Virtual Private Networks
Virtual Private Networks
COEN 150: Computer Security
May 17, 2004
Ryan Becker
Chris Borowski
Table of Contents
Abstract
Introduction
VPN Terminology
Security Flaws and Issues
Technical Requirements
Past, Present and Future of VPNs
References
Abstract
As telecommuting and international partnerships increase in use as tools of the business world, sharing resources in a quick and secure fashion becomes a critical concept. Virtual Private Networking (VPN) has become an important way to facilitate the exchange of information. VPN’s offer quick, reliable, private, and secure ways for business to take place. Whether it is business to business, office to office, or employee to office, VPN’s provide seamless connections that emulate having all your resources in the cubicle right next to you. But with new technologies arises new challenges. Without adequate security measures, a secure VPN can easily turn into a gaping hole in network firewall. For this reason discussion of different protocols and services and their tradeoffs occurs. Some network administrators prefer Microsoft’s PPTP while others see this as outdated and choose the newer but more complicated IPSec. A personal interview with a co-founder of the internet discusses the importance of security on the internet today.
Introduction
Computer security has been a concern since the early days of the internet. The internet has evolved into a community of its own. Businesses have come to depend on it for interacting with customers and providing services. The internet has become so prominent in society that some companies would not exist if it weren’t for the exponential growth that the internet has experienced. Additionally, it has helped to foster growth among businesses worldwide and enabled corporations to emerge from the conventional brick and mortar buildings in which they have traditionally dwelled. Much of this growth has resulted directly from the ease and speed at which information can travel. Moving as small packets of ‘1s’ and ‘0s’, information is exchanged amongst corporate partners, clients and business groups. If the saying “time is money” has any truth, than the efficiency in which data can be exchanged is very important. More significantly, the security of data in transmission is vital to the integrity of business ideas, designs and financial success.It has become critically important to secure networks from unwanted intruders. One method of doing this is to utilize Virtual Private Networks, or VPNs.
There are many uses for VPNs. They provide people with the ability to work remotely. VPNsinterconnect offices from across cities, states, and international boundaries. They have empowered companies to confidently send private information across the insecure internet. Traditionally companies have used ‘leased lines’ to connect offices. Similar to a bridge, the longer the line, the higher the maintenance costs associated with keeping it intact. As the internet has grown, these bridges have grown longer requiring greater costs for infrastructure. Thus, VPNs have transferred from leased lines to secure connections traveling over public wires. This has helped companies to bring down costs while allowing them to expand their business. Overall, VPN technology is changing the way companies do business. This paper explores the secure aspects of VPN connections.
VPN Terminology
There are three primary types of VPNs in use today: trusted VPNs, secure VPNs and hybrid VPNs. Trusted VPNs are when a company leases a direct line from one office to another that is designated specifically to that company and their business partner. The line provider is responsible for maintaining security of the leased line since they are managing it. This type of VPN is called a ‘trusted’ VPN because it assumes that the line owner is maintaining the integrity and security of the leased line. This particular type is becoming less common because of the costs associated with having a dedicated line, and the distances that these lines have to extend. Furthermore, a lot of international communication is routed through satellites which by definition can not function as a dedicated line without encryption due to their wide area broadcast of information while data is in transit.
Because trusted VPNs offer no real security, vendors have created encrypted protocols to secure information. This type of VPN is considered tunneling because the attacker can see the traffic crossing the communication lines but can not read or change the traffic without being detected.
A newer type of VPN called a hybrid is a combination of a leased line and encryption mechanism. This adds a second layer of security to the communication of information because it holds both the supplier of the leased line and the company responsible for securing the traffic. Secure VPNs assure privacy and integrity of information but do not assure the path that the information takes from one point to another. Alternatively, trusted VPNs assure only the path and not the integrity of the information.
A simple analogy can explain the differences between trusted, secure, and hybrid VPN’s. Consider the entire internet an ocean. Every company’s local area network (LAN) is like an island. Information is sent across the internet openly like when one travels on a ferry. You have no control over who else is on the ferry, and who is spying on you as you travel. Therefore everyone can see where you are traveling. Obviously companies need to communicate securely to other branches and partners without others spying on their interchanges. Bridges were invented as direct connections between any two islands. Ferry passengers going under the bridge cannot see the cars on the bridge and can only use the bridge if they are a part of the two companies or branches. These bridges can be considered trust VPN’s. There is implicit security on the bridge because it is assumed that nobody can get on the bridge that doesn’t belong there. Therefore you are trustingthe connection from one island to another is secure.
