SlideShare a Scribd company logo

IP security and VPN presentation

K
KishoreTs3

IPsec and VPNs provide secure communication over insecure public networks like the Internet. IPsec uses cryptography to authenticate and encrypt IP packets. It supports two security services: Authentication Header (AH) for authenticating senders and detecting data changes, and Encapsulating Security Payload (ESP) for authentication, encryption, and encrypting packet payloads. IPsec can operate in two modes - Tunnel Mode encapsulates the entire IP packet for site-to-site VPNs, while Transport Mode only encapsulates the payload for client-to-site VPNs. Virtual Private Networks (VPNs) use IPsec to securely transmit data between private networks over public networks. Common VPN protocols are PPTP, L2TP/IP

Presentations & Public Speaking
1 of 24
Download to read offline
IPsec and Vpn PRODUCED BY: TAPPAL SHETTY KISHORE
What is IPsec •Internet protocol security (IPsec) is a set of protocols that provides security for Internet Protocol. •It can use cryptography to provide security. •IPsec can be used for the setting up of virtual private networks (VPNs) in a secure manner
IPsec Architecture
IPsec security services IPsec involves two security services. They are as follows •Authentication Header (AH): This authenticates the sender and it discovers any changes in data during transmission. •It uses MD5 and SHA •Encapsulating Security Payload (ESP): This not only performs authentication for the sender but also encrypts the data being sent •It used DES, 3DES and AES
IPsec Authentication header
IPsec modes There are two modes of IPsec. They are as follows •Tunnel Mode: This will take the whole IP packet to form secure communication between two places, or gateways. •Transport Mode: This only encapsulates the IP payload (not the entire IP packet as in tunnel mode) to ensure a secure channel of communication.
IPsec ESP
IPsec Tunnel mode • Tunnel mode protects the internal routing information by encrypting the IP header of the original packet. • The original packet is encapsulated by a another set of IP headers. •It is widely implemented in site-to-site VPN scenarios. •NAT traversal is supported with the tunnel mode. •Additional headers are added to the packet; so the payload MSS is less.
IPsec Transport mode •The Transport mode encrypts only the payload and ESP trailer, so the IP header of the original packet is not encrypted. •The IPsec Transport mode is implemented for client-to-site VPN scenarios. •NAT traversal is not supported with the transport mode. •MSS is higher, when compared to Tunnel mode, as no additional headers are required. •The transport mode is usually used when another tunneling protocol (such as GRE, L2TP) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets.
VPN
What is VPN •A Virtual Private Network is a connection method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. •Virtual Private Networks are most often used by corporations to protect sensitive data. •Subscribers can obtain an IP address from any gateway city the VPN service provides. For instance, you may live in San Francisco, but with a Virtual Private Network, you can appear to live in Amsterdam, New York, or any number of gateway cities.
Why do I need a VPN? Hide your IP address: Connecting to a Virtual Private Network often conceals your real IP address. Change your IP address: Using a VPN will almost certainly result in getting a different IP address. Encrypt data transfers: A Virtual Private Network will protect the data you transfer over public WiFi. Mask your location: With a Virtual Private Network, users can choose the country of origin for their Internet connection. Access blocked websites: Get around website blocked by governments with a VPN
VPN diagrammatic representation
Setting Up a VPN •Setting up a Virtual Private Network is a straightforward process. •It's often as simple as entering a username and sever address. •The dominant smartphones can configure Virtual Private Networks using PPTP and L2TP/IPsec protocols. •All major operating systems can configure PPTP VPN connections. OpenVPN and L2TP/IPsec protocols require a small open source application (OpenVPN) and certificate download respectively.
VPN Protocols PPTP: PPTP has been around since the days of Windows 95. The main selling point of PPTP is that it can be simply setup on every major OS. In short, PPTP tunnels a point-to-point connection over the GRE protocol. Unfortunately, the security of the PPTP protocol has been called into question in recent years. It is still strong, but not the most secure. L2TP/IPsec: L2TP over IPsec is more secure than PPTP and offers more features. L2TP/IPsec is a way of implementing two protocols together in order to gain the best features of each. For example, the L2TP protocol is used to create a tunnel and IPsec provides a secure channel. These measures make for an impressively secure package. Open VPN: OpenVPN is an SSL-based Virtual Private Network that continues to gain popularity. The software used is open source and freely available. SSL is a mature encryption protocol, and OpenVPN can run on a single UDP or TCP port, making it extremely flexible
IPsec VPN
IPsec VPN overview •A virtual private network (VPN) provides a means by which remote computers communicate securely across a public WAN such as the Internet. •A VPN connection can link two LANs (site-to-site VPN) or a remote dial-up user and a LAN. •The traffic that flows between these two points passes through shared resources such as routers, switches, and other network equipment that make up the public WAN. •To secure VPN communication while passing through the WAN, the two participants create an IP Security (IPsec) tunnel. •NOTE: The term tunnel does not denote tunnel mode. Instead, it refers to the IPsec connection
IPsec VPN overview •IPsec is a suite of related protocols for cryptographically securing communications at the IP Packet Layer. •IPsec also provides methods for the manual and automatic negotiation of security associations (SAs) and key distribution, all the attributes for which are gathered in a domain of interpretation (DOI). •The IPsec DOI is a document containing definitions for all the security parameters required for the successful negotiation of a VPN tunnel—essentially, all the attributes required for SA and IKE negotiations.
IPsec Key Management •The distribution and management of keys are critical to using VPNs successfully. •Junos OS supports IPsec technology for creating VPN tunnels with three kinds of key creation mechanisms: Manual key AutoKey IKE with a preshared key or a certificate Diffie-Hellman Exchange •You can choose your key creation mechanism—also called authentication method—during Phase 1 and Phase 2 proposal configuration. •Note: Junos OS is the single operating system that powers Juniper’s broad portfolio of physical and virtual networking and security products. Built with 20+ years of reliability, security, and flexibility at its core, it runs some of the world’s most sophisticated network deployments, giving operators a competitive advantage over other network operating systems.
IPsec Key Management •Manual Key: With manual keys, administrators at both ends of a tunnel configure all the security parameters. •AutoKey IKE: When you need to create and manage numerous tunnels, you need a method that does not require you to configure every element manually. IPsec supports the automated generation and negotiation of keys and security associations using the Internet Key Exchange (IKE) protocol. Junos OS refers to such automated tunnel negotiation as AutoKey IKE and supports AutoKey IKE with preshared keys and AutoKey IKE with certificates. •Diffie-Hellman Exchange: A Diffie-Hellman (DH) exchange allows participants to produce a shared secret value. The strength of the technique is that it allows participants to create the secret value over an unsecured medium without passing the secret value through the wire.
Diffie-Hellman Exchange
IPsec Tunnel Negotiation To establish an AutoKey IKE IPsec tunnel, two phases of negotiation are required: •In Phase 1, the participants establish a secure channel in which to negotiate the IPsec security associations (SAs). •In Phase 2, the participants negotiate the IPsec SAs for encrypting and authenticating the ensuing exchanges of user data
Thank You
Questions?

