Virtual private network. VPN clients and their configuration. VPN: what is it on the phone

Gennady Makhmetov

Many people have read or heard the name “virtual private networks” (VPN). But many either don’t know what “it” is, or they think that “it” is not for them, because “it” is very expensive. In fact, even a small company can create a simple virtual private network quite easily. In this case, security will be raised to a level unattainable by other means. The availability of high-quality, freely available products provides this opportunity. For firms that can spend money on security and for which security is important enough to spend money on it, there are now a large number of products on the market. In order to understand what installing a VPN can bring, it is advisable to have an idea of ​​what a VPN is.

Like any “smart” name, behind the name “virtual private networks” there is a very simple idea. Let's imagine an enterprise that has several geographically distant branches, warehouses, offices, and workshops. The vast majority of organizations now use computer networks for accounting and management. Sooner or later, they need to unite disparate branches into a single network. This is quite simple to do: you take telephone lines, install modems in each branch, and communication is organized as necessary. There is software that allows the connection to be made automatically as needed. Not all organizations, however, need such a connection - some need constant communication, some need more bandwidth. And this is not a problem - you lay a cable between branches and use them to transmit information (Fig. 1).

Own communication channels between departments of the organization provide the best effect - the highest throughput, constant connection. What's better? Unfortunately, not many companies can afford to communicate through their own channels, especially if the company’s divisions are geographically located far away (for example, the office is located in Moscow, and production facilities are scattered throughout Siberia). A cheaper alternative to dedicated channels is to connect all branches of the company via the Internet (Fig. 2). In this case, many problems are solved - branches can be located anywhere around the world; those offices that need dedicated channels can have them, the rest can have access to the Internet using telephone communication. The emergence of IP telephony, which makes it possible telephone conversations via the Internet, makes this solution even more attractive.

Everything would be fine, but connecting to the Internet also has its negative consequences. Firstly, you open your network to possible attacks from various hackers from all over the world - after all, the Internet is the World Wide Web. Secondly, on the Internet, all data is presented in open form, and with enough effort (not so much), your ill-wishers can be aware of your affairs. And thirdly, data can not only be intercepted, but also replaced during transmission through the network. A hacker can compromise the integrity of your databases by masquerading as one of your branches online. If all this poses a real threat to you, and you really need to transfer your data over the Internet, virtual private networks are for you.

A virtual private network is built using cryptographic protocols.

The use of cryptography allows you to achieve several goals, simultaneously or separately:

  1. Hide information transmitted over the network from prying eyes. This is the most well-known and understood use of cryptography - the data at one end is transformed so that only the person it is intended for can understand and read it.
  2. Make sure that the information is sent to exactly who is designated as the sender in the package. Ensure that information remains unchanged during transmission. Indeed, what is the point if no one knows what information is transmitted over the network, if, if desired, an attacker can forge a package and, on behalf of the client, invite the bank to make a payment or, by intercepting the client’s request, change the amount or recipient of the payment.
  3. Prevent reuse of information. Indeed, imagine that someone made a payment using mobile computer. No one can read the payment request, no one can fake it payment order, but by making a copy of the information and sending it a second and third time, you can force the bank to make a payment a second or third time.

Of course, these problems are now being solved in networks. Creating a VPN allows you to transfer the solution to some of these problems from application programs to the level of network interaction, create a single point of control, or simply supplement existing tools and significantly increase their efficiency.

It should be noted here that the use of encryption technologies is regulated by law in almost all countries. Thus, in the United States there is a law restricting the export of computer products that use strong encryption algorithms. Russia is no exception. Russian laws are quite confusing, and therefore, before using cryptography tools, it is best to consult with an expert lawyer. Obviously, anyone can use cryptographic schemes that do not hide information (that is, implement points 2, 3) without obtaining any licenses.

You can build a virtual private network in a huge number of ways, just listing which would take up quite a lot of space. Thus, UNIX users have long been using a combination of ssh and ppp for these purposes. However, the real interest is, of course, standard solutions. Currently, the following are widely known:

  • PPTP (Point-to-Point Tunneling Protocol), developed jointly by Microsoft, 3Com and Asced Communications. This protocol has become quite popular due to its inclusion in OS Microsoft company.
  • L2F (Layer-2 Forwarding) - developed by Cisco.
  • L2TP (Layer-2 Tunneling Protocol) is an official Internet standard being developed and promoted.
  • SKIP (Simple Key-management for Internet Protocols) - developed by Sun.
  • IPsec (Inernet Protocol Security) is the official Internet standard.

The first three of the listed protocols are aimed primarily at mobile users and will not be discussed in this article.

The Internet standard is the IPsec protocol suite. According to the standard, all devices working with the new IP protocol IPv6 are required to support IPsec.

In VPN construction mode (tunneling mode), IPsec ensures the security of Internet communications by “packing” an IP packet into a new IP packet and applying to it various transformations- encryption and electronic signatures (Fig. 3). The fact is that transmitting data on the Internet is similar to transmitting information on postcards without an envelope - every interested postal worker can read and even add something to this postcard. Anyone can send a postcard on behalf of another person. Packaging an IP packet into another IP packet using cryptography is similar to wrapping a postcard in an envelope, sealing it, and signing it. This way, you can guarantee that no one has read the information in the envelope, no one has changed the information in it, and the signature on the envelope guarantees the identity of the sender.

Depending on the VPN requirements, two types of headers are used, and, accordingly, two modes of protocol functionality are provided. In one case, ESP (Encapsulating Security Payload) provides the ability to transmit encrypted data, electronically sign the transmitted data and include a special counter in the header - a number that increases by 1 in each new packet, preventing reuse of the data. This ensures the secrecy and immutability of the transmitted data, the impossibility of their reuse, and the identity of the sender is confirmed. Moreover, you can use all these possibilities both simultaneously and separately. In the second case, AH (Authentication Header) allows you to include an electronic signature of the entire package and a counter. Thus, everything that ESP provides is guaranteed, except privacy. But AH provides an electronic signature of the entire packet, including the outer IP header (addresses and other inscriptions on the envelope), while ESP protects only the packaged packet. If necessary, these two headers can be used together, which is used in cases where it is necessary to both ensure data secrecy and guarantee the integrity of the entire packet.

In order for two devices to exchange information using encrypted and signed data, they need to know the encryption key used in the transmission, as well as the key for electronic signatures. The issue of key exchange is generally one of the most important in any system that uses cryptographic methods of data protection. It is obvious that, no matter how strong the protocol is, if an attacker has the opportunity to steal or replace the keys, everything is in vain. This situation can be compared to the following everyday situation: someone installed a powerful front door, but allowed anyone to make copies of the keys to it. Of course, this door won't help him. Another requirement is that the key must be changed fairly frequently and there is a limit on the amount of data that can be transferred using the same key. This limitation is due to the fact that more data, encrypted with one key, and the more time the attacker has, the easier it is for him to “break” the cipher. Therefore, key exchange is one of the most important parts of the standards. And that is why the data exchanged between devices is encrypted with a so-called session key - a randomly selected number that the parties “agree” on at the beginning of the exchange.

There is only one thing missing in IPsec standard method key distribution. It has been determined that manual key distribution and a special protocol - IKE (Internet Key Exchange) - must be supported. Each supplier has the right to supplement this set with its own key exchange protocols, but standard ones must be present.

