SlideShare a Scribd company logo

Securing Back Office Business Processes with OpenVPN

A Green
A Green

Talk given for BDPA-Detroit :: Securing Back-Office Processes with OpenVPN (General VPN discussion with some OpenVPN specifics)

1 of 16
Download to read offline
Securing Back-Office Business Processes with OpenVPN Alfred Green – Principal http://bkaeg.org/blog
About Me http://bkaeg.org/blog https://identi.ca/sunzofman1 http://linkedin.com/in/bkaeg https://twitter.com/sunzofman1 Alfred Green - Principal
A Bit More ● 15yrs experience with Free and Open Source Software (FOSS) ● Using Slackware Linux Distro for Primary Desktop Since '96 ● Easily Integrates Free Software with MSFT solutions ● Staunch Supporter of Autodidacticism ● Fascinated with Computer Networking and Data Encryption Alfred Green - Principal
He's Back..
What is a Virtual Private Network (VPN)? A Virtual Private Network is a means to securely share data across public Internet by hiding data traffic in a tunnel Example VPN Protocols: IPSEC, PPTP, L2TP, and SSL Commercial and Open Products: Cisco,Hamachi, HotSpotVPN, OpenVPN, FreeS/WAN and OpenS/WAN Alfred Green - Principal
Basic VPN Example Alfred Green - Principal
Where has Virtual Private Networking traditionally been used? Businesses which seek to support telecommuters Encapsulating data packets of well understood protocols (ie, SIP, SSL, HTTP(S), CIFS) Alfred Green - Principal
Virtual Private Networking is Not.. Microsoft Remote Desktop Protocol (RDP) over TCP 3389 Virtual Network Computing (VNC) While SSH is powerful, not very elegant for scalable VPN Alfred Green - Principal
Basic Architecture ● Network Address Translation (NAT) ● Firewall ● Packet Encryption Alfred Green - Principal
Factoid ● Roughly 75% of SMB owners run some variant of MSFT Small Business Server Edition, Out of the Box They are Equipped to Run the MSFT VPN (PPTP) Alfred Green - Principal
All VPN Solutions are not Created Equal.. The ubiquitous Microsoft PPTP is perhaps the worst possible VPN solution ● MS-CHAPv1 and MS-CHAPv2 both have vulnerabilities which make PPTP poor VPN ● Security Expert Bruce Schneier's Paper ● Cryptanalysis of Microsoft's PPTP Authentication Extensions ● PPTP was written initially to support the very old PPP protocol for dial-up connections Alfred Green - Principal
The Case for OpenVPN? ● Software Libre (Free as in Free Speech) ● Private Key Infrastructure (PKI) ● OpenSSL/TLS ● Supports Multiple Encryption Algorithms ● UDP instead of TCP ● Pseudo Two-Factor Authentication ● Several Available Software Clients (Linux, Windows, OSX, and BSD) Alfred Green - Principal
Private Key Infrastructure (PKI) ● Strength of OpenVPN ● Control Large Group of Clients ● No Central Signing Authority Required ● Error Logs are Your Friend Alfred Green - Principal
Pseudo Two-Factor Authentication ● Known Passphrase of Private Key Cipher ● OpenSSL Cryptographic Certificates Alfred Green - Principal
Additional Reading http://bkaeg.org/blog/archives/2010/05/foray-into-open.html http://www.securiteam.com/exploits/5PP0K2A9QS.html http://www.schneier.com/paper-pptpv2.html http://www.schneier.com/blog/archives/20125/08/breaking_micros.html Alfred Green - Principal
Glossary of Acronyms CIFS – Common Internet File System IPSEC – Internet Protocol Security L2TP – Layer 2 Tunneling Protocol PPTP – Point-to-Point Tunneling Protocol SSH – Secure Shell Alfred Green - Principal

Recommended

FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverTomaz Muraus
 
OpenVPN
OpenVPNOpenVPN
OpenVPNEmil CHERICHEȘ
 
Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
Naim lighting
Naim lightingNaim lighting
Naim lightingNaim Shafiev
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 eraHTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 erapeychevi
 
Squid server
Squid serverSquid server
Squid serverRohit Phulsunge
 

Recommended

FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverTomaz Muraus
 
OpenVPN
OpenVPNOpenVPN
OpenVPNEmil CHERICHEȘ
 
Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
Naim lighting
Naim lightingNaim lighting
Naim lightingNaim Shafiev
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 eraHTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 erapeychevi
 
