Purpose and Scope of the project

Since the purpose of this project seeking to assist the organization (NAME) in mitigating
the risks associated with the transmission of sensitive information across networks by
providing practical guidance on implementing security services based on Internet Protocol
Security (IPsec). Therefore, the scope of this project is presenting information that is
independent of particular hardware platforms, operating systems, and applications, other
than providing cases to illustrate particular concepts. Specifically, the project includes a
discussion of the need for network layer security services, a description of the types of
services that are offered at the network layer, and how IPsec addresses these services. It
uses a case-based approach to show how IPsec can be used to solve common network
security issues. It also describes alternatives to IPsec and discusses under what
circumstances each alternative may be appropriate.

Project Structure
This project is organized into six sections (chapters). The first section is (The Chapter 1)
and it provides a brief introduction on the area of the proposed project is presented which
contains: Problem Statement, Objectives of the Project and the Project Timeline
(Schedule). Organization of Project is also described. So, the purpose of this chapter is to
introduce to the project. The second section which is (The Chapter 2) of the project and it
contains fundamental knowledge on network security and related topics. The third section
which is Chapter 3 and it discusses the need for network layer security and then, introduces
the concept of virtual private networking (VPN). Then, (The Chapter 4) covers the
fundamentals of IPsec, focusing on the protocols Encapsulating Security Payload (ESP),
Authentication Header (AH), Internet Key Exchange (IKE), and IP Payload Compression
Protocol (IP Comp). The chapter (4) also points out issues to be considered during IPsec
planning and implementation. It also discusses several alternatives to IPsec and describes
when each method may be appropriate and, briefly discusses future directions for IPsec.
Finally The Conclusion chapter, where some recommendations and future work as well as
a concluding statement will be given in the last chapter. After that References are given.

1
 Ch.2: Network Security

2.1 Preface

This chapter (The second chapter) of the project contains fundamental knowledge on
network security and related topics. It provides coverage of the fundamental concepts of
network security and the processes and means required to implement a secure network.
Therefore, the main goal of this chapter is to provide an understanding of security
engineering processes. The flow of the sections is designed to provide a smooth transition
from fundamental principles and basic knowledge to the practical details of network
security.

This chapter also describes the various network protocols, particularly the specifics of the
OSI and TCP models. The fundamental concepts of wireless communication and wireless
security are explained, including wireless vulnerabilities. In general, this chapter addresses
the following relevant and important areas:

- Network Security Background: This first section provides a foundation for the
current state of network security so you can understand the key issues and areas of
focus. This first section lays the foundation for the rest of the project and for
building a robust knowledge base on network security.

- State of Network Security: In order to be able to properly protect an organization

we need to understand the current state of network security, what is happening, and
what risks an organization needs to be most concerned with. Even though cyber
security is gaining a lot of attention, many organizations have a perception of
what‘s happening that‘s not always directly aligned with reality.

- Attacks and Threats: The only way to have a good defense is by understanding
the offense. This chapter looks at the various threats that organizations face and
dissect the threats down into specific attacks that can be launched against an
organization. By understanding the specific attacks, these can mapped against key
vulnerabilities and be used as a roadmap to securing an organization.

- Network Protocols: This chapter explains briefly the OSI and TCP models and the
IP, ICMP, TCP, and other protocols. It also reviews address resolution concepts
and methods and relates them to the general goals of network security.

2
 - The Future: Just because an organization is secure today does not mean it will be
secure in the future. Risks and the corresponding threats and vulnerabilities are
always changing so organizations need to focus on mission resiliency, making sure
that critical business processes continue to operate regardless of any threats that
might exist.

After this chapter, we would have a solid foundation and a clear roadmap for implementing
effective, proactive security across an organization. Always remember that security is all
about justifying risk to critical assets, so before we spend a dollar of our budget or an hour
of our time we would ask these three important questions:
■ What is the risk?
■ Is it the highest priority risk?
■ What is the most cost-effective way of reducing the risk?

In the next chapters of the project, the topics addressed will include implementing virtual
private networks (VPNs), and applying different protocols to protect information
transmitted over the Internet. Chapter 3 explains the functioning of virtual private networks
(VPNs) and the considerations that must be addressed before implementing a VPN. It also
surveys the various protocols now in use and presents an example of a low-cost VPN
implementation.

As we finish up the project, the last sections look at putting everything we have learned
together into an integrated solution. Network Security is not about deploying products or
technology; it is about solutions that provide proactive security to enable mission resilience
focusing on reducing risk to an organization's critical assets.

2.2 Overview of Network Security:

The first question to address is what we mean by ―network security.‖ Several possible
fields of effort come to mind within this broad topic, and each is worthy of a lengthy
article. To begin, virtually all the security policy issues raised in Matt Bishop‘s book,
Computer Security Art and Science [1] apply to network as well as general computer
security considerations. In fact, viewed from this perspective, network security is a subset
of computer security.

Network Security deals with all aspects related to the protection of the sensitive
information assets existing on the network. It covers various mechanisms developed to
provide fundamental security services for data communication. The art and science of

3
cryptography and its role in providing confidentiality, integrity, and authentication
represents another distinct focus even though it‘s an integral feature of network security
policy.

The Network Security also includes design and configuration issues for both network-
perimeter and computer system security. References in this area include Stephen Northcutt
and colleagues‘ Inside Network Perimeter Security,[2] the classic Firewalls and Network
Security [3] by Steven Bellovin and William Cheswick, and too many specific system
configuration texts to list. These are merely starting points for the interested novice. It
seems that every other day there is a story in the newspapers about a computer network
being compromised by hackers. Every organization should monitor its systems for possible
unauthorized intrusion and other attacks. This needs to be part of the daily routine of every
organization's IT unit, as it is essential to safeguarding a company's information assets.

The most reliable way to ensure the safety of a company's computers is to refrain from
putting them on a network and to keep them behind locked doors. Unfortunately, however,
that is not a very practical solution. Today, computers are most useful if they are
networked together to share information and resources, and companies that put their
computers on a network need to take some simple precautions to reduce the risk of
unauthorized access.

It may seem absurd to ask the question. "Why is computer and network security
important?" but it is crucial for organizations to define why they want to achieve computer
security to determine how they will achieve it. It is also a useful tool to employ when
seeking senior management's authorization for security-related expenditures. Computer
and network security is important for the following reasons:
 To protect company assets
 To gain a competitive advantage
 To comply with regulatory requirements and fiduciary responsibilities
 To keep your job

One thing to keep in mind is that network security costs money: It costs money to hire,
train, and retain personnel; to buy hardware and software to secure an organization's
networks; and to pay for the increased overhead and degraded network and system
performance that results from firewalls, filters, and intrusion detection systems (IDSs).

4
As a result, network security is not cheap. However, it is probably cheaper than the costs
associated with having an organization's network compromised.

2.3 History of Network Security

The need for network security is a relatively new requirement. Prior to the 1980s most
computers were not networked. It was not due to lack of desire to network them; it was
more a result of the lack of technology. Most systems were mainframes or midrange
systems that were centrally controlled and administered. Users interfaced with the
mainframe through "dumb" terminals. The terminals had limited capabilities. Terminals
actually required a physical connection on a dedicated port. The ports were often serial
connections that utilized the RS-232 protocol. It usually required one port for one terminal.
IBM, Digital Equipment, and other computer manufacturers developed variations on this
architecture by utilizing terminal servers, but the basic concept was the same. There was
nothing equivalent to what we experience today where hundreds if not thousands of
connections can reach a system on a single network circuit.

In the 1980s, the combination of the development of the personal computer (PC), the
development of network protocol standards, the decrease in the cost of hardware, and the
development of new applications made networking a much more accepted practice. As a
result, LANs, WANs, and distributed computing experienced tremendous growth during
that period. [4]

When first deployed, LANs were relatively secure-mainly because they were physically
isolated. They were not usually connected to WANs, so their standalone nature protected
the network resources.

WANs actually preceded LANs and had been around for some time, but they were usually
centrally controlled and accessible by only a few individuals in most organizations. WANs
utilizing direct or dedicated privately owned or leased circuits were relatively secure
because access to circuits was limited. To connect two locations (points A and B) usually
required a point-to-point (A-B) circuit. If you wanted to connect a third location (point C)
to both A and B, it required two more circuits (A-B, A-C, B-C).

Development of packet-switched protocols such as X.25 and Transmission Control

Protocol/Internet Protocol (TCP/IP) reduced the cost to deploy WANs, thus making them
more attractive to implement. These protocols allowed many systems to share circuits.
Many people or organizations could be interconnected over the shared network. It was no

5
longer necessary to connect systems in a point-to-point configuration. Vulnerabilities were
introduced with the deployment of this distributed environment utilizing shared, packet
switched networks employing protocols such as TCP/IP and the concept of trusted
systems.

Systems on the network "trusted" each other. This situation was frequently made worse by
connecting relatively secure LANs to an unsecured WAN. Basically, an organization's
network connections enter into the cloud of the packet-switched network. Other
organizations share the cloud, and on the packet-switched network one company's packets
are intermixed with another organization's packets.

In this distributed environment the emphasis was on providing ease of access and
connectivity. Security was an afterthought, if it was considered at all. As a result, many
systems were wide open and vulnerable to threats that previously had not existed.

The Internet is the largest and best known of this type of network. The Internet utilizes
TCP/IP and was primarily designed to connect computers regardless of their operating
systems in an easy and efficient manner. Security was not part of the early design of
TCP/IP, and there have been a number of widely publicized attacks that have exploited
inherent weaknesses in its design. One well-known event was the Internet Worm that
brought the Internet to its knees back in 1986. Today, security has to be more important
than ease of access. [4]

2.4 The Basic Concepts of Security

A Physical network is defined as two or more computing devices connected together for
sharing resources efficiently. Further, connecting two or more networks together is known
as internetworking. Thus, the Internet is just an internetwork – a collection of
interconnected networks.

For setting up its internal network, an organization has various options. It can use a wired
network or a wireless network to connect all workstations. Nowadays, organizations are
mostly using a combination of both wired and wireless networks.

