SlideShare a Scribd company logo

Cn36539543

IJERA Editor
IJERA Editor

International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.

Technology
1 of 5
Download to read offline
Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 RESEARCH ARTICLE www.ijera.com OPEN ACCESS Security in Virtual Private Networks Sridevi, Dr.Manjaiah.D.H Assistant Professor,Department of Computer Science,Karnatak University,Dharwad Professor,Department of Computer Science,Mangalore University,Mangalore Abstract There is an increasing demand nowadays to connect to internal networks from distant locations. Employees often need to connect to internal private networks over the Internet (which is by nature insecure) from home, hotels, airports or from other external networks. Security becomes a major consideration when staff or business partners have constant access to internal networks from insecure external locations. VPN (Virtual Private Network) technology provides a way of protecting information being transmitted over the Internet, by allowing users to establish a virtual private "tunnel" to securely enter an internal network, accessing resources, data and communications via an insecure network such as the Internet. This research paper provides a general overview of VPN and core VPN technologies. Discuss the potential security risks as well as the security considerations that need to be taken into account when implementing a virtual private network. Keywords: VPN, IPSec, Authenticatio header, PPTP, L2TP I. Introduction VPN uses encryption to provide data confidentiality. Once connected, the VPN makes use of the tunnelling mechanism described above to encapsulate encrypted data into a secure tunnel, with openly read headers that can cross a public network. Packets passed over a public network in this way are unreadable without proper decryption keys, thus ensuring that data is not disclosed or changed in any way during transmission.VPN can also provide a data integrity check. This is typically performed using a message digest to ensure that the data has not been tampered with during transmission.By default, VPN does not provide or enforce strong user authentication. Users can enter a simple username and password to gain access to an internal private network from home or via other insecure networks. Nevertheless, VPN does support add-on authentication mechanisms, such as smart cards, tokens and RADIUS. II. VPN Deveployment VPN is mainly employed by organisations and enterprises in the following ways: 1. Remote access VPN: This is a user-to-network connection for the home, or from a mobile user wishing to connect to a corporate private network from a remote location. This kind of VPN permits secure, encrypted connections between a corporate private network and remote users. 2. Intranet VPN: Here, a VPN is used to make connections among fixed locations such as branch offices. This kind of LAN-to-LAN VPN connection joins multiple remote locations into a single private network. www.ijera.com 3. 4. Extranet VPN: This is where a VPN is used to connect business partners, such as suppliers and customers, together so as to allow various parties to work with secure data in a shared environment. WAN replacement: Where VPN offers an alternative to WANs (Wide Area Networks). Maintaining a WAN can become expensive, especially when networks are geographically dispersed. VPN often requires less cost and administration overhead, and offers greater scalability than traditional private networks using leased lines. However, network reliability and performance might be a problem, in particular when data and connections are tunnelled through the Internet. III. Common VPN tunneling technologies 3.1 IPSEC (Internet Protocol Security) IPsec was developed by IETF (the Internet Engineering Task Force) for secure transfer of information at the OSI layer three across a public unprotected IP network, such as the Internet. IPsec enables a system to select and negotiate the required security protocols, algorithm(s) and secret keys to be used for the services requested. IPsec provides basic authentication, data integrity and encryption services to protect unauthorised viewing and modification of data. It makes use of two security protocols, AH (Authentication header) and ESP (Encapsulated Security Payload), for required services. However, IPsec is limited to only sending IP packets. IPsec makes use of the AH and ESP protocols to provide security services: 1. AH (Authentication Header) protocol provides source authentication, and integrity of IP packets, but it does not have encryption. An AH header added to 539 | P a g e
Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 the IP packet contains a hash of the data, a sequence number etc., and information that can be used to verify the sender, ensure data integrity and prevent replay attacks. 2. ESP (Encapsulated Security Payload) protocol provides data confidentiality, in addition to source authentication and integrity. ESP uses symmetric encryption algorithms, such as 3DES, to provide data privacy. The algorithm needs to be the same on both communicating peers. ESP can also support encryption-only or authentication-only configurations. However, research in 2007 showed that any RFC-compliant implementations of IPsec that make use of encryption-only ESP can be broken. 3.2 Modes of Operation Each security protocol supports two modes of operation: a tunnel mode and a transport mode. Tunnel mode encrypts and/or authenticates the header and the data of each packet while transport mode only encrypts and/or authenticates the data itself. 1. Tunnel mode (end-to-end) Here the entire packet is protected. The original IP packet, with original destination address, is inserted into a new IP packet and the AH and ESP are applied to the new packet. The new IP header points to the end point of the tunnel. Upon receipt of the packet, the tunnel end point will decrypt the content and the original packet is further routed to its final destination in the target network. 2. Transport mode (host-to-host) Here the AH and ESP headers are applied to the data of the original IP packet. The mode encrypts and / or authenticates the data but not the IP header. The overhead added is less than that required in tunnel mode. However, the final destination and source www.ijera.com www.ijera.com addresses could be sniffed. Attackers can perform traffic analysis based on header information in this type of header. It is generally only used for host-tohost connections. 3.3 Key Exchange and Management IPsec supports two types of key management over the Internet: automated and manual. 