Global ETD Search

61	Study of mechanisms ensuring service continuity for IKEv2 and IPsec protocols / Étude de mécanismes assurant la continuité de service de protocoles IKEv2 et IPsec Palomares Velasquez, Daniel 14 November 2013 (has links) En 2012, le trafic mobile mondial représentait 70% de plus qu'en 2011. L'arrivée de la technologie 4G a multiplié par 19 le volume de trafic non 4G, et en 2013 le nombre de mobiles connectés à l'Internet a dépassé le nombre d'êtres humains sur la planète. Les fournisseurs d'accès Internet (FAI) subissent une forte pression, car ils ont pour obligations d'assurer à leurs clients l'accès au réseau et le maintien de la qualité de service. À court/moyen terme, les opérateurs doivent délester une partie de leur trafic sur des réseaux d'accès alternatifs afin de maintenir les mêmes caractéristiques de performances. Ainsi, pour désengorger les réseaux d'accès radio (RAN), le trafic des clients peut être préférentiellement pris en charge par d'autres réseaux d'accès disponibles. Notons cependant que les réseaux d'accès sans fil offrent des niveaux de sécurité très différents. Pour les femtocells, WiFi ou WiMAX (parmi d'autres technologies sans fil), il doit être prévu des mécanismes permettant de sécuriser les communications. Les opérateurs peuvent s'appuyer sur des protocoles (tels que IPsec) afin d'étendre un domaine de sécurité sur des réseaux non sécurisés. Cela introduit de nouveaux défis en termes de performances et de connectivité pour IPsec. Cette thèse se concentre sur l'étude des mécanismes permettant de garantir et améliorer les performances du protocole IPsec en termes de continuité de service. La continuité de service, aussi connu comme résilience, devient cruciale lorsque le trafic mobile est dévié depuis un réseau d'accès RAN vers d'autres réseaux d'accès alternatifs. C'est pourquoi nous nous concentrons d'abord dans l'ensemble de protocoles assurant une communication IP: IKEv2 et IPsec. Ensuite, nous présentons une étude détaillée des paramètres nécessaires pour maintenir une session VPN, et nous démontrons qu'il est possible de gérer dynamiquement une session VPN entre différentes passerelles de sécurité. L'une des raisons qui justifient la gestion des sessions VPN est d'offrir de la haute disponibilité, le partage de charge ou l'équilibrage de charge pour les connexions IPsec. Ces mécanismes ont pour finalité d'augmenter la continuité de service de sessions IPsec. Certains nouveaux mécanismes ont été récemment mis en oeuvre pour assurer la haute disponibilité sur IPsec. Le projet open source VPN, StrongSwan, a mis en place un mécanisme appelé ClusterIP afin de créer un cluster de passerelles IPsec. Nous avons fusionné cette solution basée sur ClusterIP avec nos propres développements afin de définir deux architectures : une architecture permettant la Haute Disponibilité et une deuxième architecture présentant la gestion dynamique d'un contexte IPsec. Nous avons défini deux environnements : le Mono-LAN où un cluster de noeuds est configuré sous une même adresse IP unique, et le Multi-LAN où chaque passerelle de sécurité dispose d'une adresse IP différente. Les mesures de performance tout au long de la thèse montrent que le transfert d'une session VPN entre différentes passerelles évite les délais supplémentaires liés à la ré-authentification et réduit la consommation CPU, ainsi que les calculs par le matériel cryptographique. D'un point de vue FAI, le transfert de contexte IPsec/IKEv2 pourrait être utilisé pour éviter la surcharge des passerelles, et permettre la redistribution de la charge, de meilleures performances du réseau ainsi que l'amélioration de la qualité de service. L'idée est de permettre à un utilisateur de profiter de la continuité d'un service tout en conservant le même niveau de sécurité que celui initialement proposé / During 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed IPsec IKEv2 Résilience Transfert de contexte Haute disponibilité Gestion des VPN Réseau privé virtuel IPsec IKEv2 Resilience Context transfer High availability VPN management Virtual private network
62	A Framework for the Performance Analysis and Tuning of Virtual Private Networks Perez, Fridrich Shane 01 June 2018 (has links) With the rising trend of personal devices like laptops and smartphones being used in businesses and significant enterprises, the concern for preserving security arises. In addition to preserving security measures in outside devices, the network speed and performance capable by these devices need to be balanced with the security aspect to avoid slowing down virtual private network (VPN) activity. Performance tests have been done in the past to evaluate available software, hardware, and network security protocol options that will best benefit an entity according to its specific needs. With a variety of comparable frameworks available currently, it is a matter of pick and choose. This study is dedicated to developing a unique process-testing