Post on 15-Apr-2017
Virtual Private Networksand how secure they are..
Agenda
• VPN and types of VPN• Types of encryption• SSL and Public Key Infrastructure• Diffie-Hellman Key Exchange• IPsec VPN and phases of IPsec
What is VPN?
• A VPN or Virtual Private Network is a method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet.
Types of VPN
• Site-to-site VPN– Intranet VPN– Extranet VPN
• Remote VPN
Site-to-Site VPN
Remote VPN
Encryption• In cryptography, encryption is the process of
encoding messages or information in such a way that only authorized parties can read it.
Types of Encryption
Symmetric Encryption
Asymmetric Encryption
Asymmetric Encryption Contd.
Public Key Infrastructure
SSL – Secure Socket Layer
• SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).
SSL - Secure Socket Layer
SSL Bar – Green and Red
SSL bar and certificates cont..
What is SSL again?
SSL/HTTPS Proxy
IPsec – Internet Protocol Security
• IPsec is a protocol suite for secure IP communications that works by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
IPsec Encapsulation
Diffie-Hellman Key Exchange
• Diffie–Hellman key exchange is a specific method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols named after Whitfield Diffie and Martin Hellman.
Cryptographic Explanation
• Here is an example of the protocol, with non-secret values in blue, and secret values in red.
1. Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23).
2. Alice chooses a secret integer a = 6, then sends Bob A = ga mod p1. A = 56 mod 23 = 8
3. Bob chooses a secret integer b = 15, then sends Alice B = gb mod p1. B = 515 mod 23 = 19
4. Alice computes s = Ba mod p1. s = 196 mod 23 = 2
5. Bob computes s = Ab mod p1. s = 815 mod 23 = 2
6. Alice and Bob now share a secret (the number 2).• Both Alice and Bob have arrived at the same value s, because, under mod p,
IPsec Phase-1 Messages – Main Mode
IPsec Phase-1 Messages – Aggressive Mode
IPsec Phase-2 Messages – Quick Mode
Integrity checking using hashes
Nat Traversal
Packet without IPsec encryption
IPsec Main Mode Negotiation
IPsec Aggressive Mode Negotiation
Questions?
Thank you..!!
Uday Bhatia
udaybhatia92@gmail.com https://in.linkedin.com/in/
udaybhatia92