Recommended

Ike
IkeIke
Ike
shashi712
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
Encapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityEncapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network Security
Koushil Mankali
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) Protocol
Netwax Lab
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
ShortestPathFirst
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography
rinnocente
 

Recommended

Ike
IkeIke
Ike
shashi712
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
Encapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityEncapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network Security
Koushil Mankali
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) Protocol
Netwax Lab
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
ShortestPathFirst
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography
rinnocente
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
Jake K.
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
Samy Shehata
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
Sam Bowne
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block CiphersCNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
Gyanmanjari Institute Of Technology
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
Sahil Kureel
 
ESP.ppt
ESP.pptESP.ppt
ESP.ppt
ShineStar21
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
Srilal Buddika
 
Firewalls
FirewallsFirewalls
Firewalls
Shreya Singireddy
 
Unit 2
Unit 2Unit 2
Unit 2
KRAMANJANEYULU1
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques
Dr. Kapil Gupta
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
university of education,Lahore
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Sathish Kumar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Studio Fiorenzi Security & Forensics
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1
CAS
 
Three way handshake
Three way handshakeThree way handshake
Three way handshake
SKMohamedKasim
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
Dr. Ramchandra Mangrulkar
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
AliMohamed855266
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
solimankellymattwe60
 

More Related Content

What's hot

Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
Jake K.
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
Samy Shehata
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
Sam Bowne
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block CiphersCNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
Gyanmanjari Institute Of Technology
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
Sahil Kureel
 
ESP.ppt
ESP.pptESP.ppt
ESP.ppt
ShineStar21
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
Srilal Buddika
 
