BN305 - Virtual Private Networks: SSL/TLS VPN Technologies Analysis

Verified

Added on 2022/11/14

AI Summary

Networking
IT Networking Designing
Virtual Private Networks
SSL / TLS VPN Technologies
Student Name –
Student ID –

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Contents
Introduction..................................................................................................................................................................1
Objective:......................................................................................................................................................................1
Authentication and Access Control...............................................................................................................................1
Confidentiality and Integrity.........................................................................................................................................1
Anti-Replay................................................................................................................................................................... 2
Conclusion.................................................................................................................................................................... 2
References....................................................................................................................................................................2

Introduction
We have done literature review on important VPN technologies and issues. We have explained the significance of
VPN for contemporary organisations and discussed the role of VPN to support the security of businesses.
Objective:
We study the processes and the security technologies being used when we access any website (which uses HTTPS)
online via a web browser. The Internet is a public network and every single message we exchange with the server
can potentially be intercepted by attackers. We need to analyse in detail what technologies and techniques are
used to prevent attackers from modifying the communication between us and the web server and what keeps our
passwords and other details safe.
Significance of VPN for contemporary organisations ( Comparison of SSL/VPN and IPSEC/VPN )
IPSEC is a protocol that helps in securing internet protocol communications by authenticating and encrypting each
IP packet of a communication carried whereas SSL are cryptographic protocols which are designed to provide
communication security over the internet. IP layer protocol resides in the 3 layer and SSL in the 7 layer. IPSEC
enables the sending and receiving of cryptographically protected packet of any kind ( TCP, UDP, ICMP) without any
modification. SSL mostly utilized to protect http transactions and has been used for other purposes like IMAP and
pop.
Role of VPN to support the security of businesses
A VPN is a secure tunnel for online browsing. The technology helps you establish a secure and encrypted
connection over the internet between your device and the server. It masks your device's identity and encrypts data
that your PC or mobile phone pushes out onto the internet. Companies that employ a site-to-site VPN can benefit
from enhanced collaboration without worrying about the security of their data. Security – The main reason why
businesses choose to adopt virtual private networks. Having encrypted data, particularly if it is of a sensitive
nature, is vitally important.

Advantages of SSL / VPN over IPSEC / VPN
SSL / VPN is better as compared to IPSEC / VPN. If we move the VPN endpoints from a special hardware appliance
to a virtual environment, it is feasible as well as an easy solution if we do not want high traffic throughput. [1]. VPN
can help in protecting a private network by using encryption and other techniques to make sure that only genuine
user can access the data [2]. We can implement VPN by using Open VPN in a LAN and then create a double privacy
layer. For this purpose, we can use the specific protocol SSL / TLS [3]. The VPN apps can expose the users to very
serious privacy and security issues [4]. SSL technique helps to give authentication to the client as well as the server
and also provides the confidentiality and integrity of the data [5].
Authentication and Access Control
How the browser ensures that it is communicating to the right server (screenshots)?
TCP / IP is used for communication by the servers and the web browsers. Above TCP / IP we have Hypertext
Transfer Protocol (HTTP) which is an application protocol which is a standard. It supports the requests of the web
browser and the response of the server. DNS also helps the web browser to use URLs. A web browser uses a web
server to get the information and internet network helps to get that information. It this information matches, then
we are communicating to the right server.
How SSL and TLS provide authentication?
SSL as well as the TLS are protocols used for cryptography. They give authentication as well as data encryption
between the 2 servers, machines as well as the applications which operate on a given network. SSL comes before
the TLS. For authenticating the server, the client will use the server public key for the encryption of the data which
is used to find the secret key. The server has the capability to create the secret key. It can do so if it is capable of
decrypting the given data with the right private key. To authenticate a client, the public key is used by the server
( mentioned in certificate of the client) for decryption of the data sent by the client. Once the authentication is
done, it means that all messages have been exchanged. In case the authentication step gets failed, then the
handshake fails and the session is ended.
Digital signatures (working and role in authentication process, screenshot from web browser)
A digital signature is a useful tool which is used for providing the validation of the authentic and integral data,
information, software or any kind of document. Some countries like U. S. have made the digital signature legal. If a

