| Home Prev |  cOS Core 14.00.17 Administration Guide
|
Next |
|---|
The Internet is increasingly used as a means to connect together computers since it offers efficient and inexpensive communication. The requirement therefore exists for data to traverse the Internet to its intended recipient without another party being able to read or alter it.
It is equally important that the recipient can verify that no one is falsifying data, in other words, pretending to be someone else. Virtual Private Networks (VPNs) meet this need, providing a highly cost effective means of establishing secure links between two co-operating computers so that data can be exchanged in a secure manner.
VPN allows the setting up of a tunnel between two devices known as tunnel endpoints. All data flowing through the tunnel is then secure. The mechanism that provides tunnel security is encryption.
There are two common scenarios where VPN is used:
LAN-to-LAN connection - Where two internal networks need to be connected together over the Internet. In this case, each network is protected by an individual Clavister firewall and the VPN tunnel is set up between them.
Client to LAN connection - Where many remote clients need to connect to an internal network over the Internet. In this case, the internal network is protected by the firewall to which the client connects and the VPN tunnel is set up between them.
Encryption of VPN traffic is done using the science of cryptography. Cryptography is an umbrella expression for encoding techniques that can offer the following:
VPNs are normally only concerned with confidentiality and authentication. Non-repudiation is normally not handled at the network level but rather is usually done at a higher, transaction level.
An attacker targeting a VPN connection will typically not attempt to crack the VPN encryption since this requires enormous effort. They will, instead, see VPN traffic as an indication that there is something worth targeting at the other end of the connection. Typically, mobile clients and branch offices are far more attractive targets than the main corporate network. Once inside those, getting to the corporate network then becomes easier.
In designing a VPN there are many issues that need to be addressed, some of which are not always obvious. These include:
Protecting mobile and home computers.
Restricting access through the VPN to needed services only, since mobile computers are vulnerable.
Creating DMZs for services that need to be shared with other companies through VPNs.
Adapting VPN access policies for different groups of users.
Creating key distribution policies.
Endpoint Security
A common misconception is that VPN-connections are equivalents to the internal network from a security standpoint and that they can be connected directly to it with no further precautions. It is important to remember that although the VPN-connection itself may be secure, the total level of security is only as high as the security of the tunnel endpoints.It is becoming increasingly common for users on the move to connect directly to their company's network via VPN from their laptops or tablets. However, the client equipment itself is often not protected. In other words, an intruder can gain access to the protected network through an unprotected laptop and already-opened VPN connections.
Placement in a DMZ
A VPN connection should never be regarded as an integral part of a protected network. The VPN firewall should instead be located in a special DMZ or outside the firewall dedicated to this task. By doing this, the administrator can restrict which services can be accessed via the VPN and ensure that these services are well protected against intruders.In instances where the firewall features an integrated VPN feature, it is usually possible to dictate the types of communication permitted and cOS Core VPN has this feature.
Key distribution schemes are best planned in advance. Issues that need to be addressed include:How will keys be distributed? Email is not a good solution. Phone conversations might be secure enough.
How many different keys should be used? One key per user? One per group of users? One per LAN-to-LAN connection? One key for all users and one key for all LAN-to-LAN connections? It is probably better using more keys than is necessary today since it will be easier to adjust access per user (group) in the future.
Should the keys be changed? If they are changed, how often? In cases where keys are shared by multiple users, consider using overlapping schemes, so that the old keys work for a short period of time when new keys have been issued.
What happens when an employee in possession of a key leaves the company? If several users are using the same key, it should be changed.
In cases where the key is not directly programmed into a network unit, such as a VPN firewall, how should the key be stored? On a memory stick? As a passphrase to memorize? If it is a physical token, how should it be handled?
