NET-240 (NetAcad Chapter 18)

5. Which choices provide for the Confidentiality function in the IPsec framework? (Choose three.)

3DES AES SEAL

Remote-Access VPN

A remote-access VPN is dynamically created to establish a secure connection between a client and a VPN terminating device. For example, a remote access SSL VPN is used when you check your banking information online. Internet Client initiates VPN connection VPN Gateway

Site-to-Site VPN

A site-to-site VPN is created when VPN terminating devices, also called VPN gateways, are preconfigured with information to establish a secure tunnel. VPN traffic is only encrypted between these devices. Internal hosts have no knowledge that a VPN is being used. Internet Client has no knowledge of VPN VPN Gateway VPN Gateway

3. Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality?

AH

4. Which choices are packet encapslation options suported by IPsec? (Choose two.)

AH ESP

18.4.2 Authentication Header

AH achieves authenticity by applying a keyed one-way hash function to the packet to create a hash or message digest. The hash is combined with the text and is transmitted in plaintext, as shown in in the figure. The receiver detects changes in any part of the packet that occur during transit by performing the same one-way hash function on the received packet and comparing the result to the value of the message digest that the sender supplied. Authenticity is assured because the one-way hash also employs a shared secret key between the two systems. The AH function is applied to the entire packet, except for any IP header fields that normally change in transit. Fields that normally change during transit are called mutable fields. For example, the Time to Live (TTL) field is considered mutable because routers modify this field. The AH process occurs in this order: 1. The IP header and data payload are hashed using the shared secret key. R1R2 All data in plaintextChoicesSHAMD5RSAPSKDH2DH1DH..DH5IntegrityDiffie-HellmanAuthentication 2. The hash builds a new AH header, which is inserted into the original packet, as shown in the figure below. R1 IP HDRAHDataIP Header + Data + KeyHashAuthentication Data(00ABCDEF)Internet 3. The new packet is transmitted to the IPsec peer router. 4. The peer router hashes the IP header and data payload using the shared secret key, extracts the transmitted hash from the AH header, and compares the two hashes, as shown in the figure below. R2= IP HeaderAHDataIP Header + Data + KeyRecomputed Hash(00ABCDEF)Received Hash(00ABCDEF)HashInternet The hashes must match exactly. If one bit is changed in the transmitted packet, the hash output on the received packet changes and the AH header will not match. AH supports MD5 and SHA algorithms. AH may not work if the environment uses NAT.

2. Which IPsec function uses pre-shared passwords, digital certificates, or RSA certificates?

Authentication

18.3.9 Check Your Understanding - IPsec

Check your understanding of IPsec by choosing the correct answer to the following questions.

18.2.5 Check Your Understanding - Compare Remote-Access and Site-to-Site VPNs

Check your understanding of VPN characteristics by choosing the correct answer to the following questions.

18.4.6 Check Your Understanding - Compare AH and ESP

Check your understanding of the differences between AH and ESP by choosing whether the following statements are true or false.

18.3.3 IPsec Protocol Encapsulation

Choosing the IPsec protocol encapsulation is the first building block of the framework. IPsec encapsulates packets using Authentication Header (AH) or Encapsulation Security Protocol (ESP). The choice of AH or ESP establishes which other building blocks are available. IPsec FrameworkIPsec ProtocolConfidentialityIntegrityAuthenticationDiffie-HellmanChoicesAHESPESP + AHDES3DESAESSEALMD5SHARSAPSKDH1DH2DH5DH... AH is appropriate only when confidentiality is not required or permitted. It provides data authentication and integrity, but it does not provide data confidentiality (encryption). All text is transported unencrypted. ESP provides both confidentiality and authentication. It provides confidentiality by performing encryption on the IP packet. ESP provides authentication for the inner IP packet and ESP header. Authentication provides data origin authentication and data integrity. Although both encryption and authentication are optional in ESP, at a minimum, one of them must be selected.