Manual distribution of keys is a very simple procedure: information is brought on a floppy disk (or any other medium) and entered into the computer. It's simple. But the keys need to be changed. In some situations they are changed quite often - for example every hour. It becomes difficult to carry them on a floppy disk every time. You can, of course, generate many keys (for a whole year), distribute them once to all branches and change them regularly. Generally speaking, this is not a bad decision. However, the problem of synchronous key change arises. In addition, this method is only suitable when there are a small number of parties involved in the exchange; As their numbers increase, confusion is bound to arise somewhere. Based on these considerations, key exchange protocols were developed to distribute keys. One such protocol is IKE.

The IKE protocol allows devices to agree on most of the parameters that will be used in the process of exchanging information, the encryption algorithm, and the keys. IKE is quite complex. It consists of an exchange of messages that the parties must carry out before they can exchange information securely. During this session, the parties first exchange messages confirming their identity. There are several ways to verify who we are dealing with. All of them are based on the use of cryptographic methods. Electronic signatures are used based on the use of either shared keys(symmetric algorithms), or secret and public keys (asymmetric algorithms).

When using symmetric algorithms, the exchanging parties know one common key. The keys themselves are never sent over the network. Instead, the key is used to electronically sign a random number. After this, the number itself and the signature are sent to the interlocutor. Knowing the shared key and random number, the interlocutor can calculate the electronic signature. If the received signature matches the one sent, it means the sender is who he claims to be. The algorithm by which the signature is calculated in the standard is not strictly fixed, but it is determined that at least MD5 and SHA must be supported. In this case, one key is required for each pair of devices. For example, if a device communicates with one hundred other devices, it needs one hundred keys. And again, there is a great possibility of confusion during configuration. Of course, in this case it is more convenient to use an electronic signature with asymmetric cryptography.

When using an electronic signature, each device has two keys - a secret and a public one. These keys are calculated using a special algorithm and are interconnected. The private key is known only to the owner; the public key can be distributed freely. There are at least two different asymmetric key schemes. In one (RSA algorithm), a message encrypted with a private key can only be decrypted using the corresponding public key, and vice versa. Thus, if a known message is correctly decrypted by a public key, then the author of the message is the owner of that key. In another (Diffie-Hellman algorithm), the sender's private key and the recipient's public key are used to calculate the so-called mutual key. It turns out that the same mutual key can be calculated by knowing the recipient's private key and the sender's public key. Thus, the mutual key can be calculated only by knowing one of the pairs - the sender's private key and the recipient's public key, or the recipient's secret key and the sender's public key. And since only the owner knows the private key (that's how it should be!), only the recipient and the sender can know the mutual key. Based on this fact, the recipient can be sure that the sender of the message encrypted with the mutual key is exactly who he claims to be. Obviously, in the case of using asymmetric encryption algorithms, each device only needs a pair of keys - regardless of the number of interlocutors. The standard also does not have a rigid fixation of a specific algorithm for this case. It is only specified that the implementation must support the Diffie-Hellman algorithm.

All these methods require prior knowledge of a certain key, which is used to confirm identity. But since very little information is encrypted with this key, it can be changed much less frequently (the validity period of the key can be months or even years). Preliminary exchange of identity confirmations prevents an attacker from slipping his key and “hack” the system.

Having established the identity of the interlocutor, the devices exchange proposals on various parameters - encryption algorithms, session keys. Session keys are temporary and can change quite often. Once an agreement has been reached, the transfer of information can begin. Of course, the key exchange procedure takes time, and until it is completed, no data packet can be transferred between devices in safe mode. In unfavorable cases, the delay caused by the need to first open a session can be several seconds, and in the case of simultaneous opening of many sessions (for example, at the beginning of the working day, after a system restart) - even more.

The developers of the SKIP protocol approached key exchange somewhat differently. SKIP (an acronym for Simple Key-management for Internet Protocols) was developed by Sun and is intended, as the name suggests, for key exchange. This protocol can be used both in conjunction with IPsec along with other protocols, and independently. That is why it is referred to as a separate protocol.

When using SKIP, the key required to decrypt the message (session key) is contained in the packet itself, in the SKIP header (Fig. 4). To ensure that the packet can only be decrypted by the recipient, this key is in turn encrypted. The encryption algorithm and key are chosen so that it can be easily calculated without prior exchange. To calculate the mutual key, the already mentioned Diffie-Hellman algorithm is used (the mutual key is calculated from the sender's secret key and the recipient's public key or the sender's public key and the recipient's secret key). But this key is not directly used for encryption. It is used in conjunction with some counter number to obtain another key. To do this, a mathematical operation is performed with the mutual key and the counter using the MD5 algorithm, giving a new key. It is with this key that the session key is encrypted. The counter value is also sent along with the packet. Thus, all the information needed to decrypt the data in the packet is contained in the packet header, and no prior exchange is required (other than, of course, knowing the corresponding private and public keys). This three-stage scheme allows you to change session keys quite often. The session key can be different in different packets transmitted over the network - it is difficult to imagine a more frequent change. In addition, the presence of a uniformly increasing counter allows you to avoid reusing the encrypted packet. Obviously, SKIP is much simpler than IKE, although less flexible.

As already mentioned, SKIP can be used with or without IPsec. When using SKIP without IPsec, the IP packet intended for transmission is encrypted and packaged into a new IP packet. The new IP packet contains a SKIP header, which, as we already mentioned, contains all the information necessary to decrypt the packed packet (Figure 5). When SKIP and IPsec are used together, the envelope packet contains two headers - an IPsec header and a SKIP header. The SKIP header carries the key, and the IPsec header carries additional information required to correctly decrypt and process the packaged packet.

There are currently many VPN products on the market. Some of them are capable of implementing IPsec with IKE, some - with SKIP, some - SKIP without IPsec. Some include support for both.

In addition to purely technical considerations, when choosing a particular protocol, the availability of products on the market that implement this protocol and their quality are also important.

Although SKIP is a Sun product, many vendors network equipment and operating systems include SKIP support in their products. SKIP is currently available for Solaris, Sun OS, FreeBSD and Linux. With the active participation of the Russian company Elvis+, versions were created for Windows NT and Windows 98. Since SKIP is relatively simple and products based on it have been produced for many years, we can safely say that this is a fairly mature, developed protocol. A modern Pentium computer running Solaris may well satisfy the needs of a fairly large organization, especially since performance will still be limited throughput external channel. And computers running Windows 98 can easily exchange encrypted messages within an organization if there is such a need. Some of the protocol's inflexibility is offset by its simplicity, and you likely won't have any problems with incompatibility between products from different vendors.

Products that implement the IPsec and IKE protocols are appearing on the market more and more often. Now it seems that all the leading manufacturers have announced implementations of the standard. They are also available for freely distributed Linux systems,OpenBSD. However, OpenBSD contains support for this standard in the basic configuration. Anyone can install OpenBSD by “downloading” it from one of the many ftp servers.

However, in my opinion, IKE is still quite young; it's still developing. This may result in some incompatibility between products from different vendors. In addition, the complexity of the protocol itself entails the complexity of its implementation and, therefore, can lead to errors. However, the flexibility of this protocol makes it extremely attractive.

The final decision, of course, depends on your needs.

In conclusion, I would like to say that if your company has several divisions that are geographically remote and you need to organize the exchange of information between them via the Internet, or if you have users who use the Internet to remotely access your network and you care at least a little about the security of your network, it makes sense for you to consider installing a VPN in your organization. Moreover, today there is a huge number of high-quality products available - from freely distributed to complete integrated commercial solutions. Let me also remind you that a VPN without data closure (only with confirmation of the identity of the sender and the integrity of the package) can be installed without any licenses.