Firewalls
FirewallsFirewalls
Firewalls
Shreya Singireddy
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques
Dr. Kapil Gupta
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
university of education,Lahore
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Sathish Kumar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Studio Fiorenzi Security & Forensics
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1
CAS
 
Three way handshake
Three way handshakeThree way handshake
Three way handshake
SKMohamedKasim
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
Dr. Ramchandra Mangrulkar
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 

What's hot (20)

Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block CiphersCNS - Unit - 2 - Stream Ciphers and Block Ciphers
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
ESP.ppt
ESP.pptESP.ppt
ESP.ppt
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
 
Firewalls
FirewallsFirewalls
Firewalls
 
Unit 2
Unit 2Unit 2
Unit 2
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1
 
Three way handshake
Three way handshakeThree way handshake
Three way handshake
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATION
 

Similar to IP security and VPN presentation

Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
AliMohamed855266
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
solimankellymattwe60
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)
IAESIJEECS
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)
IAESIJEECS
 
The Security layer
The Security layerThe Security layer
The Security layer
Swetha S
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
sonangrai
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol SecurityDavid Barker
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
 
ENSA_Module_8.pptx
ENSA_Module_8.pptxENSA_Module_8.pptx
ENSA_Module_8.pptx
SkyBlue659156
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
Deepak296
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04
Ayano Midakso
 
IP Security
IP SecurityIP Security
IP Security
Dr.Florence Dayana
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
eyad alaa
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasures
AliAlwesabi
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 

Similar to IP security and VPN presentation (20)

Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
Ip sec
Ip secIp sec
Ip sec
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)
 
The Security layer
The Security layerThe Security layer
The Security layer
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol Security
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
ENSA_Module_8.pptx
ENSA_Module_8.pptxENSA_Module_8.pptx
ENSA_Module_8.pptx
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04
 
V P N
V P NV P N
V P N
 
IP Security
IP SecurityIP Security
IP Security
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasures
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
Orascom-tehnical study final
Orascom-tehnical study finalOrascom-tehnical study final
Orascom-tehnical study final
 

Recently uploaded

0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
OWASP Beja
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
Howard Spence
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
Access Innovations, Inc.
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
IP ServerOne
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
Faculty of Medicine And Health Sciences
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
Sebastiano Panichella
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Matjaž Lipuš
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Sebastiano Panichella
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Orkestra
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Sebastiano Panichella
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 

Recently uploaded (13)