4. What can be used as a VPN gateway when setting up a site-to-site VPN?

Cisco router

18.3.4 Confidentiality

Confidentiality is achieved by encrypting the data, as shown in the figure. The degree of confidentiality depends on the encryption algorithm and the length of the key used in the encryption algorithm. If someone tries to hack the key through a brute-force attack, the number of possibilities to try is a function of the length of the key. The time to process all the possibilities is a function of the computer power of the attacking device. The shorter the key, the easier it is to break. A 64-bit key can take approximately one year to break with a relatively sophisticated computer. A 128-bit key with the same machine can take roughly 10 (19) or 10 quintillion years to decrypt. ++ GailJeremyPay to Jeremy $100One Hundred DollarsEncryption AlgorithmDecryption AlgorithmPay to Jeremy $100One Hundred Dollars4ehiDx67NMop9eRU781OPotVBn45TRInternet4ehiDx67NMop9eRU781OPotVBn45TRHmmm... I cannot read a thing.Threat Actor The encryption algorithms highlighted in the figure are all symmetric key cryptosystems. IPsec FrameworkIPsec ProtocolConfidentialityIntegrityAuthenticationDiffie-HellmanChoicesAHDES3DESAESSEALMD5SHAPSKRSADH1DH2DH5DH...Least SecureMost SecureKey length:56-bitsKey length:56-bits (3 times)Key lengths:128-bits192-bits256-bitsKey length:160-bits DES uses a 56-bit key and should be avoided. 3DES is a variant of the 56-bit DES. It uses three independent 56-bit encryption keys per 64-bit block, which provides significantly stronger encryption strength over DES. DES is computationally taxing and is no longer considered to be secure. AES is the most recommended symmetric encryption algorithm. It provides stronger security than DES and is computationally more efficient than 3DES. AES offers three different key lengths: 128 bits, 192 bits, and 256 bits. SEAL is a stream cipher, which means it encrypts data continuously rather than encrypting blocks of data. SEAL uses a 160-bit key and is considered to be very secure.

Site-to-site VPNs

Created when VPN gateways are preconfigured with information to establish a secure tunnel. VPN traffic is only encrypted between these devices. Internal hosts have no knowledge that a VPN is being used.

8. Which Diffie-Hellman group choices are no longer recommended?

DH groups 1, 2, and 5

18.3.5 Integrity

Data integrity means that the data that is received is exactly the same data that was sent. Potentially, data could be intercepted and modified. For example, in the figure, assume that a check for $100 is written to Alex. The check is then mailed to Alex, but it is intercepted by a threat actor. The threat actor changes the name on the check to Jeremy and the amount on the check to $1,000 and attempts to cash it. Depending on the quality of the forgery in the altered check, the attacker could be successful. Pay to Alex$100.00One Hundred and 00/100 Dollars4ehiDx67NMop9Starting HashPay to Jeremy$1000.00One Thousand and 00/100 Dollars12ehqPx67NMoXEnding HashDifferent Because VPN data is transported over the public internet, a method of proving data integrity is required to guarantee that the content has not been altered. A hashing algorithm guarantees the integrity of the message using a hash value. The figure highlights the two most common hashing algorithms. Note: Cisco now rates SHA-1 as legacy and recommends at least SHA-256 for integrity. The figure explains the different hashing algorithms and their key lengths. The different hashing algorithms are M D 5 and S H A. M D 5 is least secure of the two with 128 bit key length. S H A is more secure with 160 bit key length. IPsec FrameworkIPsec ProtocolConfidentialityIntegrityAuthenticationDiffie-HellmanChoicesAHAHAHAESSEALMD5SHADH1DH2DH5DH...Least SecureMost SecureKey length:128-bitsKey length:160-bits Message-Digest 5 (MD5) uses a 128-bit shared-secret key. The variable-length message and 128-bit shared secret key are combined and run through the HMAC-MD5 hash algorithm. The output is a 128-bit hash. MD5 is no longer secure should be avoided. The Secure Hash Algorithm (SHA) uses a 160-bit secret key. The variable-length message and the 160-bit shared secret key are combined and run through the HMAC-SHA-1 algorithm. The output is a 160-bit hash. SHA-256 or higher are considered to be secure.

18.4.5 Transport and Tunnel Modes

ESP and AH can be applied to IP packets in two different modes, transport mode and tunnel mode, as shown in the figure below. IP HDRESP HDRDataESP TrailerESPAuthenticationTransport ModeAuthenticatedEncryptedNew IP HDRESP HDRDataESP TrailerIP HDRESPAuthenticationEncryptedAuthenticatedTunnel Mode (On cards 55-56). Corporate OfficeHR ServersRemote OfficeInternetHome OfficeCorporate OfficeHR ServersInternet ESP tunnel mode is used between a host and a security gateway, or between two security gateways, as shown in the figure. For host-to-gateway applications, a home office might not have a router to perform the IPsec encapsulation and encryption. In this case, an IPsec client running on the PC performs the IPsec IP-in-IP encapsulation and encryption. For gateway-to-gateway applications, rather than load IPsec on all of the computers at the remote and corporate offices, it is easier to have the security gateways perform the IP-in-IP encryption and encapsulation. At the corporate office, the router de-encapsulates and decrypts the packet. The figure shows that A H transport mode provides authentication and integrity for the entire packet. It does not encrypt the data, but it is protected from modification. IP HDRAH HDRDataTransport ModeAuthenticatedNew IP HDRAH HDRDataIP HDRAuthenticatedTunnel Mode As shown in the figure, AH transport mode provides authentication and integrity for the entire packet. It does not encrypt the data, but it is protected from modification. AH tunnel mode encapsulates the IP packet with an AH and a new IP header, and signs the entire packet for integrity and authentication.