ComputerPress 2"2000

The Internet is increasingly being used as a means of communication between computers because it offers efficient and inexpensive communication. However, the Internet is a network common use and in order to ensure secure communication through it, a certain mechanism is needed that satisfies at least the following tasks:

    confidentiality of information;

    data integrity;

    availability of information;

These requirements are met by a mechanism called VPN (Virtual Private Network) - a generalized name for technologies that allow one or more network connections (logical network) to be provided over another network (for example, the Internet) using cryptography (encryption, authentication, infrastructure) public keys, means to protect against repetitions and changes in messages transmitted over the logical network).

Creating a VPN does not require additional investment and allows you to stop using dedicated lines. Depending on the protocols used and purpose, VPN can provide three types of connections: host-to-host, host-to-network and network-to-network.

For clarity, let's imagine next example: the company has several geographically distant branches and “mobile” employees working at home or on the road. It is necessary to unite all employees of the enterprise into a single network. The easiest way is to install modems in each branch and organize communications as needed. This solution, however, is not always convenient and profitable - sometimes constant communication and large bandwidth are needed. To do this, you will either have to lay a dedicated line between branches or rent them. Both are quite expensive. And here, as an alternative, when building a single secure network, you can use VPN connections of all branches of the company via the Internet and configure VPN tools on the network hosts.

Rice. 6.4. Site-to-site VPN connection

Rice. 6.5. VPN connection type host network

In this case, many problems are solved - branches can be located anywhere around the world.

The danger here is that, firstly, an open network is open to attack by attackers all over the world. Secondly, all data is transmitted over the Internet in clear text, and attackers, having hacked the network, will have all the information transmitted over the network. And thirdly, data can not only be intercepted, but also replaced during transmission through the network. An attacker could, for example, violate the integrity of databases by acting on behalf of clients of one of the trusted branches.

To prevent this from happening, VPN solutions use features such as data encryption to ensure integrity and confidentiality, authentication and authorization to verify user rights and allow access to the virtual private network.

A VPN connection always consists of a point-to-point channel, also known as a tunnel. The tunnel is created on an unprotected network, which most often is the Internet.

Tunneling or encapsulation is a method of transmitting useful information through an intermediate network. This information may be frames (or packets) of another protocol. With encapsulation, the frame is not transmitted as it was generated by the sending host, but is provided with an additional header containing routing information that allows the encapsulated packets to pass through the intermediate network (the Internet). At the end of the tunnel, the frames are de-encapsulated and transmitted to the recipient. Typically, a tunnel is created by two edge devices placed at entry points into a public network. One of the clear advantages of tunneling is that this technology allows you to encrypt the entire source packet, including the header, which may contain data containing information that attackers use to hack the network (for example, IP addresses, number of subnets, etc.) .

Although a VPN tunnel is established between two points, each node can establish additional tunnels with other nodes. For example, when three remote stations need to contact the same office, three separate VPN tunnels will be created to that office. For all tunnels, the node on the office side can be the same. This is possible because a node can encrypt and decrypt data on behalf of the entire network, as shown in the figure:

Rice. 6.6. Creating VPN tunnels for multiple remote locations

The user establishes a connection to the VPN gateway, after which the user has access to the internal network.

Inside a private network, encryption itself does not occur. The reason is that this part of the network is considered secure and under direct control, as opposed to the Internet. This is also true when connecting offices using VPN gateways. This ensures that only information transmitted over an insecure channel between offices is encrypted.

There are many different solutions for building virtual private networks. The most famous and widely used protocols are:

    PPTP (Point-to-Point Tunneling Protocol) - this protocol has become quite popular due to its inclusion in Microsoft operating systems.

    L2TP (Layer-2 Tunneling Protocol) – combines the L2F (Layer 2 Forwarding) protocol and the PPTP protocol. Typically used in conjunction with IPSec.

    IPSec (Internet Protocol Security) is an official Internet standard developed by the IETF (Internet Engineering Task Force) community.

The listed protocols are supported by D-Link devices.

The PPTP protocol is primarily intended for virtual private networks based on dial-up connections. The protocol allows for remote access, allowing users to establish dial-up connections with Internet providers and create a secure tunnel to their corporate networks. Unlike IPSec, PPTP was not originally intended to create tunnels between local networks. PPTP extends the capabilities of PPP, a data link protocol that was originally designed to encapsulate data and deliver it over point-to-point connections.

The PPTP protocol allows you to create secure channels for exchanging data over various protocols - IP, IPX, NetBEUI, etc. Data from these protocols is packaged in PPP frames and encapsulated using the PPTP protocol in IP protocol packets. They are then transferred using IP in encrypted form over any TCP/IP network. The receiving node extracts PPP frames from IP packets and then processes them in a standard way, i.e. extracts an IP, IPX, or NetBEUI packet from a PPP frame and sends it over the local network. Thus, the PPTP protocol creates a point-to-point connection in the network and transmits data over the created secure channel. The main advantage of encapsulating protocols such as PPTP is their multi-protocol nature. Those. Data protection at the data link layer is transparent to network and application layer protocols. Therefore, within the network, both the IP protocol (as in the case of VPN based on IPSec) and any other protocol can be used as a transport.

Currently, due to the ease of implementation, the PPTP protocol is widely used both for obtaining reliable secure access to the corporate network and for accessing the networks of Internet providers, when the client needs to establish a PPTP connection with the Internet provider to gain access to the Internet.

The encryption method used in PPTP is specified at the PPP level. Typically the PPP client is desktop computer with the Microsoft operating system, and the encryption protocol is Microsoft Point-to-Point Encryption (MPPE). This protocol is based on the RSA RC4 standard and supports 40- or 128-bit encryption. For many applications of this level of encryption, the use of this algorithm is quite sufficient, although it is considered less secure than some of the other encryption algorithms offered by IPSec, in particular, the 168-bit Triple-Data Encryption Standard (3DES).

How the connection is establishedPPTP?

PPTP encapsulates IP packets for transmission over an IP network. PPTP clients create a tunnel control connection that keeps the channel running. This process is performed at the transport layer of the OSI model. After the tunnel is created, the client computer and the server begin exchanging service packets.

In addition to the PPTP control connection, a connection is created to forward data through the tunnel. Encapsulating data before sending it into the tunnel involves two steps. First, the information part of the PPP frame is created. Data flows from top to bottom, from the OSI application layer to the data link layer. The received data is then sent up the OSI model and encapsulated by upper layer protocols.

Data from the link layer reaches transport layer. However, the information cannot be sent to its destination, since the OSI data link layer is responsible for this. Therefore, PPTP encrypts the payload field of the packet and takes on the second layer functions usually belonging to PPP, i.e., adding a PPP header and trailer to the PPTP packet. This completes the creation of the link layer frame. Next, PPTP encapsulates the PPP frame in a Generic Routing Encapsulation (GRE) packet, which belongs to the network layer. GRE encapsulates network layer protocols such as IP, IPX to enable their transmission over IP networks. However, using only the GRE protocol will not ensure session establishment and data security. This uses PPTP's ability to create a tunnel control connection. Using GRE as an encapsulation method limits the scope of PPTP to IP networks only.

After the PPP frame has been encapsulated in a frame with a GRE header, encapsulation is performed in a frame with an IP header. The IP header contains the source and destination addresses of the packet. Finally, PPTP adds a PPP header and ending.