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

document has to be sent online then if we want to authenticate that it is valid, then it can be signed digitally by a
person. Every person has a unique digital signature and it secures the document sent online. It helps in
authenticating any document digitally. It verifies the content of any document which is transferred electronically.
The documents can be government documents, mark sheets of students or any other official document.
Certificate verification Process
When we start to set up an HTTPS connection, the Certificate Authority (CA) certificates are verified by the
certificate verification process. The domain name and/or ip address of the web server are written in the certificate.
How the server makes sure that it is communicating to the right client (methods)
For example - If we are using MIT Moodle, how the server will verify that it’s actually me.
A web server sends a copy of the SSL certificate to the browser or the server . Then the browser will check if it
trusts the provided SSL certificate or not. In case it trusts the cerrtificate, it will send a message to the web server.
The web server will send a digitally signed acknowledgement in order to begin an SSL encrypted session.
Centralized access control for a variety of organizational resources and how SSL/VPN help in this.
If an encrypted tunnel is established across the internet, then the remote access VPN can give an access which is
secure to the corporate’s resources. This will help to enhance the security and productivity and also reduce cost
associated.
Network access control for SSL/VPN
Network access control for SSL/VPN helps the administrator to control if the user is able to login to an SSL VPN.
This depends on many factors like Anti-Virus software, Operating System, Java version, etc.
Confidentiality and Integrity
How the confidentiality and integrity is achieved in SSL communication?
Cryptography is a technique which is used to provide secrecy or confidentiality for the data. Let us assume that our
channel of transmission has been hacked and some data leakage occurs. In such a case, if the data is encrypted,
then it cannot be used by a hacker until he knows the decryption key and our data remains secure. If the hacker
knows the decryption key, then he can retrieve the data but it is not an easy task to get the decryption key.

How server & client agree on one cipher suit?
If a server and a client communicate, then in order to exchange the messages, they have to use cipher suites. Both
of them must agree on a cipher suite to exchange the information. If no agreement is made on the cipher suite,
then the connection cannot be established between the client and the server.
Role of symmetric encryption and hash algorithms in SSL communication ( Screenshots from our browser
showing symmetric encryption and hash details)
The symmetric encryption is also called pre – shared key encryption. It uses 1 key only for the encryption as well as
the decryption process for the data. The only 1 key that is available, is used at both the sender end and the receiver
end. The key size is 128 bits or 256 bits. If a key has a bigger length, then it is more safe.
VPN client software options
The VPN client software options include the following : NordVPN, L2TP/IPSec, PPTP, IKEv2/IPSec and SSTP. The last
4 options do not require external software and they can configure the Windows to VPN software for the client. But
the first option uses a software.
VPN client OS support
The VPN client OS support can be provided by the following : Windows 7 (32-bit and 64-bit), Windows Vista (32-
bit and 64-bit), Windows XP (32-bit), Linux Intel (2.6.x kernel), Mac OS X 10.5 and 10.6.
Support for simultaneous users at VPN
If we have simulataneous users at VPN, we can provide support using the following : CyberGhost, NordVPN,
PrivateVPN, IPVanish, PrivateInternetAccess.
Anti-Replay
How the anti-replay attacks are mitigated in SSL communication?

In SSL and TLS communication, the login sessions are secured such that the person who is trying to hack has to do
an additional step. He has to decrypt the data as well. This is very tough and can help in eliminating the hacking.
Otherwise, the hacker will use the packet sniffer and extract the information like username and password etc. in
case of login of a bank or any other site.
How to protect our organization against SSL attacks?
We can protect our organisation against SSL attacks by using an SSL test which is good one. It will test the
certificates that are installed, the support for the protocol, the key exchange and the strength of cipher. It will help
to test the configuration of SSL and it will also provide prescription to enhance the security and to prevent any kind
of attacks.
Conclusion
Hence, the various parts have been successfully studied.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
[1] Lacković, Dario, and Mladen Tomić. "Performance analysis of virtualized VPN endpoints." 2017 40th
International Convention on Information and Communication Technology, Electronics and Microelectronics
(MIPRO). IEEE, 2017.
[2] Jyothi, K. Karuna, and B. Indira Reddy. "Study on Virtual Private Network (VPN), VPN’s Protocols And Security."
(2018).
[3] Setapa, Sharipah, Samer Sami Hasan, and Husam Ali Abdulmohsin. "The Impact of Operating System on
Bandwidth in Open VPN Technology." Baghdad Science Journal 13.1 (2016): 204-211.
[4] Ikram, Muhammad, et al. "An analysis of the privacy and security risks of android vpn permission-enabled
apps." Proceedings of the 2016 Internet Measurement Conference. ACM, 2016.
[5] Negi, Vivek, et al. "Network security in embedded system using TLS." International Journal of Security and Its
Applications 10.2 (2016): 375-384.