INFOTECH Seminar Advanced Communication Services ACS, 2006 - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

INFOTECH Seminar Advanced Communication Services ACS, 2006

Description:

... L2TP(Layer 2 Tunneling Protocol), TLS (Transport Layer Security) ... Multi-Protocol Label Switching (MPLS), Layer 2 Forwarding (L2F) Agenda. Introduction: VPN ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 18
Provided by: line9
Category:

less

Transcript and Presenter's Notes

Title: INFOTECH Seminar Advanced Communication Services ACS, 2006


1
INFOTECH Seminar Advanced Communication Services
(ACS), 2006 Mentor Dr. Stephan Rupp
VPN Protocols - Hamachi vs. TLS
Shiqing Fan Institute of Communication Networks
and Computing Engineering University of Stuttgart
2
MotivationSecurity the primary aim of all
Virtual Private Networks!
  • TLS
  • Transport Layer Security
  • Is endorsed by many leading financial
    institutions for commerce over the Internet.
  • Hamachi
  • A computer networking software
  • With lots of attractive features

3
Agenda
  • Introduction VPN
  • SSL/TLS
  • Hamachi
  • Comparison
  • Conclusion Outlook

4
Introduction VPN
  • Virtual Private Network
  • Secure VPNs
  • data is encrypted at the edge of the network
  • IPsec (IP security), L2TP(Layer 2 Tunneling
    Protocol), TLS (Transport Layer Security)
  • Trusted VPNs
  • No encryption, rely on the security of a
    providers network
  • Multi-Protocol Label Switching (MPLS), Layer 2
    Forwarding (L2F)

5
Agenda
  • Introduction VPN
  • SSL/TLS
  • Hamachi
  • Comparison
  • Conclusion Outlook

6
TLS What is TLS?
  • the successor of Secure Sockets Layer 3.0 (SSL)
  • provides privacy and data integrity
  • authentication and communications privacy
  • public key infrastructure (PKI)
  • composed of two layers
  • TLS Record Protocol
  • TLS Handshake Protocol
  • Adds security to other protocols
  • With reliable connections (TCP)
  • Uses public keys certificates

7
TLSHandshake Protocol
Server
Client
Connection request
Highest SSL Version, Ciphers Supported, Data
Compression Methods, Session Id 0, Random Data
Acknowledgement
  • Functions before the application protocol
    transmits or receives any data
  • Negotiation of an encryption algorithm and
    cryptographic keys
  • After handshake procedure finished, each
    operation on the resources has to be authorized
    and encrypted

Acknowledgement
A new TCP connection created Handshake starts
Client Hello
Server Hello
Selected SSL Version, Cipher, and Data
Compression Method, Assigned Session Id, Random
Data
Certificate Key exchange Certificate
request Server done
Certificate Key exchange Certificate
verification Change cipher spec Finished
Change cipher spec Finished
Application Communication
8
SSL/TLS VPN
  • Database - application server - Web server - Web
    browser model
  • No interference with OS kernel wherever possible
  • Less configuration complexity
  • Any machine is able to connect to the central VPN
  • Endpoints trust model is broken
  • Man-in-the-middle attacks are possible

SSL/TLS Tunnel
Internet
Web Browser (TLS Embedded)
9
Agenda
  • Introduction VPN
  • SSL/TLS
  • Hamachi
  • Comparison
  • Conclusion Outlook

10
HamachiEverything you can do in a LAN, you can
do with Hamachi!
  • A centrally-managed zero-configuration VPN
    freeware application
  • Direct links between computers that are both
    NATed without requiring NAT reconfiguration
  • Currently available as a beta version for
    Microsoft Windows, Mac OS and Linux
  • Virtual "LAN parties" for gamers connected across
    the Internet
  • Secure Web services and Web-based applications

Games
Chat
File sharing
FTP
. . .
11
Hamachipeer-to-peer connection, client-server
authentication
Client2 with Hamachi installed
Client1 without Hamachi installed
Hamachi Server
Hamachi installation, Request a new IP
A virtual network card is created, server
certificate installed
Assign a new IP, 5...
Hello
Hello
SSL/TLS based authentication
Logon request Auth messages
Auth ok Build up the tunnel
Game starts!
Peer-to-peer UDP connection
12
HamachiIs what youre telling us true?
  • Using Hamachi is easy, but
  • Its not open source, no one knows whats behind
    it.
  • Dose it deliver messages securely as it promised?
  • Is there any spyware embedded?
  • Hamachi server should also be questioned.
  • The only way to prove its security is to open it!

It seems good, but
?
13
Agenda
  • Introduction VPN
  • SSL/TLS
  • Hamachi
  • Comparison
  • Conclusion Outlook

14
ComparisonSSL/TLS VPN vs. Hamachi
15
Agenda
  • Introduction VPN
  • SSL/TLS
  • Hamachi
  • Comparison
  • Conclusion Outlook

16
Conclusion Outlook
  • SSL/TLS VPN
  • Suitable for protecting sensitive resources
    inside the enterprise
  • The security of the entire system is only as
    strong as the weakest link. If the client is
    insecure, the entire system is equally insecure.
  • Hamachi
  • A good choice for small companies (no more than
    265 users), and internet game players
  • Prospect
  • Re-build the endpoints trust model for SSL/TLS
    VPN
  • Source opened Hamachi is demanded.
  • OpenVPN has a good chance

17
Thank you for your attention!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "INFOTECH Seminar Advanced Communication Services ACS, 2006" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!