1. Automated Key Management IKE (Internet Key Exchange) is the default protocol used in IPsec to determine and negotiate protocols, algorithms and keys, and to authenticatethe two parties. It is useful for widespread, scalable deployments and implementations of VPN. The IKEv2 protocol was released in 2005. It preserves most of the functionalities of IKEv1 protocol, but also supports the Network Address Translation (NAT) traversal and provides more flexibility. IKE also supports the use of digital certificates. Users authenticate by first signing the data with their digital signature key. The other endpoint will then verify the signature. IKE creates an authenticated, secure tunnel between two entities, then negotiates a security association (SA) between the two entities, and exchanges key(s). SA is a set of parameters used by negotiating peers to define the services and mechanisms for protecting traffic. These parameters include algorithm identifiers, modes, keys, and so on. IKE also keeps track of the keys and updates them between communicating peers. IKE uses protocols like ISAKMP (The Internet Security Association and Key Management Protocol) and Oakley to define procedures for key generation, creation and management of SA and authentication. There are several authentication methods that an IPsec VPN gateway works with IKE for remote user authentication1, including hybrid authentication, eXtended authentication (Xauth), challenge/response authentication for cryptographic keys (CRACK), and digital certificates. This allows additional third-party authentication services to be used to strengthen the access control process. 2. Manual key management Secret keys and security associations are manually configured in both VPN communicating peers before a connection starts. Only the sender and recipient know the secret key for the security services at hand. If the authentication data is valid, the recipient knows that the communication came from the sender and it was 540 | P a g e
Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 not modified. This approach is easy to use in small, static environments, but it does not scale well. All keys should be distributed to communicating peers securely beforehand. If the keys are compromised, another person could pose as the user and make a connection into the VPN. 3.4 PPTP (Point-To-Point Tunneling Protocol) PPTP (Point-to-Point Tunnelling Protocol) is an OSI layer two protocols built on top of the PPP (Point-topoint protocol). PPP is a multi-protocol, dial-up protocol used to connect to the Internet. Remote users can access a private network via PPTP by first dialling into their local ISP. PPTP connects to the target network by creating a virtual network for each remote client. PPTP allows a PPP session, with nonTCP/IP protocols (e.g. IP, IPX or NetBEUI), to be tunnelled through an IP network. PPTP is documented in RFC 2637 as an informational draft. The same authentication mechanism used for PPP connections is supported in a PPTP-based VPN connection. These include EAP (Extensible Authentication Protocol, MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol), CHAP, SPAP (Shiva Password Authentication Protocol), and PAP (Password Authentication Protocol). For encryption, PPP data can be optionally encrypted using MPPE (Microsoft Point-to-Point Encryption) which is based on the RSA RC4 (40/56/128 bit) standard for link encryption. PPTP data tunnelling is accomplished through multiple levels of encapsulation. PPTP encapsulates PPP frames as tunnelled data for transmission over an IP network, such as the Internet or a private intranet, using a modified version of GRE (Generic Routing Encapsulation). GRE provides a flow and congestion controlled encapsulated service for carrying PPP packets. The data in the encapsulated PPP frames can be encrypted (and/or compressed). The resulting GREand-PPP-encapsulated data is then encapsulated with an IP header containing the appropriate source and destination IP addresses for the PPTP client and PPTP server. Upon receipt of the PPTP tunnelled data, the PPTP server processes and removes the IP, GRE and PPP headers, then decrypts (and/or decompresses) the PPP data. 3.5 L2TP (Layer 2 Tunneling Protocol) L2TP is a combination of Microsoft PPTP and Cisco L2F (Layer 2 Forwarding). L2TP can be used as a tunnelling protocol to encapsulate PPP (Point-to-Point Protocol) frames to be sent over IP, www.ijera.com www.ijera.com X.25, Frame Relay or ATM networks. Multiple connections are allowed through one tunnel. Like PPTP and L2F, L2TP operates on OSI layer two. Layer two VPN protocols encapsulate data in PPP frames and are capable of transmitting non-IP protocols over an IP network. L2TP is documented in RFC 3931 as standards track. L2TP connections use the same authentication mechanisms as PPP connections, such as EAP, CHAP, MS-CHAP, PAP and SPAP. L2TP tunnelling is accomplished through multiple levels of encapsulation. The PPP data is encapsulated within a PPP header and an L2TP header. The L2TP encapsulated packet is further wrapped in a UDP header with the source and destination ports set to 1701. The final packet is encapsulated with an IP header containing the source and destination IP addresses of the VPN client and VPN server. Due to the lack of confidentiality provided by L2TP, it is often used in conjunction with IPsec and referred to as L2TP/IPsec. When L2TP is running over IPsec, security services are provided by IPsec, AH and ESP. All L2TP controls and data appear as homogeneous IP data packets to the IPsec system. SSL / TLS SSL / TLS is a transport-layer protocol that use TCP port 443. SSL protocol is defined by the IETF and there are no versions of SSL beyond version 3.1. TLS 1.0 and TLS 1.1 are two standardised versions of TLS, and TLS 1.0 is the same as SSL 3.1. There are a number of cryptographic features provided by SSL / TLS and these include confidentiality, integrity, and digital signatures. Unlike IPsec, in which the two communicating parties agree to cryptographic functions, SSL / TLS uses cipher suites to define the set of cryptographic functions for a client and server to use when communicating. An SSL VPN gateway can authenticate itself to the Web user using a SSL server certificate signed by a trusted CA (Certification Authority), in order that the user can verify that he / she is talking to a trusted server via their browser. In practice, some SSL VPNs may use a self-signed digital certificate that is not normally trusted in most web browsers. In this case, the user might need to add the SSL VPN's server certificate to the user's own list of trusted certificates, or accept 'yes' to trust the certificate. 541 | P a g e
Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 IV. Risks and limitations of VPN 4.1 Hacking attacks A client machine may become a target of attack, or a staging point for an attack, from within the connecting network. An intruder could exploit bugs or mis-configuration in a client machine, or use other types of hacking tools to launch an attack. These can include VPN hijacking or man-in-themiddle attacks: 1. VPN hijacking is the unauthorised take-over of an established VPN connection from a remote client, and impersonating that client on the connecting network. 2. Man-in-the-middle attacks affect traffic being sent between communicating parties, and can include interception, insertion, deletion, and modification of messages, reflecting messages back at the sender, replaying old messages and redirecting messages. 4.2 User authentication By default VPN does not provide / enforce strong user authentication. A VPN connection should only be established by an authenticated user. If the authentication is not strong enough to restrict unauthorised access, an unauthorised party could access the connected network and its resources. Most VPN implementations provide limited authentication methods. For example, PAP, used in PPTP, transports both user name and password in clear text. A third party could capture this information and use it to gain subsequent access to the network. 