On rice. 6.7 The data structure for forwarding over a PPTP tunnel is shown:

Rice. 6.7. Data structure for forwarding over a PPTP tunnel

Establishing a VPN based on PPTP does not require large expenses or complex settings: it is enough to install a PPTP server in the central office (PPTP solutions exist for both Windows and Linux platforms), and perform the necessary settings on client computers. If you need to combine several branches, then instead of setting up PPTP on all client stations, it is better to use an Internet router or a firewall with PPTP support: settings are made only on the edge router (firewall) connected to the Internet, everything is absolutely transparent for users. Examples of such devices are multifunctional Internet routers of the DIR/DSR series and firewalls of the DFL series.

GRE-tunnels

Generic Routing Encapsulation (GRE) is a network packet encapsulation protocol that provides tunneling of traffic through networks without encryption. Examples of using GRE:

    transmission of traffic (including broadcasting) through equipment that does not support a specific protocol;

    tunneling IPv6 traffic over an IPv4 network;

    data transfer through public networks to implement a secure VPN connection.

Rice. 6.8. An example of how a GRE tunnel works

Between two routers A and B ( rice. 6.8) there are several routers, the GRE tunnel allows for connection between local networks 192.168.1.0/24 and 192.168.3.0/24 as if routers A and B were directly connected.

L2 TP

The L2TP protocol emerged as a result of the combination of the PPTP and L2F protocols. The main advantage of the L2TP protocol is that it allows you to create a tunnel not only in IP networks, but also in ATM, X.25 and Frame relay networks. L2TP uses UDP as a transport and uses the same message format for both tunnel control and data forwarding.

As with PPTP, L2TP begins assembling a packet for transmission into the tunnel by first adding the PPP header to the PPP information data field, then the L2TP header. The resulting packet is encapsulated by UDP. Depending on the type of IPSec security policy selected, L2TP can encrypt UDP messages and add an Encapsulating Security Payload (ESP) header and ending, as well as an IPSec Authentication ending (see "L2TP over IPSec" section). Then it is encapsulated in IP. An IP header is added containing the sender and recipient addresses. Finally, L2TP performs a second PPP encapsulation to prepare the data for transmission. On rice. 6.9 shows the data structure for forwarding over an L2TP tunnel.

Rice. 6.9. Data structure for forwarding over an L2TP tunnel

The receiving computer receives the data, processes the PPP header and termination, and removes the IP header. IPSec Authentication authenticates the IP information field, and the IPSec ESP header helps decrypt the packet.

The computer then processes the UDP header and uses the L2TP header to identify the tunnel. The PPP packet now contains only payload data that is processed or forwarded to the specified recipient.

IPsec (short for IP Security) is a set of protocols for ensuring the protection of data transmitted over the Internet Protocol (IP), allowing authentication and/or encryption of IP packets. IPsec also includes protocols for secure key exchange over the Internet.

IPSec security is achieved through additional protocols that add their own headers to the IP packet - encapsulation. Because IPSec is an Internet standard, and there are RFCs for it:

    RFC 2401 (Security Architecture for the Internet Protocol) – security architecture for the IP protocol.

    RFC 2402 (IP Authentication header) – IP authentication header.

    RFC 2404 (The Use of HMAC-SHA-1-96 within ESP and AH) – use of the SHA-1 hashing algorithm to create the authentication header.

    RFC 2405 (The ESP DES-CBC Cipher Algorithm With Explicit IV) - use of the DES encryption algorithm.

    RFC 2406 (IP Encapsulating Security Payload (ESP)) – data encryption.

    RFC 2407 (The Internet IP Security Domain of Interpretation for ISAKMP) is the scope of the key management protocol.

    RFC 2408 (Internet Security Association and Key Management Protocol (ISAKMP)) – management of keys and authenticators for secure connections.

    RFC 2409 (The Internet Key Exchange (IKE)) – key exchange.

    RFC 2410 (The NULL Encryption Algorithm and Its Use With IPsec) – null encryption algorithm and its use.

    RFC 2411 (IP Security Document Roadmap) is a further development of the standard.

    RFC 2412 (The OAKLEY Key Determination Protocol) – checking the authenticity of a key.

IPsec is an integral part of the Internet Protocol IPv6 and an optional extension to the Internet Protocol version IPv4.

The IPSec mechanism solves the following problems:

    authentication of users or computers when initializing a secure channel;

    encryption and authentication of data transmitted between secure channel endpoints;

    automatic provision of channel endpoints with secret keys necessary for the operation of authentication and data encryption protocols.

IPSec Components

AH (Authentication Header) protocol – header identification protocol. Ensures integrity by verifying that no bits in the protected portion of the packet were changed during transmission. But using AH can cause problems, for example, when a packet passes through a NAT device. NAT changes the packet's IP address to allow Internet access from a private local address. Because In this case, the packet will change, then the AH checksum will become incorrect (to eliminate this problem, the NAT-Traversal (NAT-T) protocol was developed, which provides ESP transmission via UDP and uses UDP port 4500 in its operation). It's also worth noting that AH was designed for integrity only. It does not guarantee confidentiality by encrypting the contents of the package.

The ESP (Encapsulation Security Payload) protocol provides not only the integrity and authentication of transmitted data, but also data encryption, as well as protection against false replay of packets.

The ESP protocol is an encapsulating security protocol that provides both integrity and confidentiality. In transport mode, the ESP header is located between the original IP header and the TCP or UDP header. In tunnel mode, the ESP header is placed between the new IP header and the fully encrypted original IP packet.

Because Both protocols - AH and ESP - add their own IP headers, each of them has its own protocol number (ID), which can be used to determine what follows the IP header. Each protocol, according to IANA (Internet Assigned Numbers Authority - the organization responsible for the Internet address space), has its own number (ID). For example, for TCP this number is 6, and for UDP it is 17. Therefore, when working through a firewall, it is very important to configure filters in such a way as to allow packets with ID AH and/or ESP protocol to pass through.

To indicate that AH is present in the IP header, the protocol ID is set to 51, and for ESP the number is 50.

ATTENTION: Protocol ID is not the same as port number.

The IKE (Internet Key Exchange) protocol is a standard IPsec protocol used to ensure secure communications in virtual private networks. The purpose of IKE is to securely negotiate and deliver identified material to a security association (SA).

SA is the IPSec term for connection. An established SA (a secure channel called a Security Association or SA) includes a shared secret key and a set of cryptographic algorithms.

The IKE protocol performs three main tasks:

    provides a means of authentication between two VPN endpoints;

    establishes new IPSec connections (creates an SA pair);

    manages existing connections.

IKE uses UDP port number 500. When using the NAT Traversal feature, as mentioned earlier, the IKE protocol uses UDP port number 4500.

Data exchange in IKE occurs in 2 phases. In the first phase, the IKE SA is established. In this case, the channel endpoints are authenticated and data protection parameters are selected, such as an encryption algorithm, session key, etc.

In the second phase, the IKE SA is used to negotiate a protocol (usually IPSec).

When a VPN tunnel is configured, one SA pair is created for each protocol used. SAs are created in pairs, because Each SA is a unidirectional connection, and data must be transferred in two directions. The resulting SA pairs are stored on each node.

Since each node is capable of establishing multiple tunnels with other nodes, each SA has a unique number to identify which node it belongs to. This number is called SPI (Security Parameter Index).

SA is stored in a database (DB) S.A.D.(Security Association Database).

Each IPSec node also has a second DB − SPD(Security Policy Database) – security policy database. It contains the configured site policy. Most VPN solutions allow the creation of multiple policies with combinations of suitable algorithms for each host to which a connection must be established.