In a wired network, devices are connected to each other using cables. Typically, wired
networks are based on Ethernet protocol where devices are connected using the Unshielded
Twisted Pair (UTP) cables to the different switches. These switches are further connected
to the network router for accessing the Internet.

6
In wireless network, the device is connected to an access point through radio
transmissions. The access points are further connected through cables to switch/router for
external network access. See Figure 2.1

Figure 2.1: wired and wireless network [5]

Wireless networks have gained popularity due to the mobility offered by them. Mobile
devices need not be tied to a cable and can roam freely within the wireless network range.
This ensures efficient information sharing and increases productivity.

2.5 Threats, Vulnerabilities, and Attacks

In this modern era, organizations greatly rely on computer networks to share information
throughout the organization in an efficient and productive manner. Organizational
computer networks are now becoming large and ubiquitous. Assuming that each staff
member has a dedicated workstation, a large scale company would have few thousands
workstations and many server on the network.

It is likely that these workstations may not be centrally managed, nor would they have
perimeter protection. They may have a variety of operating systems, hardware, software,
and protocols, with different level of cyber awareness among users. Now imagine, these
thousands of workstations on company network are directly connected to the Internet. This
sort of unsecured network becomes a target for an attack which holds valuable information
and displays vulnerabilities. In this section, we describe the major vulnerabilities of the
network and significance of network security. In subsequent sections, we will discuss the
methods to achieve the same.
7
The common vulnerability that exists in both wired and wireless networks is an
―unauthorized access‖ to a network. An attacker can connect his device to a network
though unsecure hub/switch port. In this regard, wireless network are considered less
secure than wired network, because wireless network can be easily accessed without any
physical connection. After accessing, an attacker can exploit this vulnerability to launch
attacks such as:

 Sniffing the packet data to steal valuable information.

 Denial of service to legitimate users on a network by flooding the network medium
with spurious packets.
 Spoofing physical identities (MAC) of legitimate hosts and then stealing data or
further launching a ‗man-in-the-middle‘ attack.

2.6 Network Protocol

Network Protocol is a set of rules that govern communications between devices connected
on a network. They include mechanisms for making connections, as well as formatting
rules for data packaging for messages sent and received. Several computer network
protocols have been developed each designed for specific purposes. The popular and
widely used protocols are TCP/IP with associated higher- and lower-level protocols.

Transmission Control Protocol (TCP) and Internet Protocol (IP) are two distinct computer
network protocols mostly used together. Due to their popularity and wide adoption, they
are built in all operating systems of networked devices. IP corresponds to the Network
layer (Layer 3) whereas TCP corresponds to the Transport layer (Layer 4) in OSI (Open
Systems Interconnect). TCP/IP applies to network communications where the TCP
transport is used to deliver data across IP networks.

The OSI reference model is a seven-layer model that was developed by the International
Standards Organization (ISO) in 1978. The OSI model is a framework for international
standards that can be used for implementing heterogeneous computer network architecture.
The OSI architecture is split into seven layers. Figure 2.2 shows the seven layers of the
Open Systems Interconnect (OSI) model. Each layer uses the layer immediately below it
and provides a service to the layer above. In some implementations a layer may itself be
composed of sub-layers. TCP/IP protocols are commonly used with other protocols such as
HTTP, FTP, SSH at application layer and Ethernet at the data link/physical layer.

8
 Figure 2.2: TCP/IP protocol suite [5]

Although there are different interpretations on how to describe TCP/IP within a layered
model, it is generally described as being composed of fewer than the seven used in the OSI
model. The TCP/IP protocol suite generally follows four-layer architecture. See figure 2.2.

The ISO OSI seven-layer architecture contains the protocols required for reliable
computer-to-computer communications. The earlier TCP/IP family of protocols is the basis
for Internet and Intranet communications and serve as a common standard for
communication among a variety of platforms and operating systems. The protocols that
define the OSI and TCP/IP models provide a rich source of mechanisms for achieving
effective and reliable digital communications.

TCP/IP is a suite of protocols that can be used to connect dissimilar brands of computers
and network devices. The largest TCP/IP network is the Internet. TCP/IP protocol suite
was created in 1980 as an internetworking solution with very little concern for security
aspects. [5]

The TCP/IP suite has become widely adopted, because it is an open protocol standard that
can be implemented on any platform regardless of the manufacturer. In addition, it is
independent of any physical network hardware. TCP/IP can be implemented on Ethernet,
X.25, and token ring, among other platforms. It was developed for a communication in the
limited trusted network. However, over a period, this protocol became the de-facto
standard for the unsecured Internet communication. Some of the common security
vulnerabilities of TCP/IP protocol suits are:

9
  HTTP is an application layer protocol in TCP/IP suite used for transfer files that
make up the web pages from the web servers. These transfers are done in plain text
and an intruder can easily read the data packets exchanged between the server and a
client.
 Another vulnerability of HTTP is a weak authentication between the client and the
web server during the initializing of the session. This vulnerability can lead to a
session hijacking attack where the attacker steals an HTTP session of the legitimate
user.
 TCP protocol vulnerability is three-way handshake for connection establishment.
An attacker can launch a denial of service attack ―SYN-flooding‖ to exploit this
vulnerability. He establishes lot of half-opened sessions by not completing
handshake. This leads to server overloading and eventually a crash.
 IP layer is susceptible to many vulnerabilities. Through an IP protocol header
modification, an attacker can launch an IP spoofing attack.

Apart from the above-mentioned, many other security vulnerabilities exist in the TCP/IP
Protocol family in design as well in its implementation. Incidentally, in TCP/IP based
network communication, if one layer is hacked, the other layers do not become aware of
the hack and the entire communication gets compromised. Hence, there is need to employ
security controls at each layer to ensure foolproof security. [5]

2.6.1 Domain Name System (DNS) Protocol

DNS is used to resolve host domain names to IP addresses. Network users depend on DNS
functionality mainly during browsing the Internet by typing a URL in the web browser.

In an attack on DNS, an attacker‘s aim is to modify a legitimate DNS record so that it gets
resolved to an incorrect IP address. It can direct all traffic for that IP to the wrong
computer. An attacker can either exploit DNS protocol vulnerability or compromise the
DNS server for materializing an attack.

DNS cache poisoning is an attack exploiting a vulnerability found in the DNS protocol. An
attacker may poison the cache by forging a response to a recursive DNS query sent by a
resolver to an authoritative server. Once, the cache of DNS resolver is poisoned, the host
will get directed to a malicious website and may compromise credential information by
communication to this site. See Figure 2.3

11
 Figure 2.3: Attack through DNS poisoning [5]

2.6.2 Internet Control Management Protocol (ICMP) Protocol

ICMP is a basic network management protocol of the TCP/IP networks. It is used to send
error and control messages regarding the status of networked devices. ICMP is an integral
part of the IP network implementation and thus is present in very network setup. ICMP has
its own vulnerabilities and can be abused to launch an attack on a network. The common
attacks that can occur on a network due to ICMP vulnerabilities are [5]:
 ICMP allows an attacker to carry out network reconnaissance to determine network
topology and paths into the network. ICMP sweep involves discovering all host IP
addresses which are alive in the entire target‘s network.
 Trace route is a popular ICMP utility that is used to map target networking by
describing the path in real-time from the client to the remote host.
 An attacker can launch a denial of service attack using the ICMP vulnerability. This
attack involves sending IPMP ping packets that exceeds 65,535 bytes to the target
device. The target computer fails to handle this packet properly and can cause the
operating system to crush.

Other protocols such as ARP, DHCP, SMTP, etc. also have their vulnerabilities that can be
exploited by the attacker to compromise the network security. The least concern for the
security aspect during design and implementation of protocols has turned into a main cause
of threats to the network security.

11
Network security entails securing data against attacks while it is in transit on a network. To
achieve this goal, many real-time security protocols have been designed. Such protocol
needs to provide at least the following primary objectives:
 The parties can negotiate interactively to authenticate each other.
 Establish a secret session key before exchanging information on network.
 Exchange the information in encrypted form.

Interestingly, these protocols work at different layers of networking model. For example,
S/MIME protocol works at Application layer, SSL protocol is developed to work at
transport layer, and IPsec protocol works at Network layer. See Figure 2.4

Figure 2.4: different layers of networking model [5]

2.7 The Security Trinity

The three legs of the "security trinity," prevention, detection, and response, comprise the
basis for network security. The security trinity should be the foundation for all security
policies and measures that an organization develops and deploys. See Figure 2.4.

Figure 2.4: The security trinity.

2.7.1 Prevention

The foundation of the security trinity is prevention. To provide some level of security, it is
necessary to implement measures to prevent the exploitation of vulnerabilities. In
developing network security schemes, organizations should emphasize preventative

12
measures over detection and response: It is easier, more efficient, and much more cost-
effective to prevent a security breach than to detect or respond to one. Remember that it is
impossible to devise a security scheme that will prevent all vulnerabilities from being
exploited, but companies should ensure that their preventative measures are strong enough
to discourage potential criminals-so they go to an easier target.

2.7.2 Detection

Once preventative measures are implemented, procedures need to be put in place to detect
potential problems or security breaches; in the event preventative measures fail. As later
chapters show, it is very important that problems be detected immediately. The sooner a
problem is detected the easier it is to correct and cleanup.

2.7.3 Response

Organizations need to develop a plan that identifies the appropriate response to a security
breach. The plan should be in writing and should identify who is responsible for what
actions and the varying responses and levels of escalation.

Before beginning a meaningful discussion on computer and network security, we need to

define what it entails. First, network security is not a technical problem; it is a business and
people problem. The technology is the easy part. The difficult part is developing a security
plan that fits the organization's business operation and getting people to comply with the
plan. Next, companies need to answer some fundamental questions, including the
following:
• How do you define network security?
• How do you determine what is an adequate level of security?
To answer these questions, it is necessary to determine what you are trying to protect.

