eral well-known threats:
Denial of Service: The messages are constructed with unique cookies that can be used to quickly iden-
tify and reject invalid messages without the need to execute processor-intensive cryptographic operations.
Man-in-the-Middle: Protection is provided against common attacks such as deletion of messages,modification of messages, reflecting messages back to the sender, replaying of old messages, and redirec-
tion of messages to unintended recipients.
Perfect Forward Secrecy : Compromise of past keys provides no useful clues for breaking any other key,
whether it occurred before or after the compromised key. That is, each refreshed key will be derived with-
out any dependence on predecessor keys.
IKE functions in two phases. Phase one involves two IKE peers establishing a secure channel for per-
forming phase two. Phase two involves the two peers negotiating general-purpose SAs. IKE provides three
modes for the exchange of keying information and setting up of IKE SAs. Two modes are for IKE phase-
one exchanges, and one mode is for phase-two exchanges.
Main Mode
This mode provides a way to establish the first phase of IKE SA, which is then used to negotiate future
communications. The first step, securing an IKE SA, occurs in three two-way exchanges between the
sender and the receiver. In the first exchange, the sender and receiver agree on basic algorithms and
hashes. In the second exchange, public keys are sent for a Diffie–Hellman exchange. Nonces (random
numbers each party must sign and return to prove their identities) are then exchanged. In the third
exchange, identities are verified, and each party is assured that the exchange has been completed.
Aggressive Mode
The aggressive mode provides the same services as the main mode. It establishes the phase one SA, and
operates in much the same manner as the main mode except that it is completed in two exchanges instead
of three. However, the aggressive mode does not provide identity protection for communicating parties.
In other words, in the aggressive mode, the sender and recipient exchange identification information
before they establish a secure channel where the information is encrypted.
Quick Mode
After two parties have established a secure channel using either aggressive mode or main mode, they can use
quick mode. Quick mode has two purposes: to negotiate general IPSec security services and to generate
newly keyed material. Quick mode is much simpler than both main and aggressive modes. Quick mode
packets are always encrypted under the secure channel (or IKE SA established in phase one) and start with
a hash payload that is used to authenticate the rest of the packet.
Perfect Forward Secrecy
For perfect forward secrecy, it is required to generate a new key that does not depend on the current or
any previous key. Diffie–Hellman allows the generation of new shared keys that are independent of older
keys, thus providing perfect forward secrecy. The derived Diffie–Hellman key can be used either as a ses-
sion key for subsequent exchanges, or to encrypt another randomly generated key.
19.5 Virtual Private Networks
IntroductionA VPN can best be described as follows:
A Virtual Private Network provides secure, private communications by utilizing an existing public, inse-
cure network infrastructure, such as the Internet.
● A public network is any network that is under the control of another party, or that is accessible by
other parties. The term other parties is used to refer to other people or organizations that are not
part of the relevant organization.● A private network is a network belonging to a specific organization, and is accessible only to
authorized members (e.g., employees) of that organization.● The network is termed virtual because it uses a logical connection that is built on the physical con-
nections. Client applications are unaware of the actual physical connection and route traffic
securely across the public network in much the same way in which traffic on a private network is
securely routed.
In other words, a VPN enables the use of part of a public network for private, confidential purposes
[1, 10, 12]. A VPN is intended to give an organization the same capabilities as a private network that is
based on leased lines, but at a much lower cost. Privacy is maintained through the use of security services
and mechanisms, based on tunneling protocols.
A secure and effective VPN deployment should provide the following functions:
● enforce an overall network security policy,● ensure that VPN traffic is subject to network access control,● protect the VPN gateway from security threats,● provide an overall architecture that optimizes VPN and firewall performance,● accommodate highly dynamic and growing network environments.
The key technologies that comprise the security component of a VPN are:
● access control to guarantee the security of network connections,● encryption (confidentiality) to protect the privacy of sensitive data,● authentication to verify the user’s identity as well as the integrity of the data, and●
procedures for exchanging keys and digital certificates (credentials) among different users.
VPN Configurations
User-to-site VPN
A VPN provides an easy mechanism to allow remote access to an organization’s private network. In the
past, users working at off-site locations such as their homes (telecommuting) or while traveling (mobile
or roaming users) had to connect to the company network via dial-up links to a modem pool. The
Internet provides a cheaper alternative since the user can connect to the nearest ISP and access the com-
pany network via the Internet. Figures 19.9 and 19.10 compare two different scenarios.
Site-to-site VPN
A VPN using a public infrastructure such as the Internet can replace the traditional wide area network
(WAN) architecture (using point-to-point leased lines) between offices. WANs are usually privately
owned networks that span a large geographical area, typically across a country or even a continent, and
interconnect LANs in different locations.
The example in Figure 19.11 shows a company with three offices situated in different locations. Each
office requires access to the Internet, as well as being connected to the other offices. Traditionally, con-
nectivity between the offices is obtained by means of a dedicated WAN, based on leased lines. However,
if a VPN is used, as shown in Figure 19.12, only one Internet connection is required at each office.