The flexibility of IPSec lies in the fact that for each task there are several ways to solve it, and the methods chosen for one task are usually independent of the methods for implementing other tasks. At the same time, the IETF working group has defined a basic set of supported functions and algorithms, which should be uniformly implemented in all products that support IPSec. The AH and ESP mechanisms can be used with a variety of authentication and encryption schemes, some of which are mandatory. For example, IPSec specifies that packets are authenticated using either a one-way MD5 function or a one-way SHA-1 function, and encryption is performed using the DES algorithm. Manufacturers of products that run IPSec may add other authentication and encryption algorithms. For example, some products support encryption algorithms such as 3DES, Blowfish, Cast, RC5, etc.

To encrypt data in IPSec, any symmetric encryption algorithm that uses secret keys can be used.

Transmitted stream protection protocols (AH and ESP) can operate in two modes: transport mode and in tunneling mode. When operating in transport mode, IPsec works only with transport layer information, i.e. Only the data field of the packet containing TCP/UDP protocols is encrypted (the IP packet header is not changed (not encrypted)). Transport mode is typically used to establish connections between hosts.

In tunneling mode, the entire IP packet is encrypted, including the header network layer. In order for it to be transmitted over the network, it is placed in another IP packet. Essentially, it is a secure IP tunnel. Tunnel mode can be used to connect remote computers to a virtual private network (host-to-network connection scheme) or to organize secure data transfer through open communication channels (for example, the Internet) between gateways to connect different parts of the virtual private network (network connection scheme -net").

IPsec modes are not mutually exclusive. On the same node, some SAs may use transport mode while others use tunnel mode.

During the authentication phase, the ICV (Integrity Check Value) of the packet is calculated. This assumes that both nodes know the secret key, which allows the recipient to calculate the ICV and compare it with the result sent by the sender. If the ICV comparison is successful, the sender of the packet is considered to be authenticated.

In mode transportA.H.

    the entire IP packet, except for some fields in the IP header that may be modified during transmission. These fields, which are set to 0 for ICV calculation, can be Type of Service (TOS), flags, fragment offset, time to live (TTL), and checksum header;

    all fields in AH;

    IP packet payload.

AH in transport mode protects the IP header (excluding fields for which changes are allowed) and payload in the original IP packet (Figure 3.39).

In tunnel mode, the original packet is placed in a new IP packet, and data transmission is performed based on the header of the new IP packet.

For tunnel modeA.H. When performing a calculation, the ICV checksum includes the following components:

    all fields of the outer IP header, except some fields in the IP header that may be modified during transmission. These fields, which are set to 0 for ICV calculation, can be Type of Service (TOS), flags, fragment offset, time to live (TTL), and checksum header;

    all fields AH;

    original IP packet.

As you can see in the following illustration, AH tunneling mode protects the entire original IP packet by using an additional outer header, which AH transport mode does not use:

Rice. 6.10. Tunnel and transport modes of operation of the AN protocol

In mode transportESP does not authenticate the entire packet, but only protects the IP payload. The ESP header in ESP transport mode is added to the IP packet immediately after the IP header, and the ESP trailer (ESP Trailer) is accordingly added after the data.

ESP transport mode encrypts the following parts of the packet:

    IP payload;

An encryption algorithm that uses Cipher Block Chaining (CBC) mode has an unencrypted field between the ESP header and the payload. This field is called the IV (Initialization Vector) for the CBC calculation that is performed on the receiver. Because this field is used to begin the decryption process, it cannot be encrypted. Even though the attacker has the ability to view the IV, there is no way for him to decrypt the encrypted portion of the packet without the encryption key. To prevent attackers from changing the initialization vector, it is protected by an ICV checksum. In this case, ICV performs the following calculations:

    all fields in the ESP header;

    payload including plaintext IV;

    all fields in ESP Trailer except the authentication data field.

ESP tunnel mode encapsulates the entire original IP packet in the new IP header, ESP header, and ESP Trailer. To indicate that ESP is present in the IP header, the IP protocol identifier is set to 50, leaving the original IP header and payload unchanged. As with AH tunnel mode, the outer IP header is based on the IPSec tunnel configuration. In the case of ESP tunnel mode, the authentication area of ​​the IP packet shows where the signature was placed to certify its integrity and authenticity, and the encrypted part shows that the information is secure and confidential. The source header is placed after the ESP header. After the encrypted portion is encapsulated in a new tunnel header, which is not encrypted, the IP packet is transmitted. When sent via public network such a packet is routed to the IP address of the receiving network gateway, and the gateway decrypts the packet and discards the ESP header using the original IP header to subsequently route the packet to a computer located on the internal network. ESP tunneling mode encrypts the following parts of the packet:

    original IP packet;

  • For ESP tunnel mode, ICV is calculated as follows:

    all fields in the ESP header;

    original IP packet including plaintext IV;

    all ESP header fields except the authentication data field.

Rice. 6.11. Tunnel and transport mode of the ESP protocol

Rice. 6.12. Comparison of ESP and AH protocols

Summary of application modesIPSec:

    Protocol – ESP (AH).

    Mode – tunnel (transport).

    The key exchange method is IKE (manual).

    IKE mode – main (aggressive).

    DH key – group 5 (group 2, group 1) – group number for selecting dynamically created session keys, group length.

    Authentication – SHA1 (SHA, MD5).

    Encryption – DES (3DES, Blowfish, AES).

When creating a policy, it is usually possible to create an ordered list of algorithms and Diffie-Hellman groups. Diffie-Hellman (DH) is an encryption protocol used to establish shared secret keys for IKE, IPSec, and PFS (Perfect Forward Secrecy). In this case, the first position that matches on both nodes will be used. It is very important that everything in the security policy allows for this alignment. If everything else matches except for one part of the policy, the nodes will still not be able to establish a VPN connection. When setting up a VPN tunnel between various systems you need to find out which algorithms are supported by each side so that you can choose the most secure policy possible.

Basic settings that the security policy includes:

    Symmetric algorithms for data encryption/decryption.

    Cryptographic checksums to verify data integrity.

    Node identification method. The most common methods are pre-shared secrets or CA certificates.

    Whether to use tunnel mode or transport mode.

    Which Diffie-Hellman group to use (DH group 1 (768-bit); DH group 2 (1024-bit); DH group 5 (1536-bit)).

    Whether to use AH, ESP, or both.

    Whether to use PFS.

A limitation of IPSec is that it only supports IP protocol layer communications.

There are two main schemes for using IPSec, differing in the role of the nodes that form the secure channel.

In the first scheme, a secure channel is formed between the end hosts of the network. In this scheme, the IPSec protocol protects the node on which the following is running:

Rice. 6.13. Create a secure channel between two endpoints

In the second scheme, a secure channel is established between two security gateways. These gateways accept data from end hosts connected to networks located behind the gateways. The end hosts in this case do not support the IPSec protocol; traffic sent to the public network passes through the security gateway, which performs protection on its behalf.

Rice. 6.14. Creating a secure channel between two gateways

For hosts that support IPSec, both transport and tunnel modes can be used. Gateways are only allowed to use tunnel mode.

Installation and supportVPN

As mentioned above, installing and maintaining a VPN tunnel is a two-step process. In the first stage (phase), two nodes agree on an identification method, an encryption algorithm, a hash algorithm, and a Diffie-Hellman group. They also identify each other. All this can happen as a result of the exchange of three unencrypted messages (the so-called aggressive mode, Aggressive mode) or six messages, with the exchange of encrypted identification information (standard mode, Main mode).