2.8 The Purposes of Network Security

As discussed in earlier sections, there exists large number of vulnerabilities in the network.
Thus, during transmission, data is highly vulnerable to attacks. An attacker can target the
communication channel, obtain the data, and read the same or re-insert a false message to
achieve his nefarious aims.

Network security is not only concerned about the security of the computers at each end of
the communication chain; however, it aims to ensure that the entire network is secure.

13
Network security entails protecting the usability, reliability, integrity, and safety of
network and data. Effective network security defeats a variety of threats from entering or
spreading on a network. [5]

The major aims of network security are Confidentiality, Integrity, and Availability. These
three pillars of Network Security are often represented as CIA triangle.

 Confidentiality. The function of confidentiality is to protect precious business data

from unauthorized persons. Confidentiality part of network security makes sure that
the data is available only to the intended and authorized persons.
 Integrity. This target means maintaining and assuring the accuracy and consistency
of data. The function of integrity is to make sure that the data is reliable and is not
changed by unauthorized persons.
 Availability. The function of availability in Network Security is to make sure that
the data, network resources/services are continuously available to the legitimate
users, whenever they require it.

2.9 Achieving Network Security

Ensuring network security may appear to be very simple. The goals to be achieved seem to
be straightforward. But in reality, the mechanisms used to achieve these goals are highly
complex, and understanding them involves sound reasoning. International
Telecommunication Union (ITU), in its recommendation on security architecture X.800,
has defined certain mechanisms to bring the standardization in methods to achieve network
security. Some of these mechanisms are: [5]

 En-cipherment. This mechanism provides data confidentiality services by

transforming data into not-readable forms for the unauthorized persons. This
mechanism uses encryption-decryption algorithm with secret keys.
 Digital signatures. This mechanism is the electronic equivalent of ordinary
signatures in electronic data. It provides authenticity of the data.
 Access control. This mechanism is used to provide access control services. These
mechanisms may use the identification and authentication of an entity to determine
and enforce the access rights of the entity.

Having developed and identified various security mechanisms for achieving network
security, it is essential to decide where to apply them; both physically (at what location)
and logically (at what layer of an architecture such as TCP/IP).

14
2.10 Security Mechanisms at Networking Layers

Several security mechanisms have been developed in such a way that they can be
developed at a specific layer of the OSI network layer model. [5]

 Security at Application Layer – Security measures used at this layer is application

specific. Different types of application would need separate security measures. In
order to ensure application layer security, the applications need to be modified. It is
considered that designing a cryptographically sound application protocol is very
difficult and implementing it properly is even more challenging. Hence, application
layer security mechanisms for protecting network communications are preferred to
be only standards-based solutions that have been in use for some time. An example
of application layer security protocol is Secure Multipurpose Internet Mail
Extensions (S/MIME), which is commonly used to encrypt e-mail messages.
DNSSEC is another protocol at this layer used for secure exchange of DNS query
messages.
 Security at Transport Layer – Security measures at this layer can be used to
protect the data in a single communication session between two hosts. The most
common use for transport layer security protocols is protecting the HTTP and FTP
session traffic. The Transport Layer Security (TLS) and Secure Socket Layer (SSL)
are the most common protocols used for this purpose.
 Network Layer – Security measures at this layer can be applied to all applications;
thus, they are not application-specific. All network communications between two
hosts or networks can be protected at this layer without modifying any application.
In some environments, network layer security protocol such as Internet Protocol
Security (IPsec) provides a much better solution than transport or application layer
controls because of the difficulties in adding controls to individual applications.
However, security protocols at this layer provide less communication flexibility
that may be required by some applications.

Incidentally, a security mechanism designed to operate at a higher layer cannot provide

protection for data at lower layers, because the lower layers perform functions of which the
higher layers are not aware. Hence, it may be necessary to deploy multiple security
mechanisms for enhancing the network security. [5]

15
2.11 Information Security
Network security is concerned, above all else, with the security of company information
assets. We often lose sight of the fact that it is the information and our ability to access that
information that we are really trying to protect-and not the computers and networks. A
simple definition for information security: [4]

Information security = confidentiality + integrity + availability + authentication.

There can be no information security without confidentiality; this ensures that

unauthorized users do not intercept, copy, or replicate information. At the same time,
integrity is necessary so that organizations have enough confidence in the accuracy of the
information to act upon it. Moreover, information security requires organizations to be able
to retrieve data; security measures are worthless if organizations cannot gain access to the
vital information they need to operate when they need it. Finally, information is not secure
without authentication determining whether the end user is authorized to have access.

Information security is also about procedures and policies that protect information from
accidents, incompetence, and natural disasters. Such policies and procedures need to
address the following:

• Backups, configuration controls, and media controls;

• Disaster recovery and contingency planning;
• Data integrity.

It is also important to remember that network security is not absolute. All security is
relative. Network security should be thought of as a spectrum that runs from very unsecure
to very secure. The level of security for a system or network is dependent on where it lands
along that spectrum relative to other systems. It is either more secure or less secure than
other systems relative to that point. There is no such thing as an absolutely secure network
or system.

Network security is a balancing act that requires the deployment of "proportionate

defenses." The defenses that are deployed or implemented should be proportionate to the
threat. Organizations determine what is appropriate in several ways, described as follows.

• Balancing the cost of security against the value of the assets they are protecting;
• Balancing the probable against the possible;
• Balancing business needs against security needs.

16
2.12 Risk Assessment

The concept of risk assessment is crucial to developing proportionate defenses. To perform

a risk analysis, organizations need to understand possible threats and vulnerabilities. Risk
is the probability that vulnerability will be exploited. The basic steps for risk assessment
are listed as follows: [4]

1. Identifying and prioritizing assets;

2. Identifying vulnerabilities;
3. Identifying threats and their probabilities;
4. Identifying countermeasures;
5. Developing a cost benefit analysis;
6. Developing security policies and procedures.

2.13 Security Models

There are three basic approaches used to develop a network security model. Usually,
organizations employ some combination of the three approaches to achieve security. The
three approaches are security by obscurity, the perimeter defense model, and the defense in
depth model. [4]

1- Security by Obscurity
Security by obscurity relies on stealth for protection. The concept behind this model is that
if no one knows that a network or system is there, then it won't be subject to attack. The
basic hope is that hiding a network or at least not advertising its existence will serve as
sufficient security. The problem with this approach is that it never works in the long term,
and once detected, a network is completely vulnerable. [4]

2- The Perimeter Defense

The perimeter defense model is analogous to a castle surrounded by a moat. When using
this model in network security, organizations harden or strengthen perimeter systems and
border routers, or an organization might "hide" its network behind a firewall that separates
the protected network from an untrusted network. Not much is done to secure the other
systems on the network. The assumption is that perimeter defenses are sufficient to stop
any intruders so that the internal systems will be secure.

17
There are several flaws in this concept: First, this model does nothing to protect internal
systems from an inside attack. As we have discussed, the majority of attacks on company
networks are launched from someone internal to the organization. Second, the perimeter
defense almost always fails eventually. Once it does, the internal systems are left wide
open to attack. [4]

3- The Defense in Depth

The most robust approach to use is the defense in depth model. The defense in depth
approach strives for security by hardening and monitoring each system; each system is an
island that defends itself. Extra measures are still taken on the perimeter systems, but the
security of the internal network does not rest solely on the perimeter systems.

This approach is more difficult to achieve and requires that all systems and network
administrators do their part. With this model, however, the internal network is much less
likely to be compromised if a system administrator on the network makes a mistake like
putting an unsecured modem on the system. With the defense in depth approach, the
system with the modem may be compromised, but other systems on the network will be
able to defend themselves. [4]

The other systems on the network should also be able to detect any attempted hacks from
the compromised system. This approach also provides much more protection against an
internal intruder. The activities of the internal intruder are much more likely to be detected.

18
 Ch.3: Virtual Private Networking (VPN(
3.1 Preface

This Chapter provides a general introduction to network layer security and protecting
network communications at the layer that is responsible for routing packets across
networks. It first introduces the Transmission Control Protocol/Internet Protocol (TCP/IP)
model and its layers, and then discusses the need to use security controls at each layer to
protect communications.

It provides a brief introduction to IPsec, primarily focused on the types of protection that
IPsec can provide for communications. This Chapter also provides a brief introduction to
Virtual Private Networking (VPN) services and explains what types of protection a VPN
can provide. It introduces three VPN architecture models and discusses the features and
common uses of each model. This section discusses only the most common VPN scenarios
and uses of IPsec.

Virtual private networks (VPNs) have made a lot of promises with regard to protection of
information in transit on the Internet and large-scale wide area networks (WANs).
Although the VPN stands as one of the strongest security backbones where WANs are
concerned, realistically, security breaches cannot be avoided. Many vendors both in the
commercial sector and in the defense sector see VPNs as a reliable source of tunneling and
security for their internal networks and the Internet. Setting up a VPN is relatively simple
and highly secure and does not involve high operational costs. Many financial institutions
look at VPNs as a better option than other techniques for their network security
requirements.

VPNs are most often used to connect the backbone Internet and ATM networks of an
organization‘s central servers with its remote users and vice versa. If an organization‘s
network is physically distributed across multiple locations (this range may include multiple
countries), it can institute a VPN to interconnect the different network sections. An actual
scenario is illustrated in Figure 3-1, where an organization utilizes VPNs to connect the
various segments of its network. VPNs establish tunnels that allow sensitive data to be
protected with encryption as it goes over public networks such as the Internet. In recent
times, organizations that make use of the Internet as a means of establishing VPNs have
had concerns about data security. Such demands have made VPNs evolve from a basic data
transportation network to a system that also includes security features. [6]

19
 Figure 3-1 A typical VPN connection with different end domains [6]

3.2 The Need for Network Layer Security

TCP/IP is widely used throughout the world to provide network communications. TCP/IP
communications are composed of four layers that work together. When a user wants to
transfer data across networks, the data is passed from the highest layer through
intermediate layers to the lowest layer, with each layer adding additional information.

