Virtual Private Networks: Authentication and Data Security

Verified

Added on 2025/06/27

AI Summary

Desklib provides solved assignments and past papers to help students succeed.

BN305
Virtual Private Network
Student name:
Student id:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Introduction......................................................................................................................................3
A. Literature Review.......................................................................................................................4
1...................................................................................................................................................4
2...................................................................................................................................................5
3...................................................................................................................................................5
4...................................................................................................................................................6
B. Authentication and Access Control.............................................................................................7
1...................................................................................................................................................7
2...................................................................................................................................................9
3.................................................................................................................................................11
C Confidentiality and Integrity......................................................................................................12
1.................................................................................................................................................12
2.................................................................................................................................................12
3.................................................................................................................................................14
D. Anti-replay Attacks...................................................................................................................16
1.................................................................................................................................................16
2.................................................................................................................................................16
E. Remote Access to database server............................................................................................17
1.................................................................................................................................................17
2.................................................................................................................................................17
Conclusion.....................................................................................................................................18
References:....................................................................................................................................19
1

List of Figures
Figure 1: Client-based and clientless SSL.......................................................................................6
Figure 2: Secure connection............................................................................................................8
Figure 3: Certificate information.....................................................................................................9
Figure 4: Certificate details...........................................................................................................11
Figure 5: Authentication certificate...............................................................................................12
Figure 6: Encrypt-decrypt..............................................................................................................13
Figure 7: SHA 256.........................................................................................................................15
2

Introduction
Encrypted and safe connection over the network which is less secure is done through VPN
easily. This mechanism uses the public infrastructure which is shared in nature. During this
process, the privacy is maintained in a proper manner. Tunneling process is the most common
procedure for this thing.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

A. Literature Review
1.
VPN: -VPN means Virtual Private Network, is a private network which creates a tunnel over
public network. It also helps to enable clients to share data with each other over a secure
network(virtually).VPN creates a tunnel between user ends to share data.
Every organization wants their information should remain confidential. VPN helps these
organization by providing: -
 Security: - Every Organization main goal is to protect their information and VPN helps it
completely by encrypting the information while traveling from source to destination.
 Cost: Security is although important concern for origination maintaining it in budget is also
important. VPN s very economical because it uses existing public network to transmit data
but separately.
 Mobility: VPN also helps to share the company resources or documents with their
employees remotely. It helps their staff to access their resources either from the home or
from other offices [1].
Encryption is a cryptographic technically which is used to convert plain text into an unreadable
text format so it can be protected from attackers.
VPN uses various encryption protocol to secure their data as follows:
 Internet Protocol Security or IPSec: IPsec protocol is designed by IETF to provide a
security measure for authentication, to maintain integrity and confidentiality. Encapsulation
methodology is used by IPSec to encapsulation IP packets while transferring it from one end
to another and vice-versa on another end.
 SSL/TLS or Secure Socket Layer/Transport Layer Security: This provides additional
security layer to the VPN connection. While requesting remote access by the user, SSL/TLS
helps to build an encrypted layer for the client [2].
SSL vs IPSec
Table 1: SSL v/s IPsec
SSL IPSec
4

SSL provides encryption at the transport layer SSL provides encryption at network layer
Used to connect apps and services Used to connect a remote user
Basically used to provide file-sharing or
internet-based application.
Basically used to provide support to IP based
application [3].
2.
Figure 1: Client-based and clientless SSL
 CISCO ASA 5500 series uses a combination of Iceland IPsec feature for VPN to provide
high performance and to make network scalable.
 With the help of IPsec and IKE, CISCO ASA 5500 series provides flexibility for the
deployment of the network. It expands the remote accessibility of VPN on the basis of
session.
3.
Role of VPN is business:
 VPN minimize the threat from an attacker: - VPN uses private network which makes the
employees away from the public network, which minimize the risk to the company from
attacks.
5

 VPN provide security assurance to the client: Since the entire data is encrypted over VPN,
the client feels secure that their data is secure on private network.
 Cost-Effective: One question arises is cost, VPN is cost worthy as it starts nearly from 15 to
20 $ per month and is easily affordable for the big companies [4].
Advantage of SSL over IPsec
 Security: - To make IPsec connection, it requires a pre-shared key. This key should be
present on both the client and server end. This increases the chances for the attackers to
capture the key while transmitting from one end to another. Whereas SSL doesn’t require any
pre-shared key transmission, it uses a handshake process to exchange keys.
 Bypassing Firewalls: Since IPSec doesn’t have any specific port to transmit a data packet,
there are more chances that the NAT firewall doesn’t allow to work. IN SSL, it works on
UDP port 4500 and since its mention in the firewall, it allows the packet to transmit.
 Bandwidth and Reliability- Ipse takes a longer time to establish the connection whereas SSL
is fast as it uses UDP connection to make connection.
4.
The rapid proliferation of mobile devices increases on a daily basis, investigate how Cisco Any
Connect is designed to secure the connections from these mobile devices.
Cisco any connect is cisco proprietary endpoint security agent which is used to protect the
enterprise with the help of multiple services.
It secures the mobile the connection in following way:
 It uses CISCO Identity Engine (ISE) which helps by preventing the accessibly of network
from non-compliant users.
 It also gives Multi-Factor Authentication Access (MFA) which is a secure remote login with
verified identities of user.
 The special feature it provides name as Cisco Umbrella Roaming which continuously
provides protection when VPN is turned OFF [4].
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

B. Authentication and Access Control
1.
When browsing any URL, each server generates a related digital certificate of the website and
this certificate is visible in the URL. To ensure the certificate go the certificate in URL if the
issued name matches with the website then it means it communicates with right server [5]. For
example https://www.facebook.com.
Figure 2: Secure connection
7

Figure 3: Certificate information
When we install an SSL certificate, it tries to connect itself with the web browser. Web Browser
triggers the SSL and TLS protocol to encrypt the information which needs to transfer between
server and the browser. Authentication Steps:
1. SSL handshake process starts.
8

2. Transferring certificate to the user with a NONCE number including details about encryption
method.
3. User’s check the validity of the certificate.
4. Then using Message Authentication Code or MAC, authentication between server and user is
authenticated.
2.
Ans Digital signature is a technique that used a mathematical approach to check the authenticity
and CIA triad of any information or message etc. It gives assurance of identity and where the
certificate is origin. Digital Signature used asymmetric cryptography which is a kind of public-
key cryptography. PKA uses RSA a kind of encryption algorithm which creates different keys
which are linked with each other. These keys are one public key and one private key.
These keys are sent from one end to another from where the message is originated and the other
is destination address. A public key is accessible to all and the private key is transmitted to the
destination address where the client wants to send [7].
9

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Figure 4: Certificate details
Verification of Certificate:
Steps are:
1. It should be issued by Certificate Trusted authority.
2. Should have the fully qualified domain name with appropriate https request URLs.
3. Should have valid Issued to the expiry date.
4. Should have a trust chain.
10

3.
To authenticate the client by the server, the server uses client authentication certificate which is
exchange during SSL handshake. The client certificate gives information about the user who is
trying to access the server. Client Authentication has same process like server Authentication,
the only difference is remote access need certificate to access any client which is used to verify
the real identity of user [6].
Figure 5: Authentication certificate
11