Post on 31-Dec-2015
Security Infrastructure Security Infrastructure Overview - VPNOverview - VPN
Suresh RamasamySuresh Ramasamy
AgendaAgenda
• What is VPN? What is VPN?
• Types of VPNTypes of VPN
• SSL vs IPsecSSL vs IPsec
• Design ConsiderationsDesign Considerations
• Questions? Questions?
What is VPN? What is VPN?
• Virtual Private Network allows security Virtual Private Network allows security connectivity, either one to one, or one connectivity, either one to one, or one to many.to many.
Your NetworkYour Network
Why do you need VPN?Why do you need VPN?
• Secure access to your officeSecure access to your office
• Secure tunnelling through public Secure tunnelling through public network from one site to anothernetwork from one site to another
• Encrypted Encrypted
• To reach networks with private IP To reach networks with private IP allocation (RFC1918)allocation (RFC1918)
Types of VPNTypes of VPN
• Remote Access VPNRemote Access VPN
• Site to Site VPNSite to Site VPN
VPN – the big pictureVPN – the big picture
Remote Access VPNRemote Access VPN
Site to Site VPNSite to Site VPN
SSL Based VPNSSL Based VPN
SSL vs IPsecSSL vs IPsec
• SSL requires browser with 128bit SSL requires browser with 128bit encryption supportencryption support
• IPsec requires client (Windows some IPsec requires client (Windows some exceptions)exceptions)
• Mode of authentication, supports Mode of authentication, supports digital certificate and password based digital certificate and password based authenticationauthentication
• Multi factor capable for IPSec (device Multi factor capable for IPSec (device dependent)dependent)
Design ConsiderationsDesign Considerations
• Placement of VPNPlacement of VPN– Inside or outside of firewall?Inside or outside of firewall?
• Type of AuthenticationType of Authentication– Password vs. Digital Certs?Password vs. Digital Certs?
• Factor of AuthenticationFactor of Authentication– Single Factor, Multi Factor, Token BasedSingle Factor, Multi Factor, Token Based– One time passwords? (RSA SecurID)One time passwords? (RSA SecurID)
ResourcesResources
• http://mia.ece.uic.edu/~papers/volans/thttp://mia.ece.uic.edu/~papers/volans/table.htmlable.html
Suggestions? Suggestions?