At each layer, the logical units are typically composed of a header and a payload. The
payload consists of the information passed down from the previous layer, while the header
contains layer-specific information such as addresses. At the application layer, the payload
is the actual application data.

The lowest layer sends the accumulated data through the physical network; the data is then
passed up through the layers to its destination. Essentially, the data produced by a layer is
encapsulated in a larger container by the layer below it. The four TCP/IP layers, from
highest to lowest, are shown in Figure 3-2.

21
 Application Layer. This layer sends and receives data for particular applications, such as Domain Name
System (DNS), Hyper Text Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP).
Transport Layer. This layer provides connection-oriented or connectionless services for transporting
application layer services between networks. The transport layer can optionally assure the reliability of
communications. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are commonly
used transport layer protocols.
Network Layer. This layer routes packets across networks. Internet Protocol (IP) is the fundamental
network layer protocol for TCP/IP. Other commonly used protocols at the network layer are Internet
Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP).
Data Link Layer. This layer handles communications on the physical network components. The best-
known data link layer protocol is Ethernet.

Figure 3-2. TCP/IP Layers [7]

Security controls exist for network communications at each layer of the TCP/IP model. As
previously explained, data is passed from the highest to the lowest layer, with each layer
adding more information. Because of this, a security control at a higher layer cannot
provide full protection for lower layers, because the lower layers perform functions of
which the higher layers are not aware. The following items discuss the security controls
that are available at each layer: [7]

 Application Layer, which sends and receives data for particular applications.
Separate controls must be established for each application; this provides a very high
degree of control and flexibility over each application's security, but it may be very
resource-intensive. Creating new application layer security controls is also more
likely to create vulnerabilities. Another potential issue is that some applications may
not be capable of providing such protection or being modified to do so.
 Transport Layer, which provides connection-oriented or connectionless services for
transporting application layer services across networks. Controls at this layer can
protect the data in a single communications session between two hosts. The most
frequently used transport layer control is the Transport Layer Security protocol
(TLS) / Secure Sockets Layer (SSL), which most often secures HTTP traffic. To be
used, transport layer controls must be supported by both the clients and servers.
 Network Layer, which routes packets across networks. Controls at this layer apply
to all applications and are not application-specific, so applications do not have to be
modified to use the controls. However, this provides less control and flexibility for
protecting specific applications than transport and application layer controls.
Network layer controls can protect both the data within packets and the IP
information for each packet.

21
  Data Link Layer, which handles communications on the physical network
components. Data link layer controls are suitable for protecting a specific physical
link, such as a dedicated circuit between two buildings or a dial-up modem
connection to an Internet Service Provider (ISP). Because each physical link must be
secured separately, data link layer controls generally are not feasible for protecting
connections that involve several links, such as connections across the Internet.
Internet Protocol Security (IPsec) has emerged as the most commonly used network layer
security control for protecting communications. IPsec is a framework of open standards for
ensuring private communications over IP networks. Depending on how IPsec is
implemented and configured, it can provide any combination of the following types of
protection: [7]
 Confidentiality. IPsec can ensure that data cannot be read by unauthorized parties.
This is accomplished by encrypting data using a cryptographic algorithm and a secret
key. a value known only to the two parties exchanging data. The data can only be
decrypted by someone who has the secret key.
 Integrity. IPsec can determine if data has been changed (intentionally or
unintentionally) during transit. The integrity of data can be assured by generating a
message authentication code (MAC) value, which is a cryptographic checksum of the
data. If the data is altered and the MAC is recalculated, the old and new MACs will
differ.
 Peer Authentication. Each IPsec endpoint confirms the identity of the other IPsec
endpoint with which it wishes to communicate, ensuring that the network traffic and
data is being sent from the expected host.
 Replay Protection. The same data is not delivered multiple times, and data is not
delivered grossly out of order. However, IPsec does not ensure that data is delivered in
the exact order in which it is sent.
 Traffic Analysis Protection. A person monitoring network traffic does not know
which parties are communicating, how often communications are occurring, or how
much data is being exchanged. However, the number of packets being exchanged can
be counted.
 Access Control. IPsec endpoints can perform filtering to ensure that only authorized
IPsec users can access particular network resources. IPsec endpoints can also allow or
block certain types of network traffic, such as allowing Web server access but denying
file sharing.

22
A Virtual Private Networking (VPN) is another example of a widely implemented use of
encryption to secure connections on an untrusted network. Before going into a detailed
discussion of VPNs, we need to cover some basic concepts related to encrypting a network
connection. To begin, when using encryption to secure a connection between two or more
systems, it can generally be handled in one of two ways: (node-to-node or end-to-end).

3.2.1 Node-to-Node Encryption

Node-to-node encryption is also referred to as link-to-link encryption. Referring to the OSI

model, the data link layer is concerned with node-to-node or link-to-link connections. As a
result, if you encrypt the packet at the data link layer, it must be decrypted by the data link
layer recipient before passing it up to the network layer to determine how to forward the
packet. [8]

When encrypting at the data link layer, a packet has to be decrypted and re-encrypted for
each node-to-node hop along the route. Node-to-node encryption operating at the data link
layer requires compatible devices, sharing a protocol, and a key management process for
every device on the network. Figure 3.3 illustrates the concept of node-to-node encryption.

Figure 3.3: Node-to-Node encryption. [8]

If the devices on the network are not compatible, they will not be able to relay the packets
they receive. This is an issue that must be considered, because if the network is large,
management requirements will be significant.

23
3.2.2 End-to-End Encryption

As an alternative, end-to-end encryption operates at the upper layers of the OSI models and
can encapsulate data into standard network protocols. As a result, no special considerations
are necessary for the intermediate hops along the network. The encryption and decryption
of the encapsulated data is done at either end of the connection. Figure 3.4 illustrates the
concept behind end-to-end encryption on a network. [8]

Figure 3.4: End-to-end encryption. [8]

However, a consideration with end-to-end encryption is that the further up the protocol
stack you move the encryption, the more information you may be providing a potential
eavesdropper. As you will see, as you move the encryption higher up the protocol stack,
more information is revealed about the sender, the recipient, and the nature of the data.

3.3 Virtual Private Networking (VPN)

A VPN is a means of transporting traffic in a secure manner over an unsecured network. A

VPN usually achieves this by employing some combination of encryption, authentication,
and tunneling. "Tunneling" (sometimes called encapsulation) refers to the process of
encapsulating or embedding one network protocol to be carried within the packets of a
second network. There are several different implementations of VPN protocols. There are
at least five generally recognized VPN protocol. The four most commonly employed
protocols are listed as follows: [8]
• SOCKS;
• Point-to-Point Tunneling Protocol (PPTP);
• Layer 2 Tunneling Protocol (L2TP);
• Internet Protocol Security (IPsec).

24
The most popular VPN tunnelling protocols listed below continue to compete with each
other for acceptance in the industry. These protocols are generally incompatible with each
other:

 Secure Sockets Layer (SSL) Protocol

SSL is the ubiquitous security protocol used in almost 100% of secure Internet
transactions. Essentially, SSL transforms a typical reliable transport protocol (such as
TCP) into a secure communications channel suitable for conducting sensitive
transactions‘ The SSL protocol defines the methods by which a secure communications
channel can be established—it does not indicate which cryptographic algorithms need
to be used. SSL supports many different algorithms, and serves as a framework
whereby cryptography can be used in a convenient and distributed manner. [9]

Figure 3.5: Secure Sockets Layer (SSL) Protocol [10]

 Point-to-Point Tunnelling Protocol (PPTP)

Several corporations worked together to create the PPTP specification. People
generally associate PPTP with Microsoft because nearly all flavours of Windows
include built-in client support for this protocol. The initial releases of PPTP for
Windows by Microsoft contained security features that some experts claimed were too
weak for serious use. Microsoft continues to improve its PPTP support, though. It uses
TCP port 1723 to establish a connection. [9]

There are various approaches that one can take when implementing a VPN solution on
the Internet. The configuration can be router-to-router, server-to-server, server-to-
router, workstation-to-server, or workstation-to-router. One low-cost approach might
be to use to Windows NT servers employing PPTP with xDSL, frame relay, or
fractional T1. Figure 3.6 illustrates this approach employing xDSL with the minimum
hardware configuration.

25
 Figure 3.6: PPTP VPN. [8]
 Layer Two Tunnelling Protocol (L2TP)
The original competitor to PPTP for VPN tunnelling was L2F, a protocol implemented
primarily in Cisco products. In an attempt to improve on L2F, the best features of it and
PPTP were combined to create a new standard called L2TP. Like PPTP, L2TP exists at
the data link layer (Layer Two) in the OSI model. [9]

 Internet Protocol Security (IPsec)

IPsec is actually a collection of multiple related protocols. It can be used as a complete
VPN protocol solution or simply as the encryption scheme within L2TP or PPTP. IPsec
exists at the network layer (Layer Three) of the OSI model. [9]

The most common use of IPsec implementations is providing Virtual Private

Networking (VPN) services. A VPN is a virtual network, built on top of existing physical
networks, which can provide a secure communications mechanism for data and IP
information transmitted between networks. [7]

IPsec, a set of protocols under development by the IETF to support secure exchange of
packets at the IP layer, is utilized to implement VPNs on the Internet and intranets. IPsec
operates at the network layer (layer 3) and supports two modes, transport mode and tunnel
mode. [8]
Table (3.1) Protocols at OSI Layers [11]
Protocol PPTP L2TP IPsec
OSI Layers Layer 2 Layer 2 Layer 3

Table (3.2) Tunneling VPN [9]

Provides data Provides data
Protocol Provides data integrity
confidentiality Authentication
PPTP Yes No No
L2TP Yes Yes Yes
IPsec Yes Yes Yes

26
 Table (3.3) Tunneling VPN [12]
Protocol PPTP L2TP IPsec
VPN Encryption 128-bit 256-bit 256-bit
Highest encryption. Highest encryption.
Basic encryption This protocol This protocol
VPN Security encapsulates and encapsulates and
checks data integrity checks data integrity
twice. twice.
Requires more Requires more
Fast due to the low processing power processing power
VPN Speed
encryption rate because of the 2x because of the 2x
encapsulation encapsulation
Very good and stable
Stable on NAT- Stable on NAT-
Stability on most Wi-Fi
supported devices supported devices
networks

Most computer,
included in most included in most
tablet, and mobile
Compatibility device operating device operating
operating systems
systems systems
come with PPTP

Because a VPN can be used over existing networks, such as the Internet, it can facilitate
the secure transfer of sensitive data across public networks. This is often less expensive
than alternatives such as dedicated private telecommunications lines between organizations
or branch offices. VPNs can also provide flexible solutions, such as securing
communications between remote telecommuters and the organization's servers, regardless
of where the telecommuters are located.