Squid server
Squid serverSquid server
Squid serverRohit Phulsunge
 
Automating linux network performance testing
Automating linux network performance testingAutomating linux network performance testing
Automating linux network performance testingAntonio Ojea Garcia
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science HungWei Chiu
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerMuhammad Moinur Rahman
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Nutan Kumar Panda
 
Google QUIC
Google QUICGoogle QUIC
Google QUICFelipe Rayel
 
Control Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsControl Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsHungWei Chiu
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not LinuxMuhammad Moinur Rahman
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28Jxck Jxck
 
Building Python Development Station
Building Python Development StationBuilding Python Development Station
Building Python Development StationBasim Aly (JNCIP-SP, JNCIP-ENT)
 
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesIETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesMark Smith
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel DevelopmentLinuxCon ContainerCon CloudOpen China
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstackOpenStack Korea Community
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesOVHcloud
 
Introduction to QUIC
Introduction to QUICIntroduction to QUIC
Introduction to QUICShuya Osaki
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみたYutaka Ishizaki
 
HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装inaz2
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Chapter 8 security tools ii
Chapter 8 security tools iiChapter 8 security tools ii
Chapter 8 security tools iiSyaiful Ahdan
 

More Related Content

What's hot

Automating linux network performance testing
Automating linux network performance testingAutomating linux network performance testing
Automating linux network performance testingAntonio Ojea Garcia
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science HungWei Chiu
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Nutan Kumar Panda
 
Control Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsControl Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsHungWei Chiu
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28Jxck Jxck
 
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesIETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesMark Smith
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstackOpenStack Korea Community
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesOVHcloud
 
Introduction to QUIC
Introduction to QUICIntroduction to QUIC
Introduction to QUICShuya Osaki
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみたYutaka Ishizaki
 
HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装inaz2
 

What's hot (20)

Automating linux network performance testing
Automating linux network performance testingAutomating linux network performance testing
Automating linux network performance testing
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
 
Google QUIC
Google QUICGoogle QUIC
Google QUIC
 
Control Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsControl Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring Us
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
 
Building Python Development Station
Building Python Development StationBuilding Python Development Station
Building Python Development Station
 
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesIETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory auth
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
 
Introduction to QUIC
Introduction to QUICIntroduction to QUIC
Introduction to QUIC
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみた
 
HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装
 

Similar to Securing Back Office Business Processes with OpenVPN

Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Chapter 8 security tools ii
Chapter 8 security tools iiChapter 8 security tools ii
Chapter 8 security tools iiSyaiful Ahdan
 
Stay Anonymous and Protected.pdf
Stay Anonymous and Protected.pdfStay Anonymous and Protected.pdf
Stay Anonymous and Protected.pdfTEWMAGAZINE
 
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_OfferingsDSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_OfferingsAndris Soroka
 
6 Types of VPN Protocols You Should Know
6 Types of VPN Protocols You Should Know6 Types of VPN Protocols You Should Know
6 Types of VPN Protocols You Should KnowSPL VPN
 
VPN presentation
VPN presentationVPN presentation
VPN presentationRiazehri
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdfssusera1b6c7
 
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...Hillel Kobrovski
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...ContainerDay Security 2023
 
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...Paulo Henrique
 
Checkpoint Portfolio.pptx
Checkpoint Portfolio.pptxCheckpoint Portfolio.pptx
Checkpoint Portfolio.pptxMarioCruz664886
 
Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Netgate
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYWhy Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYEnterprise Management Associates
 
Peer-to-peer Internet telephony
Peer-to-peer Internet telephonyPeer-to-peer Internet telephony
Peer-to-peer Internet telephonyKundan Singh
 
Seven Grades of Perfect Forward Secrecy
Seven Grades of Perfect Forward SecrecySeven Grades of Perfect Forward Secrecy
Seven Grades of Perfect Forward SecrecyOleg Gryb
 
encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)Alastair Irvine
 

Similar to Securing Back Office Business Processes with OpenVPN (20)

Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
Chapter 8 security tools ii
Chapter 8 security tools iiChapter 8 security tools ii
Chapter 8 security tools ii
 
Stay Anonymous and Protected.pdf
Stay Anonymous and Protected.pdfStay Anonymous and Protected.pdf
Stay Anonymous and Protected.pdf
 
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_OfferingsDSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
 
6 Types of VPN Protocols You Should Know
6 Types of VPN Protocols You Should Know6 Types of VPN Protocols You Should Know
6 Types of VPN Protocols You Should Know
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdf
 
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
 
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
Enhancing Network and Runtime Security with Cilium and Tetragon by Raymond De...
 