In Main Mode, it is possible to coordinate all configuration parameters of the sender and recipient devices, while in Aggressive Mode there is no such possibility, and some parameters (Diffie-Hellman group, encryption and authentication algorithms, PFS) must be configured identically in advance on each device. However, in this mode, both the number of exchanges and the number of packets sent are lower, resulting in less time required to establish an IPSec session.

Rice. 6.15. Messaging in standard (a) and aggressive (b) modes

Assuming the operation completed successfully, the first phase SA is created − Phase 1 S.A.(also called IKES.A.) and the process moves to the second phase.

In the second stage, key data is generated and nodes agree on the policy to use. This mode, also called Quick mode, differs from the first phase in that it can only be established after the first phase, when all packets of the second phase are encrypted. Correct completion of the second phase results in the appearance of Phase 2 S.A. or IPSecS.A. and at this point the installation of the tunnel is considered complete.

First, a packet with a destination address in another network arrives at the node, and the node initiates the first phase with the node responsible for the other network. Let's say a tunnel between nodes has been successfully established and is waiting for packets. However, nodes need to re-identify each other and compare policies after a certain period of time. This period is called Phase One lifetime or IKE SA lifetime.

Nodes must also change the key to encrypt data after a period of time called Phase Two or IPSec SA lifetime.

Phase Two lifetime is shorter than that of the first phase, because... the key needs to be changed more often. You need to set the same lifetime parameters for both nodes. If you do not do this, then it is possible that the tunnel will initially be established successfully, but after the first inconsistent lifetime the connection will be interrupted. Problems may also arise when the lifetime of the first phase is less than that of the second phase. If a previously configured tunnel stops working, then the first thing that needs to be checked is the lifetime on both nodes.

It should also be noted that if the policy is changed on one of the nodes, the changes will take effect only the next time the first phase occurs. For the changes to take effect immediately, the SA for this tunnel must be removed from the SAD database. This will cause the agreement between nodes to be renegotiated with new security policy settings.

Sometimes when setting up an IPSec tunnel between equipment from different manufacturers, difficulties arise due to the coordination of parameters when establishing the first phase. You should pay attention to such a parameter as Local ID - this is a unique identifier of the tunnel endpoint (sender and recipient). This is especially important when creating multiple tunnels and using the NAT Traversal protocol.

DeadPeerDetection

During the VPN operation, in the absence of traffic between the endpoints of the tunnel, or when the initial data of the remote node changes (for example, changing a dynamically assigned IP address), a situation may arise when the tunnel is essentially no longer a tunnel, becoming, as it were, a ghost tunnel . In order to maintain constant readiness for data exchange in the created IPSec tunnel, the IKE mechanism (described in RFC 3706) allows you to monitor the presence of traffic from a remote node of the tunnel, and if it is absent for a set time, a hello message is sent (in firewalls The message "DPD-R-U-THERE" is sent to D-Link. If there is no response to this message within a certain time, in D-Link firewalls specified by the "DPD Expire Time" settings, the tunnel is dismantled. D-Link firewalls after this using the "DPD Keep Time" settings ( rice. 6.18), automatically try to restore the tunnel.

ProtocolNATTraversal

IPsec traffic can be routed according to the same rules as other IP protocols, but since the router cannot always extract information specific to transport layer protocols, IPsec cannot pass through NAT gateways. As mentioned earlier, to solve this problem, the IETF defined a way to encapsulate ESP in UDP, called NAT-T (NAT Traversal).

The NAT Traversal protocol encapsulates IPSec traffic and simultaneously creates UDP packets that NAT forwards correctly. To do this, NAT-T places an additional UDP header before the IPSec packet so that it is treated as a regular UDP packet throughout the network and the recipient host does not perform any integrity checks. Once the packet arrives at its destination, the UDP header is removed and the data packet continues on its path as an encapsulated IPSec packet. Thus, using the NAT-T mechanism, it is possible to establish communication between IPSec clients on secure networks and public IPSec hosts through firewalls.

When configuring D-Link firewalls on the recipient device, two points need to be noted:

    In the Remote Network and Remote Endpoint fields, specify the network and IP address of the remote sending device. It is necessary to allow translation of the initiator (sender) IP address using NAT technology (Figure 3.48).

    When using shared keys with multiple tunnels connected to the same remote firewall that have been NATed to the same address, it is important to ensure that the Local ID is unique for each tunnel.

Local ID may be one of:

    Auto– the IP address of the outgoing traffic interface is used as a local identifier.

    IP– IP address of the WAN port of the remote firewall

    DNS– DNS address

    A virtual local area network (VLAN) is a group of network nodes whose traffic, including broadcast traffic, is completely isolated at the link level from the traffic of other network nodes.

    Rice. 14.10. Virtual local networks.

    This means that frames cannot be transmitted between different virtual networks based on a link-layer address, regardless of the type of address (unique, multicast, or broadcast). At the same time, within the virtual network, frames are transmitted using switching technology, then only to the port that is associated with the destination address of the frame.

    VLANs can overlap if one or more computers are part of more than one VLAN. In Fig. 14.10 the email server is part of virtual networks 3 and 4. This means that its frames are transmitted by switches to all computers included in these networks. If a computer is part of only virtual network 3, then its frames will not reach network 4, but it can interact with computers on network 4 through a common mail server. This scheme does not completely protect virtual networks from each other, for example, a broadcast storm that occurs on the server Email, will flood both network 3 and network 4.

    A virtual network is said to form a broadcast traffic domain, similar to the collision domain formed by Ethernet repeaters.

        Purpose of virtual networks

    As we saw in the example from the previous section, using custom filters you can interfere with the normal operation of switches and limit the interaction of local network nodes in accordance with the required access rules. However, the custom switch filter mechanism has several disadvantages:

      It is necessary to set separate conditions for each network node, using cumbersome MAC addresses. It would be much easier to group nodes and describe the conditions of interaction for groups at once.

      It is not possible to block broadcast traffic. Broadcast traffic can cause network unavailability if one of its nodes intentionally or unintentionally generates broadcast frames with great intensity.

    The technique of virtual local networks solves the problem of limiting the interaction of network nodes in a different way.

    The main purpose of VLAN technology is to facilitate the creation of isolated networks, which are then usually connected to each other using routers. This network design creates powerful barriers to unwanted traffic from one network to another. Today it is considered obvious that any large network must include routers, otherwise streams of erroneous frames, such as broadcasts, will periodically “flood” the entire network through switches transparent to them, rendering it inoperable.

    The advantage of virtual network technology is that it allows you to create completely isolated network segments by logical configuration of switches, without changing the physical structure.

    Before the advent of VLAN technology, either physically isolated segments of coaxial cable or unconnected segments built on repeaters and bridges were used to create a separate network. These networks were then connected by routers into a single composite network (Fig. 14.11).

    Changing the composition of segments (user moving to another network, splitting large segments) with this approach implies physical reconnection of connectors on the front panels of repeaters or on cross-connect panels, which is not very convenient in large networks- a lot of physical work, and there is a high probability of error.

    Rice. 14.11. Composite network consisting of networks built on the basis of repeaters

    Linking virtual networks into a common network requires the involvement of network level tools. It can be implemented in a separate router or as part of the switch software, which then becomes a combined device - a so-called layer 3 switch.