A VPN can even be established within a single network to protect particularly sensitive
communications from other parties on the same network. The following sections discuss
these three models:
1. Gateway-To-Gateway.
2. Host-To-Gateway.
3. Host-To-Host.
VPNs can use both symmetric and asymmetric forms of cryptography. Symmetric
cryptography uses the same key for both encryption and decryption, while asymmetric
cryptography uses separate keys for encryption and decryption, or to digitally sign and
verify a signature. Symmetric cryptography is generally more efficient and requires less
processing power than asymmetric cryptography, which is why it is typically used to
encrypt the bulk of the data being sent over a VPN.

27
One problem with symmetric cryptography is with the key exchange process; keys must be
exchanged out-of-band to ensure confidentiality.

Out-of-band refers to using a separate communications mechanism to transfer information.

For example, the VPN cannot be used to exchange the keys securely because the keys are
required to provide the necessary protection.

Common algorithms that implement symmetric cryptography include Digital Encryption

Standard (DES), Triple DES (3DES), Advanced Encryption Standard (AES), Blowfish,
RC4, International Data Encryption Algorithm (IDEA), and the hash message
authentication code (HMAC) versions of Message Digest 5 (MD5) and Secure Hash
Algorithm (SHA-1).

Asymmetric cryptography (also known as public key cryptography) uses two separate keys
to exchange data. One key is used to encrypt or digitally sign the data, and the other key is
used to decrypt the data or verify the digital signature. These keys are often referred to as
public/private key combinations. If an individual's public key (which can be shared with
others) is used to encrypt data, then only that same individual's private key (which is
known only to the individual) can be used to decrypt the data. If an individual's private key
is used to digitally sign data, then only that same individual's public key can be used to
verify the digital signature. Common algorithms that implement asymmetric cryptography
include RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA).

Although there are numerous ways in which IPsec can be implemented, most
implementations use both symmetric and asymmetric cryptography. Asymmetric
cryptography is used to authenticate the identities of both parties, while symmetric
encryption is used for protecting the actual data because of its relative efficiency.

It is important to understand that VPNs do not remove all risk from networking. While
VPNs can greatly reduce risk, particularly for communications that occur over public
networks, they cannot eliminate all risk for such communications.

One potential problem is the strength of the implementation. For example, flaws in an
encryption algorithm or the software implementing the algorithm could allow attackers to
decrypt intercepted traffic; random number generators that do not produce sufficiently
random values could provide additional attack possibilities. Another issue is encryption
key disclosure; an attacker who discovers a key could not only decrypt traffic, but
potentially also poses as a legitimate user.

28
Another area of risk involves availability. A common model for information assurance is
based on the concepts of confidentiality, integrity, and availability. Although VPNs are
designed to support confidentiality and integrity, they generally do not improve
availability, the ability for authorized users to access systems as needed. In fact, many
VPN implementations actually tend to decrease availability somewhat because they add
more components and services to the existing network infrastructure. This is highly
dependent upon the chosen VPN architecture model and the details of the implementation.
The following sections describe each of the three primary VPN architectures:

3.3.1 Gateway-to-Gateway Architecture

IPsec-based VPNs are often used to provide secure network communications between two
networks. This is typically done by deploying a VPN gateway onto each network and
establishing a VPN connection between the two gateways. Traffic between the two
networks that needs to be secured passes within the established VPN connection between
the two VPN gateways.

The VPN gateway may be a dedicated device that only performs VPN functions, or it may
be part of another network device, such as a firewall or router. Figure 3-7 shows an
example of an IPsec network architecture that uses the gateway-to-gateway model to
provide a protected connection between the two networks.

Figure 3-7. Gateway-to-Gateway Architecture Example [7]

This model is relatively simple to understand. To facilitate VPN connections, one of the
VPN gateways issues a request to the other to establish an IPsec connection. The two VPN
gateways exchange information with each other and create an IPsec connection. Routing
on each network is configured so that as hosts on one network need to communicate with
hosts on the other network, their network traffic is automatically routed through the IPsec
connection, protecting it appropriately.

29
A single IPsec connection establishing a tunnel between the gateways can support all
communications between the two networks, or multiple IPsec connections can each protect
different types or classes of traffic.

Figure 3-7 illustrates that a gateway-to-gateway VPN does not provide full protection for
data throughout its transit. In fact, the gateway-to-gateway model only protects data
between the two gateways, as denoted by the solid line. The dashed lines indicate that
communications between VPN clients and their local gateway, and between the remote
gateway and destination hosts (e.g., servers) are not protected.

The other VPN models provide protection for more of the transit path. The gateway-to-
gateway model is most often used when connecting two secured networks, such as linking
a branch office to headquarters over the Internet. Gateway-to-gateway VPNs often replace
more costly private wide area network (WAN) circuits.

The gateway-to-gateway model is the easiest to implement, in terms of user and host
management. Gateway-to-gateway VPNs are typically transparent to users, who do not
need to perform separate authentication just to use the VPN. Also, the users' systems and
the target hosts (e.g., servers) should not need to have any VPN client software installed,
nor should they require any reconfiguration, to be able to use the VPN.

3.3.2 Host-to-Gateway Architecture

An increasingly common VPN model is the host-to-gateway model, which is most often
used to provide secure remote access. The organization deploys a VPN gateway onto their
network; each remote access user then establishes a VPN connection between the local
computer (host) and the VPN gateway. As with the gateway-to-gateway model, the VPN
gateway may be a dedicated device or part of another network device. Figure 3-8 shows an
example of an IPsec host-to-gateway architecture that provides a protected connection for
the remote user.

Figure 3-8. Host-to-Gateway Architecture Example [7]

31
In this model, IPsec connections are created as needed for each individual VPN user.
Remote users' hosts have been configured to act as IPsec clients with the organization's
IPsec gateway. When a remote user wishes to use computing resources through the VPN,
the host initiates communications with the VPN gateway. The user is typically asked by
the VPN gateway to authenticate before the connection can be established. The VPN
gateway can perform the authentication itself or consult a dedicated authentication server.
The client and gateway exchange information, and the IPsec connection is established. The
user can now use the organization's computing resources, and the network traffic between
the user's host and the VPN gateway will be protected by the IPsec connection. Traffic
between the user and systems not controlled by the organization can also be routed through
the VPN gateway; this allows IPsec protection to be applied to this traffic as well if
desired.

As shown in Figure 3-8, the host-to-gateway VPN does not provide full protection for data
throughout its transit. The dashed lines indicate that communications between the gateway
and the destination hosts (e.g., servers) are not protected. The host-to-gateway model is
most often used when connecting hosts on unsecured networks to resources on secured
networks, such as linking traveling employees around the world to headquarters over the
Internet.

Host-to-gateway VPNs often replace dial-up modem pools. The host-to-gateway model is
somewhat complex to implement and maintain in terms of user and host management.
Host-to-gateway VPNs are typically not transparent to users because they must
authenticate before using the VPN. Also, the users' hosts need to have VPN client software
configured. Most (but not all) personal computer operating systems have built-in VPN
clients, so it may be necessary to install VPN clients on some hosts.

3.3.3 Host-to-Gateway Architecture

The least commonly used VPN architecture is the host-to-host model, which is typically
used for special purpose needs, such as system administrators performing remote
management of a single server. In this case, the organization configures the server to
provide VPN services and the system administrators‘ hosts to act as VPN clients. The
system administrators use the VPN client when needed to establish encrypted connections
to the remote server. Figure 3-9 shows an example of an IPsec network architecture that
uses the host-to-host model to provide a protected connection to a server for a user.

31
 Figure 3-9. Host-to-Host Architecture Example [7]
In this model, IPsec connections are created as needed for each individual VPN user.
Users' hosts have been configured to act as IPsec clients with the IPsec server. When a user
wishes to use resources on the IPsec server, the user's host initiates communications with
the IPsec server. The user is asked by the IPsec server to authenticate before the connection
can be established. The client and server exchange information, and if the authentication is
successful, the IPsec connection is established. The user can now use the server, and the
network traffic between the user's host and the server will be protected by the IPsec
connection.

As shown in Figure 3-9, the host-to-host VPN is the only model that provides protection
for data throughout its transit. This can be a problem, because network-based firewalls,
intrusion detection systems, and other devices cannot be placed to inspect the decrypted
data, which effectively circumvents certain layers of security. Device placement can also
be an issue in host-to-gateway and gateway-to-gateway architectures, but in those
architectures it is usually possible to move devices or deploy additional devices to inspect
decrypted data. This is not possible with a host-to-host architecture. Device placement can
also be an issue in host-to-gateway and gateway-to-gateway architectures, but in those
architectures it is usually possible to move devices or deploy additional devices to inspect
decrypted data. This is not possible with a host-to-host architecture.

The host-to-host model is most often used when a small number of trusted users need to
use or administer a remote system that requires the use of insecure protocols (e.g., a legacy
system) and can be updated to provide VPN services.

The host-to-host model is resource-intensive to implement and maintain in terms of user

and host management. Host-to-host VPNs are not transparent to users because they must
authenticate before using the VPN. Also, all user systems and servers that will participate

32
in VPNs need to have VPN software installed and/or configured. Table 3-4 provides a brief
comparison of the three VPN architecture models.

