Securing Back Office Business Processes with OpenVPN
4 likes•930 views
The document discusses the implementation of Virtual Private Networks (VPNs), highlighting OpenVPN as a superior option due to its security features and flexibility compared to Microsoft PPTP. It explains the basic architecture of VPNs, their historical use in supporting telecommuters, and lists various VPN protocols. The author emphasizes the vulnerabilities of PPTP and advocates for the adoption of OpenVPN for enhanced data encryption and control.
Securing Back Office Business Processes with OpenVPN
- 1. Securing Back-Office Business Processes with OpenVPN Alfred Green – Principal http://bkaeg.org/blog
- 2. About Me http://bkaeg.org/blog https://identi.ca/sunzofman1 http://linkedin.com/in/bkaeg https://twitter.com/sunzofman1 Alfred Green - Principal
- 3. A Bit More ● 15yrs experience with Free and Open Source Software (FOSS) ● Using Slackware Linux Distro for Primary Desktop Since '96 ● Easily Integrates Free Software with MSFT solutions ● Staunch Supporter of Autodidacticism ● Fascinated with Computer Networking and Data Encryption Alfred Green - Principal
- 4. He's Back..
- 5. What is a Virtual Private Network (VPN)? A Virtual Private Network is a means to securely share data across public Internet by hiding data traffic in a tunnel Example VPN Protocols: IPSEC, PPTP, L2TP, and SSL Commercial and Open Products: Cisco,Hamachi, HotSpotVPN, OpenVPN, FreeS/WAN and OpenS/WAN Alfred Green - Principal
- 6. Basic VPN Example Alfred Green - Principal
- 7. Where has Virtual Private Networking traditionally been used? Businesses which seek to support telecommuters Encapsulating data packets of well understood protocols (ie, SIP, SSL, HTTP(S), CIFS) Alfred Green - Principal
- 8. Virtual Private Networking is Not.. Microsoft Remote Desktop Protocol (RDP) over TCP 3389 Virtual Network Computing (VNC) While SSH is powerful, not very elegant for scalable VPN Alfred Green - Principal
- 9. Basic Architecture ● Network Address Translation (NAT) ● Firewall ● Packet Encryption Alfred Green - Principal
- 10. Factoid ● Roughly 75% of SMB owners run some variant of MSFT Small Business Server Edition, Out of the Box They are Equipped to Run the MSFT VPN (PPTP) Alfred Green - Principal
- 11. All VPN Solutions are not Created Equal.. The ubiquitous Microsoft PPTP is perhaps the worst possible VPN solution ● MS-CHAPv1 and MS-CHAPv2 both have vulnerabilities which make PPTP poor VPN ● Security Expert Bruce Schneier's Paper ● Cryptanalysis of Microsoft's PPTP Authentication Extensions ● PPTP was written initially to support the very old PPP protocol for dial-up connections Alfred Green - Principal
- 12. The Case for OpenVPN? ● Software Libre (Free as in Free Speech) ● Private Key Infrastructure (PKI) ● OpenSSL/TLS ● Supports Multiple Encryption Algorithms ● UDP instead of TCP ● Pseudo Two-Factor Authentication ● Several Available Software Clients (Linux, Windows, OSX, and BSD) Alfred Green - Principal
- 13. Private Key Infrastructure (PKI) ● Strength of OpenVPN ● Control Large Group of Clients ● No Central Signing Authority Required ● Error Logs are Your Friend Alfred Green - Principal
- 14. Pseudo Two-Factor Authentication ● Known Passphrase of Private Key Cipher ● OpenSSL Cryptographic Certificates Alfred Green - Principal
- 16. Glossary of Acronyms CIFS – Common Internet File System IPSEC – Internet Protocol Security L2TP – Layer 2 Tunneling Protocol PPTP – Point-to-Point Tunneling Protocol SSH – Secure Shell Alfred Green - Principal