Network and Security Patterns
Content
Network and Security Patterns Ajoy Kumar
Introduction • Network Layer Security is something which has become the of prime importance in designing any network system. • We look at the important layers of the network and try to identify the different Security Patterns associated with each layer. My work will be trying to fill the gaps at each layer where security patterns are missing or not well established.
VPN Security • We first look at the available patterns in the system. • And as the next step, we try to understand understand the VPN architecture and we try to develop a Security pattern for the VPN Architecture.
Network Architecture Security Objects
FireWall
I D S
VPN
Protocol
Application
XML FW
XML IDS
XML VPN
SAML
TCP
Proxy FW
TCP IDS
TLS/SSL VPN
TLS
IP
Packet FW
Packet IDS
IPSec VPN
IPSec
A U
S E
A U
I D
T H E N T I C
C R E C Y
T H O R I Z A
E N T I F I C
T I O N
A T I O N
A T I O N
Class Diagram for XML Firewall[Ne06]
Class Diagram for a Packet FW[Fe06] ExternalHost
1 requestService *
PFFirewall
* requestService1
address
LocalHost address
1 RuleBase addRule deleteRule modifyRule reorderRules
{ordered} * Rule in/out
ExplicitRule
DefaultRule
Class Diagram for Proxy FireWall[Fe03]
Class Diagram for IDS.[Fer05]
VPN Architecture • VPN make use of public network resources to connect to the private network of the enterprise. Within the VPN, the transmission is protected by security principles to assure confidentiality confidentiality of the user(s) and data integrity. So a “private” network is established in the public domain. Since this network exists in a logical sense, it has been termed as virtual private network network .
Features of a good VPN – Security – Reliability – Scalability – Network management – Policy management
Problem • In the company where I work we have a lot of remote employees who log in from different parts of the world such as St. Louis, USA or Israel. These developers log into a machine in Boca and work virtually from Boca. These connections are done using an VPN architecture. We need to develop the most safe architecture so that the work is done most efficiently and with the least threats to security. security.
Context • Local networks with applications being executed in distributed systems. Access to the network can be from the Internet or from other external networks using a VPN connection.
Forces • • •
• • •
There are many remote users trying to connect to the same network from different end points. A good VPN system must accommodate all these users. There may be different end users that may require different levels of security. We need to define appropriate policies for each of these VPN connections. The company has various employees joining and leaving the company. Hence the security policies need to be constantly modified. Hence the VPN configuration should be easily configurable. The number of users and applications may increase significantly; adding more users or applications should be done transparently and at proper cost. A VPN set up should avoid access to the corporate network network from all harmful external elements There are many ways to perform authentication. The VPN must support the different methods.
Pattern Diagram VPN
IPSec
TLS TCP
VPN
Authentication Authentication
IP VPN
Secrecy
XML VPN
Message Authentication Authenticat ion Secure
Authorization
Channel
PKI
RM
Class Diagram for a VPN End User
Secure Network
VPN Network
End User Auth Point
Secure Channel
Identity Base
Policy Base
Identity
Policy
Sequence Diagram for a VPN Authentication :End User
:VPN
rqstConn
:EndUserAut hPT
:IdentityBase
:Policy Base
rqstConn authenticate
authenticated checkAcces s accessAllowed
openSecConn Established
Established
:SecureCh
:SecureN/W
Solution • Whenever an end user tries to connect to a VPN, the network should ask for authorization. An user can access a network only if a specific policy authorizes it to do. • Policy enforcing includes authenticating the end user who is trying to connect to the network. • The VPN Tunnel created should maintain its confidentiality and data integrity.
Consequences • Advantages – Company can define the policies for VPN end users thus centralizing the policies and makes the administration better. – Since authorization is used, company can keep a log of end users connected in the present and in the past. – A secure tunnel guarantees data integrity and secrecy. Usually a PKI system of encryption is used for sending data over the tunnel. – As authentication of end users are performed, users can be held held responsible for their actions . – We can also incorporate RBAC based on the role of the end user. – Usually a Firewall complements a VPN setup..
Consequences (Contd…) (Contd…) • Liabilities – If the VPN is compromised, then the attacker gets full access to the internal network too. – VPN traffic is often invisible to IDS monitoring.If the IDS probe is outside the VPN server, as is often the case, then the IDS cannot see the traffic within the VPN tunnel because it is encrypted. Therefore if a hacker gains access to the VPN, he can attack the internal systems without being picked up by the IDS. – Whatever type of VPN we use, VPN is only as secure as the remote computer connected to it.
• Lia Liabi billiti ities (Con (Conttd…) …) – The pattern does not discuss the attack at the end points. – VPN Tunnel is only as strong as the cryptography that enables it.
Known Users • Citrix. Citrix provides a site to site VPN connection for remote users to log into the secure network as well as access applications on the company (secure) network.
Related Patterns • Patterns for Application Firewalls using PEP and PAP. – Nelly Delessy-Gassant, Eduardo B. Fernandez, Saeed Rajput,and Maria M. Larrondo Petrie
Future Work • Expand on the VPN Pattern and create separate patterns for IP, SSL and XML VPNs. • Developing the patterns missing in the network security diagram shown before.
Thank You • Q&A • Suggestions • Concerns