There are multiple problems with this system. From a security standpoint trusted VPN’s only provide privacy and integrity through lack of access. Once a hacker finds his/her way onto the bridge, the security between the two islands is breached. Another blatant issue is cost. Every new branch and partnership requires a new bridge. Just like the mathematical handshake problem there must be n(n-1)/2 bridges whenever ‘n’ is the number of company branches. Building this many bridges and maintaining becomes extremely costly.
The solution to this problem is secure VPN’s. Imagine that a secure VPN is like a submarine. All information travels on these quick little subs and is invisible to the ferry passengers above. Each sub is relatively inexpensive once the infrastructure for their moorage is created on every island. The subs are considered to be tunneling underneath the rest of the traffic. Every time a new branch or partnership is added, a sub-base must be created for the one new island. This requires considerable fewer costs then creating a new bridge to every other existing island. The downfalls of this system are that eventually someone will find a way to break the locks on the submarines. Because of software vulnerabilities, secure VPN’s must use an arsenal of protocols and keeps the subs locked tight and traveling safely.
The third type is hybrid VPN’s. They use the existing infrastructure for transportation and add additional security. Going back to the ocean analogy, hybrid VPN’s are when companies use existing bridges but use armored transports instead of traditionally insecure cars. This ensures that once the hackers get on the bridge, he/she would still have to break through the encryption protocols that protect the data.
Tunneling is the backbone of secure VPN’s. This technique although all insecure LAN traffic normally inside a company’s firewall, to travel many miles away. Since the protocols that data travels by inside LAN’s are not made for the open internet, a new protocol must wrap around the original. Tunneling yields three separate protocols in every packet:
- Carrier protocol - The outside protocol used by the VPN routers to communicate over the internet (PPP)
- Encapsulating protocol - The protocol that is wrapped around the original data and protects it from prying eyes (GRE, IPSec, PPTP, L2TP)
- Passenger protocol–This is the original protocol in which the packet was being sent across the LAN (IPX, NetBeui, IP)
When two LAN’s are bridged together in this manner, the user seamlessly uses resources in the opposite LAN just as if it is connected to the same hub when in reality it could be anywhere in the world. A user decides that he wants to connect to a Windows file share to get the latest TPS report. Normally he would just type \\192.168.1.100 and the share would open. If the user is now trying this from home, he quickly realizes that this IP address is a private IP incapable of fairing the sea that is the internet. Using VPN the user can get the TPS report by only using this private IP. The VPN software and hardware know to encrypt each packet with the encapsulating protocol. The packet can then be sent using a standard internet protocol that will route it correctly to the destination.
Security Flaws and Issues
Every VPN implementation depends on the encapsulation protocol to protect the packet inside from the outside world. This means the network administrators and vendors must choose a specific scheme to follow to safeguard privacy and integrity of information. Each scheme has its own tradeoffs.
Microsoft uses the PPTP proprietary protocol in its VPN implementation. Because of its integration with Windows, it is the easy choice for a VPN solution. Critics agree however, that PPTP is flawed and too easily breakable. Quite often vulnerabilities are discovered that reduce the perceptions of security in this protocol. Outside security companies find buffer overflow issues and other bugs in the code that could result in denial of service attacks or even complete intrusion into the network. Microsoft answered the recurring complaints with a newer protocol called Layer 2 tunneling protocol or L2TP. Both protocols are now bundled with Windows.
L2TP relies on PPP implementing the TCP/IP. This only leaves one job; the data must be encrypted before it travels. Therefore an encryption scheme must be chosen. Some L2TP implementations use SSHv1 and SShv2 however both encryption protocols have known flaws. SSHv1 can be prone to the “man in the middle” attack and SSHv2 is prone to traffic analysis attacks. Regardless of these vulnerabilities, L2TP using either of these two schemes is still more secure than PPTP.
