VPN Termination Interoperation with Firewalls and IDS - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

VPN Termination Interoperation with Firewalls and IDS

Description:

Seminar Advanced Communication Services. Jo o Machado. Summary. I Introduction. II VPN technologies ... securing Internet Protocol (IP) communications by ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 15
Provided by: Joao93
Category:

less

Transcript and Presenter's Notes

Title: VPN Termination Interoperation with Firewalls and IDS


1
VPN Termination Interoperation with Firewalls
and IDS
  • Seminar Advanced Communication Services
  • João Machado

2
Summary
  • I Introduction
  • II VPN technologies
  • III Firewall technologies
  • IV VPN/Firewall interaction
  • V Conclusions

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
3
Firewall is a constant trade between
security and functionality VPN is a
secure functionality that reduces the overall
security of the system
VPN Termination interoperation with Firewalls and
IDS
20.07.2006
4
Services that may require VPN access
  • VPN remote access
  • Interconnection of remote branches
  • Voip
  • Secure connections with remote servers

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
5
Scope of this presentation
  • VPN Technologies
  • IPSec
  • SSL/TLS
  • Firewall Technologies
  • Network layer firewalls
  • Application-layer firewalls
  • Application firewall

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
6
VPN Termination interoperation with Firewalls and
IDS
20.07.2006
7
II VPN technologies
  • IPSec
  • is a standard for securing Internet Protocol (IP)
    communications by encrypting and/or
    authenticating all IP packets
  • IPsec provides security at the network layer
  • it can be used for protecting both TCP and
    UDP-based protocols
  • It provides as Security capabilities
  • Encrypting traffic
  • Integrity validation
  • Authenticating the Peers
  • Anti-Replay

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
8
II VPN technologies
  • SSL/TLS
  • SSL runs on layers beneath application protocols
    and above the TCP or UDP transport protocol.
  • SSL can be used to tunnel an entire network stack
    to create a VPN, using TUN and TAP.
  • TUN and TAP are virtual network kernel drivers
    they simulate network devices using software
  • TUN simulates a point-to-point network device,
    while TAP simulates an Ethernet device.
  • Although it is often called a "SSL VPN" by VPN
    vendors, it is not really a fully-fledged VPN.

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
9
III Firewall technologies
  • Network layer firewalls
  • work as a packet filter by deciding what packets
    will pass the firewall according to rules
    defined.
  • Filtering rules can act on the basis of source
    and destination address and on ports, in addition
    to whatever higher-level network protocols the
    packet contains.
  • operate very fast, and transparently to users.
  • can be either stateful or non-stateful

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
10
III Firewall technologies
  • Application layer firewall
  • Generally it is a host using various forms of
    proxy servers
  • it may inspect the contents of the traffic,
    blocking what the firewall administrator views as
    inappropriate content
  • An application layer firewall does not route
    traffic on the network layer.
  • All traffic stops at the firewall which may
    initiate its own connections if the traffic
    satisfies the rules.

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
11
III Firewall technologies
  • Application firewall
  • limits the access which software applications
    have to the operating system services
  • Can control outbound as inbound access based on
    the applications currently allowed
  • Can be easly turned of by any malicious
    application that has control of the operating
    system

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
12
III Firewall technologies
  • NAT/PAT
  • Hosts behind a NAT-enabled middleware do not have
    true end-to-end connectivity
  • Services that require the initiation of TCP
    connections from the outside network, or
    stateless protocols such as those using UDP, can
    be disrupted
  • NAT, involves re-writing the source and/or
    destination addresses of IP packets
  • PAT allows one single IP address to be used for
    multiple inside hosts.
  • Both the source and destination for every IP
    packet contain an IP address and a port, the port
    tells the receiving midleware, how to process
    the packet.

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
13
VPN Termination interoperation with Firewalls and
IDS
20.07.2006
14
V Conclusions
  • In every technology problem, there are no
    ideal solutions.
  • For each particular situation, theres an
    optimal approach that when carefully deployed
    reaches a comfortable behavior.

VPN Termination interoperation with Firewalls and
IDS
20.07.2006
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "VPN Termination Interoperation with Firewalls and IDS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!