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
 
Digital self defense
Digital self defenseDigital self defense
Digital self defense
 
Matrix
MatrixMatrix
Matrix
 
Checkpoint Portfolio.pptx
Checkpoint Portfolio.pptxCheckpoint Portfolio.pptx
Checkpoint Portfolio.pptx
 
Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015Remote Access VPNs - pfSense Hangout September 2015
Remote Access VPNs - pfSense Hangout September 2015
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIYWhy Pay for Open Source Linux? Avoid the Hidden Cost of DIY
Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY
 
Peer-to-peer Internet telephony
Peer-to-peer Internet telephonyPeer-to-peer Internet telephony
Peer-to-peer Internet telephony
 
Seven Grades of Perfect Forward Secrecy
Seven Grades of Perfect Forward SecrecySeven Grades of Perfect Forward Secrecy
Seven Grades of Perfect Forward Secrecy
 
Automated deployment
Automated deploymentAutomated deployment
Automated deployment
 
encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)
 

Securing Back Office Business Processes with OpenVPN

  • 1. Securing Back-Office Business Processes with OpenVPN Alfred Green – Principal http://bkaeg.org/blog
  • 2. About Me http://bkaeg.org/blog https://identi.ca/sunzofman1 http://linkedin.com/in/bkaeg https://twitter.com/sunzofman1 Alfred Green - Principal
  • 3. A Bit More ● 15yrs experience with Free and Open Source Software (FOSS) ● Using Slackware Linux Distro for Primary Desktop Since '96 ● Easily Integrates Free Software with MSFT solutions ● Staunch Supporter of Autodidacticism ● Fascinated with Computer Networking and Data Encryption Alfred Green - Principal
  • 5. What is a Virtual Private Network (VPN)? A Virtual Private Network is a means to securely share data across public Internet by hiding data traffic in a tunnel Example VPN Protocols: IPSEC, PPTP, L2TP, and SSL Commercial and Open Products: Cisco,Hamachi, HotSpotVPN, OpenVPN, FreeS/WAN and OpenS/WAN Alfred Green - Principal
  • 6. Basic VPN Example Alfred Green - Principal
  • 7. Where has Virtual Private Networking traditionally been used? Businesses which seek to support telecommuters Encapsulating data packets of well understood protocols (ie, SIP, SSL, HTTP(S), CIFS) Alfred Green - Principal
  • 8. Virtual Private Networking is Not.. Microsoft Remote Desktop Protocol (RDP) over TCP 3389 Virtual Network Computing (VNC) While SSH is powerful, not very elegant for scalable VPN Alfred Green - Principal
  • 9. Basic Architecture ● Network Address Translation (NAT) ● Firewall ● Packet Encryption Alfred Green - Principal
  • 10. Factoid ● Roughly 75% of SMB owners run some variant of MSFT Small Business Server Edition, Out of the Box They are Equipped to Run the MSFT VPN (PPTP) Alfred Green - Principal
  • 11. All VPN Solutions are not Created Equal.. The ubiquitous Microsoft PPTP is perhaps the worst possible VPN solution ● MS-CHAPv1 and MS-CHAPv2 both have vulnerabilities which make PPTP poor VPN ● Security Expert Bruce Schneier's Paper ● Cryptanalysis of Microsoft's PPTP Authentication Extensions ● PPTP was written initially to support the very old PPP protocol for dial-up connections Alfred Green - Principal
  • 12. The Case for OpenVPN? ● Software Libre (Free as in Free Speech) ● Private Key Infrastructure (PKI) ● OpenSSL/TLS ● Supports Multiple Encryption Algorithms ● UDP instead of TCP ● Pseudo Two-Factor Authentication ● Several Available Software Clients (Linux, Windows, OSX, and BSD) Alfred Green - Principal
  • 13. Private Key Infrastructure (PKI) ● Strength of OpenVPN ● Control Large Group of Clients ● No Central Signing Authority Required ● Error Logs are Your Friend Alfred Green - Principal
  • 14. Pseudo Two-Factor Authentication ● Known Passphrase of Private Key Cipher ● OpenSSL Cryptographic Certificates Alfred Green - Principal
  • 16. Glossary of Acronyms CIFS – Common Internet File System IPSEC – Internet Protocol Security L2TP – Layer 2 Tunneling Protocol PPTP – Point-to-Point Tunneling Protocol SSH – Secure Shell Alfred Green - Principal