The most popular solution at this time is IPSec. IPSec consists of three main steps:
- Internet Key Exchange (IKE) occurs to transfer encryption/decryption keys to both sides of the VPN.
- The Authentication Handler (AH) verifies that both sides of the VPN are who they say they are.
- The Encapsulating Security Payload (ESP) will encode the packets using the vendor’s choice of encryption scheme.
There are many different implementations of IPSec and here in lies the biggest issue. Because of vague protocol definitions, there are incompatibilities across different vendors. Additionally, IPSec is more complicated and has more administrative overhead. Certain commercial implementations avoid this but IPSec is still considered to be one of the most secure VPN schemes.
Even with all these different protocols running around, something additional is required. IPSec makes an attempt to verify the location and identity of its users but AAA servers can be added on as well. VPN’s give access to users around the world to all of a company’s important information and resources. VPN’s are basically tunnels that go straight through company firewalls. Needless to say this can be quite a security risk if used incorrectly. Company networks are often compared to food like breads; they are hard and crunchy on the exterior, but are soft and mushy on the inside. AAA servers can be put in place to take care of three issues including authentication, authorization, and accounting. Every time a user dials in from foreign lands or from down the block, verification of identity must be made. Therefore the AAA first authenticates the user. Once the identity is certified, authorization must occur. This checks to see what the specific user is allowed to access. The third step is accounting. Once access is granted, what the user actually does is logged. If the user starts accessing resources that he/she should not be, the AAA will log the attempts and will even try to prevent them. The AAA server therefore becomes a very important tool when used with VPN’s to help protect data integrity and privacy.
Technical Requirements
There are a number of technical requirements that must be in place for a VPN to be considered secure. A VPN must be both encrypted and utilize authentication. Additionally, the security protocol must be agreed upon by both parties in terms of the type of encryption used during transfer. Finally, to be truly secure, no one outside the VPN should be able to affect the security settings of the VPN.
A Trusted VPN has a somewhat different requirement specification. Only the trusted VPN provider can modify or create a path within the VPN. Secondly, the trusted VPN provider is the only one who can change, inject or delete data on a line in the VPN. Finally, when the VPN is created, all routing, addressing and switching tables must be established for the line.
Hybrid VPN requirements specify that address boundaries must be laid out in advance and be extremely “clear”. The VPN administrator should be able to specify whether or not traffic between two addresses is part of the established secure VPN.
Past, Present and Future of VPNs
As co-founder of ARPANET (now Internet) Doug Engelbart, has seen the development in importance of computer security. In a personal interview conducted with Doug, inventor of the computer “mouse”, word processor and Graphical User Interface, he addressed some of the following topics. Engelbart was the ‘second’ person to plug into ARPANET when it was first established. At this time, there was no need to secure the traffic over the lines connecting the two computers because there was no concept of a virus or hacker at that time. So, when asked if he had every thought of encrypting the transmission, of course the answer was no. On a larger scale however, Engelbart sees the importance of encrypting data being sent through public wires. “At the time, we were just excited to get more people on board with the project. We wanted to see how large we could make this thing [ARPANET] grow” said Engelbart.
Today however, Engelbart sees the importance of having secured lines of communication. When asked about current VPN technology he replied that “VPN’s are a great way for companies or individuals to securely communicate.” He discussed issues such as trust, authentication and secured lines in relation to VPN networks.
Eighty year-old Engelbart also touched on future directions of the Internet. When asked “Where do you see the internet going in the next 20 years?” he jokingly responded “I can’t say for sure but I sure plan on sticking around to find out!” In general, he foresaw an increased need for securing communication between two parties and guaranteeing that the data was encrypted during the course of its transmission.
References
Computer Hall of Fame. 16 May 2004
Englebert, Doug. Personal Interview. May 17, 2004.
Fougere, Jay, “VPNs, 101”
Web Pro News, 15 May, 2004
Lemos, Robert, “VPN flaw puts internal networks at risk”, September 26, 2002
ZDNet Security News, 16 May, 2004
Tyson, Jeff, “How Stuff Works”,15 May 2004
“VPN Technologies” January 2004
VPN Consortium, 15 May 2004,