What are characteristics of Data Link layer VPN?

(cons)

Networks connected by a direct link over Frame Relay or ATM.

expensive; no inherent encryption.

Works with specific applications.

User initiated; not seamless

SSL, SSH

What are the characteristics of GRE?

(OSI layer, pro/cons)

Generic Routing Encapsulation

non-encrypted; low overhead tunneling

Encapsulates an arbitrary layer protocol over another arbitrary layer.

What is the basic format of a GRE packet?

What is the header size and protocol type?

[delivery header | GRE header | payload ]

new IP/delivery header: 20 bytes

GRE header (base): 4 bytes, with optional fields that can add up to 12 additional bytes.

If the delivery header is IPv4, the protocol type = 47

[C|R|K|S|s|Recur|Flags|Ver|protocol type]

[   checksum (opt)        |offset (opt) ]

[              key (optional)           ]

[      sequence number (optional)       ]

[           routing (optional)          ]

C=1: both checksum & offset fields present

R=1: checksum, offset, routing present

protcol type = 0x800 if payload is IPv4

What are the characteristics of L2TP?

(transport, pro/cons)

Layer 2 Tunneling Protocol

Used to tunnel PPP (L2) traffic over public network using IP (L3)

inherent authentication, no inherent encryption

End host (initiating connection)

LAC (L2TP Access Concentrator) server - initiates tunnel

LNS (L2TP Network Server) - the remote device/end of the tunnel; performs AAA

1. End host initiates connection to LAC server

2. LAC initiates tunnel to LNS

3. AAA takes place on LNS (local DB or AAA server)

Carrier using UDP

LAC initiates tunnel over UDP port 1701

What are the characteristics/differences between

compulsory tunneling and voluntary tunneling

for L2TP?

What are the packet format sent from the client for each mode?

Compulsory: client unaware of tunnel

packet = [PPP | data]

Voluntary: client aware of tunnel; acts as LAC also

packet = [PPP | L2TP | data]

where the [L2TP | data] part is directly passed on by LAC without further processing

1. Control session setup - set up between LAC & LNS; identifying peers and their L2TP version/etc

2. Session establishment - actual setup of tunnel for data transfer

What are the characteristics of PPTP?

(transport, security)

Point-to-Point Tunneling Protocol

L2 tunneling protocol for Windows remote client over public network on TCP port 1723.

authentication (with PAP/CHAP/MS-CHAP using local/radius/tacacs+)

encryption (with Microsoft Point-to-Point Encryption / MPPE)

Data Integrity (via hash algorithms)

Origin authentication (via IKE/D-H)

Anti-replay protection (sequence field & integrity checks)

Confidentiality (encryption)

For IP Sec...

What encryption algorithms are supported?

What hash algorithms are supported?

Authentication mechanisms?

DES , 3DES, AES, RSA, preshared key/D-H

HMAC-MD5, HMAC-SHA-1

RSA/digital signatures, preshared key, nonces

Internet Key Exchange / IKE (deployed with ESP)

Encapsulating Security Payload / ESP

Authentication Header / AH (rarely used; most of functionality is in ESP)

ESP protocol # 50, AH protocol # 51

ESP provides authentication and encryption in payload; AH does not provide encryption.

tunnel mode - entire IP packet (original L3 header + payload) is encapsulated/authenticated; so public srcIP/dstIP seen are of the VPN gateways

transport mode - no additional L3 header is created; only payload of IP packet is encrypted/authenticated; mainly for remote clients/host-host

Phase 1: Main or Aggressive Mode

- authenticates peers

- negotiates IKE Security Associate (SA)

- initiates secure tunnel

- generates encryption keys

Phase 2: Quick Mode

- negotiates set of security parameters for tunnel

- regenerates encryption keys (for ESP)

- creates the IPSec tunnel

What are the characteristics of SSL VPN?

What OSI layer does it operate on?

Protocol to secure web (HTTP) traffic between end device and web server

Operates at session layer (L5)

IPSec provides protection for IP packets and protocols between networks/hosts.

SSL VPN provides protection for users' access to services and applications on a network.

1. Each peer generates a nonce (random number).

2. The nonces are encrypted and exchanged.

3. Each peer makes an authentication key from both nonces and some other info.

4. Generated key is run through hash.

5. The hash values of peers are compared (should be the same) for authentication.

digital certificates

username/password combinations

Perfect Forward Secrecy

Forces peers (if agreed) to generate new DH secret during Quick Mode

What are the characteristics of NAT-T?

What is its role/purpose in IKE?

NAT Traversal

UDP port 4500

Encapsulates IPSec packet with another layer of UDP/IP headers. Allows IPSec packets to go through NAT (which is not possible with AH in transport mode)

[next header|payload len| Reserved ]

[    security Param Index (SPI)    ]

[              seq #               ]

[             auth data...         ]

SPI - for SA ID

auth data - may contain additional padding for integrity check

[    Security Param. Index (SPI)    ]

[              Seq #                ]

[    Payload    ...   + ... padding ]

[      ...    | pad len |next header]

[            auth data ...          ]

SPI + IP => SA

What are the available Diffie-Hellman groups?

When are they generally used?

dh-group [group-1 | group-2 | group-5 | group-7]

respectively: 768, 1024, 1536, 168 bits

For 1,2,5, the larger the slower but more secure

(eg for des, 3des, aes).

DH group 7 is special case that provides high security for devices with low processing power

For ESP encryption: esp-null, esp-des, esp-3des, esp-aes, esp-aes 192, esp-aes 256, esp-aes seal

For ESP authentication: esp-md5-hmac, esp-sha-hmac

For AH: ah-md5-hmac, ah-md5-hmac

IPSec architecture

Implementation of IKE (ESP, AH, SAs, etc.)