18.3.7 Secure Key Exchange with Diffie-Hellman

Encryption algorithms require a symmetric, shared secret key to perform encryption and decryption. How do the encrypting and decrypting devices get the shared secret key? The easiest key exchange method is to use a public key exchange method, such as Diffie-Hellman (DH), as shown in the figure. IPsec FrameworkIPsec ProtocolConfidentialityIntegrityAuthenticationDiffie-HellmanChoicesAHESPESP + AHDES3DESAESSEALMD5SHAPSKRSADH1DH2DH5DH...DH 14, 15, 16DH 19, 20, 21, 24Least SecureMost Secure DH provides a way for two peers to establish a shared secret key that only they know, even though they are communicating over an insecure channel. Variations of the DH key exchange are specified as DH groups: DH groups 1, 2, and 5 should no longer be used. These groups support a key size of 768 bits, 1024 bits, and 1536 bits, respectively. DH groups 14, 15, and 16 use larger key sizes with 2048 bits, 3072 bits, and 4096 bits, respectively, and are recommended for use until 2030. DH groups 19, 20, 21 and 24 with respective key sizes of 256 bits, 384 bits, 521 bits, and 2048 bits support Elliptical Curve Cryptography (ECC), which reduces the time needed to generate keys. DH group 24 is the preferred next generation encryption. The DH group you choose must be strong enough, or have enough bits, to protect the IPsec keys during negotiation. For example, if you choose AES 128-bit key, use group 14, 19, 20 or 24. However, if you choose AES-256 or higher, use the DH group 21 or 24.

Confidentiality

Encryption ensures confidentiality of the Layer 3 packet. Secure choices include Advanced Encryption Standard (AES) or Software-Optimized Encryption Algorithm (SEAL). Legacy algorithms that should avoided include Data Encryption Standard (DES) and Triple DES (3DES).

3. True or False: The IPsec framework must be updated each time a new standard is developed.

False

18.5.2 Phase 1 and 2 Key Negotiation

IKE uses ISAKMP for phase 1 and phase 2 of key negotiation. Phase 1 negotiates a security association (a key) between two IKE peers. The key negotiated in phase 1 enables IKE peers to communicate securely in phase 2. During phase 2 negotiation, IKE establishes keys (security associations) for other applications, such as IPsec. In Phase 1, two IPsec peers perform the initial negotiation of SAs. The basic purpose of Phase 1 is to negotiate ISAKMP policy, authenticate the peers, and set up a secure tunnel between the peers. This tunnel will then be used in Phase 2 to negotiate the IPsec policy, as shown in the figure. 321123 Negotiate ISAKMP policyNegotiate ISAKMP policyDH key exchangeVerify the peer identityVerify the peer identityDH key exchangePolicy 10AESSHAPSKDH14lifetimePolicy 15AESSHAPSKDH14lifetimePhase 1 - Negotiate ISAKMP policy to create a tunnel.Phase 2 - Negotiate IPsec policy for sending secure traffic across the tunnel.Negotiate IPsec policyNegotiate IPsec policy Note: The phrases IKE policy and ISAKMP policy are equivalent. The phrase ISAKMP policy is used in this course to better match the commands (crypto isakmp policy, show isakmp policy, etc.) as well as to clarify that the ISAKMP policy applies to the IKE Phase 1 tunnel. Phase 1 can be implemented in main mode or aggressive mode. When main mode is used, the identities of the two IKE peers are hidden. Aggressive mode takes less time than main mode to negotiate keys between peers. However, since the authentication hash is sent unencrypted before the tunnel is established, aggressive mode is vulnerable to brute-force attacks. Note: In Cisco IOS software, the default action for IKE authentication is to initiate main mode. However, Cisco IOS software will respond in aggressive mode to an IKE peer that initiates aggressive mode.

Encapsulation Security Protocol (ESP)

IP protocol 50 that provides authentication and encryption.

Authentication Header (AH)

IP protocol 51 that only provides authentication.

7. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

IPsec

Applications supported

IPsec Extensive - All IP-based applications are supported. SSL Limited - Only web-based applications and file sharing are supported.

Connection option

IPsec Limited - Only specific devices with specific configurations can connect. SSL Extensive - Any device with a web browser can connect.

