BN305 – T2 2019 Virtual Private Networks Assignment 1
VerifiedAdded on 2025/07/21
|17
|3346
|218
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
BN305 – T2 2019 VIRTUAL PRIVATE
NETWORKS
ASSIGNMENT 1 – SSL/TLS VPN
TECHNOLOGIES
Student Name:
Student ID:
Date of Submission:
NETWORKS
ASSIGNMENT 1 – SSL/TLS VPN
TECHNOLOGIES
Student Name:
Student ID:
Date of Submission:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
A) Literature Review..................................................................................................................3
1. Significance of VPN for contemporary organisations......................................................3
2. Cisco Adaptive Security Appliances and support to IPsec and IKE..................................4
3. role of VPN in supporting the security of businesses........................................................5
4. AnyConnect........................................................................................................................6
B) Authentication and Access Control.......................................................................................7
1. Browser surety of communicating to the right server........................................................7
2. Digital Signatures and Authentication...............................................................................7
3. Server surety to right client................................................................................................8
C) Confidentiality and Integrity...............................................................................................10
1. Confidentiality and Integrity in SSL Communication.....................................................10
2. Role of symmetric encryption algorithm and hash algorithm..........................................10
3. VPN client Software........................................................................................................12
D) Anti -Replay........................................................................................................................13
1. Anti-replay attacks are Mitigated in SSL communication.............................................13
2. Protection against SSL attacks.........................................................................................13
E) Remote Access to Database Server.....................................................................................14
1. To access the content of database server of the organization.........................................14
2. Attacks on the database servers........................................................................................14
List of figures:
Figure 1: Change of HTTP to HTTPS.......................................................................................7
Figure 2: Verification certificate................................................................................................8
Figure 3: Details on certificate...................................................................................................9
Figure 4: Symmetric encryption...............................................................................................10
Figure 5:Browser to server connection....................................................................................11
Figure 6: Handshaking process................................................................................................11
Figure 7: Role of hash algorithm.............................................................................................12
A) Literature Review..................................................................................................................3
1. Significance of VPN for contemporary organisations......................................................3
2. Cisco Adaptive Security Appliances and support to IPsec and IKE..................................4
3. role of VPN in supporting the security of businesses........................................................5
4. AnyConnect........................................................................................................................6
B) Authentication and Access Control.......................................................................................7
1. Browser surety of communicating to the right server........................................................7
2. Digital Signatures and Authentication...............................................................................7
3. Server surety to right client................................................................................................8
C) Confidentiality and Integrity...............................................................................................10
1. Confidentiality and Integrity in SSL Communication.....................................................10
2. Role of symmetric encryption algorithm and hash algorithm..........................................10
3. VPN client Software........................................................................................................12
D) Anti -Replay........................................................................................................................13
1. Anti-replay attacks are Mitigated in SSL communication.............................................13
2. Protection against SSL attacks.........................................................................................13
E) Remote Access to Database Server.....................................................................................14
1. To access the content of database server of the organization.........................................14
2. Attacks on the database servers........................................................................................14
List of figures:
Figure 1: Change of HTTP to HTTPS.......................................................................................7
Figure 2: Verification certificate................................................................................................8
Figure 3: Details on certificate...................................................................................................9
Figure 4: Symmetric encryption...............................................................................................10
Figure 5:Browser to server connection....................................................................................11
Figure 6: Handshaking process................................................................................................11
Figure 7: Role of hash algorithm.............................................................................................12
Introduction
The assignment implemented here is for the learning of the basics of the VPN i.e. Virtual
Private Network and its implementation. The main objective that will be attained through this
assignment is the issues and implementation strategies of the VPN. The report will display
how the security measures are implemented in the VPN and also what/how the encryption is
implemented.
