Archive

Archive for the ‘SSL VPN’ Category

OpenSSL: Introduction

April 9, 2009 Leave a comment

OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

Versions are available for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the four open source BSD operating systems), OpenVMS and Microsoft Windows.

FIPS 140-2 Complience:

OpenSSL is one of the few open source programs to be validated under the FIPS 140-2 computer security standard by the National Institute of Standards and Technology‘s Cryptographic Module Validation Program.
[Note: FIPS stands for Federal Information Processing Standard]

Present Version:

openssl-1.0.0-beta1 [ Works under FIPS mode as weel as NON-FIPS Mode (Beta Version) ]

openssl-0.9.8k [Works under FIPS mode as well as NON-FIPS mode (Stable Version)]

openssl-fips-1.2 [ Works Under FIPS Mode ]

The other version of the setup files, documentations and other informations can be obtained from http://www.openssl.org/

Advertisements

SSL VPN: Architechture of VPN


On my last 2 posts, I had explained the ‘SSL‘ and the ‘VPN‘. What are they, and what is our purpose of using them. Now, we’ll see VPN Architecture. With a simple diagram, I shall try to make you understand.

VPN architectureLet us take our previous example of John. Here, in the figure, the VPN device has 2 Ethernet ports: a Public Port & a Private Port. The Public Port is directly connected to the Internet via firewall and routers. The Private Port is connected to the 30 computers in the XYZ Pvt. Ltd. Now, as we can see, John wishes to connect to VPN; he, using the Internet, can connect to the VPN.

Now, one more thing, we can see, in the figure, over the ‘Internet‘, there is something called “SSL Tunnel Thru Internet“. Remember SSL? This is that tunnel. It is encrypted through several algorithms, which depends on the manufacturer of the device. Some manufacturers uses AES-128 some uses RC4 algorithm.

One more thing, the VPN device looks alike just a normal ’24-port switch‘. It contains more than 1 Ethernet port. It contains all normal hardware components of a CPU: like a Motherboard, a Processor, RAMs, a Hard Disk Drive etc. They also contain some Operating Systems. Generally Linux OS is provided with the devices. The reason is open source, free and its robustness. More over Linux is such a dynamic OS, that, the administrator can perform any type of job there.

So, in a nutshell, this was a brief architecture of VPN devices. If you guys face any problem, just post them in comments or contact us. We shall try to help you.

Thank you.

SSL VPN: Part2(Secured Socket Layer)


Now, we come to SSL.
SSL is a type of protocol; like other protocols: TCP protocol or UDP protocol etc. SSL stands for Secured Socket Layer.

So, what is this secured socket layer?
It is an internet protocol for secure, end to end exchange of information between a browser and a web server. It is sandwiched between the TCP/IP and the application layer. It was developed by Netscape Corporation in 1994. It is supported by all major browsers in the WWW. Conceptually, SSL is visualized as an additional layer in the TCP/IP protocol suite. It provides security in two ways, in terms of confidentiality and authenticity at an application level. TCP/IP provides reliable packet transfer but SSL provides secure packet transfer. The SSL is preceded by the TCP/IP and the data link layer, which means that applications that use SSL will automatically avail the services of TCP/IP and DLL. Since SSL resides above the TCP/IP layer, so it can ensure secure communication between numerous application level protocols on the internet.
However, SSL only secures web sessions and not the e-mail or file transfer sessions. This is one of the reasons why confidential information like credit card numbers is not exchanged via e-mail. In case of SSL, since the packet data is encrypted, so it can be viewed by the viewer while transit, but can not be deciphered. The SSL ensures secure data transfer, but it is not responsible for security of data residing in the web client or server. Thus only the application layer data is encrypted by SSL. Logically, SSL acts as a pipe between the web browser and a server.
OK. Everything fine. So, what it the connection of ‘SSL’ with ‘VPN’?
It is very easy and the answer is in the last paragraph. SSL only secures web sessions and not the e-mail or file transfer sessions. So, as we need to secure our communication, we have to use SSL.

Now, consider the example of John. He wants to connect to the NPN in his office. Here is the step by step connectivity of SSL-VPN:

1.     John opens a web-browser and enters the URL (Uniform Resource Locator).
2.    Then a login screen comes from the VPN where, John has to put his credentials (username & password).
3.    After that, the VPN will try to authenticate John as a registered user. If, successful, the user console will be opened else an error message will be showed.
4.    After successful authentication, in the user console, John will do his job. For example, file sharing service (FTP Service) with his own computer.
5.    Then John will log out from the user console. All these steps 1 to 5, the data will be sent and received in an encrypted form (thanks to SSL!).

So, today, I end here… too much of ‘Gyan’ were given…

On Next Post: Architecture details of VPN

SSL VPN: Part 1


Hello Friends!
This time I am here with SSL VPN. That means, here I will share with you the basic concepts of “SSL VPN: What is it and What it does?”
First of all, we need to know, what is VPN?
VPN is Virtual Private Network.
Again what is “Private Network”, and how is it “Virtual”?
A “network” is defined as the interconnection between computer systems, terminals or data communication facilities.
For example, this Internet, via which, right now, you are reading this article, is a network.
Now, what is “Private Network”?
This word “private” means something that is not licensed to access all users but some authorized users. Now, this “something” may be anything: some documents or some services or some tools – any thing. Large corporate houses, uses their own private network.

Let us clear this with a small example. Consider a corporate house XYZ Pvt. Ltd. They have an IP, say, ‘205.124.12.89’. Now, in their office, they have 30 computers. Now, they want to put them in a LAN (Local Area Network). So, what will they do? They will use some ‘class – C’ based address-based IP network ‘192.168.10.0’ and at their gateway, using a NAT (Network Address Translation). So, they will have 30 computers with an arrangement like this:
Computer 1: IP => 192.168.10.2
Computer 2: IP => 192.168.10.3 …. Etc.
So, now, this network will be called a private network that belongs to XYZ Pvt. Ltd. And unless licensed, none from outside can access this network.

Now, we will look why “Virtual”?
As we all know, the word “virtual” refers to some “state” that is not real, but is possible.
So, Virtual Private Network is a kind of network, which seems to be private but virtually. Here, an authorized remote user can access some resources of the private corporate network on a service provider’s shared network infrastructure, as if he is present in the private network.

Let’s take our previous example of XYZ Pvt. Ltd. Now, think of the situation. An employee, John, of the XYZ Pvt. Ltd., is in a holiday. Suddenly, he receives a phone, that, from his computer, he has to find some important presentation and mail the same to his boss who is also in other country, far from office. Now? If, john wants to do so, he has to use a secured channel over internet, via which he can access his computer that is situated in his office. This “secured channel over internet” is generally called the VPN.