Connection complexity

IPsec Medium - Because it requires a VPN client pre-installed on a host. SSL Low - It only requires a web browser on a host.

Encryption strength

IPsec Strong - Uses key lengths from 56 bits to 256 bits. SSL Moderate to strong - With key lengths from 40 bits to 256 bits.

Authentication strength

IPsec Strong - Uses two-way authentication with shared keys or digital certificates. SSL Moderate - Using one-way or two-way authentication.

18.3.2 IPsec Technologies

IPsec is an IETF standard (RFC 2401-2412) that defines how a VPN can be secured across IP networks. IPsec protects and authenticates IP packets between source and destination. IPsec can protect traffic from Layer 4 through Layer 7. Using the IPsec framework, IPsec provides these essential security functions: (On cards 26-29). IPsec is not bound to any specific rules for secure communications. This flexibility of the framework allows IPsec to easily integrate new security technologies without updating the existing IPsec standards. The currently available technologies are aligned to their specific security function. The open slots shown in the IPsec framework in the figure can be filled with any of the choices that are available for that IPsec function to create a unique security association (SA). IPsec FrameworkIPsec ProtocolConfidentialityIntegrityAuthenticationDiffie-HellmanChoicesAHESPESP + AHDES3DESAESSEALMD5SHAPSKRSADH1DH2DH5DH... The security functions are listed in the table. (30-34). The figure shows examples of SAs for two different implementations. An SA is the basic building block of IPsec. When establishing a VPN link, the peers must share the same SA to negotiate key exchange parameters, establish a shared key, authenticate each other, and negotiate the encryption parameters. Notice that SA Example 1 is using no encryption. IPsec Security Association Examples IPsec ProtocolConfidentialityIntegrityDiffie-HellmanAuthenticationAHMD5PSKDH16ESPAESSHARSADH24SA Example 1SA Example 2

Authentication

IPsec uses Internet Key Exchange (IKE) to authenticate users and devices that can carry out communication independently. IKE uses several types of authentication, including username and password, one-time password, biometrics, pre-shared keys (PSKs), and digital certificates using the Rivest, Shamir, and Adleman (RSA) algorithm.

Confidentiality

IPsec uses encryption algorithms to prevent cybercriminals from reading the packet contents.

Integrity

IPsec uses hashing algorithms to ensure that packets have not been altered between source and destination.

Diffie-Hellman

IPsec uses the DH algorithm to provide a public key exchange method for two peers to establish a shared secret key. There are several DH algorithm groups to choose from. However, do not use DH groups 1, 2 and 5 as they are no longer recommended. Instead, DH groups 14, 15, or 16 are considered secure and the Elliptic Curve DH groups 19, 20, 21, and 24 are considered to be the most secure.

Origin authentication

IPsec uses the Internet Key Exchange (IKE) protocol to authenticate source and destination. Methods of authentication include the use of pre-shared keys (passwords), digital certificates, or RSA certificates.

18.4.3 Encapsulation Security Protocol

If ESP is selected as the IPsec protocol, an encryption algorithm must also be selected. Cisco products support 3DES, AES, and SEAL. However, 3DES should be avoided. If 3DES must be implemented, then configure short key lifetimes. ESP can also provide integrity and authentication. First, the payload is encrypted. Next, the encrypted payload is sent through a hash algorithm, such as SHA-256 or higher. The hash provides authentication and data integrity for the data payload. Note that MD5 and SHA-1 should be avoided. Optionally, ESP can also enforce anti-replay protection. Anti-replay protection verifies that each packet is unique and is not duplicated. This protection ensures that a hacker cannot intercept packets and insert changed packets into the data stream. Anti-replay works by keeping track of packet sequence numbers and using a sliding window on the destination end. When a connection is established between a source and destination, their counters are initialized at zero. Each time a packet is sent, a sequence number is appended to the packet by the source. The destination uses the sliding window to determine which sequence numbers are expected. The destination verifies that the sequence number of the packet is not duplicated and is received in the correct order. For example, if the sliding window on the destination is set to one, the destination is expecting to receive the packet with the sequence number one. After it is received, the sliding window moves to two. When detection of a replayed packet occurs, such as the destination receiving a second packet with the sequence number of one, an error message is sent, the replayed packet is discarded, and the event is logged. Anti-replay is typically used in ESP, but it is also supported in AH. R1R2 ChoicesData payload is encryptedIntegrityAuthenticationDiffie-HellmanMD5SHAPSKRSADES3DESAESSEALDH1DH2DH5DH...Confidentiality