The assignment implemented here is for the learning of the basics of the VPN i.e. Virtual
Private Network and its implementation. The main objective that will be attained through this
assignment is the issues and implementation strategies of the VPN. The report will display
how the security measures are implemented in the VPN and also what/how the encryption is
implemented.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
A) Literature Review
1. Significance of VPN for contemporary organisations
For a Wide Area Network (WAN), the public network is being used by virtual private
network, thus reducing the need for network cables which were required for one single
network. This is basically used for the geographically dispersed nodes to make a proper
connection. The VPN shares the network which is provides with every user , thus making it
look like a private network. Several uses of VPN are being identified which includes the
importance of VPN for securing the communications taking place between computers. Also,
the concerns related to organizations and also to address the employees. There are certain
encryption protocols which are being used for the implementation of VPN[1]. They are listed
as:
Symmetric-key encryption- Here the same key is being used for both encryption and
decryption of a message and also being shared by all the users.
Public-key encryption- Here each and every computer or user is being assigned a public-
private key pair. Here one of the key i.e. the private key is being used for the encryption
of the message while the other i.e. public key being used for decryption of the message.
The computer at each end of the tunnel will encrypt the data when it enters the tunnel
while the decryption takes place when it is at other end of the tunnel.
Point-to-Point Protocol (PPP)- Uses authentication scheme, supports 40-bit and 128-bit
encryption, also supports the IPSec and is made available for site-to-site VPNs [1].
The comparison between IPSec/VPN and SSL/VPN
IPSec/VPN
It can be defined as the certain set of rules or the protocols which are used so to establish a
VPN connection. The IPSec which is being implemented at IP layer monitors, secures and
will allow the access to the network remotely. One of the major concern is that it fails to
restricts the users to a segment of a network[2].
It comes in two types: - Tunnel Mode and Transport Mode
Tunnel Mode
In tunnel mode the entire packet that is outgoing is encrypted by the wrapping of the old
packet with a new packet header along with a ESP Trailer. An AH is being used for
authentication purpose. It is usually implemented on firewall or on a router port thus acting as
a proxy[2].
Transport Mode
In transport mode, unlike the tunnel mode the IP payload is being encrypted along with
sending a ESP Trailer. The transport mode is being implemented for the end-to-end
communication, but the IP header remains as it is while sending it to other device[2].
1. Significance of VPN for contemporary organisations
For a Wide Area Network (WAN), the public network is being used by virtual private
network, thus reducing the need for network cables which were required for one single
network. This is basically used for the geographically dispersed nodes to make a proper
connection. The VPN shares the network which is provides with every user , thus making it
look like a private network. Several uses of VPN are being identified which includes the
importance of VPN for securing the communications taking place between computers. Also,
the concerns related to organizations and also to address the employees. There are certain
encryption protocols which are being used for the implementation of VPN[1]. They are listed
as:
Symmetric-key encryption- Here the same key is being used for both encryption and
decryption of a message and also being shared by all the users.
Public-key encryption- Here each and every computer or user is being assigned a public-
private key pair. Here one of the key i.e. the private key is being used for the encryption
of the message while the other i.e. public key being used for decryption of the message.
The computer at each end of the tunnel will encrypt the data when it enters the tunnel
while the decryption takes place when it is at other end of the tunnel.
Point-to-Point Protocol (PPP)- Uses authentication scheme, supports 40-bit and 128-bit
encryption, also supports the IPSec and is made available for site-to-site VPNs [1].
The comparison between IPSec/VPN and SSL/VPN
IPSec/VPN
It can be defined as the certain set of rules or the protocols which are used so to establish a
VPN connection. The IPSec which is being implemented at IP layer monitors, secures and
will allow the access to the network remotely. One of the major concern is that it fails to
restricts the users to a segment of a network[2].
It comes in two types: - Tunnel Mode and Transport Mode
Tunnel Mode
In tunnel mode the entire packet that is outgoing is encrypted by the wrapping of the old
packet with a new packet header along with a ESP Trailer. An AH is being used for
authentication purpose. It is usually implemented on firewall or on a router port thus acting as
a proxy[2].
