presentation slides
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

presentation slides

on

  • 1,031 views

 

Statistics

Views

Total Views
1,031
Views on SlideShare
1,031
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • this good for best practice
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

presentation slides Presentation Transcript

  • 1. VPN Termination Interoperation with Firewalls and IDS Seminar Advanced Communication Services João Machado
  • 2. Summary
    • I Introduction
    • II VPN technologies
    • III Firewall technologies
    • IV VPN/Firewall interaction
    • V Conclusions
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 3. Firewall is a constant trade between security and functionality VPN is a secure functionality that reduces the overall security of the system VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 4. Services that may require VPN access
    • VPN remote access
    • Interconnection of remote branches
    • Voip
    • Secure connections with remote servers
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 5. Scope of this presentation
    • VPN Technologies
    • IPSec
    • SSL/TLS
    • Firewall Technologies
    • Network layer firewalls
    • Application-layer firewalls
    • Application firewall
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 6. VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 7. II VPN technologies
    • IPSec
      • is a standard for securing Internet Protocol (IP) communications by encrypting and/or authenticating all IP packets
      • IPsec provides security at the network layer
      • it can be used for protecting both TCP and UDP-based protocols
      • It provides as Security capabilities:
        • Encrypting traffic
        • Integrity validation
        • Authenticating the Peers
        • Anti-Replay
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 8. II VPN technologies
    • SSL/TLS
      • SSL runs on layers beneath application protocols and above the TCP or UDP transport protocol.
      • SSL can be used to tunnel an entire network stack to create a VPN, using TUN and TAP.
      • TUN and TAP are virtual network kernel drivers — they simulate network devices using software
      • TUN simulates a point-to-point network device, while TAP simulates an Ethernet device.
      • Although it is often called a "SSL VPN" by VPN vendors, it is not really a fully-fledged VPN.
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 9. III Firewall technologies
    • Network layer firewalls
      • work as a packet filter by deciding what packets will pass the firewall according to rules defined.
      • Filtering rules can act on the basis of source and destination address and on ports, in addition to whatever higher-level network protocols the packet contains.
      • operate very fast, and transparently to users.
      • can be either stateful or non-stateful
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 10. III Firewall technologies
    • Application layer firewall
      • Generally it is a host using various forms of proxy servers
      • it may inspect the contents of the traffic, blocking what the firewall administrator views as inappropriate content
      • An application layer firewall does not route traffic on the network layer.
      • All traffic stops at the firewall which may initiate its own connections if the traffic satisfies the rules.
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 11. III Firewall technologies
    • Application firewall
      • limits the access which software applications have to the operating system services
      • Can control outbound as inbound access based on the applications currently allowed
      • Can be easly turned of by any malicious application that has control of the operating system
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 12. III Firewall technologies
    • NAT/PAT
      • Hosts behind a NAT-enabled middleware do not have true end-to-end connectivity
      • Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted
      • NAT, involves re-writing the source and/or destination addresses of IP packets
      • PAT allows one single IP address to be used for multiple inside hosts.
      • Both the source and destination for every IP packet contain an IP address and a port, the port tells the receiving midleware, how to process the packet.
    VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 13. VPN Termination interoperation with Firewalls and IDS 20.07.2006
  • 14. V Conclusions
    • In every technology problem, there are no ideal solutions.
    • For each particular situation, there’s an optimal approach that when carefully deployed reaches a comfortable behavior.
    VPN Termination interoperation with Firewalls and IDS 20.07.2006