Extranet
An extranet is a network configured to allow specific trusted parties access to selected regions of an orga-
nization’s internal network. Trusted parties may, for example, include clients and other organizations col-
laborating on a project. Figure 19.13 shows an example where a company provides access to customers
This type of deployment involves the installation of software on existing equipment. In all cases, per-
formance degradation may be a problem.
Routers: Many commercial routers support the addition of VPN software. The processing required for
tunneling, etc. may reduce the throughput of the router in cases where the traffic load is high, since all
processing is done in software.
Firewalls: Many companies view their firewall as the central component of their network security plan.
Firewalls often make provision for the addition of a VPN capability. Again, because of the high process-ing requirement for both the firewall functionality and VPN service, the throughput may be severely
degraded [3].
Servers: Another way to deploy a VPN is to install a software-based VPN on a server. Operating system
suppliers and third-party vendors offer VPN applications that are able to link users via a VPN. The soft-
ware can be installed on existing servers, allowing the existing network configuration to remain intact.
Office Anetwork
Office Cnetwork
Office Bnetwork
Internet
FirewallFirewall
Firewall
Router
Router
Router
Router
Router
Router
Internet
L e a s
e d l i n
e
L e a s e d l i n e
L e a s e d
l i n e
FIGURE 19.11 Traditional site-to-site communication.
The advantages of using a VPN for connectivity all hinge on one aspect — saving money while employ-
ing strong security. A few of the advantages are:● Existing infrastructure: The Internet can be used to provide distributed network services over long
distances, and this eliminates the need to create WANs based on expensive leased lines. Using the
Internet for remote access leads to substantial savings, since remote users can dial in to a local serv-
ice provider and gain access to the company network via the Internet.● Simpler connectivity : It is much easier and cheaper to connect offices using the existing Internet
infrastructure than to install leased lines.● Availability : In general, the availability of the Internet’s communication infrastructure is much
higher than with dedicated leased lines. The Internet has a high degree of redundancy — if one
link fails, another link is available to carry the traffic.● Maintenance: The cost, time, and resources necessary to maintain and administer a VPN are much
less than for a WAN. Furthermore, an organization typically does not need to maintain a dial-in
facility to accommodate remote users.● Flexibility : By using the Internet as part of the network infrastructure, companies are no longer
bound by long-term contracts as required by leased-line providers. In general, it is easier to change
Internet service providers.● Extranet applications: Organizations can allow trusted parties access to certain resources on the
private network through an extranet facility. This promotes customer relations and enhances
communication with partner organizations, etc.
Competing VPN Deployment Protocols
In recent years, four different protocols have been suggested for creating a VPN over the Internet:
● layer-2 tunneling protocol (L2TP), and● IP security protocol (IPSec).
One reason for the number of protocols is that, for some companies, a VPN is a substitute for remote-
access servers, allowing mobile users and branch offices to dial into the protected corporate network via
their local ISP. For others, a VPN may consist of traffic traveling in secure tunnels over the Internet betweenprotected LANs. The protocols that have been developed for VPNs reflect this dichotomy. PPTP, L2F, and
L2TP are largely aimed at dial-up VPNs, while IPSec’s main focus has been on LAN-to-LAN solutions.
PPTP : Currently, the most commonly used protocol for remote access to the Internet is the point-to-
point protocol (PPP). PPP provides a standard method for transmitting IP datagrams over serial point-
to-point links, and provides three functions:
● A method for encapsulating IP Datagrams over serial links.● An extensible Link Control Protocol (LCP).● A family of Network Control Protocols (NCP) for establishing and configuring different network-
layer protocols.
The PPTP is an extension of PPP, to provide remote access that can be tunneled through the Internet to a des-tination site. PPTP was developed primarily by Microsoft, and at one time enjoyed the status of a de facto stan-
dard. PPTP creates a secure tunnel in which encrypted PPP packets are sent as IP datagrams over the Internet.
PPTP utilizes the authentication mechanisms within PPP, namely the password authentication proto-
col (PAP) and Challenge/Handshake Authentication Protocol (CHAP). For encryption, PPTP derives a
40-bit encryption key from the hashed password stored on the client and the server.
Besides the relative simplicity of client support for PPTP, one of the protocol’s main advantages is that
PPTP is designed to run at open systems interconnection (OSI) Layer 2, or the link layer, as opposed to
IPSec, which runs at Layer 3. By supporting data communications at Layer 2, PPTP can transmit proto-
cols other than IP over its tunnels. As currently implemented, PPTP encapsulates PPP packets using a
modified version of the generic routing encapsulation (GRE) protocol, which gives PPTP the flexibility of handling protocols other than IP, such as Internet packet exchange (IPX) and network basic input/out-
put system extended user interface (NetBEUI).
PPTP does have some limitations: it does not provide strong encryption for protecting data, nor does
it support any token-based methods for authenticating users. Hence, it is not likely that PPTP will become
a formal standard endorsed by any of the standard bodies, like the IETF.