4.3 Client side risks The VPN client machines of, say, home users may be connected to the Internet via a standard broadband connection while at the same time holding a VPN connection to a private network, using split tunnelling. This may pose a risk to the private network being connected to. A client machine may also be shared with other parties who are not fully aware of the security implications. In addition, a laptop used by a mobile user may be connected to the Internet, a wireless LAN at a hotel, airport or on other foreign networks. However, the security protection in most of these public connection points is inadequate for VPN access. If the VPN client machine is compromised, either before or during the connection, this poses a risk to the connecting network. 4.4 Virus / Malware infections A connecting network can be compromised if the client side is infected with a virus. If a virus or spyware infects a client machine, there is chance that the password for the VPN connection might be leaked to an attacker. In the case of an intranet or extranet VPN connection, if one network is infected by a virus or worm, that virus / worm can be spread www.ijera.com www.ijera.com quickly to other networks if anti-virus protection systems are ineffective. 4.5 Incorrect network access rights Some client and/or connecting networks may have been granted more access rights than is actually needed. 4.6 Interoperability Interoperability is also a concern. For example, IPsec compliant software from two different vendors may not always be able to work together. V. Security considerations The following is general security advice for VPN deployment: 1. VPN connections can be strengthened by the use of firewalls. 2. An IDS / IPS (Intrusion Detection / Prevention System) is recommended in order to monitor attacks more effectively. 3. Anti-virus software should be installed on remote clients and network servers to prevent the spread of any virus / worm if either end is infected. 4. Unsecured or unmanaged systems with simple or no authentication should not be allowed to make VPN connections to the internal network. 5. Logging and auditing functions should be provided to record network connections, especially any unauthorised attempts at access. The log should be reviewed regularly. 6. Training should be given to network/security administrators and supporting staff, as well as to remote users, to ensure that they follow security best practices and policies during the implementation and ongoing use of the VPN. 7. Security policies and guidelines on the appropriate use of VPN and network support should be distributed to responsible parties to control and govern their use of the VPN. 8. Placing the VPN entry point in a Demilitarised Zone (DMZ) is recommended in order to protect the internal network. 9. It is advisable not to use split tunnelling to access the Internet or any other insecure network simultaneously during a VPN connection. If split tunnelling is used, a firewall and IDS should be used to detect and prevent any potential attack coming from insecure networks. 10. Unnecessary access to internal networks should be restricted and controlled VI . Extranet VPN security considerations The following are additional security considerations for extranet VPN deployment: 1. Strong user authentication mechanisms should be enforced. 542 | P a g e
Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 2. The VPN entry point should be placed inside a DMZ to prevent partners from accessing the internal network. 3. Access rights should be granted on an as-needed basis. Only necessary resources should be available to external partners. Owners of these resources should review access permissions regularly. 6.1 Client side VPN security considerations The following are general security considerations for VPN users: 1. Strong authentication is required when users are connecting dynamically from disparate, untrusted networks, for example: a) By means of certificates and/or smart cards, or tokens: A smart card is used to store a user profile, encryption keys and algorithms. A PIN number is usually required to invoke the smart card. A token card provides a one-time password. When the user authenticates correctly on the token by entering the correct PIN number, the card will display a one-time passcode that will allow access to the network. b) By means of add-on authentication system, like TACACS+, RADIUS. This kind of central authentication system contains a profile of all VPN users, controlling the access to the private network. 2. Personal firewalls should be installed and configured properly on client VPN machines to block unauthorised access to the client, ensuring it is safe from attack. Many of the more recent remote access VPN clients include personal firewalls. Some may also include other configuration checks, such as the client not being able to connect to the network if anti-virus software is not running, or if virus signatures are out of date. 3. The client machine should have anti-virus software installed, with up-to-date signatures, to detect and prevent virus infections. 4. The user should remain aware of the physical security of the machine, in particular when authentication information is stored on the machine. 5. All users should be educated on good Internet security practices. Access from home should be considered an insecure channel, as traffic is routed over the Internet. www.ijera.com 4.Strong default security for all administration / maintenance ports. 5. Digital certificate support, such as using certificates for site to site authentication. 6. Address management support, such as the capability to assign a client address on the private network and ensuring all addresses are kept private. VII. CONCLUSION VPN provides a means of accessing a secure, private, internal network over insecure public networks such as the Internet. A number of VPN technologies have been outlined, among which IPsec and SSL VPN are the most common. Although a secure communication channel can be opened and tunneled through an insecure network via VPN, client side security should not be overlooked. References [1] [2] [3] [4] [5] L. Fazal, S. Ganu, M. Kappes, A.S.Krishnakumar, P. Krishnah (2004). “Tackling Security Vulnerabilities in VPNbased Wireless Deployments”, 2004 IEEE International Conference on Volume 1, Page(s):100 - 104 Vol.1 W. Qu, S. Srinivas (2002). “IPSec-based secure wireless virtual private network”, MILCOM 2002 on Volume 2, Page(s):1107 - 1112 vol.2 K. Guo, S. Mukherjee, S. Paul, S. Rangarajan (2004). “Optimal customer provisioning in network-based mobile VPNs Mobile and Ubiquitous Systems”, MOBIQUITOUS 2004, Page(s):95 – 104 Ruixi Yuan and W. Timothy Strayer 2003. Virtual Private Networks: Technologies and Solutions. Beijing. China Electric Power Press. 32,55-58. Sirrix AG security technologies. Sirrix. TrustedVPN data sheet, February 2010 6.3 Common security features in VPN products The following are security features to look for when choosing a VPN product: 1. Support for strong authentication, e.g. TACACS+, RADIUS, smart cards / tokens. 2. Industry-proven strong encryption algorithms, with long key strength support to protect data confidentiality during transmission. 3. Support for anti-virus software, and intrusion detection / prevention features. www.ijera.com 543 | P a g e