18.2.2 Remote-Access VPNs

In the previous topic you learned about the basics of a VPN. Here you will learn about the types of VPNs. VPNs have become the logical solution for remote-access connectivity for many reasons. As shown in the figure, remote-access VPNs let remote and mobile users securely connect to the enterprise by creating an encrypted tunnel. Remote users can securely replicate their enterprise security access including email and network applications. Remote-access VPNs also allow contractors and partners to have limited access to the specific servers, web pages, or files as required. This means that these users can contribute to business productivity without compromising network security. Remote-access VPNs are typically enabled dynamically by the user when required. Remote access VPNs can be created using either IPsec or SSL. As shown in the figure, a remote user must initiate a remote access VPN connection. The figure displays two ways that a remote user can initiate a remote access VPN connection: clientless VPN and client-based VPN. User Computer with Browser Cisco AnyConnect Secure Mobility Client Internet SSL VPN Tunnel Headquarters SSL VPN Workplace Resources Clientless VPN connection -The connection is secured using a web browser SSL connection. SSL is mostly used to protect HTTP traffic (HTTPS) and email protocols such as IMAP and POP3. For example, HTTPS is actually HTTP using an SSL tunnel. The SSL connection is first established, and then HTTP data is exchanged over the connection. Client-based VPN connection - VPN client software such as Cisco AnyConnect Secure Mobility Client must be installed on the remote user's end device. Users must initiate the VPN connection using the VPN client and then authenticate to the destination VPN gateway. When remote users are authenticated, they have access to corporate files and applications. The VPN client software encrypts the traffic using IPsec or SSL and forwards it over the internet to the destination VPN gateway.

IPsec Overview 18.3.1 Video - IPsec Concepts

In the previous topic you learned about types of VPNs. It is important to understand how IPsec works with a VPN. Click Play in the figure for a video about IPsec.

Transport Mode

In transport mode, security is provided only for the transport layer of the OSI model and above. Transport mode protects the payload of the packet but leaves the original IP address in plaintext. The original IP address is used to route the packet through the internet. ESP transport mode is used between hosts.

Integrity

Integrity ensures that data arrives unchanged at the destination by using a hash algorithm. Examples include Secure Hash Algorithm (SHA) and message-digest 5 (MD5). MD5 is insecure and should be avoided. There are several versions of SHA. SHA-1 is the original version and should be avoided. Instead, SHA-256 is recommended to protect sensitive information. SHA-384 and SHA-512 are required to protect classified information of higher importance.

9. Which statement describes a feature of site-to-site VPNs?

Internal hosts send normal, unencapsulated packets.

1. A network administrator is planning a VPN tunnel. Why would the engineer select main mode for IKE Phase 1?

It is more secure.

1. IPsec can protect traffic in which OSI layers? (Choose four.)

Layer 4 Layer 5 Layer 6 Layer 7

6. Which choices provide for the Integrity function in the IPsec framework? (Choose two.)

MD5 SHA

18.1.2 VPN Benefits

Modern VPNs now support encryption features, such as Internet Protocol Security (IPsec) and Secure Sockets Layer (SSL) to secure network traffic between sites. Major benefits of VPNs are shown in the table. (On cards 3-6).

7. Which choices are available for the Authentication function in the IPsec framework? (Choose two.)

PSK RSA

Diffie-Hellman

Secure key exchange typically using various groups of the DH algorithm.

18.2.4 Site-to-Site IPsec VPNs

Site-to-site VPNs are used to connect networks across another untrusted network such as the internet. In a site-to-site VPN, end hosts send and receive normal unencrypted TCP/IP traffic through a VPN-terminating device. The VPN-terminating device is typically called a VPN gateway. A VPN gateway device could be a router or a firewall, as shown in the figure. For example, the Cisco Adaptive Security Appliance (ASA) shown on the right side of the figure is a standalone firewall device that combines firewall, VPN concentrator, and intrusion prevention functionality into one software image. Internet IPsec Tunnel Client has no knowledge of VPN VPN Gateway VPN Gateway The VPN gateway encapsulates and encrypts outbound traffic. It then sends the traffic through a VPN tunnel over the internet to a VPN gateway at the target site. Upon receipt, the receiving VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network. Site-to-site VPNs are typically created and secured using IP security (IPsec).