0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 

IP security and VPN presentation

  • 1. IPsec and Vpn PRODUCED BY: TAPPAL SHETTY KISHORE
  • 2. What is IPsec •Internet protocol security (IPsec) is a set of protocols that provides security for Internet Protocol. •It can use cryptography to provide security. •IPsec can be used for the setting up of virtual private networks (VPNs) in a secure manner
  • 4. IPsec security services IPsec involves two security services. They are as follows •Authentication Header (AH): This authenticates the sender and it discovers any changes in data during transmission. •It uses MD5 and SHA •Encapsulating Security Payload (ESP): This not only performs authentication for the sender but also encrypts the data being sent •It used DES, 3DES and AES
  • 6. IPsec modes There are two modes of IPsec. They are as follows •Tunnel Mode: This will take the whole IP packet to form secure communication between two places, or gateways. •Transport Mode: This only encapsulates the IP payload (not the entire IP packet as in tunnel mode) to ensure a secure channel of communication.
  • 8. IPsec Tunnel mode • Tunnel mode protects the internal routing information by encrypting the IP header of the original packet. • The original packet is encapsulated by a another set of IP headers. •It is widely implemented in site-to-site VPN scenarios. •NAT traversal is supported with the tunnel mode. •Additional headers are added to the packet; so the payload MSS is less.
  • 9. IPsec Transport mode •The Transport mode encrypts only the payload and ESP trailer, so the IP header of the original packet is not encrypted. •The IPsec Transport mode is implemented for client-to-site VPN scenarios. •NAT traversal is not supported with the transport mode. •MSS is higher, when compared to Tunnel mode, as no additional headers are required. •The transport mode is usually used when another tunneling protocol (such as GRE, L2TP) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets.
  • 10. VPN
  • 11. What is VPN •A Virtual Private Network is a connection method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. •Virtual Private Networks are most often used by corporations to protect sensitive data. •Subscribers can obtain an IP address from any gateway city the VPN service provides. For instance, you may live in San Francisco, but with a Virtual Private Network, you can appear to live in Amsterdam, New York, or any number of gateway cities.
  • 12. Why do I need a VPN? Hide your IP address: Connecting to a Virtual Private Network often conceals your real IP address. Change your IP address: Using a VPN will almost certainly result in getting a different IP address. Encrypt data transfers: A Virtual Private Network will protect the data you transfer over public WiFi. Mask your location: With a Virtual Private Network, users can choose the country of origin for their Internet connection. Access blocked websites: Get around website blocked by governments with a VPN
  • 14. Setting Up a VPN •Setting up a Virtual Private Network is a straightforward process. •It's often as simple as entering a username and sever address. •The dominant smartphones can configure Virtual Private Networks using PPTP and L2TP/IPsec protocols. •All major operating systems can configure PPTP VPN connections. OpenVPN and L2TP/IPsec protocols require a small open source application (OpenVPN) and certificate download respectively.
  • 15. VPN Protocols PPTP: PPTP has been around since the days of Windows 95. The main selling point of PPTP is that it can be simply setup on every major OS. In short, PPTP tunnels a point-to-point connection over the GRE protocol. Unfortunately, the security of the PPTP protocol has been called into question in recent years. It is still strong, but not the most secure. L2TP/IPsec: L2TP over IPsec is more secure than PPTP and offers more features. L2TP/IPsec is a way of implementing two protocols together in order to gain the best features of each. For example, the L2TP protocol is used to create a tunnel and IPsec provides a secure channel. These measures make for an impressively secure package. Open VPN: OpenVPN is an SSL-based Virtual Private Network that continues to gain popularity. The software used is open source and freely available. SSL is a mature encryption protocol, and OpenVPN can run on a single UDP or TCP port, making it extremely flexible
  • 17. IPsec VPN overview •A virtual private network (VPN) provides a means by which remote computers communicate securely across a public WAN such as the Internet. •A VPN connection can link two LANs (site-to-site VPN) or a remote dial-up user and a LAN. •The traffic that flows between these two points passes through shared resources such as routers, switches, and other network equipment that make up the public WAN. •To secure VPN communication while passing through the WAN, the two participants create an IP Security (IPsec) tunnel. •NOTE: The term tunnel does not denote tunnel mode. Instead, it refers to the IPsec connection
  • 18. IPsec VPN overview •IPsec is a suite of related protocols for cryptographically securing communications at the IP Packet Layer. •IPsec also provides methods for the manual and automatic negotiation of security associations (SAs) and key distribution, all the attributes for which are gathered in a domain of interpretation (DOI). •The IPsec DOI is a document containing definitions for all the security parameters required for the successful negotiation of a VPN tunnel—essentially, all the attributes required for SA and IKE negotiations.
  • 19. IPsec Key Management •The distribution and management of keys are critical to using VPNs successfully. •Junos OS supports IPsec technology for creating VPN tunnels with three kinds of key creation mechanisms: Manual key AutoKey IKE with a preshared key or a certificate Diffie-Hellman Exchange •You can choose your key creation mechanism—also called authentication method—during Phase 1 and Phase 2 proposal configuration. •Note: Junos OS is the single operating system that powers Juniper’s broad portfolio of physical and virtual networking and security products. Built with 20+ years of reliability, security, and flexibility at its core, it runs some of the world’s most sophisticated network deployments, giving operators a competitive advantage over other network operating systems.
  • 20. IPsec Key Management •Manual Key: With manual keys, administrators at both ends of a tunnel configure all the security parameters. •AutoKey IKE: When you need to create and manage numerous tunnels, you need a method that does not require you to configure every element manually. IPsec supports the automated generation and negotiation of keys and security associations using the Internet Key Exchange (IKE) protocol. Junos OS refers to such automated tunnel negotiation as AutoKey IKE and supports AutoKey IKE with preshared keys and AutoKey IKE with certificates. •Diffie-Hellman Exchange: A Diffie-Hellman (DH) exchange allows participants to produce a shared secret value. The strength of the technique is that it allows participants to create the secret value over an unsecured medium without passing the secret value through the wire.
  • 22. IPsec Tunnel Negotiation To establish an AutoKey IKE IPsec tunnel, two phases of negotiation are required: •In Phase 1, the participants establish a secure channel in which to negotiate the IPsec security associations (SAs). •In Phase 2, the participants negotiate the IPsec SAs for encrypting and authenticating the ensuing exchanges of user data