Transport Mode
In transport mode, unlike the tunnel mode the IP payload is being encrypted along with
sending a ESP Trailer. The transport mode is being implemented for the end-to-end
communication, but the IP header remains as it is while sending it to other device[2].
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SSL/VPN
Secure Socket Layer, the second most commonly used VPN protocol after IPSec/VPN. Also,
it allows the segmented access i.e. only the limited users will be allowed to access and check
the email and shared drives instead of having shared internet access[2]. SSL comes in two
types:- SSL Portal and SSL Tunnel
SSL Portal
This permits the user to have a secure access to a web browser only once and the user logs in
using VPN online portal which provides the users with a specific method of authorization.
The SSL Portal provides the user only single web page to have an access thus by acting as a
single gateway for the other available services having a secured network[2].
SSL Tunnel
This provides more functionality when compared to the SSL Portal, as the user here can also
use the application along with the network services not being based on the web and to also
access the web more securely[2].
2. Cisco Adaptive Security Appliances and support to IPsec and IKE
Cisco Adaptive Security Appliances supporting IKE
The Internet Security Association and Key Management Protocol (ISAKMP) also known as
Internet Key Exchange, which allow the host on building a security association(SA).
Basically, the IKE is a negotiation protocol where it comprises of two phases i.e. a security
association negotiating phase and establishing SAs for IKE for the other applications [6]. To
define a IKE proposal that will be supported by Cisco , certain policies:-
Assigning Priorities
To protect data and for ensuring privacy, implementing a encryption method
An integrity Algorithm i.e. HMAC (Hashed Message Authentication Codes) so to ensure
the atheneite of the sender.
A PRF (pseudo-random function) for deriving key material
Providing the time limit
To ensure peers identity provision of authentication method
Diffie -Hellman Group for the protection of the shared keys.
Cisco Adaptive Security Appliances supporting IPSec
One of the most secured method that is being implemented for the appliances of the cisco is
the IPsec Protocol. It provides the robust security which is mostly based on the standard
solutions. The incoming and outgoing traffic is being secured by the use of the certain set of
security protocols along with the algorithms. Here in IPsec the data is being transmitted
through a public network which is having tunnels. It has transform sets[6]. The certain
policies are being supported by the cisco appliances:-
Secure Socket Layer, the second most commonly used VPN protocol after IPSec/VPN. Also,
it allows the segmented access i.e. only the limited users will be allowed to access and check
the email and shared drives instead of having shared internet access[2]. SSL comes in two
types:- SSL Portal and SSL Tunnel
SSL Portal
This permits the user to have a secure access to a web browser only once and the user logs in
using VPN online portal which provides the users with a specific method of authorization.
The SSL Portal provides the user only single web page to have an access thus by acting as a
single gateway for the other available services having a secured network[2].
SSL Tunnel
This provides more functionality when compared to the SSL Portal, as the user here can also
use the application along with the network services not being based on the web and to also
access the web more securely[2].
2. Cisco Adaptive Security Appliances and support to IPsec and IKE
Cisco Adaptive Security Appliances supporting IKE
The Internet Security Association and Key Management Protocol (ISAKMP) also known as
Internet Key Exchange, which allow the host on building a security association(SA).
Basically, the IKE is a negotiation protocol where it comprises of two phases i.e. a security
association negotiating phase and establishing SAs for IKE for the other applications [6]. To
define a IKE proposal that will be supported by Cisco , certain policies:-
Assigning Priorities
To protect data and for ensuring privacy, implementing a encryption method
An integrity Algorithm i.e. HMAC (Hashed Message Authentication Codes) so to ensure
the atheneite of the sender.
A PRF (pseudo-random function) for deriving key material
Providing the time limit
To ensure peers identity provision of authentication method
Diffie -Hellman Group for the protection of the shared keys.