    Virtual network technology has not been standardized for a long time, although it has been implemented in a very wide range of switch models from different manufacturers. The situation changed with the adoption of the IEEE 802.1Q standard in 1998, which defines the basic rules for constructing virtual local area networks, independent of the link layer protocol supported by the switch.

        Creating virtual networks based on one switch

    When creating virtual networks based on a single switch, the switch port grouping mechanism is usually used (Fig. 14.12). In this case, each port is assigned to one or another virtual network. A frame coming from a port belonging to, for example, virtual network 1 will never be transmitted to a port that does not belong to this virtual network. A port can be assigned to several virtual networks, although in practice this is rarely done - the effect of complete isolation of networks disappears.

    Creating virtual networks by grouping ports does not require a lot of work from the administrator self made- it is enough to assign each port to one of several pre-named virtual networks. Typically, this operation is performed using a special program supplied with the switch.

    The second method of creating virtual networks is based on grouping MAC addresses. Each MAC address learned by the switch is assigned to a particular virtual network. When there are many nodes in the network, this method requires a large amount of manual work from the administrator. However, when building virtual networks based on multiple switches, it turns out to be more flexible than port grouping.

    Rice. 14.12. Virtual networks built on a single switch

        Creating virtual networks based on several switches

    Figure 14.13 illustrates the problem that arises when creating virtual networks based on multiple switches that support port trunking techniques.

    Rice. 14.13. Building virtual networks on several switches with port grouping

    If the nodes of a virtual network are connected to different switches, then a special pair of ports must be allocated on the switches to connect each such network. Thus, port trunking switches require as many ports for their connection as the number of virtual networks they support. Ports and cables are used very wastefully in this case. In addition, when connecting virtual networks through a router, a separate cable and a separate router port are allocated for each virtual network, which also leads to high overhead costs.

    Grouping MAC addresses into a virtual network on each switch eliminates the need to associate them across multiple ports, since the MAC address then becomes the virtual network label. However, this method requires a lot of manual work to mark MAC addresses on each switch in the network.

    The described two approaches are based only on adding additional information to the address tables of the switch and do not have the ability to embed information about the ownership of the virtual network frame into the transmitted frame. In other approaches, existing or additional frame fields are used to store information about the frame’s membership in a particular virtual local network when it moves between network switches. In this case, there is no need to remember in each switch that all MAC addresses of the composite network belong to virtual networks.

    The additional field marked virtual network number is used only when the frame is transferred from switch to switch, and when the frame is transferred to the end node, it is usually removed. In this case, the switch-to-switch interaction protocol is modified, but the software and hardware of the end nodes remains unchanged.

    Ethernet introduces an additional header called a VLAN tag.

    The VLAN tag is optional for Ethernet frames. A frame that has such a header is called a tagged frame. Switches can handle both tagged and untagged frames simultaneously. Due to the addition of the VLAN tag, the maximum data field length has been reduced by 4 bytes.

    In order for local network equipment to distinguish and understand tagged frames, a special EtherType field value of 0x8100 is introduced for them. This value indicates that it is followed by a TCI field rather than a standard data field. Note that in a tagged frame, the VLAN tag fields are followed by another EtherType field indicating the protocol type whose data is carried by the frame's data field.

    The TCI field contains a 12-bit VLAN number (identifier) ​​field called VID. The width of the VID field allows switches to create up to 4096 virtual networks.

    Using the VID value in tagged frames, network switches perform group filtering of traffic, dividing the network into virtual segments, that is, into VLANs. To support this mode, each switch port is assigned to one or more virtual local networks, that is, port grouping is performed.

    To simplify network configuration, the 802.1Q standard introduces the concepts of access line and trunk.

    An access line connects a switch port (called an access port in this case) to a computer that belongs to a virtual local network.

    A trunk is a communication line that connects the ports of two switches; in general, traffic from several virtual networks is transmitted through a trunk.

    In order to create a virtual local network in the source network, you must first select for it a VID value other than 1, and then, using the switch configuration commands, assign to this network those ports to which the computers included in it are connected. An access port can only be assigned to one VLAN.

    Access ports receive untagged frames from end hosts and tag them with a VLAN tag containing the VID value assigned to that port. When transmitting tagged frames to the end node, the access port removes the VLAN tag.

    For a more clear description, let’s return to the network example discussed earlier. Fig. Figure 14.15 shows how the problem of selective access to servers is solved based on the VLAN technique.

    Rice. 14.15. Splitting the network into two virtual local networks

    To solve this problem, we can organize two virtual local area networks on the network, VLAN2 and VLAN3 (recall that VLAN1 already exists by default - this is our original network), assigning one set of computers and servers to VLAN2, and the other to KVLAN3.

    To assign end nodes to a specific VLAN, the corresponding ports are declared as the access ports of that network by assigning them the appropriate VID. For example, port 1 of SW1 should be declared as an access port of VLAN2 by assigning it VID2, the same should be done with port 5 of SW1, port 1 of SW2, and port 1 of SW3. VLAN3 access ports must be assigned VID3.

    In your network, you also need to organize trunks - those communication lines that connect switch ports to each other. Ports connected to trunks do not add or remove tags, they simply transmit frames unchanged. In our example, such ports should be ports 6 of switches SW1 and SW2, as well as ports 3 and 4 of the ShchZ switch. The ports in our example must support VLAN2 and VLAN3 (and VLAN1, if there are nodes in the network that are not explicitly assigned to any VLAN).

    Switches that support VLAN technology provide additional traffic filtering. If the switch's forwarding table says that the incoming frame needs to be transmitted to a certain port, before transmission, the switch checks whether the VTD value in the VL AN tag of the frame corresponds to the virtual local network that is assigned to this port. If there is a match, the frame is transmitted, if it does not match, it is discarded. Untagged frames are processed in the same way, but using the conditional VLAN1. MAC addresses are learned by network switches separately, but for each VLAN.

    The VLAN technique turns out to be very effective for limiting access to servers. Configuring a virtual local network does not require knowledge of the MAC addresses of the nodes; in addition, any change in the network, for example connecting a computer to another switch, requires configuring only the port of this switch, and all other switches in the network continue to operate without making changes to their configuration.

    Private networks are used by organizations to connect to remote sites and to other organizations. Private networks consist of communication channels leased from various telephone companies and Internet service providers. These communication channels are characterized by the fact that they connect only two objects, being separated from other traffic, since leased channels provide two-way communication between two sites. Private networks have many benefits.

    • Information is kept confidential.
    • Remote sites can exchange information immediately.
    • Remote users do not feel isolated from the system they are accessing.

    Unfortunately, this type of network has one big drawback - high cost. Using private networks is very expensive. Using slower links may save money, but then remote users will begin to notice the speed penalty and some of the benefits noted above will become less obvious.

    With the increase in the number of Internet users, many organizations have switched to using virtual private networks (VPNs). Virtual Private Networks provide many of the benefits of private networks at a lower cost. However, with the introduction of VPN comes a number of issues and dangers for the organization. A properly built VPN can bring great benefits to an organization. If the VPN is not implemented correctly, all information transmitted through the VPN may be accessible from the Internet.

    Defining Virtual Private Networks

    So, we intend to transmit sensitive organization data over the Internet without using leased communication channels, while still taking every precaution to ensure traffic privacy. How will we be able to separate our traffic from the traffic of other users of the global network? The answer to this question is encryption.

    You can encounter all types of traffic on the Internet. A significant portion of this traffic is transmitted in the clear, and any user observing this traffic will be able to recognize it. This applies to most email and web traffic, as well as telnet and FTP communications. Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS) traffic is encrypted traffic and will not be viewable by the user snooping on the packets. However, SSH and HTTPS type traffic does not constitute a VPN.