Internet Key Exchange 18.5.1 The IKE Protocol

The Internet Key Exchange (IKE) protocol is a key management protocol standard. IKE is used in conjunction with the IPsec standard. As shown in the figure, IKE automatically negotiates IPsec security associations and enables IPsec secure communications. IKE enhances IPsec by adding features and simplifies configuration for the IPsec standard. Without IKE in place, IPsec configuration would be a complex, manual configuration process that would not scale well. IPsec ProtocolConfidentialityIntegrityDiffie-HellmanAuthenticationESPSHAPSKDH14ESPSHAPSKDH14AESAESLocal PeerRemote PeerIKE negotiates the SAs between peers. IKE is a hybrid protocol that implements key exchange protocols inside the Internet Security Association Key Management Protocol (ISAKMP) framework. ISAKMP (pronounced "Ice-a-camp") defines the message format, the mechanics of a key exchange protocol, and the negotiation process to build an SA for IPsec. Instead of transmitting keys directly across a network, IKE calculates shared keys based on the exchange of a series of data packets. This disables a third party from decrypting the keys even if the third party captured all of the exchanged data that was used to calculate the keys. IKE uses UDP port 500 to exchange IKE information between the security gateways. UDP port 500 packets must be permitted on any IP interface that is connecting a security gateway peer.

IPsec Protocol

The choices for IPsec Protocol include Authentication Header (AH) or Encapsulation Security Protocol (ESP). AH authenticates the Layer 3 packet. ESP encrypts the Layer 3 packet. Note: ESP+AH is rarely used as this combination will not successfully traverse a NAT device.

Client-based

The connection is secured using a client application such as the Cisco AnyConnect Secure Mobility Client on the host.

Clientless

The connection is secured using a web browser SSL connection. SSL uses the public key infrastructure and digital certificates to authenticate peers.

18.5.3 Phase 2: Negotiating SAs

The purpose of IKE Phase 2 is to negotiate the IPsec security parameters that will be used to secure the IPsec tunnel, as shown in the figure. IKE Phase 2 is called quick mode and can only occur after IKE has established a secure tunnel in Phase 1. SAs are negotiated by the IKE process ISAKMP on behalf of IPsec, which needs encryption keys for operation. Quick mode negotiates the IKE Phase 2 SAs. In this phase, the SAs that IPsec uses are unidirectional; therefore, a separate key exchange is required for each data flow. Quick mode also renegotiates a new IPsec SA when the IPsec SA lifetime expires. Basically, quick mode refreshes the keying material that creates the shared secret key. This is based on the keying material that is derived from the DH exchange in Phase 1. Quick Mode R1R210.0.1.3192.168.1.3 Host AHost BNegotiate IPsecSecurity Parameters IKE version 2, a next-generation key management protocol based on RFC 5996, is an enhancement of the IKE protocol. IKE version 2 supports NAT detection and NAT Traversal (NAT-T) during Phase 1. If both VPN devices are NAT-T capable, and if they detect that they are connecting to each other through a NAT device, NAT-T is auto detected and auto negotiated. NAT-T encapsulates ESP packets inside UDP and assigns both the Source and Destination ports as 4500. Now ESP packets can traverse NAT.

IPsec Protocols 18.4.1 IPsec Protocol Overview

The two main IPsec protocols are Authentication Header (AH) and Encapsulation Security Protocol (ESP). The IPsec protocol is the first building block of the framework. The choice of AH or ESP establishes which other building blocks are available. AH uses IP protocol 51 and is appropriate only when confidentiality is not required or permitted. It provides data authentication and integrity, but it does not provide data confidentiality (encryption). All text is transported unencrypted. ESP uses IP protocol 50 and provides both confidentiality and authentication. It provides confidentiality by performing encryption on the IP packet. ESP provides authentication for the inner IP packet and ESP header. Authentication provides data origin authentication and data integrity. Although both encryption and authentication are optional in ESP, at a minimum, one of them must be selected. IPsec FrameworkIPsec ProtocolConfidentialityIntegrityAuthenticationDiffie-HellmanChoicesAHESPESP + AHDES3DESAESSEALMD5SHARSAPSKDH1DH2DH5DH...

Remote access VPNs

These VPNs enable remote and mobile users to securely connect to the enterprise by creating an encrypted tunnel.

VPN Overview 18.1.1 Virtual Private Networks

To secure network traffic between sites and users, organizations use virtual private networks (VPNs) to create end-to-end private network connections. A VPN is virtual in that it carries information within a private network, but that information is actually transported over a public network. A VPN is private in that the traffic is encrypted to keep the data confidential while it is transported across the public network. The figure shows a collection of various types of VPNs managed by an enterprise's main site. The tunnel enables remote sites and users to access the main site's network resources securely. Business Partner with a Cisco RouterRegional Office with a Cisco ASA FirewallSOHO with a Cisco RouterMobile Worker with Cisco AnyConnectCorporateMain SiteCisco ASA FirewallInternet A Cisco Adaptive Security Appliance (ASA) firewall helps organizations provide secure, high performance connectivity including VPNs and always-on access for remote branches and mobile users. SOHO stands for small office home office where a VPN-enabled router can provide VPN connectivity back to the corporate main site. Cisco AnyConnect is software that remote workers can use to establish client-based VPN connection with the main site. The first types of VPNs were strictly IP tunnels that did not include authentication or encryption of the data. For example, Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco and which does not include encryption services. It is used to encapsulate IPv4 and IPv6 traffic inside an IP tunnel to create a virtual point-to-point link.