Cisco Adaptive Security Appliances supporting IPSec
One of the most secured method that is being implemented for the appliances of the cisco is
the IPsec Protocol. It provides the robust security which is mostly based on the standard
solutions. The incoming and outgoing traffic is being secured by the use of the certain set of
security protocols along with the algorithms. Here in IPsec the data is being transmitted
through a public network which is having tunnels. It has transform sets[6]. The certain
policies are being supported by the cisco appliances:-
Site-to-Site Protocol
Selection of a difficult VPN topology.
To provide the encryption and authentication the use of ESP (Encapsulating Security
Protocol)
For the anti -replay services along with providing Authentication Header(AH)
NAT Settings
Establishment of IPsec security associations , creating routers for dynamic crypto maps.
3. role of VPN in supporting the security of businesses
Role of VPN in supporting security of the business
VPN mostly works similarly when compared to firewall, thus by protecting the data
and information of the computer, when we are online[10].
It reduces the cyberattacks or any other threats or vulnerabilities that may pose a
great danger to the data[10].
The productivity is encouraged where the employees of the organization are being
made aware of the internet vulnerabilities [10].
Also the VPN makes the client to feel safe and secure, as they can rely on VPN
which soothe the worries of the clients or the customers [10].
VPN provides the efficient migration facility so that one can replace the real or
personal IP address with the VPN Which is being setup somewhere in the other part
of the world [10].
Apart form all this they are very cost efficient with a higher security [10].
Advantages of SSL
Standard web browsers with a remote interface
TLS (Transport Layer Security) secured connection between remote and internal
networks
Ease to end users
Addresses security issues
Certain security Mitigation mechanisms
Clientless VPN
Modern Web browser
Cost savings
Outbound Connection Security
Split tunnelling
Advantages of IPsec
Independencies on applications
Simplified IKE protocol
Better Compatibility
Confidentiality
Network Layer Security
Encryption
More flexibility
Enhances IP Security
Selection of a difficult VPN topology.
To provide the encryption and authentication the use of ESP (Encapsulating Security
Protocol)
For the anti -replay services along with providing Authentication Header(AH)
NAT Settings
Establishment of IPsec security associations , creating routers for dynamic crypto maps.
3. role of VPN in supporting the security of businesses
Role of VPN in supporting security of the business
VPN mostly works similarly when compared to firewall, thus by protecting the data
and information of the computer, when we are online[10].
It reduces the cyberattacks or any other threats or vulnerabilities that may pose a
great danger to the data[10].
The productivity is encouraged where the employees of the organization are being
made aware of the internet vulnerabilities [10].
Also the VPN makes the client to feel safe and secure, as they can rely on VPN
which soothe the worries of the clients or the customers [10].
VPN provides the efficient migration facility so that one can replace the real or
personal IP address with the VPN Which is being setup somewhere in the other part
of the world [10].
Apart form all this they are very cost efficient with a higher security [10].
Advantages of SSL
Standard web browsers with a remote interface
TLS (Transport Layer Security) secured connection between remote and internal
networks
Ease to end users
Addresses security issues
Certain security Mitigation mechanisms
Clientless VPN
Modern Web browser
Cost savings
Outbound Connection Security
Split tunnelling
Advantages of IPsec
Independencies on applications
Simplified IKE protocol
Better Compatibility
Confidentiality
Network Layer Security
Encryption
More flexibility
Enhances IP Security
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
4. AnyConnect
AnyConnect on any mobile devices are similar to the AnyConnect which are on the
windows, Mac and also on the Linux Platforms[6]. The security provided by AnyConnect on
the mobile devices:-
Supporting the multiple connections manually
Secured gateway by a fully qualified domain name or IP address
Designed System-tunnelling mode
Block untrusted servers
Enable a Strict certificate
Per App VPN mode
Generate a VPN Connection Entry
Cryptography on mobile devices
Additional guidelines and limitations
Posture Device ID Generation
AnyConnect on any mobile devices are similar to the AnyConnect which are on the
windows, Mac and also on the Linux Platforms[6]. The security provided by AnyConnect on
the mobile devices:-
Supporting the multiple connections manually
Secured gateway by a fully qualified domain name or IP address
Designed System-tunnelling mode
Block untrusted servers
Enable a Strict certificate
Per App VPN mode
Generate a VPN Connection Entry
Cryptography on mobile devices
Additional guidelines and limitations
Posture Device ID Generation
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
B) Authentication and Access Control
1. Browser surety of communicating to the right server
When HTTPs is being displayed a proper authentication of server can be done where the
browser ensures that it is communicating to the right server. Also the IP address is looked
upon and the domain name server is the most important thing which has to be looked
upon[4].