Recommended

A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKA NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKijmnct
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET Journal
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemUniversitas Pembangunan Panca Budi
 
Working Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security PayloadWorking Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security Payloadijtsrd
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
 
woot15-paper-novella
woot15-paper-novellawoot15-paper-novella
woot15-paper-novellaEduardo Novella
 
Cns unit4
Cns unit4Cns unit4
Cns unit4PRADEEPJ30
 
M dgx mde0mdm=
M dgx mde0mdm=M dgx mde0mdm=
M dgx mde0mdm=International Journal of Science and Research (IJSR)
 

Recommended

A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKA NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORK
A NEW COMMUNICATION PLATFORM FOR DATA TRANSMISSION IN VIRTUAL PRIVATE NETWORKijmnct
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET Journal
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemUniversitas Pembangunan Panca Budi
 
Working Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security PayloadWorking Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security Payloadijtsrd
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
 
woot15-paper-novella
woot15-paper-novellawoot15-paper-novella
woot15-paper-novellaEduardo Novella
 
Cns unit4
Cns unit4Cns unit4
Cns unit4PRADEEPJ30
 
M dgx mde0mdm=
M dgx mde0mdm=M dgx mde0mdm=
M dgx mde0mdm=International Journal of Science and Research (IJSR)
 
Network security
Network securityNetwork security
Network securitySidiq Dwi Laksana
 
Wireless security
Wireless securityWireless security
Wireless securityparipec
 
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...IRJET- Cryptography Encryption and Decryption File Protection based on Mo...
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...IRJET Journal
 
International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)CSCJournals
 
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTING
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTINGKEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTING
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTINGecij
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksDefCamp
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpnHarshika Rana
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprisesshrutisreddy
 
Y36146148
Y36146148Y36146148
Y36146148IJERA Editor
 
COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3Soon Zoo Kwon
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajendra Dangwal
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...EditorJST
 
Types of VPN
Types of VPNTypes of VPN
Types of VPNNetProtocol Xpert
 
Dk36667674
Dk36667674Dk36667674
Dk36667674IJERA Editor
 
Am36234239
Am36234239Am36234239
Am36234239IJERA Editor
 
Kz3518871893
Kz3518871893Kz3518871893
Kz3518871893IJERA Editor
 
Bl36378381
Bl36378381Bl36378381
Bl36378381IJERA Editor
 

More Related Content

What's hot

Wireless security
Wireless securityWireless security
Wireless securityparipec
 
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...IRJET- Cryptography Encryption and Decryption File Protection based on Mo...
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...IRJET Journal
 
International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)CSCJournals
 
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTING
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTINGKEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTING
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTINGecij
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksDefCamp
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprisesshrutisreddy
 
COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3Soon Zoo Kwon
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...EditorJST
 

What's hot (18)

Network security
Network securityNetwork security
Network security
 
Wireless security
Wireless securityWireless security
Wireless security
 
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...IRJET- Cryptography Encryption and Decryption File Protection based on Mo...
IRJET- Cryptography Encryption and Decryption File Protection based on Mo...
 
International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)
 
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTING
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTINGKEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTING
KEY GENERATION FRAMEWORK FOR MULTIPLE WIRELESS DEVICES USING MULTIPATH ROUTING
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile Networks
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprises
 
Y36146148
Y36146148Y36146148
Y36146148
 
COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...2.espk external agent authentication and session key establishment using publ...
2.espk external agent authentication and session key establishment using publ...
 