Tunnel Mode

Tunnel mode provides security for the complete original IP packet. The original IP packet is encrypted and then it is encapsulated in another IP packet. This is known as IP-in-IP encryption. The IP address on the outside IP packet is used to route the packet through the internet.

Integrity

Using Hashed Message Authentication Code (HMAC) hashing algorithms (i.e., SHA or MD5).

Authentication

Using a pre-shared secret or RSA.

Confidentiality

Using symmetric encryption protocols (i.e., AES, SEAL, 3DES, and DES).

VPNs Summary 18.6.1 What Did I Learn in this Module?

VPN Overview Organizations use virtual private networks (VPNs) to create end-to-end private network connections that are transported over a public network. A VPN is private in that the traffic is encrypted to keep the data confidential while it is transported across the public network. Modern VPNs now support encryption features, such as Internet Protocol Security (IPsec) and Secure Sockets Layer (SSL) to secure network traffic between sites. Benefits include: Cost savings Security Scalability Compatibility VPN Topologies There are two types of VPN topologies: (On cards 68-69). Remote access connections can be: (On cards 70-71). IPsec Overview IPsec is a framework used to define how a VPN connection will ensure confidentiality, integrity, and origin authentication. It is not bound to any specific protocols enabling it to integrate using new security technologies. When establishing a VPN link, the peers must share the same SA to negotiate key exchange parameters, establish a shared key, authenticate each other, and negotiate the encryption parameters. IPsec provides: (On cards 72-74). DH provides a way for two peers to establish a shared secret key that only they know, even though they are communicating over an insecure channel. IPsec Protocols The two main IPsec protocols are: (On cards 75-76). ESP and AH can be applied to IP packets using transport mode or tunnel mode. Internet Key Exchange The Internet Key Exchange (IKE) protocol is a key management protocol standard that is used to automatically negotiate IPsec security associations and enable IPsec secure communications. IKE uses UDP port 500 to exchange IKE information between the security gateways. IKE uses ISAKMP for phase 1 and phase 2 of key negotiation. Phase 1 negotiates a security association (a key) between two IKE peers. The key negotiated in phase 1 enables IKE peers to communicate securely in phase 2. During phase 2 negotiation, IKE establishes keys (security associations) for other applications, such as IPsec.

12. What is the purpose of IKE?

VPN key management

Scalability

VPNs allow organizations to use the internet, making it easy to add new users without adding significant infrastructure.

VPN Topologies 18.2.1 Site-to-Site and Remote-Access VPNs

VPNs are commonly deployed in one of the following configurations: site-to-site or remote-access. Click each VPN type for more information. (On cards 8-9).

Compatibility

VPNs can be implemented across a wide variety of WAN link options including all the popular broadband technologies. Remote workers can take advantage of these high-speed connections to gain secure access to their corporate networks.

Security

VPNs provide the highest level of security available, by using advanced encryption and authentication protocols that protect data from unauthorized access.

11. Which statement describes a VPN?

VPNs use virtual connections to create a private network through a public network.

18.2.3 SSL VPNs

When a client negotiates an SSL VPN connection with the VPN gateway, it actually connects using Transport Layer Security (TLS). TLS is the newer version of SSL and is sometimes expressed as SSL/TLS. However, both terms are often used interchangeably. SSL uses the public key infrastructure and digital certificates to authenticate peers. Both IPsec and SSL VPN technologies offer access to virtually any network application or resource. However, when security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL. The type of VPN method implemented is based on the access requirements of the users and the organization's IT processes. The table compares IPsec and SSL remote access deployments. (On cards 12-16). It is important to understand that IPsec and SSL VPNs are not mutually exclusive. Instead, they are complementary; both technologies solve different problems, and an organization may implement IPsec, SSL, or both, depending on the needs of its telecommuters.