    Virtual Private Networks have several characteristics.

    • Traffic is encrypted to ensure protection against eavesdropping.
    • The remote site is authenticated.
    • Virtual private networks provide support for a variety of protocols.
    • The connection provides communication only between two specific subscribers.

    Since SSH and HTTPS are not capable of supporting multiple protocols, the same applies to real VPNs. VPN packets are mixed with the flow of regular traffic on the Internet and exist separately for the reason that this traffic can only be read by connection endpoints.

    Note

    It is possible to implement traffic transfer through an SSH session using tunnels. However, for the purposes of this lecture we will not consider SSH as a VPN.

    Let's take a closer look at each of the VPN characteristics. It was already mentioned above that VPN traffic is encrypted to protect against eavesdropping. The encryption must be strong enough to guarantee confidentiality transmitted information for the period while it is relevant. Passwords have a validity period of 30 days (implying a policy of changing passwords every 30 days); however, classified information may not lose its value for many years. Therefore, the encryption algorithm and the use of a VPN should prevent illegal decryption of traffic for several years.

    The second characteristic is that the remote site is authenticated. This characteristic may require some users to be authenticated to a central server, or may require mutual authentication of both nodes that the VPN connects. The authentication mechanism used is controlled by policy. The policy can provide for user authentication using two parameters or using dynamic passwords. At mutual authentication both sites may be required to demonstrate knowledge of a certain shared secret (a secret being some information known in advance to both sites), or it may be required

    From the name itself - a virtual private network - it follows that it somehow reproduces the properties of a real private network.

    Without any stretch, a network can be called private only if the enterprise solely owns and manages the entire network infrastructure- cables, crossover equipment, channel-forming equipment, switches, routers and other communication equipment.

    A virtual private network is a kind of “network within a network,” that is, a service that gives users the illusion that their private network exists within a public network.

    The main objectives of VPN technology are to provide guaranteed quality of service for user data flows in a public network, as well as protect them from possible unauthorized access or destruction.

    A virtual private network (VPN) is the unification of local networks through an open external environment (global network) into a single corporate network that provides safe data circulation.

    The essence of VPN technology is as follows (Figure 6.1):

    Figure 6.1 - VPN network diagram

    VPN agents are installed on all computers that have access to the Internet (instead of the Internet there can be any other public network), which process IP packets transmitted over computer networks.

    VPN agents automatically encrypt all outgoing information (and accordingly decrypt all incoming information). They also monitor its integrity using an electronic digital signature (EDS) or imitative inserts (a cryptographic checksum calculated using an encryption key).

    Before sending an IP packet The VPN agent operates as follows.

    The IP address of the packet recipient is analyzed, and depending on this address, the protection algorithm for this packet is selected. If there is no such recipient in the VPN agent settings, then the information is not sent.

    Generates and adds the sender's digital signature or imitative insert to the package.

    Encrypts the packet (entirely, including header).

    Performs encapsulation, i.e. forms a new header, which indicates the address not of the recipient at all, but of its VPN agent. This useful additional feature allows you to think of communications between two networks as being between two computers that have VPN agents installed. Any information useful to an attacker, for example, internal IP addresses, is no longer available to him.

    When an IP packet is received, the reverse steps are performed.

    The header contains information about the sender's VPN agent. If it is not included in the list of allowed ones in the settings, then the information is simply discarded.

    According to the settings, cryptographic algorithms and digital signatures are selected, as well as the necessary keys, after which the packet is decrypted and its integrity is checked, packets with broken integrity (digital signature is incorrect) are also discarded.

    After all the reverse transformations, the packet in its original form is sent to the real recipient over the local network.

    All of the above operations are performed automatically; the work of VPN agents is invisible to users. The VPN agent can be located directly on the protected computer (which is especially useful for mobile users). In this case, it protects the communication of only one computer on which it is installed.

    6.1 The concept of “tunnel” when transmitting data in networks

    To transfer data, VPN agents create virtual channels between protected local networks or computers (such a channel is called a “tunnel”, and the technology for creating it is called “tunneling”). All information is transmitted through the tunnel in encrypted form.

    Figure 6.2.

    One of the required functions of VPN agents is packet filtering. Packet filtering is implemented in accordance with the settings of the VPN agent, the totality of which forms the security policy of the virtual private network. To increase the security of virtual private networks, it is advisable to place firewalls (filters) at the ends of the tunnels.

    VPN agents act as VPN gateways. A VPN security gateway is a network device that connects to two networks—global and local—and performs encryption and authentication functions for hosts on the network behind it. The VPN gateway can be implemented as a separate hardware device, separate software solution, as well as in the form of a firewall or router, supplemented with VPN functions.

    Network VPN connection The security gateway appears to users on the network behind it as a leased line, when in fact it is an open packet-switched network. The VPN address of the security gateway on the external network side determines the address of the incoming tunneled packet. The internal address is the address of the host behind the gateway. A VPN security gateway can function as part of a router, firewall, etc.

    The peculiarity of tunneling is that this technology allows you to encrypt the entire source packet, along with the header, and not just its data field. The original packet is encrypted in its entirety, including the header, and this encrypted packet is placed in another, outer packet with a clear header. To transport data over a “dangerous” network, open fields of the external packet header are used, and when an external packet arrives at the endpoint of a secure channel, the internal packet is extracted from it, decrypted and its header is used for further transmission in clear form over a network that does not require protection.

    Figure 6.3 – VPN tunnel organization

    In this case, for external packets, the addresses of border routers (VPN gateways) installed at these two points are used, and the internal addresses of end nodes are contained in internal packets in a protected form (Figure 6.4).

    Figure 6.4 – Packet tunneling

    6.2 Architecture VPN networks

    By architecture There are three main types of VPN:

    1) Remote Access VPN

    2) Intranet VPN

    3) Inter-corporate VPN (Extranet VPN)

    VPN with remote access

    Using this scheme (Figure 6.5), individual employees can remotely access the organization’s corporate network through a public network. Remote clients can work from home, or using a laptop computer, from anywhere on the planet where there is access to the World Wide Web.

    Figure 6.5 – VPN with remote access

    6.2.2 Intra-corporate VPNs(Figure 6.6)

    Figure 6.6 – Intranet VPN

    Here the connection is made in one shared network geographically distributed branches of the company. This method is called Intranet VPN . This method is advisable to use both for ordinary branches and for mobile offices, which will have access to the resources of the “parent” company, as well as easily exchange data with each other.

    6.2.3 Business-to-business VPNs(Figure 6.7)

    Figure 6.7 – Extranet VPN

    This is the so-called Extranet VPN when access is provided through secure access channels to clients or partners of the organization. Gaining widespread adoption due to the popularity of e-commerce.

    In this case, remote clients (partners) will have very limited opportunities to use the corporate network; in fact, they will be limited to access to those company resources that are necessary when working with their clients, for example, a website with commercial offers, and VPN is used in this case for secure transfer of confidential data.

    In addition to VPN gateways, Figure 6.7 also shows firewalls ME. Firewalls (filters) provide control of transmitted content (viruses and other external attacks). ME is a “fence” around a network that prevents intruders from penetrating it, while a VPN is an “armored car” that protects valuables when taken outside the fence. Therefore, it is necessary to use both solutions to ensure required level security information resources. Most often, ME and VPN functions are combined in the same device.