Types of VPN
Types of VPNTypes of VPN
Types of VPN
 

Viewers also liked

Viewers also liked (20)

Dk36667674
Dk36667674Dk36667674
Dk36667674
 
Am36234239
Am36234239Am36234239
Am36234239
 
Kz3518871893
Kz3518871893Kz3518871893
Kz3518871893
 
Bl36378381
Bl36378381Bl36378381
Bl36378381
 
Bu36433437
Bu36433437Bu36433437
Bu36433437
 
Cf36490495
Cf36490495Cf36490495
Cf36490495
 
Cp36547553
Cp36547553Cp36547553
Cp36547553
 
Bz36459463
Bz36459463Bz36459463
Bz36459463
 
Bk36372377
Bk36372377Bk36372377
Bk36372377
 
Bn36386389
Bn36386389Bn36386389
Bn36386389
 
Bt36430432
Bt36430432Bt36430432
Bt36430432
 
By36454458
By36454458By36454458
By36454458
 
Ck36515520
Ck36515520Ck36515520
Ck36515520
 
Bw36444448
Bw36444448Bw36444448
Bw36444448
 
Cq36554559
Cq36554559Cq36554559
Cq36554559
 
Bp36398403
Bp36398403Bp36398403
Bp36398403
 
Ci36507510
Ci36507510Ci36507510
Ci36507510
 
Bo36390397
Bo36390397Bo36390397
Bo36390397
 
Bf36342346
Bf36342346Bf36342346
Bf36342346
 
Bi36358362
Bi36358362Bi36358362
Bi36358362
 

Similar to Cn36539543

IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdfssusera1b6c7
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
Cryptographic tunneling
Cryptographic tunnelingCryptographic tunneling
Cryptographic tunnelingKevin Ndemo
 
Ijarcet vol-2-issue-4-1322-1329
Ijarcet vol-2-issue-4-1322-1329Ijarcet vol-2-issue-4-1322-1329
Ijarcet vol-2-issue-4-1322-1329Editor IJARCET
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)IAESIJEECS
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)IAESIJEECS
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET Journal
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
A secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creationA secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creationJPINFOTECH JAYAPRAKASH
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
 

Similar to Cn36539543 (20)

IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdf
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
Cryptographic tunneling
Cryptographic tunnelingCryptographic tunneling
Cryptographic tunneling
 
Cns unit4
Cns unit4Cns unit4
Cns unit4
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptx
 
L4 vpn
L4 vpnL4 vpn
L4 vpn
 
Ijarcet vol-2-issue-4-1322-1329
Ijarcet vol-2-issue-4-1322-1329Ijarcet vol-2-issue-4-1322-1329
Ijarcet vol-2-issue-4-1322-1329
 
Virtual private networks
Virtual private networks Virtual private networks
Virtual private networks
 
Katuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfKatuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdf
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)
 
V P N
V P NV P N
V P N
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
 
Ip sec
Ip secIp sec
Ip sec
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
A secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creationA secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creation
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

