Network Layer Security (IPsec, VPN)

VPN(Virtual Point Network)

A virtual private network (VPN) is a private network that interconnects remote networks through primarily used public communication infrastructures: For example Internet. A computer is enabled to send and receive data across the shared or public networks as if it is directly connected to the private network by the VPN. The VPN are created by implementing a virtual (point to point) connections through the use of either dedicated connection or through the virtual tunneling protocols. And also through the means of traffic encryptions. For example, the network communication between the branches of an organization to its central organizations.

Fig: Remote roaming Users VPN

Remote Access VPN

It allows an individual user to connect to a private business network from a remote location. And that can be easily done through the use of multiple computers (i.e. desktop or laptop) to the Internet. HowStuffWorks.com. It allows all its user to have the most secure connection over a remote computer network.

Remote Access VPN how it works

1. Two connections- it comprises of two connection medium in which one is made to the internet and the second is made to the VPN.
2. Datagrams- in the case of diagrams it comprises the data, destination and source information.
3. Firewalls- VPNs allows authorized users to pass through the firewalls.
4. Protocols- in the case of protocols, it is used to create the VPN tunnels.

Critical function of Remote Access VPN

1. Authentication: it helps to validate those data which were sent from the sender.
2. Access control: limiting unauthorized users from accessing the network of the system.

Site to SiteVPN

If an organization or any sorts of the company comprises multiple numbers of fixed location to develop secure communication over a network (can be used by public)such as the Internet then they can implement Site to site VPN. It extends the company's network, i e. it allows making computer resources available to its employee at the different location. An example: Growing corporation with the bunch of branch offices around the world needs Site to Site VPN.

Types of site-to-site VPNs:

• Intranet-based -- Intranet based VPN network communication is best for those types of organization in which the organization or company has one or more remote locations that they want to join in a single private secure network.

• Extranet-based -- This type of communication is best for those type of organization in which the company or organization has close good relation with other organizations or the company like the partner, suppliers or even the customers. In such scenario, the company can establish or implement extranet VPN that connects those all prerequisites of the company. Such an extranet based connection can easily allow the companies to cooperate and work together in a secure networking environment without fear of the intruders.

Private Network VS VPN

1. In VPN, employees can access the network (internet) from remote locations.
2. VPN has secured networks.
3. The internet is used as the backbone for VPNs.
4. VPN saves cost tremendously from a reduction of equipment and maintenance costs.
5. Scalability

IPsec (IP security)

The IETF has devised a set of protocols that provide secure internet communication, called IPsec (IP security). The protocols offer authentication and privacy services at the IP layer, and can be used with both IPV4 and IPV6. It enhances flexibility and extensibility of the system. For example, an application that usesIPsec is able to choose or determine whether to use an authentication facility that validates the sender or an encryption facility which ensures the payload.Here the choices can be asymmetric (e.g. authentication in one direction but not in another).

IPsec doesn't restrict to a specific encryption or authentication algorithm. IPsec provides a general framework for its user that allows the each pair of communicating endpoints to choose algorithms and parameters. The IPsec consists of a set of encryption algorithms that all implements must recognize to guarantee interoperability of the system.

IPsec is not presented as a single protocol. Instead, it provides a set of security algorithms. And a general framework for a user that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication.

Fig: IPsec authentication header format

Next Header:- Records original protocol value

Payload Length:- Length of the authentication header

Sequence Number:- Unique number of each packet sent (starts with 0 and increases monotonically when a particular security algorithm is selected)

Security Parameters Index:- The security scheme used

Authentication Data:- Data for the selected security scheme

Two principal protocols of IPsec are:

1. Authentication Header (AH) protocol
2. Encapsulation Security Payload (ESP) protocol

IPSec Security Features

IPSec is the presented as the most recognized secure method commercially available for connecting network sites. IPsec was designed to provide the following security features:

1. Authentication: It verifies the received packets is actually from the claimed sender.
2. Integrity: It helps to ensure that the contents of the packet did not change in transit.
3. Confidentiality: It helps to conceal the message content through the process of encryption.

References:

1. A.S. Tanenbaum, “Computer Networks”, 3rd Edition, Prentice Hall India, 1997.
2. W. Stallings, “Data and Computer Communication”, Macmillan Press, 1989.
3. Kurose Ross, “Computer Networking: A top-down approach”, 2nd Edition, Pearson Education
4. Larry L. Peterson, Bruce S. Davie, “Computer Networks: A Systems Approach”, 3rd Edition, Morgan Kaufmann Publishers