SSL SECURITY IN VPN CONNECTIONS Student: F. Rahimov Prof: F. Klasen
Jun 17, 2015
SSL SECURITY IN VPN CONNECTIONS Student: F. Rahimov
Prof: F. Klasen
WHY COMPANIES SHOULD USE REMOTE ACCESS ?
Employees and contractors can perform tasks without coming to office• In Emergency situations
•When employee lose his/her relative
•Managers can respond quickly when fast response is required
• It can decrease cost of rent
• Especially in IT business people can work from home easily.
IMPORTANT QUESTION BEFORE IMPLEMENTATION
Who can gain remote access?
Where they can access from?
What can be accessed?
What s the cost of providing such access?
REMOTE ACCESS : HISTORICAL VIEW AND SECURITY ISSUES
Dial Up Connection :
Expensive
Slow
Unsecure
Source : [2]
LEASED LINES:
Expensive
The same Bandwith with DSL
Opportunities is limited- not
really enables remote acces
Source : [2]
SHORT DISCUSSION ABOUT VPN TECHNOLOGIES
IPSEC VPN
L2TP VPN
SSL VPN
HOW HACKERS TRAPPING OUR DATA?
Source : [2]
EXAMPLE CAPTURED PACKET
ONE COMUTER TO THE COMPANY NETWORK
The user will connect to the Internet by Local ISP
and the routed to the Corporate netwok via VPN
Source : [2]
ONE COMUTER TO THE COMPANY NETWORK
The Traffic will route firstly to the VPN device and
then travelling over the Internet will connect
company’s VPN device.
Source : [2]
SSL TECHNOLOGY
Symmetric Cryptography Asymmetric Cryptography
Source : [2]
REVERSE PROXYTECHNOLOGY
Serve an entry point to the organization’s
infrastructure
Drawbacks :
• Cannot encapsulate client/server network
traffic
• Cannot transform many internal applications
over the internet
• Cannot provide secure access to file systems
Source : [2]
SSL REMOTE ACCESS
• Encapsulates client/server network traffic
• Allows both web and non-web application to be available in remote access
• Provide secure access to file systems
• Provide remote access to the devices (printers, e.g)
ACCESSING APPLICATTIONS THAN NOT ON THE WEB
We give internal IP address to the remote device
so, it will be treated as internal machine of
network.
In using Java applets we send some code in order
to activate in users device
Source : [2]
AUTHENTICATION IN SSL
One time passwords
This one time time passwords often can be found as tokens in the sytems
Smart card or usb token systems
In industry many devices can have special smart card and usb tokens to provide higher lever security
AUTHORIZATION IN SSL
Operating system permissions
In operating systems there is restricted areas which only certain users can access
File system permissions
VULNERABLE/SENSITIVE AREAS IN SSL
•Browser cache entries
•Viewing Email attachments
•Autocomplete URL entries
•Cookies and etc.
SOLUTIONS FOR SENSITIVE AREA PROBLEMS Warning the user
Some companies send instructions to delete this information after using vpn connection, but it is problematic because users knowledge is different
Using NOCASCHE Commands
This commands prevents browser to store the data. However, it also can’t solve the problem completely.
Wiping All data after usage
In this case after session is over all date should be eraser by server from user’s computer.
Using protected virtual memory storage for connection
REFERENCE
1. How Virtual Private Networks Work –URL : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094865.shtml#what_makes
2. SSL VPN : Understanding, evaluating and planning secure, web-based remote access , Tim Speed ,2005
3. http://en.wikipedia.org/wiki/Leased_line