framework for personal devices by comparing the default security encryptions of different VPN architectures to the Federal Information Processing Standards (FIPS) set of complying encryptions. VPN architectures include a vendor-supplied VPN, Palo Alto Networks, open-sourced OpenVPN application, and a Windows PPTP server to test security protocols and measure network speed through different operating platforms. The results achieved in this research reveal the differences between the default security configurations and the encryption settings enforced by FIPS, shown through the collected averaged bandwidth between multiple network tests under those settings. The results have been given additional analysis and confidence through t-tests and standard deviation. The configurations, including difficulty in establishing, between different VPNs also contribute to discovering OpenVPN under FIPS settings to be favorable over a Palo Alto firewall using FIPS-CC mode due to higher bandwidth rate despite following the same encryption standards. VPN FIPS security protocol encryption network security bandwidth performance framework Science and Technology Studies
63	Protecting management information systems: Virtual Private Network competitive advantage Sirisukha, Sid Unknown Date (has links) Information security technologists and business scholars are motivated by a desire to understand how and to what extent the application of IT within enterprise systems leads to improved and secured organizational performance. An effective relationship between business and IT professionals is a primary determinant of success in gaining business advantage through the enterprise system. As business innovation has relied increasingly on partnerships between business and IT professional, a different perspective of how IT professionals view their organizational contributions was needed for organizations to remain competitive. Business knowledge is essential if IT professionals are to create linkages with other organizational units and have a wider perspective about business objectives, thus achieving fit between IT and organizational strategies. Organizations have started responding to this challenge by demanding more business acumen in their IT staff. The focus of this study is on the knowledge that is beyond that of independent business and IT only domain knowledge of information security. Therefore, technical areas of knowledge, such as hardware and software, all of which are closely associated with IT skills, are not discussed in this thesis. This is not to declare that such knowledge is not important. Clearly technical knowledge is part of the IT professional's overall information security technology expertise, but this study is about the organization proficiency of business and the IT professional, and is therefore interested in what enables business and IT professionals to apply their business domain and technical knowledge in ways that are beneficial to the organization and to act cooperatively with their customers and business partners. The purpose of this study is to employ the triangulation method to identify the theoretical links and empirically examine the association between business and IT perspective of information security. An important contribution of this study is the identification of business and IT perspectives on information security technology. By establishing the link between business and IT, the study focuses and evaluates Virtual Private Network (VPN) as an information security technology to find out if VPN can secure and gain competitive advantage by partisan business process and organization performance. This study articulates distinctive characteristics of Virtual Private Network and management processes that extend the range of applicability across diverse business segments. It distinguishes between business and IT and explains why the exploitation of a complementary set of related information security entities (such as VPN) across multiple functions create competitive vi advantages even across a diverse set of businesses that have limited opportunity to exploit business process and organization performance. The most important direct predictor of this study is a high level of communication between business and IT. However, one cannot mandate meaningful communication between individuals. IT people have to earn the right to play a meaningful role in management forums. Based on the findings from this study, one important way for an IT person to be heard is for him/her to devote the time necessary to create competitive advantage and develop shared domain knowledge, the most influential construct in the research model. An IT person needs to understand the leverage points of the industry, the history and current issues of the business units, and to learn to apply business oriented objectives in the application of technology to business problems. This change in view would help focus their attention on security technology and ideas that could produce the most benefit and create competitive advantage, rather than those that offer the most technical promise. Virtual Private Network VPN Competitive advantages Management information system Empirical methods Descriptive methods Interpretive methods