Cn36539543

  • 1. Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 RESEARCH ARTICLE www.ijera.com OPEN ACCESS Security in Virtual Private Networks Sridevi, Dr.Manjaiah.D.H Assistant Professor,Department of Computer Science,Karnatak University,Dharwad Professor,Department of Computer Science,Mangalore University,Mangalore Abstract There is an increasing demand nowadays to connect to internal networks from distant locations. Employees often need to connect to internal private networks over the Internet (which is by nature insecure) from home, hotels, airports or from other external networks. Security becomes a major consideration when staff or business partners have constant access to internal networks from insecure external locations. VPN (Virtual Private Network) technology provides a way of protecting information being transmitted over the Internet, by allowing users to establish a virtual private "tunnel" to securely enter an internal network, accessing resources, data and communications via an insecure network such as the Internet. This research paper provides a general overview of VPN and core VPN technologies. Discuss the potential security risks as well as the security considerations that need to be taken into account when implementing a virtual private network. Keywords: VPN, IPSec, Authenticatio header, PPTP, L2TP I. Introduction VPN uses encryption to provide data confidentiality. Once connected, the VPN makes use of the tunnelling mechanism described above to encapsulate encrypted data into a secure tunnel, with openly read headers that can cross a public network. Packets passed over a public network in this way are unreadable without proper decryption keys, thus ensuring that data is not disclosed or changed in any way during transmission.VPN can also provide a data integrity check. This is typically performed using a message digest to ensure that the data has not been tampered with during transmission.By default, VPN does not provide or enforce strong user authentication. Users can enter a simple username and password to gain access to an internal private network from home or via other insecure networks. Nevertheless, VPN does support add-on authentication mechanisms, such as smart cards, tokens and RADIUS. II. VPN Deveployment VPN is mainly employed by organisations and enterprises in the following ways: 1. Remote access VPN: This is a user-to-network connection for the home, or from a mobile user wishing to connect to a corporate private network from a remote location. This kind of VPN permits secure, encrypted connections between a corporate private network and remote users. 2. Intranet VPN: Here, a VPN is used to make connections among fixed locations such as branch offices. This kind of LAN-to-LAN VPN connection joins multiple remote locations into a single private network. www.ijera.com 3. 4. Extranet VPN: This is where a VPN is used to connect business partners, such as suppliers and customers, together so as to allow various parties to work with secure data in a shared environment. WAN replacement: Where VPN offers an alternative to WANs (Wide Area Networks). Maintaining a WAN can become expensive, especially when networks are geographically dispersed. VPN often requires less cost and administration overhead, and offers greater scalability than traditional private networks using leased lines. However, network reliability and performance might be a problem, in particular when data and connections are tunnelled through the Internet. III. Common VPN tunneling technologies 3.1 IPSEC (Internet Protocol Security) IPsec was developed by IETF (the Internet Engineering Task Force) for secure transfer of information at the OSI layer three across a public unprotected IP network, such as the Internet. IPsec enables a system to select and negotiate the required security protocols, algorithm(s) and secret keys to be used for the services requested. IPsec provides basic authentication, data integrity and encryption services to protect unauthorised viewing and modification of data. It makes use of two security protocols, AH (Authentication header) and ESP (Encapsulated Security Payload), for required services. However, IPsec is limited to only sending IP packets. IPsec makes use of the AH and ESP protocols to provide security services: 1. AH (Authentication Header) protocol provides source authentication, and integrity of IP packets, but it does not have encryption. An AH header added to 539 | P a g e
  • 2. Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 the IP packet contains a hash of the data, a sequence number etc., and information that can be used to verify the sender, ensure data integrity and prevent replay attacks. 2. ESP (Encapsulated Security Payload) protocol provides data confidentiality, in addition to source authentication and integrity. ESP uses symmetric encryption algorithms, such as 3DES, to provide data privacy. The algorithm needs to be the same on both communicating peers. ESP can also support encryption-only or authentication-only configurations. However, research in 2007 showed that any RFC-compliant implementations of IPsec that make use of encryption-only ESP can be broken. 3.2 Modes of Operation Each security protocol supports two modes of operation: a tunnel mode and a transport mode. Tunnel mode encrypts and/or authenticates the header and the data of each packet while transport mode only encrypts and/or authenticates the data itself. 1. Tunnel mode (end-to-end) Here the entire packet is protected. The original IP packet, with original destination address, is inserted into a new IP packet and the AH and ESP are applied to the new packet. The new IP header points to the end point of the tunnel. Upon receipt of the packet, the tunnel end point will decrypt the content and the original packet is further routed to its final destination in the target network. 2. Transport mode (host-to-host) Here the AH and ESP headers are applied to the data of the original IP packet. The mode encrypts and / or authenticates the data but not the IP header. The overhead added is less than that required in tunnel mode. However, the final destination and source www.ijera.com www.ijera.com addresses could be sniffed. Attackers can perform traffic analysis based on header information in this type of header. It is generally only used for host-tohost connections. 3.3 Key Exchange and Management IPsec supports two types of key management over the Internet: automated and manual. 1. Automated Key Management IKE (Internet Key Exchange) is the default protocol used in IPsec to determine and negotiate protocols, algorithms and keys, and to authenticatethe two parties. It is useful for widespread, scalable deployments and implementations of VPN. The IKEv2 protocol was released in 2005. It preserves most of the functionalities of IKEv1 protocol, but also supports the Network Address Translation (NAT) traversal and provides more flexibility. IKE also supports the use of digital certificates. Users authenticate by first signing the data with their digital signature key. The other endpoint will then verify the signature. IKE creates an authenticated, secure tunnel between two entities, then negotiates a security association (SA) between the two entities, and exchanges key(s). SA is a set of parameters used by negotiating peers to define the services and mechanisms for protecting traffic. These parameters include algorithm identifiers, modes, keys, and so on. IKE also keeps track of the keys and updates them between communicating peers. IKE uses protocols like ISAKMP (The Internet Security Association and Key Management Protocol) and Oakley to define procedures for key generation, creation and management of SA and authentication. There are several authentication methods that an IPsec VPN gateway works with IKE for remote user authentication1, including hybrid authentication, eXtended authentication (Xauth), challenge/response authentication for cryptographic keys (CRACK), and digital certificates. This allows additional third-party authentication services to be used to strengthen the access control process. 