NSR LAB-3

VPNs

Abhishek Sabarinath
101213731
Abstract

This report is intended to provide the reader with an introduction to VPNs, their benefits and
advantages as well as how IPSec tunnelling works. The Cisco Packet Tracer was used to
simulate the tunnelling environment.

Introduction to VPNs

Virtual Private Networks, or VPNs are almost synonymous with internet in recent times.
Whenever you are browsing and you are not sure whether someone is eavesdropping on your
connection, it is always recommended to use a VPN. In simple terms a VPN creates an
encrypted tunnel and encapsulates data that is transmitted to ensure privacy. This tunnelling
ensures that hackers, ISPs cannot see the information when using a VPN (Express VPN).

There are a variety of VPNs, from browser extensions to system wide ones that hides the
actual IP address, Remote Access VPNs, site to site etc., however all of them provide
considerable benefits some of which are:

i) Enhanced Security – Since the data is encrypted, the information cannot be spied
on by third party intruders.

ii) Unblocking censored content – in countries where certain applications or features

iii) Protect against price discrimination – online stores and airplane companies tend to
increase the prices of tickets based on user location. (Base k 2020)

iv) Reliability – Combining VPNs with other redundancy features provides a more
robust solution (Sirisukha 2020)
 v) Cost Savings – Integrated VPN platforms can provide a one stop shop by reducing
space and cable requirements (Sirisukha 2020).

The above benefits are not only useful for a single user, but it is also really helpful to have a
VPN in an organization. For a company a security policy is extremely important since it
ensures that sensitive information can only be accessed by authorized users and also
considers the CIA [Confidentiality, Integrity, Availability] (Orion Cassetto 2019) which
makes it all the more necessary to have a secure and encrypted connection. As organizations
become increasingly dependent on the internet for daily business operations, this has also
bought the risk of break-ins, network attacks and other related issues. Since a VPN has all the
characteristics of a private network, all the traffic that belongs only to that specific network,
providing isolation, and using a secure VPN also means that an attacker cannot alter content
that is transmitted increasing the peace of mind for an organization. Even more, an IP based
VPN overcomes security vulnerabilities related to public networks as well by applying
techniques like encryption, user authentication etc. (Britney Banks 2017). Other types of
VPNs, like Interconnect VPN services help interconnect LANs which provides replacement
for dedicated links. (Weber et al 2001). Overall, we can see how having a VPN is not only
useful for organizations but also a strong candidate to include in security policies.

Figure 1 – Basic VPN working

So far we have seen how a basic VPN works (tunnelling) and the advantages of it, now let us
look at IP Security or IPSec for short. IPSec is a protocol that is designed to provide data
confidentiality, integrity and authenticity (CIA) (Anon 2020). The Authentication Header and
Encapsulating Security Payload protocols can be used to protect either the entire IP payload
or the upper layer protocols of IP (Yurcik 2020). In the packet tracer, 2 routers have a tunnel
and they have been configured to use IPSec. The following steps were taken to configure
both:

STEP 1) Run the packet tracer and type in the command ‘sh running-config’ on Router 0
to view the commands used to configure IPSec.

STEP 2) The crypto isakmp policy 99 is run to create the first phase which creates a
tunnel and the second phase creates another tunnel to protect ISAKMP negotiation
messages using encryption algorithms (firewall.cx)

STEP 3) In the lab files AES is used for encryption and group 5 is the Diffie-Hellman
group for authentication. (firewall.cx)

STEP 4) A pre-defined shared key is used for authenticatioin with the command crypto
isakamp key cisco address 192.168.0.1 and crypto isakamp key cisco address 192.168.0.2

STEP 5) A transform set is needed to protect the data, which is done using the command
cryto ipsec transform-set vpntransform ah-sha-hmac

STEP 6) A crypto map is needed to define and connect ISAKMP and IPSec, which is
done with crypto map vpnmap 999 ipsec-isakmp, set peer 192.168.0.2. set peer 192.168.0.1,
set transform-set vpntransform, match address vpnacl after which it is applied to the outgoing
interface of the router with interface Serial0/0/0, ip address 192.168.0.2 255.255.255.252,
cryto map vpnmap
 STEP 7) The next few commands are shown below:

FIGURE 2: Access list that defines traffic that can pass through VPN tunnel

STEP 8) The last step is to verify the tunnel which can be done with sh crypto isakmp sa
which gives the following result:

FIGURE 3 AND 4: Active ISAKMP ON ROUTER 1 and ROUTER 0

From the above steps we can see that IPSec provides encryption and tunnelling to allow
secure data transmission. It provides authentication via the pre shared key during encryption
and confidentiality by creating an ESP tunnel which prevents access by unknown parties.
Since the encryption used is AES 128, it can take a long time to crack the key, up-to a billion
billion years (Arora 2020). Thus, we can say that IPSec on the whole is very secure and
useful in configuring VPNs.

CONCLUSION
By reading through the above pages, we can see how a virtual private network or VPN
secures connection between devices by creating tunnels and using protocols like IPSec
ensuring that the CIA triad is maintained throughout the session. We also saw how IPSec
itself can be implemented in either the Authentication Header style or Encapsulating Security
Payload style to protect the data. The configuring of IPSec in a virtual environment like
Packet Tracer is also mentioned. Above all, the main takeaway should be that VPN is a useful
tool for both organizations and individual users who both can enjoy the benefits of a secure
connection, along with enhanced privacy.

REFERENCES

base, K 2020, The Advantages and Disadvantages of VPN Services | SmartyDNS, viewed 7 May,
2020, <https://www.smartydns.com/knowledge-base/vpn-benefits-and-disadvantages/>.

Home, E, VPN, W, difference?, B, better?, A, VPN?, W, legal?, A, to?, C & internet?, W 2020, What Is
VPN? | ExpressVPN, viewed 7 May, 2020, <https://www.expressvpn.com/what-is-vpn>.

Sirisukha, S 2020, The Advantages Of A Virtual Private Network For Computer Security, viewed 7
May, 2020, <https://www.citrenz.ac.nz/conferences/2003/papers/397.pdf>.

Anon 2020, The Advantages Of A Virtual Private Network For Computer Security - PDF Free
Download, viewed 8 May, 2020, <http://docplayer.net/20242491-The-advantages-of-a-virtual-private-
network-for-computer-security.html>.

Anon 2020, viewed 8 May, 2020, <https://www.wpbeginner.com/showcase/best-vpn-services/>.

Yurcik, W 2020, A planning framework far implementing virtual private networks, viewed 10 May,
2020,
<https://www.researchgate.net/publication/3426486_A_planning_framework_far_implementing_virtual
_private_networks>.

Arora, M 2020, How secure is AES against brute force attacks?, viewed 14 May, 2020,
<https://www.eetimes.com/how-secure-is-aes-against-brute-force-attacks/>.