Table 3-4. Comparison of VPN Architecture Models [7]

3.4. Benefits and Limitations of Using VPN

VPNs are only "virtually" private, however, because this data actually travels over shared
public networks instead of fully dedicated private connections. There are many benefits of
using VPNs such as (Protected File Sharing, Remote Access, Anonymity, Bypass Blockers
and Filters, Improved Performance, Affordability, and Enhanced Security).

Even though, the main benefit of a VPN is the potential for significant cost savings
compared to traditional leased lines or dial up networking. These savings come with a
certain amount of risk, however, particularly when using the public Internet as the deliver
mechanism for VPN data. The performance of a VPN will be more unpredictable and
generally slower than dedicated lines due to public Net traffic. Also, many more points of
failure can affect a Net-based VPN than in a closed private system. Utilizing any public
network for communications naturally raises new security concerns not present when using
more controlled environments like point -to-point leased lines. [12]

Figure 3.10: Virtual Private Network Concept [9]

33
VPNs require detailed understanding of network security issues and careful installation /
configuration to ensure sufficient protection on a public network like the Internet. The
reliability and performance of an Internet-based VPN is not under an organization‘s direct
control. Instead, the solution relies on an ISP and their quality of service. Historically,
VPN products and solutions from different vendors have not always been compatible due
to issues with VPN technology standards. Attempting to mix and match equipment may
cause technical problems, and using equipment from one provider may not give as great a
cost savings. [13]

3.5. Design Issues

VPNs are designed in accordance with an organization‘s application needs and network
restrictions. More often than not, smaller organizations find it economical to deploy a low-
end ISP-based solution, as opposed to other high-end, sophisticated alternatives. The fact
that most VPN software lies on the client‘s machine and other remote location facilities
(such as gateways and routers) makes it difficult to bring in standardization. The basic
VPN architecture falls along the following lines: [6]

 Remote access VPNs—Address mobile end users‘ connectivity with a corporate main
office network. End users (who are normally exclusive and authenticated customers)
can log on to the remote access servers through dial-up services provided by an ISP.
The corporation usually leaves its virtual private dial-up network in the hands of the
network access servers (NAS) operated by the ISP. Normally, a login name and
password are exchanged between the NAS for a user at the remote site to log in. This
provides low-end solutions and relatively insecure VPNs, as the data may be sent out in
the clear in the ISP‘s network. Figure 3.11 shows a remote access VPN.

Figure 3.11 Remote Accesses VPN [6]

34
 LAN-to-LAN or site-to-site VPNs —Another mode of virtual private networking is
establishing communication between two different local area networks. An
organization‘s business ally can use its networks to connect to the corporate network
directly, combining two different large-scale networks into a single virtual network.
Site-to-site VPNs require high-end solutions, as the amount of data exchanged is very
high compared to remote access VPNs. IP-Sec and SSL-based security and encryption
solutions are used for building site-to-site VPNs. Figure 3.12 shows a site-to-site VPN.

Figure 3.12 Site-to-site VPN [6]

3.5 Summary of Chapter 3

Chapter 3 describes the TCP/IP model and its layers and explained how security controls at
each layer provide different types of protection for TCP/IP communications. IPsec, a
network layer security control, can provide several types of protection for data, depending
on its configuration. Most IPsec implementations provide VPN services to protect
communications between networks. Therefore, this chapter describes VPNs and highlights
the three primary VPN Architecture Models.

A VPN is a virtual network built on top of existing physical networks that can provide a
secure communications mechanism for data and control information transmitted between
networks. VPNs are used most often to protect communications carried over public
networks such as the Internet. A VPN can provide several types of data protection,
including confidentiality, integrity, data origin authentication, replay protection and
access control. Although VPNs can reduce the risks of networking, they cannot totally
eliminate them. For example, a VPN implementation may have flaws in algorithms or
software, or a VPN may be set up with insecure configuration settings and values. Both of
these flaws can be exploited by attackers. There are three primary models for VPN
architectures, as follows: [7]

35
  Gateway-to-gateway. This model protects communications between two specific
networks, such as an organization's main office network and a branch office
network, or two business partners' networks.
 Host-to-gateway. This model protects communications between one or more
individual hosts and a specific network belonging to an organization. The host-to-
gateway model is most often used to allow hosts on unsecured networks, such as
traveling employees and telecommuters, to gain access to internal organizational
services, such as the organization's e-mail and Web servers.
 Host-to-host. A host-to-host architecture protects communication between two
specific computers. It is most often used when a small number of users need to use
or administer a remote system that requires the use of inherently insecure protocols.

Chapter 3 provides also an overview of the types of security controls that can provide
protection for Transmission Control Protocol/Internet Protocol (TCP/IP) network
communications, which are widely used throughout the world. TCP/IP communications are
composed of four layers that work together: (application, transport, network, & data link).
Security controls exist for network communications at each of the four layers. As data is
prepared for transport, it is passed from the highest to the lowest layer, with each layer
adding more information. Because of this, a security control at a higher layer cannot
provide full protection for lower layers, because the lower layers add information to the
communications after the higher layer security controls have been applied.

The primary disadvantage of lower layer security controls is that they are less flexible and
granular than higher layer controls. Accordingly, network layer controls have become
widely used for securing communications because they provide a more balanced solution
than the highest layer and lowest layer security controls.

36
 Chapter 4 ( IPsec )

4.1 Overview of IPsec

Communications security will always be an important component in business and military

transactions. More and more financial and commercial organizations are finding it feasible
to utilize the Internet and other communications networks for faster customer reach,
production, and sales. In such a scenario, they cannot dispense with network security tools
and their applications. With the changing facets of networking (wireless and mobile
networks), security issues on these new network systems become a high-end challenge.
Most vendors, including Cisco and Microsoft, have invested enormous time and attention
in the emerging security implementations and applications.

What type of remote access is allowed? Remote access should be tightly controlled,
monitored, and audited. It should be provided only over a secure communication channel
that uses encryption and strong authentication, such as an IPsec VPN. Desktop modems
(including applications such as PCAnywhere), unsecured wireless access points, and other
vulnerable methods of remote access should be prohibited.

Organizations don‘t always consider wireless networks when referring to remote access.
Part of knowing the network architecture includes knowing the location of wireless
networks because they create another possible remote entry point for an attacker. It must
also be determined whether they are being used for sensitive data and are sufficiently
secured. [6]

VPNs should be used for remote access and other sensitive communication. IPsec is a great
choice for this purpose. IPsec is a collection of protocols that assist in protecting
communications over IP networks. [14]

In addition to providing specific recommendations related to configuring cryptography for

IPsec, this chapter presents a phased approach to IPsec planning and implementation that
can help in achieving successful IPsec deployments.

IPsec, a set of protocols developed to support secure exchange of packets at the IP layer, is
utilized to implement VPNs on the Internet and intranets. IPsec operates at the network
layer (layer 3) and supports Two Modes, transport mode and tunnel mode.

Transport mode encrypts only the data or information portion (payload) of each IP packet;
it leaves the header untouched. Transport mode provides end-to-end encryption since the

37
header information is untouched. As a result, no special setup is required for the network
devices.
Transport mode is usually used for secure communications between hosts. With transport
mode, someone sniffing the network will not be able to decipher the encrypted payload.
However, since the header information is not encrypted, sniffers will be able analyze
traffic patterns.

Tunnel mode encrypts the entire packet, both the header and the payload. The receiving
device must be IPsec-compliant to be able to decrypt each packet, interpret it, and then re-
encrypt it before forwarding it onto the appropriate destination. As such, it is a node-to-
node encryption protocol. However, tunnel mode safeguards against traffic analysis since
someone sniffing the network can only determine the tunnel endpoints and not the true
source and destination of the tunneled packets.

The sending and receiving devices exchange public key information using a protocol
known as Internet Security Association and Key Management Protocol/Oakley
(ISAKMP/Oakley). This protocol enables the receiver to obtain a public key and
authenticate the sender using the sender's digital certificates. Tunnel mode is considered
more secure than transport mode, since it conceals or encapsulates the IP control
information.

IPsec defines a set of protocols for securing IP communication: the security protocols
Authentication Header (AH) [15] and Encapsulating Security Payload (ESP) [16], the
algorithms for authentication and encryption, key exchange mechanisms and so called
security associations (SA) [17].
IPsec is a framework of open standards for ensuring private communications over public
networks. It has become the most common network layer security control, typically used to
create a virtual private network (VPN). IPsec is a network layer security protocol with the
following components: [7]
 Two security protocols, Authentication Header (AH) and Encapsulating
Security Payload (ESP). AH can provide integrity protection for packet headers
and data, but it cannot encrypt them. ESP can provide encryption and integrity
protection for packets, but it cannot protect the outermost IP header, as AH can.
However, this protection is not needed in most cases. Accordingly, ESP is used
much more frequently than AH because of its encryption capabilities, as well as

38
 other operational advantages which described in this chapter. For a VPN, which
requires confidential communications, ESP is the natural choice.
 Internet Key Exchange (IKE) protocol. IPsec uses IKE to negotiate IPsec
connection settings; authenticate endpoints to each other; define the security
parameters of IPsec-protected connections; negotiate secret keys; and manage,
update, and delete IPsec-protected communication channels.
 IP Payload Compression Protocol (IPComp). Optionally, IPsec can use IPComp
to compress packet payloads before encrypting them.
4.2 IPsec-based virtual private networks (VPNs)