2. Manual key management Secret keys and security associations are manually configured in both VPN communicating peers before a connection starts. Only the sender and recipient know the secret key for the security services at hand. If the authentication data is valid, the recipient knows that the communication came from the sender and it was 540 | P a g e
  • 3. Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 not modified. This approach is easy to use in small, static environments, but it does not scale well. All keys should be distributed to communicating peers securely beforehand. If the keys are compromised, another person could pose as the user and make a connection into the VPN. 3.4 PPTP (Point-To-Point Tunneling Protocol) PPTP (Point-to-Point Tunnelling Protocol) is an OSI layer two protocols built on top of the PPP (Point-topoint protocol). PPP is a multi-protocol, dial-up protocol used to connect to the Internet. Remote users can access a private network via PPTP by first dialling into their local ISP. PPTP connects to the target network by creating a virtual network for each remote client. PPTP allows a PPP session, with nonTCP/IP protocols (e.g. IP, IPX or NetBEUI), to be tunnelled through an IP network. PPTP is documented in RFC 2637 as an informational draft. The same authentication mechanism used for PPP connections is supported in a PPTP-based VPN connection. These include EAP (Extensible Authentication Protocol, MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol), CHAP, SPAP (Shiva Password Authentication Protocol), and PAP (Password Authentication Protocol). For encryption, PPP data can be optionally encrypted using MPPE (Microsoft Point-to-Point Encryption) which is based on the RSA RC4 (40/56/128 bit) standard for link encryption. PPTP data tunnelling is accomplished through multiple levels of encapsulation. PPTP encapsulates PPP frames as tunnelled data for transmission over an IP network, such as the Internet or a private intranet, using a modified version of GRE (Generic Routing Encapsulation). GRE provides a flow and congestion controlled encapsulated service for carrying PPP packets. The data in the encapsulated PPP frames can be encrypted (and/or compressed). The resulting GREand-PPP-encapsulated data is then encapsulated with an IP header containing the appropriate source and destination IP addresses for the PPTP client and PPTP server. Upon receipt of the PPTP tunnelled data, the PPTP server processes and removes the IP, GRE and PPP headers, then decrypts (and/or decompresses) the PPP data. 3.5 L2TP (Layer 2 Tunneling Protocol) L2TP is a combination of Microsoft PPTP and Cisco L2F (Layer 2 Forwarding). L2TP can be used as a tunnelling protocol to encapsulate PPP (Point-to-Point Protocol) frames to be sent over IP, www.ijera.com www.ijera.com X.25, Frame Relay or ATM networks. Multiple connections are allowed through one tunnel. Like PPTP and L2F, L2TP operates on OSI layer two. Layer two VPN protocols encapsulate data in PPP frames and are capable of transmitting non-IP protocols over an IP network. L2TP is documented in RFC 3931 as standards track. L2TP connections use the same authentication mechanisms as PPP connections, such as EAP, CHAP, MS-CHAP, PAP and SPAP. L2TP tunnelling is accomplished through multiple levels of encapsulation. The PPP data is encapsulated within a PPP header and an L2TP header. The L2TP encapsulated packet is further wrapped in a UDP header with the source and destination ports set to 1701. The final packet is encapsulated with an IP header containing the source and destination IP addresses of the VPN client and VPN server. Due to the lack of confidentiality provided by L2TP, it is often used in conjunction with IPsec and referred to as L2TP/IPsec. When L2TP is running over IPsec, security services are provided by IPsec, AH and ESP. All L2TP controls and data appear as homogeneous IP data packets to the IPsec system. SSL / TLS SSL / TLS is a transport-layer protocol that use TCP port 443. SSL protocol is defined by the IETF and there are no versions of SSL beyond version 3.1. TLS 1.0 and TLS 1.1 are two standardised versions of TLS, and TLS 1.0 is the same as SSL 3.1. There are a number of cryptographic features provided by SSL / TLS and these include confidentiality, integrity, and digital signatures. Unlike IPsec, in which the two communicating parties agree to cryptographic functions, SSL / TLS uses cipher suites to define the set of cryptographic functions for a client and server to use when communicating. An SSL VPN gateway can authenticate itself to the Web user using a SSL server certificate signed by a trusted CA (Certification Authority), in order that the user can verify that he / she is talking to a trusted server via their browser. In practice, some SSL VPNs may use a self-signed digital certificate that is not normally trusted in most web browsers. In this case, the user might need to add the SSL VPN's server certificate to the user's own list of trusted certificates, or accept 'yes' to trust the certificate. 541 | P a g e
  • 4. Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 IV. Risks and limitations of VPN 4.1 Hacking attacks A client machine may become a target of attack, or a staging point for an attack, from within the connecting network. An intruder could exploit bugs or mis-configuration in a client machine, or use other types of hacking tools to launch an attack. These can include VPN hijacking or man-in-themiddle attacks: 1. VPN hijacking is the unauthorised take-over of an established VPN connection from a remote client, and impersonating that client on the connecting network. 2. Man-in-the-middle attacks affect traffic being sent between communicating parties, and can include interception, insertion, deletion, and modification of messages, reflecting messages back at the sender, replaying old messages and redirecting messages. 4.2 User authentication By default VPN does not provide / enforce strong user authentication. A VPN connection should only be established by an authenticated user. If the authentication is not strong enough to restrict unauthorised access, an unauthorised party could access the connected network and its resources. Most VPN implementations provide limited authentication methods. For example, PAP, used in PPTP, transports both user name and password in clear text. A third party could capture this information and use it to gain subsequent access to the network. 