64	LAN-refresh och WAN-migrering / LAN-refresh and WAN-migrering Thor, Kim, Allared, Sofie January 2010 (has links) <p>This work has been carried out at a company in the region which has about 30000 employeeswith about 400 sites all over the world. The company outsources their network including theLAN refresh and the WAN migration. They needed help with an upgrade of their LAN at theirScandinavian headquarters and to find a new solution for their WAN. The reason why the upgradeof the LAN was needed was that the equipment was too old and did not pass the securityrequirements. They also required a solution to segment their LAN, which consisted of a singlelarge VLAN with 1,300 employees. their WAN solution was made up of tunnels between all officesand the headquarter were used as the central point. They wanted to get away from beingdependent on a central point while redundancy was not always working as it should.The solution to the WAN problem was to use the ISPs backbone based on MPLS. There are two mainsolutions, layer 2 (Ethernet) VPN or layer 3 (IP) VPN. In the case of IP VPN, there are a couple of differentconnectivity options such as a static route, or use a routing protocol (eg OSPF or BGP). The final solutionwas IP VPN with OSPF as routing protocol to the ISP. With regard to the configuration of the OSPF solutionwas that every office became an own OSPF domain, configured with area 0. The report also includesthe implementation of the WAN migration with its problems.The upgrade of the LAN was a lot of planning, documentation and security. The solution for the segmentationwas to create a VLAN per floor. Because of the new software they can have the required securityfeatures.</p> WAN MPLS VPN VPLS BGP OSPF Superbackbone LAN refresh Computer science Datalogi
65	VPN : Virtual Private Network i Windows 2000 Norin, Anders, Ohlsson, Henrik January 2002 (has links) No description available. VPN, Virtual Private Network Microsoft Windows 2000 RAS PPTP L2TP IPSec L2F
66	VPN : Virtual Private Network i Windows 2000 Norin, Anders, Ohlsson, Henrik January 2002 (has links) No description available. VPN, Virtual Private Network Microsoft Windows 2000 RAS PPTP L2TP IPSec L2F
67	The Design and Implementation of Packet Filter over Link Layer NIC Driver Yu, Pu-Syuan 05 July 2005 (has links) In this age, the internet has becoming more and more popular recently. How to manage and organize the network effectively is a very important issue.Therefore, the technology of VPN was born. Through the VPN, we can manage and organize the local netork which spread everywhere effectively.But the tunneling technology which VPN used has a security problem. If we also change the VPN¡¦s port number, it will have a big dangerous security problem. In this paper, we will analyze some basic technology of VPN, and introduce how to modify the VPN. Let VPN have ability to pass through the firewall. This problem will make the people who managed whole network or firewall hard to control and manage it. Another, this paper will bring up the solution which can solve the security problem effectively. The key of network security problem is to use another protocol¡¦s port number. The solution in this paper will through solve this problem, so hacks can¡¦t modify the TCP port number such as HTTP Port 80 at will. Our solution is to implement a packet filter which is based on ethernet device driver.We use the RFC document which are defined by IETF to make the packet check rule. This packet filter can reject the illegal packet and make sure the network is safe. Linux PPTP VPN Packet filter Firewall Tunneling FreeBSD Ethernet device driver
68	Utredning av VPLS i stadsnät / Investigation of VPLS in a Metropolitan Area Network Pettersson, Kristoffer, Sales, Robert January 2007 (has links) <p>Jönköping Energi AB (JEAB) is a local energy supplier for the county of Jönköping. JEAB also maintain the local Metropolitan Area Network (MAN). They have recently installed GPON in a portion of their network and have connected it to the MAN via an Extreme switch.</p><p>However JEAB would prefer to use Cisco equipment instead of Extreme since the MAN comprises of Cisco hardware. They require a solution to connect GPON to the MAN with a recently purchased line card (Cisco 7600 ES20) which can be installed in a Cisco 6500 Catalyst switch. There is also a possible solution with an Alcatel-Lucent 7450 ESS-1 switch. The proposed solution is to use Virtual Private LAN Service (VPLS), though the exact implementation required is unknown. Additionally JEAB have asked for research into GPON and VPLS in order to improve their understanding of both techniques. This would be of benefit to them both now and in the future.