Internet Protocol–based security protocols are easy to develop and are highly scalable to
any type of network and application. Essentially, IP's are used by almost all types of
applications, which makes them a highly suitable medium for incorporating security-
related protocols. Most application-level protocols and transport-level protocols do not
provide highly standardized security features because different network services may use
different application- and transport level protocols. Although Transmission Control
Protocol (TCP) enjoys a vast amount of utilization in the transport layer on the Internet,
adding security features on top of it may be cumbersome compared to doing so on lower-
level Internet protocols. Moreover, application-level encryption requires changes to be
made at the application level, which is not standardized because of multiple vendors in the
market. Thus, IPsec, an Internet layer security protocol, enjoys a major place in the
security architecture of VPNs. IPsec-based encryption schemes provide many different
security features, including the following: [6]
 Confidentiality
 Authentication
 Data integrity
 Protection against data replay attacks
These schemes also encompass multiple security algorithm options. The user can decide
which security algorithm to use for an application depending on the nature of security to be
provided. Because IPsec provides for connection-oriented networks, unlike the
conventional Internet Protocol, which is basically a connectionless protocol, a trusted key
management facility has to be present for IPsec communication to take place effectively.
Protocols such as the Internet Security Association, Key Management Protocol, and the
Internet Key Exchange Protocol address the issues related to key management. [6]

39
4.3 IPsec Header Modes

As it is early mentioned, IPsec is categorized into two distinct modes, as follows:

 Transport mode: In the transport mode, the entire IP packet (the header and data
fields) is not encapsulated, but appropriate changes are made to the protocol fields
to represent it as a transport-mode IPsec packet. Hosts have software directly
installed on them to handle transport-mode IPsec packets.
 Tunneled mode: In the tunneled mode of operation, complete encapsulation of the
IP packet takes place in the data field of the IPsec packet. The routers and gateways
are normally involved in handling and processing the IPsec packets in the transport
mode, but tunneled mode can normally address destinations that may not be
intended at the source, which provides for additional security as it conceals the
source and destination field.
Special types of headers associated with the IPsec protocol make it different from the
Internet Protocol. Two important modes of headers are recognized: (Authentication Header
and Encapsulating Security Payload). [6]

4.3.1 Authentication Header

The Authentication Header (AH) consists of a set of fields, shown in Figure 4-1. The AH‘s
basic purpose is to provide for data integrity during transmission and authenticate the
source of the data to the receiver. Security associations (SAs) are connection-oriented
paradigms that uniquely combine a particular source and destination during data
transmission. SAs are used to store the parameters that each of the two parties uses to make
sure the parties utilize the same encryption schemes and key lengths during the
communication. Authentication of the source and destination may be optionally
accomplished when security associations are provided. AHs provide for the integrity of
most parts of the data packet.

Figure 4-1 Authentication Header fields

41
  The Next Header shows the next protocol field on the normal IP packet before it
was processed for IPsec features.
 The Payload Length indicates the length of the whole payload header in multiples
of 4-byte words minus 2.
 The Security Parameters Index points to the destination IP and the security
association involved. Information such as keys and algorithms used would be
pointed out in this field.
 The Sequence Number keeps track of the number of packets sent and received in
the particular security association. It is highly useful in avoiding replay attacks,
which lead to multiple usages of the same packets by an interceptor at a later period
of time.
 The Authentication Data Field consists of the various integrity check values for the
packet as a whole (with some exceptions in the headers). This field can be used in
digital signature processes wherein the receiver can verify the data to have
originated from the authentic sender. Hash generator codes, such as hashed
message authentication codes, are used for this purpose.
The disadvantage of the AH mode of IPsec protocols is that only integrity checking is
offered; there is no confidentiality. Some of the fields in the header, such as those that can
change during transit, may not be involved in the integrity check value calculation process.
The next section talks about another sophisticated mode of the IPsec protocol, which
handles the shortcomings of the AH mode.

4.3.2 Encapsulating Security Payload

The alternative to the AH mode IPsec header, Encapsulating Security Payload (ESP),
provides for both authentication and confidentiality of the underlying IP packets, and
works easily with IPv4 and IPv6 versions of the Internet Protocol. The basic architecture of
the ESP mode header is shown in Figure 4-2.

ESP was released as an enhancement to the IPsec protocol under RFC 2406. ESP provides
authentication, integrity, and confidentiality, which protect against data tampering and,
most important, provide message content protection just as the Authentication Header
protocol does. Anti-replay services are an added specialty in the ESP. The main difference
between the AH protocol and the encapsulation header protocol is that the ESP protects for
integrity and confidentiality only those components it encapsulates while, as previously
mentioned, the AH provides integrity checks for most parts of the header and parts of the
41
data fields, too. A restriction thus placed on the AH is that it has to be upper-layer-protocol
aware, which, in most cases, adds to the overhead. Moreover, the AH protocol relies on
other services for providing confidentiality, whereas ESP provides for confidentiality on its
own. Outside the United States there are numerous restrictions on extending cryptographic
confidentiality algorithms, which makes ESP‘s usage quite restricted. ESP has a mere
optional usage in IPv6 as a result of such export restrictions. However, because the
Authentication Header protocol does not have any such export restriction, it is available in
the IPv6 protocol. [6]

Figure 4-2 Encapsulation Security Protocol (ESP) fields

4.4 IPsec Planning and Implementation Processes

This section focuses on the planning and implementation processes of IPsec in the
enterprise. As with any new technology deployment, IPsec planning and implementation
should be addressed in a phased approach as shown in Figure 4-3. A successful
deployment of IPsec can be achieved by following a clear, step-by-step planning and
implementation process. The use of a phased approach for deployment can minimize
unforeseen issues and identify potential pitfalls early in the process. This model also allows
for the incorporation of advances in new technology, as well as adapting IPsec to the ever-
changing enterprise. This section explores each of the IPsec planning and implementation
phases. The phases of the approach are as follows: [6]

1. Identify Needs: Identify the need to protect network communications and

determine how that need can best be met.

42
 2. Design the Solution: —Make design decisions in four areas: architectural
considerations, authentication methods, cryptography policy, and packet filters. The
placement of an IPsec gateway has potential security, functionality, and
performance implications. An authentication solution should be selected based
primarily on maintenance, scalability, and security. Packet filters should apply
appropriate protections to traffic and not protect other types of traffic for
performance or functionality reasons.
3. Implement and Test a Prototype: Test a prototype of the designed solution in a
lab or test environment to identify any potential issues. Testing should evaluate
several factors, including connectivity, protection, authentication, application
compatibility, management, logging, performance, the security of the
implementation, and component interoperability.
4. Deploy the Solution: Gradually deploy IPsec throughout the enterprise. Existing
network infrastructure, applications, and users should be moved incrementally over
time to the new IPsec solution. This provides administrators an opportunity to
evaluate the impact of the IPsec solution and resolve issues prior to enterprise-wide
deployment.
5. Manage the Solution:—Maintain the IPsec components and resolve operational
issues; repeat the planning and implementation process when significant changes
need to be incorporated into the solution.

Figure 4-3. Phases of the IPsec planning & implementation process

Table 4-1 provides a checklist that summarizes the major design decisions made during the
first two phases of the IPsec planning and implementation process. [6]

43
 Table 4-1. Design Decisions Checklist

Implement and Test Prototype: After the solution has been designed, the next step is to
implement and test a prototype of the design. This could be done in one or more
environments, including a lab network, a test network, and a production network. Ideally,
implementation and testing should first be performed with a lab network, then a test
network. Only implementations in final testing should be placed onto a production
network. The nature of IPsec allows a phased introduction on the production network as
well.
Testing of the prototype implementation should evaluate several factors, including
connectivity, protection, authentication, application compatibility, management, logging,
and performance, the security of the implementation, component interoperability, and
default settings.

44
During full implementation, existing network infrastructure, applications, and users should
gradually be migrated to the new IPsec solution. This provides administrators an
opportunity to evaluate the impact of the IPsec solution and resolve issues prior to
enterprise wide deployment.

After implementation, the IPsec solution needs to be maintained, such as applying patches
and deploying IPsec to additional networks and hosts. Operational issues also need to be
addressed and resolved.

As part of implementing IPsec, organizations should also implement additional technical,

operational, and management controls that support and complement IPsec
implementations. Examples include establishing control over all entry and exit points for
the protected networks, ensuring the security of all IPsec endpoints, and incorporating
IPsec considerations into organizational policies.

4.5 Alternatives to IPsec

Although IPsec is flexible enough to meet many needs, there are certain cases when other
protocols may provide a better solution. Therefore, this section lists several VPN protocols
that are used as alternatives to IPsec, and groups them by the layer of the TCP/IP model at
which they function, because many of the protocols characteristics are based on the layer
they use. IPsec is the prevalent network layer VPN protocol; this section briefly discusses
several data link layer, transport layer, and application layer VPN protocols. For each
protocol, a brief description is provided, along with a description of the circumstances
under which it may be more advantageous than IPsec.

The main alternatives to IPsec are: Data link layer VPN protocols, such as PPTP, L2TP,
and L2F; transport layer VPN protocols, primarily TLS/SSL; and application layer VPN
protocols, including PGP and SSH, are all effective alternatives to IPsec for particular
needs and environments. Table 4-2 provides a high-level comparison of the alternatives.
The following summarizes the key points: [6]

 Data link layer VPNs can protect various network protocols, so they are often used for
non-IP protocols. One type of data link layer VPN is a provisioner-provided VPN, which
can protect communications on a dedicated physical link. Data link layer VPNs are most
commonly used on top of PPP to secure modem-based connections, although PPP actually
encrypts the traffic.

45
 • PPTP protects communications between a PPTP-enabled client and a PPTP-enabled
server, and uses GRE to transport data between them.
• L2TP protects communications between an L2TP-enabled client and an L2TP-enabled
server, and uses its own tunneling protocol over UDP port 1701 to transport data.
• L2F protects communications between two network devices, such as ISP network
access servers and VPN gateways. It is transparent to users, but it does not protect
communications between users' systems and ISPs.