L2F : L2F emerged during the early stages of VPN development, and was designed by Cisco Systems.
Like PPTP, L2F is intended as a protocol for tunneling traffic from users to their corporate sites. L2F pro-
vides tunneling for the encapsulation of non-IP packets, and thus it is able to work directly with other
media such as frame relay, X.25, or asynchronous transfer mode (ATM).
Similar to PPTP, L2F uses PPP for authentication of the remote user, but it also includes support forterminal access controller access control system (TACACS)+ and RADIUS for authentication. L2F also
differs from PPTP in that it allows tunnels to support more than one connection.
L2TP : In an effort to combine the different functionalities of PPTP and L2F, the IETF has proposed the
Layer Two Tunneling Protocol (L2TP). This protocol is able to tunnel PPP traffic over a variety of net-
works (e.g., IP, X.25, SONET, frame relay, and ATM), using its own tunneling protocol.
Because it uses PPP for dial-up links, L2TP includes the authentication mechanisms within PPP,
namely PAP and CHAP. However, PPTP, L2F, and L2TP do not all include encryption, or facilities for
management of cryptographic keys. The current L2TP draft standard recommends that IPSec be used for
encryption and key management over IP networks.
IPSec : IPSec emerged from efforts to secure IP packets, when the next generation of IP (i.e., IPv6) wasbeing developed; it can now be used with IPv4 protocols as well. IPSec is generally considered the best
VPN solution for IP environments, since it provides strong security measures — notably encryption,
authentication, and key management.
However, IPSec is mainly intended to handle IP packets, and therefore PPTP and L2TP will probably
remain the first choice for a multi-protocol non-IP environment, such as NetBEUI, IPX, and AppleTalk.
Applying IPSec in a firewall gives the following benefits:
● Strong security can be applied to all traffic crossing a firewall if IPSec is implemented on the
firewall.● If IPSec is implemented on the firewall, traffic on the private network does not incur the overhead
of security-related processing.● IPSec in a firewall is resistant to bypassing if all traffic from the untrusted network must use IP and
the firewall is the only access point to the local (trusted) network.● IPSec operates below the transport layer (e.g., TCP) and is thus transparent to applications. There
is no need to change software on a user or server system when IPSec is implemented in the firewall
or router. Even if IPSec is implemented in end systems, application-layer software is not affected.
19.6 ConclusionThis article provides a short overview of VPN and the IPsec protocol, one of the technologies available
for implementing VPNs. IPSec provides a powerful and flexible security framework for secure commu-
nication over the Internet, by means of the following security functions:
● Authentication: Ensures that a packet comes from the claimed source and was not altered in transit.● Confidentiality : Prevents unauthorized disclosure of packet contents as well as the monitoring of
network traffic.● Key management: Establish an infrastructure for the secure management and exchange of crypto-
graphic keys over insecure links.
IPSec provides two modes of operation, transport and tunnel modes, that are implemented by means
of the Authentication Header and Encapsulating Security Payload protocols. The transport mode is gen-
erally used for secure end-to-end communication, while the tunnel mode can be used for host-to-host or
network-to-network communication.
It is important to note that although VPNs are mostly used for the Internet, they are not restricted to this
environment. VPNs can be used over any public network to give secure, private communication.
Furthermore, IPSec can provide robust security services for other popular protocols, such as PPTP or L2TP.
References
[1] Brown, S., Implementing Virtual Private Networks, McGraw-Hill, New York, 1999.[2] Comer, D. and D. Stevens, Internetworking with TCP/IP , Vol. 1: Principle, Protocols and Architectures,
Prentice-Hall, Englewood Cliffs, NJ, 2000.[3] Cheswick, W.R. and S.M. Bellovin, Firewalls & Internet Security: Repelling the Wily Hacker ,
Addison-Wesley, Reading, MA, 1994.[4] Deering, S. and R. Hinden, Internet Protocol, Version 6 (IPv6) Specification, RFC 2460, 1998.
http://www.ietf.org/rfc/rfc2460.txt[5] Frankel, S., Demystifying the IPSec Puzzle, Artech House, Norwood, MA, 2001.[6] Harkins, D. and D. Carrel, The Internet Key Exchange (IKE), RFC 2409, 1998. http://www.ietf.
org/rfc/rfc2409.txt[7] Kent, S. and R. Atkinson, IP Authentication Header, RFC 2402, 1998. http://www.ietf.org/rfc/rfc
2402.txt[8] Markham, T., Internet security protocol, Dr. Dobb’s Journal, pp. 70–77, June 1997.[9] Maughan, D., M. Schertler, M. Schneider, and J. Turner, Internet Security Association and Key
Management Protocol (ISAKMP), RFC 2408, 1998. http://www.ietf.org/rfc/rfc2408.txt[10] Metz, C., The latest in virtual private networks: part 1, IEEE Internet Computing , Vol. 7, no. 1, pp.