18.4.4 ESP Encrypts and Authenticates

When both authentication and encryption are selected, encryption is performed first. One reason for this order of processing is that it facilitates rapid detection and rejection of replayed or bogus packets by the receiving device. Prior to decrypting the packet, the receiver can authenticate inbound packets. By doing this, it can quickly detect problems and potentially reduce the impact of DoS attacks. To reiterate, ESP provides confidentiality with encryption and provides integrity with authentication. Up to this point, the discussion of IPsec has focused on IPv4. However, IPsec was initially established to provide security for IPv6 packets. Therefore, the IPsec implementations for IPv4 and IPv6 are similar as far as the standards are concerned. In IPv4, AH and ESP are IP protocol headers. IPv6 uses the extension headers with a next-header value of 50 for ESP and 51 for AH. R1R2 IP HDRDataIP HDRDataNew IP HDRESP HDRDataESP TrailerIP HDRESPAuthenticationEncryptedAuthenticatedInternet

18.3.6 Authentication

When conducting business long distance, you must know who is at the other end of the phone, email, or fax. The same is true of VPN networks. The device on the other end of the VPN tunnel must be authenticated before the communication path is considered secure. The figure highlights the two peer authentication methods. IPsec FrameworkIPsec ProtocolConfidentialityIntegrityAuthenticationDiffie-HellmanChoicesAHESPESP + AHDES3DESAESSEALPSKRSADH1DH2DH5DH...Least SecureMost Secure A pre-shared secret key (PSK) value is entered into each peer manually. The PSK is combined with other information to form the authentication key. PSKs are easy to configure manually, but do not scale well, because each IPsec peer must be configured with the PSK of every other peer with which it communicates. Rivest, Shamir, and Adleman (RSA) authentication uses digital certificates to authenticate the peers. The local device derives a hash and encrypts it with its private key. The encrypted hash is attached to the message and is forwarded to the remote end and acts like a signature. At the remote end, the encrypted hash is decrypted using the public key of the local end. If the decrypted hash matches the recomputed hash, the signature is genuine. Each peer must authenticate its opposite peer before the tunnel is considered secure. The figure shows an example of PSK authentication. At the local device, the authentication key and the identity information are sent through a hash algorithm to form the hash for the local peer (Hash_L). One-way authentication is established by sending Hash_L to the remote device. If the remote device can independently create the same hash, the local device is authenticated. After the remote device authenticates the local device, the authentication process begins in the opposite direction, and all steps are repeated from the remote device to the local device. PSK Authentication ++ LocalAuth. KeyIDInformationHash AlgorithmAuthenticating Hash(Hash_L)InternetRemoteAuth. KeyIDInformationHash AlgorithmComputed Hash=Received Hash (Hash_L) The figure below shows an example of RSA authentication. At the local device, the authentication key and identity information are sent through the hash algorithm to form the hash for the local peer (Hash_L). Then the Hash_L is encrypted using the local device's private encryption key. This creates a digital signature. The digital signature and a digital certificate are forwarded to the remote device. The public encryption key for decrypting the signature is included in the digital certificate. The remote device verifies the digital signature by decrypting it using the public encryption key. The result is Hash_L. Next, the remote device independently creates Hash_L from stored information. If the calculated Hash_L equals the decrypted Hash_L, the local device is authenticated. After the remote device authenticates the local device, the authentication process begins in the opposite direction and all steps are repeated from the remote device to the local device. RSA Authentication +++= LocalAuth. KeyIDInformationHashHash_LPrivate KeyEncryption AlgorithmDigital CertificateDigital SignatureInternetRemoteAuth. KeyIDInformationHashDigital SignatureComputed HashDecryption AlgorithmDecrypted Hash_LPublic KeyDigital Certificate

Cost Savings

With the advent of cost-effective, high-bandwidth technologies, organizations can use VPNs to reduce their connectivity costs while simultaneously increasing remote connection bandwidth.

5. Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)

client-based IPsec VPN clientless SSL VPN

1. ESP provides data authentication and integrity.

false

4. AH provides confidentiality by performing encryption on the IP packet.

false

8. Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?

integrity

1. Which type of VPN supports dynamically changing connection information and can be enabled when needed?

remote

5. Which type of VPN is used when the telecommuter device is responsible for establishing the VPN?

remote

2. What are the two types of VPN connections? (Choose two.)

remote access site-to-site

6. Which type of VPN may require the Cisco VPN Client software?

remote access VPN

10. What is a type of VPN that is generally transparent to the end user?

site-to-site

2. Which type of VPN is used when the host sends and receives normal TCP/IP traffic through a VPN gateway?

site-to-site

3. Which type of VPN is used when both sides of the VPN connection are aware of the VPN configuration in advance?

site-to-site

4. Which type of VPN is used when internal hosts have no knowledge that a VPN exists?

site-to-site

2. ESP provides confidentiality and authentication.

true

3. AH does not provide data confidentiality (encryption).

true

5. ESP provides authentication for the inner IP packet and the ESP header.

true