Figure 1: Change of HTTP to HTTPS
The TLS/SSL provides authentication by the use of the public key which is being assigned to
the server which is used to encrypt the given data and also when the decryption of the data
has to be done the private key is being used. Henceforth, a secret key is being generated by
the server which is valid only when the private key generation is successful by the server.
The exchange of the digital certificate is done which ensures the authentication of the client
and the server[4].
2. Digital Signatures and Authentication
The digital signatures are like the fingerprints which are in electronic form. Also it can be
defined as a mathematical technique which is highly recommended for the integrity purpose
and the authentication purpose. Also known as asymmetric key algorithm where the
individual who has created a digital signature encrypts the data using private key and in order
to decrypt the data the signer’s public key is to be used so to ensure the authentication
between the sender and the receiver. This is how we can authenticate the digital signature by
the use of authentication the cryptographic keys[4].
During verification of certification
The certificated which is being given should be issued by a trusted Certificate
Authority(CA)
It should have a fully qualified domain or a host name i.e. in the HTTPs request
having URL The name issued to should be matched.
It must be a current certificate with having a valid date range.
1. Browser surety of communicating to the right server
When HTTPs is being displayed a proper authentication of server can be done where the
browser ensures that it is communicating to the right server. Also the IP address is looked
upon and the domain name server is the most important thing which has to be looked
upon[4].
Figure 1: Change of HTTP to HTTPS
The TLS/SSL provides authentication by the use of the public key which is being assigned to
the server which is used to encrypt the given data and also when the decryption of the data
has to be done the private key is being used. Henceforth, a secret key is being generated by
the server which is valid only when the private key generation is successful by the server.
The exchange of the digital certificate is done which ensures the authentication of the client
and the server[4].
2. Digital Signatures and Authentication
The digital signatures are like the fingerprints which are in electronic form. Also it can be
defined as a mathematical technique which is highly recommended for the integrity purpose
and the authentication purpose. Also known as asymmetric key algorithm where the
individual who has created a digital signature encrypts the data using private key and in order
to decrypt the data the signer’s public key is to be used so to ensure the authentication
between the sender and the receiver. This is how we can authenticate the digital signature by
the use of authentication the cryptographic keys[4].
During verification of certification
The certificated which is being given should be issued by a trusted Certificate
Authority(CA)
It should have a fully qualified domain or a host name i.e. in the HTTPs request
having URL The name issued to should be matched.
It must be a current certificate with having a valid date range.
It must not be on revocation list.
Every certificate must be in the trust chain.
Figure 2: Verification certificate
3. Server surety to right client
verifying communicating between client and the server
The first step is to ensure that it connected to remote machine and the packets are coming in
and going out.
Next is to verify the destination port and to see that the port is blocked or unblocked.
VPN connection should be checked
The clients and the agents appearing offline or maybe they are disconnected should perform
troubleshooting steps.
The scanning of the engines should be performed.
Also check for HTTPs and digital signature.
Verify that windows firewall allows the port.
Every certificate must be in the trust chain.
Figure 2: Verification certificate
3. Server surety to right client
verifying communicating between client and the server
The first step is to ensure that it connected to remote machine and the packets are coming in
and going out.
Next is to verify the destination port and to see that the port is blocked or unblocked.