4.3 Client side risks The VPN client machines of, say, home users may be connected to the Internet via a standard broadband connection while at the same time holding a VPN connection to a private network, using split tunnelling. This may pose a risk to the private network being connected to. A client machine may also be shared with other parties who are not fully aware of the security implications. In addition, a laptop used by a mobile user may be connected to the Internet, a wireless LAN at a hotel, airport or on other foreign networks. However, the security protection in most of these public connection points is inadequate for VPN access. If the VPN client machine is compromised, either before or during the connection, this poses a risk to the connecting network. 4.4 Virus / Malware infections A connecting network can be compromised if the client side is infected with a virus. If a virus or spyware infects a client machine, there is chance that the password for the VPN connection might be leaked to an attacker. In the case of an intranet or extranet VPN connection, if one network is infected by a virus or worm, that virus / worm can be spread www.ijera.com www.ijera.com quickly to other networks if anti-virus protection systems are ineffective. 4.5 Incorrect network access rights Some client and/or connecting networks may have been granted more access rights than is actually needed. 4.6 Interoperability Interoperability is also a concern. For example, IPsec compliant software from two different vendors may not always be able to work together. V. Security considerations The following is general security advice for VPN deployment: 1. VPN connections can be strengthened by the use of firewalls. 2. An IDS / IPS (Intrusion Detection / Prevention System) is recommended in order to monitor attacks more effectively. 3. Anti-virus software should be installed on remote clients and network servers to prevent the spread of any virus / worm if either end is infected. 4. Unsecured or unmanaged systems with simple or no authentication should not be allowed to make VPN connections to the internal network. 5. Logging and auditing functions should be provided to record network connections, especially any unauthorised attempts at access. The log should be reviewed regularly. 6. Training should be given to network/security administrators and supporting staff, as well as to remote users, to ensure that they follow security best practices and policies during the implementation and ongoing use of the VPN. 7. Security policies and guidelines on the appropriate use of VPN and network support should be distributed to responsible parties to control and govern their use of the VPN. 8. Placing the VPN entry point in a Demilitarised Zone (DMZ) is recommended in order to protect the internal network. 9. It is advisable not to use split tunnelling to access the Internet or any other insecure network simultaneously during a VPN connection. If split tunnelling is used, a firewall and IDS should be used to detect and prevent any potential attack coming from insecure networks. 10. Unnecessary access to internal networks should be restricted and controlled VI . Extranet VPN security considerations The following are additional security considerations for extranet VPN deployment: 1. Strong user authentication mechanisms should be enforced. 542 | P a g e
  • 5. Sridevi et al Int. Journal of Engineering Research and Application ISSN : 2248-9622, Vol. 3, Issue 6, Nov-Dec 2013, pp.539-543 2. The VPN entry point should be placed inside a DMZ to prevent partners from accessing the internal network. 3. Access rights should be granted on an as-needed basis. Only necessary resources should be available to external partners. Owners of these resources should review access permissions regularly. 6.1 Client side VPN security considerations The following are general security considerations for VPN users: 1. Strong authentication is required when users are connecting dynamically from disparate, untrusted networks, for example: a) By means of certificates and/or smart cards, or tokens: A smart card is used to store a user profile, encryption keys and algorithms. A PIN number is usually required to invoke the smart card. A token card provides a one-time password. When the user authenticates correctly on the token by entering the correct PIN number, the card will display a one-time passcode that will allow access to the network. b) By means of add-on authentication system, like TACACS+, RADIUS. This kind of central authentication system contains a profile of all VPN users, controlling the access to the private network. 2. Personal firewalls should be installed and configured properly on client VPN machines to block unauthorised access to the client, ensuring it is safe from attack. Many of the more recent remote access VPN clients include personal firewalls. Some may also include other configuration checks, such as the client not being able to connect to the network if anti-virus software is not running, or if virus signatures are out of date. 3. The client machine should have anti-virus software installed, with up-to-date signatures, to detect and prevent virus infections. 4. The user should remain aware of the physical security of the machine, in particular when authentication information is stored on the machine. 5. All users should be educated on good Internet security practices. Access from home should be considered an insecure channel, as traffic is routed over the Internet. www.ijera.com 4.Strong default security for all administration / maintenance ports. 5. Digital certificate support, such as using certificates for site to site authentication. 6. Address management support, such as the capability to assign a client address on the private network and ensuring all addresses are kept private. VII. CONCLUSION VPN provides a means of accessing a secure, private, internal network over insecure public networks such as the Internet. A number of VPN technologies have been outlined, among which IPsec and SSL VPN are the most common. Although a secure communication channel can be opened and tunneled through an insecure network via VPN, client side security should not be overlooked. References [1] [2] [3] [4] [5] L. Fazal, S. Ganu, M. Kappes, A.S.Krishnakumar, P. Krishnah (2004). “Tackling Security Vulnerabilities in VPNbased Wireless Deployments”, 2004 IEEE International Conference on Volume 1, Page(s):100 - 104 Vol.1 W. Qu, S. Srinivas (2002). “IPSec-based secure wireless virtual private network”, MILCOM 2002 on Volume 2, Page(s):1107 - 1112 vol.2 K. Guo, S. Mukherjee, S. Paul, S. Rangarajan (2004). “Optimal customer provisioning in network-based mobile VPNs Mobile and Ubiquitous Systems”, MOBIQUITOUS 2004, Page(s):95 – 104 Ruixi Yuan and W. Timothy Strayer 2003. Virtual Private Networks: Technologies and Solutions. Beijing. China Electric Power Press. 32,55-58. Sirrix AG security technologies. Sirrix. TrustedVPN data sheet, February 2010 6.3 Common security features in VPN products The following are security features to look for when choosing a VPN product: 1. Support for strong authentication, e.g. TACACS+, RADIUS, smart cards / tokens. 2. Industry-proven strong encryption algorithms, with long key strength support to protect data confidentiality during transmission. 3. Support for anti-virus software, and intrusion detection / prevention features. www.ijera.com 543 | P a g e