It Security

SSL SECURITY IN VPN CONNECTIONS Student: F. Rahimov

Prof: F. Klasen

WHY COMPANIES SHOULD USE REMOTE ACCESS ?

Employees and contractors can perform tasks without coming to office• In Emergency situations

•When employee lose his/her relative

•Managers can respond quickly when fast response is required

• It can decrease cost of rent

• Especially in IT business people can work from home easily.

IMPORTANT QUESTION BEFORE IMPLEMENTATION

Who can gain remote access?

Where they can access from?

What can be accessed?

What s the cost of providing such access?

REMOTE ACCESS : HISTORICAL VIEW AND SECURITY ISSUES

Dial Up Connection :

Expensive

Slow

Unsecure

Source : [2]

LEASED LINES:

Expensive

The same Bandwith with DSL

Opportunities is limited- not

really enables remote acces

Source : [2]

SHORT DISCUSSION ABOUT VPN TECHNOLOGIES

IPSEC VPN

L2TP VPN

SSL VPN

HOW HACKERS TRAPPING OUR DATA?

Source : [2]

EXAMPLE CAPTURED PACKET

ONE COMUTER TO THE COMPANY NETWORK

The user will connect to the Internet by Local ISP

and the routed to the Corporate netwok via VPN

Source : [2]

ONE COMUTER TO THE COMPANY NETWORK

The Traffic will route firstly to the VPN device and

then travelling over the Internet will connect

company’s VPN device.

Source : [2]

SSL TECHNOLOGY

Symmetric Cryptography Asymmetric Cryptography

Source : [2]

REVERSE PROXYTECHNOLOGY

Serve an entry point to the organization’s

infrastructure

Drawbacks :

• Cannot encapsulate client/server network

traffic

• Cannot transform many internal applications

over the internet

• Cannot provide secure access to file systems

Source : [2]

SSL REMOTE ACCESS

• Encapsulates client/server network traffic

• Allows both web and non-web application to be available in remote access

• Provide secure access to file systems

• Provide remote access to the devices (printers, e.g)

ACCESSING APPLICATTIONS THAN NOT ON THE WEB

We give internal IP address to the remote device

so, it will be treated as internal machine of

network.

In using Java applets we send some code in order

to activate in users device

Source : [2]

AUTHENTICATION IN SSL

One time passwords

This one time time passwords often can be found as tokens in the sytems

Smart card or usb token systems

In industry many devices can have special smart card and usb tokens to provide higher lever security

AUTHORIZATION IN SSL

Operating system permissions

In operating systems there is restricted areas which only certain users can access

File system permissions

VULNERABLE/SENSITIVE AREAS IN SSL

•Browser cache entries

•Viewing Email attachments

•Autocomplete URL entries

•Cookies and etc.

SOLUTIONS FOR SENSITIVE AREA PROBLEMS Warning the user

Some companies send instructions to delete this information after using vpn connection, but it is problematic because users knowledge is different

Using NOCASCHE Commands

This commands prevents browser to store the data. However, it also can’t solve the problem completely.

Wiping All data after usage

In this case after session is over all date should be eraser by server from user’s computer.

Using protected virtual memory storage for connection

REFERENCE

1. How Virtual Private Networks Work –URL : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094865.shtml#what_makes

2. SSL VPN : Understanding, evaluating and planning secure, web-based remote access , Tim Speed ,2005

3. http://en.wikipedia.org/wiki/Leased_line