 Transport layer VPNs most commonly provide security for communications with
individual HTTP-based applications, and can also protect other applications'
communications. Each application server must include support for the VPN
protocol, as must the client portion of each application. Because all major Web
browsers include support for the TLS/SSL protocol, users typically do not need to
install client software or reconfigure their systems.
 TLS/SSL proxy servers provide network, transport, or application layer VPNs
(depending upon the configuration). Typically, remote users connect to the proxy
server using TLS-protected HTTP and authenticate themselves; the user can then
access designated applications indirectly through the proxy server, which
establishes its own separate connections with the application servers. Non-Web-
based applications can be accessed by deploying special programs to clients and
then tunneling the application data over HTTPS or another protocol; another
method is to use a terminal server and to give users a Web-based terminal server
client. Unlike IPsec, TLS proxy servers cannot protect IP header characteristics,
such as IP addresses.
 Application layer VPNs protects part or all of the communications for a single
application. For example, e-mail encryption conceals the content in the body of an
e-mail, but not the e-mail headers. Protection is either provided by using a separate
program (e.g., a standalone file encryption program) or by building the application
layer VPN protocol into the application itself. If neither of these is feasible, a
different layer VPN may be needed.

46
Table 4-2. Comparison of IPsec and IPsec Alternatives

47
The Point-to-Point Tunneling Protocol (PPTP) is a networking technology that was
developed by Microsoft and a group of vendors to provide virtual private networking. It
does not use IPsec-based technologies and was intended for more portability. In most
cases, the use of IPsec-based VPN protocols would require special software for operation.
Microsoft has attempted to use its Windows-based operating systems for virtual private
networking through the PPTP. In most PDAs that currently lack IPsec support, the PPTP
could be an immediate alternative for virtual private networking. On the security front, the
PPTP may not be as effective as the IPsec. IPsec uses higher-bit 3DES encryption as
compared to the PPTP‘s MPPE encryption because of the key length. The longer the key
length, the harder it is for someone to crack it with a brute-force attack. However, because
export restrictions make the IPsec unusable outside the United States, the PPTP is much
more prevalent. [6]

While not recommended, if you have no other choice, wireless access must at least use
WEP with 128-bit encryption. Although this provides some security, it is not very robust,
which is why the wireless network should not be used for sensitive data. Consider moving
to the 802.11i standard with AES encryption or WPA/WPA2. [6]

Secure communications such as VPNs should be used for remote access and other sensitive
communication. IPsec is a great choice for this purpose. Strong encryption protocols such
as 3DES and AES should be used whenever possible. Web access to sensitive or
proprietary information should be protected with 128-bit SSL. Remote system
administration should use SSH. Sometimes file system encryption is also used to protect
stored data. [6]

Table 4-3 lists the TCP and UDP port numbers and IP protocols associated with IPsec and
the alternative VPN protocols described in the last section. This information may be
helpful in configuring other network security devices, such as firewalls and routers, to
permit VPN activity to pass through.

Table 4-3. IP Protocols and TCP/UDP Port Numbers for VPN Protocols

48
4.6 Summary of Chapter 4

This chapter has described a phased approach to IPsec planning and implementation and
highlighted various issues that may be of significance to implementers. The use of a phased
approach for IPsec planning and implementation can help to achieve successful IPsec deployments.

 Planning and Implementation Case Studies page 79 G

49
5.1 Requirements and Recommendations
The National Institute of Standards and Technology (NIST) outline some requirements and
recommendations for the configuration of IPsec VPNs are:
 If any of the information that will traverse a VPN should not be seen by non-VPN
users, then the VPN must provide confidentiality protection (encryption) for that
information.
 A VPN must use a FIPS-approved encryption algorithm. AES-CBC (AES in Cipher
Block Chaining mode) with a 128-bit key is highly recommended; Triple DES
(3DES-CBC) is also acceptable. The Data Encryption Standard (DES) is also an
encryption algorithm; since it has been successfully attacked, it should not be used.
 A VPN must always provide integrity protection.
 A VPN must use a FIPS-approved integrity protection algorithm. HMAC-SHA-1 is
highly recommended. HMAC-MD5 also provides integrity protection, but it is not
a FIPS-approved algorithm.
 A VPN should provide replay protection.
 For IKEv1, IKE Security Associations (SAs) should have a lifetime no greater than
24 hours (86400 seconds) and IPsec SAs should have a lifetime no greater than 8
hours (28800 seconds). For IKEv2, IKE SAs should be re-keyed after at most 24
hours and child SAs should be re-keyed after at most 8 hours.
 The Diffie-Hellman (DH) group used to establish the secret keying material for
IKE and IPsec should be consistent with current security requirements. DH group 2
(1024-bit MODP) should be used for Triple DES and for AES with a 128-bit key.
For greater security, DH group 5 (1536-bit MODP) or DH group 14 (2048-bit
MODP) may be used for AES.3 the larger DH groups will result in increased
processing time.

51
5.2 Future Directions of IPsec

This section briefly discusses some of the future directions of IPsec. The IETF (Internet
Engineering Task Force) is finalizing a set of revised IPsec standards, as well as several
extensions to IPsec. This section provides a brief discussion of the new standards and
pointers to additional information. The next part of this section examines issues related to
extending IPsec to handle multicast traffic. The final topic addressed in this section is IPv6.
Some background and general information on IPv6 is provided, along with a brief
discussion on the effect that IPv6 deployments are expected to have on IPsec.

The current version of IPsec cannot provide protection for multicast traffic, because IPsec
was designed specifically for protecting communications between two specific points, not
among many points at once. Researchers have been attempting for several years to find a
viable way to extend IPsec so it can support multicast traffic without losing its methods of
protection, particularly source authentication. [6]

5.2.1 Revised IPsec Standards

The IP Security Protocol Working Group of the IETF has developed dozens of RFCs and
Internet-Drafts related to updating IPsec standards. One of the proposed standards is for
IKEv2 (Internet Key Exchange); it makes significant changes to the performance and
capabilities of IKE. There are also proposed standards for version 3 of ESP, AH, and the
general IPsec architecture and processing model; however, the changes for these are not as
major as the changes in IKE. There is also a proposed standard for performing UDP
encapsulation of IP packets. This is a technique to overcome issues involving NAT. Once
vendors begin to add support for these features into their products, this should lead to
improved IPsec implementations.

5.2.2 Support for Multicast Traffic

Multicast traffic refers to sending a packet to an IP address that is designated as a multicast

address; one or more hosts that are specifically interested in the communication then
receive copies of that single packet. This differs from broadcast traffic, which causes
packets to be distributed to all hosts on a subnet, because multicast traffic will only be sent
to hosts that are interested in it. Multicasting is most often used to stream audio and video.
For the sender, there are two primary advantages of using multicast. First, the sender only
needs to create and send one packet, instead of creating and sending a different packet to

51
each recipient. Second, the sender does not need to keep track of who the actual recipients
are. Multicasting can also be advantageous from a network perspective, because it reduces
network bandwidth usage.

5.2.3 Interoperability with PKI

A new IETF working group, Profiling Use of PKI in IPsec (PKI4IPSEC), is currently
discussing this topic and beginning to develop proposed standards. The group plans on
developing specific documentation for how IKE should handle certificates, as well as a
standard for certificate management in the context of IPsec implementations.

5.2.4 IKE Mobility and Multi-homing

The IETF's IKEv2 Mobility and Multi-homing (MOBIKE) working group is currently
developing extensions to IKEv2. The extensions will allow IKE to function more smoothly
in cases of IPsec host mobility (the host's actual IP address changes). The extensions will
also improve the support for multi-homing (a single host has multiple IP addresses).
Protocols such as the Stream Control Transmission Protocol (SCTP) currently suffer
substantial overhead when being used with IPsec.

5.2.5 IPv6

Many years ago, to address various shortcomings with IPv4 (including the lack of various
security features and the limited number of available addresses), standards were developed
for a new version of IP called IPv6. IPv6 provides a much larger address space that is
expected to meet the addressing needs for all networked devices for the foreseeable future.
The RFCs for IPv6 order the addition of IPsec to preserve the confidentiality and integrity
of network communications. [6]

The implementation of IPv6 has been increasing recently, and it appears that over the next
several years, it may become widespread. Legacy implementations of IPsec on IPv4
networks are likely to continue to be used for some time after that, perhaps indefinitely. It
is expected that IPsec will be used in IPv4 and IPv6 environments for many years to come.

52
 References
[1] M. Bishop, Computer Security Art and Science, Pearson Education, 2003.

]2[ S. Northcutt et al., Inside Network Perimeter Security, New Riders Publishing, 2003.

[3]. S. Bellovin and R.W. Cheswick, Firewalls and Internet Security: Repelling the Wily
Hacker, Pearson Education, 1994.

[4] John E. Canavan, Fundamentals of Network Security, Artech House

telecommunications library, 2001.

[5] E-book available at https://tutorialspoint.com.

[6] Eric Cole, Ronald Krutz, James W. Conley, "Network Security Bible", 2nd Edition,
Published by Wiley Publishing, Inc, 2009.

[7] Sheila Frankel, Karen Kent, Steven R. Sharma, "Guide to IPsec VPNs,
Recommendations of the National Institute of Standards and Technology", Gaithersburg,
MD 20899-8930, December 2005.

[8] John E. Canavan, "Fundamentals of Network Security", Artech House,2001

(http://www.artechhouse.com).

[9] Cisco tunneling, https://www.cisco.com/c/en/us/tech/ip/ip-tunneling/tech-

configuration-examples-list.html. / accessed 20/6/2022.

[10] Internet Standard Subnetting Procedure Jeffrey Mogul; Jon Postel (August 1985).

[11] CCDA Cisco Certified Design Associate , https://www.2000trainers.com/ccda-study-

guide/network-design-approaches/ accessed 9/6/2022.

[12] Research Paper Cisco Secure Virtual Private Networks: Diana Ashikyan Nikhil Jerath,
Connie Mason, Andrew G. (2002).

[13] Research paper "VPN & Its Advantages and Benefits of a VPN", available at
https://us.norton.com / accessed 10/5/2022.

[14] RFC 2401, Security Architecture for the Internet Protocol, provides an overview of
IPsec. The RFC is available for download at http://www.ietf.org/rfc/rfc2401.txt .

[15] Stephen Kent. IP Authentication Header. RFC 4302, 2005.

]61[ S. Kent. IP Encapsulating Security Payload. RFC 4303, 2005.

[17] S. Kent and K. Seo. Security architecture for the internet protocol. RFC 4301, 2005.

53