VPN connection should be checked
The clients and the agents appearing offline or maybe they are disconnected should perform
troubleshooting steps.
The scanning of the engines should be performed.
Also check for HTTPs and digital signature.
Verify that windows firewall allows the port.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Figure 3: Details on certificate
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
C) Confidentiality and Integrity
1. Confidentiality and Integrity in SSL Communication
Confidentiality
When authentication for any server is being performed, the server’s public key is being used
by the client hence to encrypt the data and after the encryption of the data it is then being
computed using a secret key. For the decryption of the data the server has to use a private key
after that only the secret key generation is made possible. The client certificate is being used
for the authentication purpose and the exchange of digital certificates takes place. If the
confidentiality gets succeed the handshake can be done and the session is not terminated. The
server and client both agree on the encryption algorithm having asymmetric key pair[5].
Integrity
Here a secured hashing algorithm is being implemented where the hash is generated and
encrypted. The message digest hash is calculated for each and every input string and then it is
matched for the manipulation of the data if done. Sha-512 is most used hashing algorithm in
the organizations so that one can have a well-maintained secured communication using SSL
[5].
Client and Server agree on the Cipher Suit
One of the cryptographic algorithms which is often used by SSL or TLs connection.
Key exchange along with authentication algorithm for the handshaking of the file
To encipher the data a highly secured encryption algorithm
To generate a message digest hash, they agree upon message authentication code
(MAC).
2. Role of symmetric encryption algorithm and hash algorithm
Role of symmetric encryption algorithm
By the use of the symmetric encryption algorithm it becomes very easy to establish an
encrypted link between the client and the server. Also it provides only a single key for the
both encryption purpose as well as decryption purpose. And the client and the server needs to
have same key so that they can have a reliable communication which is highly secured[5].
Figure 4: Symmetric encryption
1. Confidentiality and Integrity in SSL Communication
Confidentiality
When authentication for any server is being performed, the server’s public key is being used
by the client hence to encrypt the data and after the encryption of the data it is then being
computed using a secret key. For the decryption of the data the server has to use a private key
after that only the secret key generation is made possible. The client certificate is being used
for the authentication purpose and the exchange of digital certificates takes place. If the
confidentiality gets succeed the handshake can be done and the session is not terminated. The
server and client both agree on the encryption algorithm having asymmetric key pair[5].
Integrity
Here a secured hashing algorithm is being implemented where the hash is generated and
encrypted. The message digest hash is calculated for each and every input string and then it is
matched for the manipulation of the data if done. Sha-512 is most used hashing algorithm in
the organizations so that one can have a well-maintained secured communication using SSL
[5].
Client and Server agree on the Cipher Suit
One of the cryptographic algorithms which is often used by SSL or TLs connection.
Key exchange along with authentication algorithm for the handshaking of the file
To encipher the data a highly secured encryption algorithm
To generate a message digest hash, they agree upon message authentication code
(MAC).
2. Role of symmetric encryption algorithm and hash algorithm
Role of symmetric encryption algorithm
By the use of the symmetric encryption algorithm it becomes very easy to establish an
encrypted link between the client and the server. Also it provides only a single key for the
both encryption purpose as well as decryption purpose. And the client and the server needs to
have same key so that they can have a reliable communication which is highly secured[5].
Figure 4: Symmetric encryption
Figure 5:Browser to server connection
Steps to perform the handshaking process:-
Server send asymmetric public copy to the browser.
Browsers starts a session key which is encrypted into asymmetric public key and back
to server.
Decryption technique is used to convert the symmetric key into the session key
(decrypt).
Information is transmit at both end in decrypted form.
Figure 6: Handshaking process
Steps to perform the handshaking process:-
Server send asymmetric public copy to the browser.
Browsers starts a session key which is encrypted into asymmetric public key and back
to server.
Decryption technique is used to convert the symmetric key into the session key
(decrypt).
Information is transmit at both end in decrypted form.
Figure 6: Handshaking process
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.