Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 10_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 03_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 10_ocred.pdf
- VPN Concentrators PDF
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 06_ocred_fax_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 12_ocred_fax_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Controls -— Technical Controls VPN Security...
Certified Cybersecurity Technician Exam 212-82 Network Security Controls -— Technical Controls VPN Security EC-Council. Copyright © by EC-Councll. AlAll Rights Rights Reserved. Reproductionis Strictly Prohibited. Prohibited VPN Security This sub-section discusses various VPN security measures. Module 07 Page 954 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls QO Firewalls establish a protection barrier between the VPN and the Internet ° QO Before implementing a VPN, ensure that a good firewall is in place O Firewalls should be configured to restrict open ports, the types of packets and protocols that traffic is allowed to pass through to the VPN Corporate Network Wireless terminals Branch Server Firewalls Firewalls establish a protection barrier between the VPN and the Internet. Before implementing a VPN, ensure that a good firewall is installed. A firewall can allow or deny the flow of data through the network. Firewalls should be configured to restrict open ports as well as the types of packets and protocols that are allowed to pass through to the VPN. They are also used to terminate VPN sessions. Firewalls generally help in protecting the network from attackers. Firewalls can be used in the following two ways with a VPN. = The VPN server is connected to the Internet, and the firewall is located between the VPN server and intranet. o Here, packet filters are added to allow only VPN traffic to and from the IP address of the VPN server. = A firewall is attached to the Internet, and the VPN server is located between the firewall and intranet. o Here, the firewall has input and output filters on the Internet interface to maintain traffic and the passage of traffic to the VPN server. Module 07 Page 955 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls IPSEC TUNNEL IPSEC TUNNEL oror WAN WAN Gorrrrnnnnnnnnnns. ey - Firewall. ' v -,.... o S Corporate Netw — : A Corporate Network ork -. [ 10 — ) | LAN PCs LAN PCs www.sports.com www.sports.com Wireless terminals Branch Server Branch Server Figure 7.119: Depiction of firewall in VPN security Module 07 Page 956 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls IPsec Server QO The IPsec server enhances VPN security through the use of strong encryption algorithms and authentication Tunnel mode Both header and Payload payload of each packet is encrypted contains NO encryption Transport mode modes Only payload of each packet is encrypted Copyright © by by EC& L. All Rights Reserved. Reproduction Reproductionis Strictly Prohibited Prohibited. IPsec Server An IPsec server has the following two types of encryption modes. = Transport Mode This is the default mode for an IPsec server. These are generally used for end-to-end communication between a server and a client. In the transport mode, IPsec encrypts the IP payload through an authentication header (AH) or encapsulating security payload (ESP) header. The IP payloads can be TCP segments (containing a TCP header and TCP segment data), UDP messages (containing a UDP header and message data), or ICMP messages (containing an ICMP header and ICMP message data). AH does not generally encrypt the data and only provides authentication, integrity, and anti-replay protection. From an AH, it is possible to read the data, but it denies any kind of change to the data. AH assesses the integrity check value (ICV) over the source and destination address; therefore, it cannot be utilized to traverse NATs. ESP traverses NATs as it does not utilize the outermost address value for ICV calculation. When AH and ESP are used together, then the ESP will be applied first, followed by AH, which authenticates the entire new packet. o AH in transport mode: The AH can be used individually or along with ESP. The AH header protects the entire packet. In the transport mode, a new IP header is not created before the data packet; rather, a copy of the original IP header is placed with minor changes in the protocol ID. Hence, it fails to provide complete protection to all the fields in the IP header. AH is recognized in the new IP header with an IP protocol ID of 51. Module 07 Page 957 EG-Council Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Original IP Packet. v. B Signed by Authentication Header Figure 7.120: AH in Transport Mode o ESPin transport mode: The original IP header is moved to the front position. Placing the sender’s IP header at the front position by making minor changes to the protocol ID will prove that the transport mode will not protect or encrypt the original IP header, and the ESP will be recognized in the new IP header with an IP protocol ID of 50. Original IP Packet Encrypted with ESP Header Signed by ESP Auth Trailer Figure 7.121: ESP in Transport Mode * Tunnel Mode Tunnel In the tunnel mode, IPsec encrypts both the IP payload and the header to protect an entire IP packet by encapsulating it with an AH or ESP header and an additional IP header. This mode is useful for protecting traffic between different networks and is primarily used for interoperability with gateways. The tunnel mode of IPsec is generally implemented in configurations such as gateway- to-gateway, server-to-gateway, and server-to-server configurations. The IPsec tunnel mode is useful in protecting traffic while it is passing through untrusted networks. o AH in tunnel mode: The AH header can be used individually or along with ESP. It defends the entire packet. However, AH does not safeguard all the fields of the new IP header in case of some change in transit. Nevertheless, it safeguards everything that does not change in transit. AH is recognized in the new IP header with an IP protocol ID of 51. Module 07 Page 958 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Original IP Packet TCP/ - v ' Signed by Authentication Header ' Figure 7.122: AH in Tunnel Mode o ESP in tunnel mode: ESP is recognized in the new IP header with an IP protocol ID of 50. l------ Original IP Packet Encrypted with ESP Header Signed by ESP Auth Trailer Figure 7.123: ESP in Tunnel Mode Module 07 Page 959 Certified Cybersecurity Technician Copyright © by EC-Council
