Professional Documents
Culture Documents
Ajoy Kumar
Introduction
Network Layer Security is something which has
become the of prime importance in designing
any network system.
We look at the important layers of the network
and try to identify the different Security Patterns
associated with each layer. My work will be
trying to fill the gaps at each layer where security
patterns are missing or not well established.
VPN Security
We first look at the available patterns in
the system.
And as the next step, we try to understand
the VPN architecture and we try to
develop a Security pattern for the VPN
Architecture.
Network Architecture
Security Objects
FireWall
IDS
VPN
Protocol
Application
XML FW
XML IDS
XML VPN
SAML
TCP
Proxy FW
TCP IDS
TLS/SSL VPN
TLS
IP
Packet FW
Packet IDS
IPSec VPN
IPSec
A
U
T
H
E
N
T
I
C
A
T
I
O
N
S
E
C
R
E
C
Y
A
U
T
H
O
R
I
Z
A
T
I
O
N
I
D
E
N
T
I
F
I
C
A
T
I
O
N
1 requestService *
PFFirewall
* requestService1
address
LocalHost
address
1
RuleBase
addRule
deleteRule
modifyRule
reorderRules
* {ordered}
Rule
in/out
ExplicitRule
DefaultRule
VPN Architecture
VPN make use of public network
resources to connect to the private
network of the enterprise. Within the VPN,
the transmission is protected by security
principles to assure confidentiality of the
user(s) and data integrity. So a private
network is established in the public
domain. Since this network exists in a
logical sense, it has been termed as virtual
private network.
Problem
In the company where I work we have a lot of
remote employees who log in from different
parts of the world such as St. Louis, USA or
Israel. These developers log into a machine
in Boca and work virtually from Boca. These
connections are done using an VPN
architecture. We need to develop the most
safe architecture so that the work is done
most efficiently and with the least threats to
security.
Context
Local networks with applications being
executed in distributed systems. Access to
the network can be from the Internet or
from other external networks using a VPN
connection.
Forces
There are many remote users trying to connect to the same network
from different end points. A good VPN system must accommodate
all these users.
There may be different end users that may require different levels of
security. We need to define appropriate policies for each of these
VPN connections.
The company has various employees joining and leaving the
company. Hence the security policies need to be constantly
modified. Hence the VPN configuration should be easily
configurable.
The number of users and applications may increase significantly;
adding more users or applications should be done transparently and
at proper cost.
A VPN set up should avoid access to the corporate network from all
harmful external elements
There are many ways to perform authentication. The VPN must
support the different methods.
Pattern Diagram
VPN
IPSec
TLS
TCP VPN
Authentication
Authentication
PKI
IP VPN
Secrecy
Secure
Channel
XML VPN
Message Authentication
Authorization
RM
Secure Network
VPN Network
Secure Channel
Identity Base
Policy Base
Identity
Policy
:VPN
:EndUserAut
hPT
:IdentityBase
:Policy Base
rqstConn
rqstConn
authenticate
authenticated
checkAcces
s
accessAllowed
openSecConn
Established
Established
:SecureCh
:SecureN/W
Solution
Whenever an end user tries to connect to a
VPN, the network should ask for authorization.
An user can access a network only if a specific
policy authorizes it to do.
Policy enforcing includes authenticating the end
user who is trying to connect to the network.
The VPN Tunnel created should maintain its
confidentiality and data integrity.
Consequences
Advantages
Company can define the policies for VPN end users thus
centralizing the policies and makes the administration better.
Since authorization is used, company can keep a log of end
users connected in the present and in the past.
A secure tunnel guarantees data integrity and secrecy. Usually a
PKI system of encryption is used for sending data over the
tunnel.
As authentication of end users are performed, users can be held
responsible for their actions .
We can also incorporate RBAC based on the role of the end
user.
Usually a Firewall complements a VPN setup..
Consequences (Contd)
Liabilities
If the VPN is compromised, then the attacker gets full
access to the internal network too.
VPN traffic is often invisible to IDS monitoring.If the
IDS probe is outside the VPN server, as is often the
case, then the IDS cannot see the traffic within the
VPN tunnel because it is encrypted. Therefore if a
hacker gains access to the VPN, he can attack the
internal systems without being picked up by the IDS.
Whatever type of VPN we use, VPN is only as secure
as the remote computer connected to it.
Liabilities (Contd)
The pattern does not discuss the attack at the
end points.
VPN Tunnel is only as strong as the
cryptography that enables it.
Known Users
Citrix. Citrix provides a site to site VPN
connection for remote users to log into the
secure network as well as access
applications on the company (secure)
network.
Related Patterns
Patterns for Application Firewalls using
PEP and PAP.
Nelly Delessy-Gassant, Eduardo B.
Fernandez, Saeed Rajput,and Maria M.
Larrondo Petrie
Future Work
Expand on the VPN Pattern and create
separate patterns for IP, SSL and XML
VPNs.
Developing the patterns missing in the
network security diagram shown before.
Thank You
Q&A
Suggestions
Concerns