</p><p>In order to achieve the stated objectives the following questions are raised:</p><p>• How does GPON work?</p><p>• How does VPLS work?</p><p>• How can GPON be connected to the MAN via Cisco Systems 6500 Catalyst switch/7600 Router?</p><p>• How can GPON be connected to the MAN via Alcatel-Lucents 7450 ESS-1?</p><p>The research into GPON and VPLS provides the required background knowledge in order to investigate how GPON can be connected to the MAN. The main body of the work is to analyse the requirements of the company and build a configuration which satisfies them. The desired implementation via Cisco Systems solution was deemed unsuitable due to a feature of DHCP option 82 which did not function as required. The focus then turned to Alcatel-Lucents solution.</p><p>The resulting solution uses a part of VPLS via Alcatel-Lucents 7450 ESS-1. All the key elements are included, including hiding customer VLANs from the ISP and per-service QoS bandwidth management.</p><p>The conclusion is that whilst using Alcatel-Lucents solution means a deviation from the all-Cisco implementation that had been planned; the benefit of including all the desired functionality outweighs the mixing of manufacturers.</p><p>The techniques of GPON and VPLS are extremely versatile and can be used in a variety of networks. Therefore there is scope for further research into how these two techniques can be used together in other types of MAN.</p> Datanätverk GPON MAN Quality-of-Service (QoS) VPLS VPN Computer science Datavetenskap
69	VPN/IPSec Schreiber, Alexander, Sieber, Holm 22 August 2002 (has links) (PDF) Gesicherte Kommunikation ueber offene und ungesicherte Netze, sichere Einbindung mobiler Clients in eigene Netze, end-to-end Verschluesselung im IP-Datenverkehr. Linux Windows FreeS/WAN VPN ddc:004 Windows 2000 IPSec Sicherheit
70	Protecting management information systems: Virtual Private Network competitive advantage Sirisukha, Sid Unknown Date (has links) Information security technologists and business scholars are motivated by a desire to understand how and to what extent the application of IT within enterprise systems leads to improved and secured organizational performance. An effective relationship between business and IT professionals is a primary determinant of success in gaining business advantage through the enterprise system. As business innovation has relied increasingly on partnerships between business and IT professional, a different perspective of how IT professionals view their organizational contributions was needed for organizations to remain competitive. Business knowledge is essential if IT professionals are to create linkages with other organizational units and have a wider perspective about business objectives, thus achieving fit between IT and organizational strategies. Organizations have started responding to this challenge by demanding more business acumen in their IT staff. The focus of this study is on the knowledge that is beyond that of independent business and IT only domain knowledge of information security. Therefore, technical areas of knowledge, such as hardware and software, all of which are closely associated with IT skills, are not discussed in this thesis. This is not to declare that such knowledge is not important. Clearly technical knowledge is part of the IT professional's overall information security technology expertise, but this study is about the organization proficiency of business and the IT professional, and is therefore interested in what enables business and IT professionals to apply their business domain and technical knowledge in ways that are beneficial to the organization and to act cooperatively with their customers and business partners. The purpose of this study is to employ the triangulation method to identify the theoretical links and empirically examine the association between business and IT perspective of information security. An important contribution of this study is the identification of business and IT perspectives on information security technology. By establishing the link between business and IT, the study focuses and evaluates Virtual Private Network (VPN) as an information security technology to find out if VPN can secure and gain competitive advantage by partisan business process and organization performance. This study articulates distinctive characteristics of Virtual Private Network and management processes that extend the range of applicability across diverse business segments. It distinguishes between business and IT and explains why the exploitation of a complementary set of related information security entities (such as VPN) across multiple functions create competitive vi advantages even across a diverse set of businesses that have limited opportunity to exploit business process and organization performance. The most important direct predictor of this study is a high level of communication between business and IT. However, one cannot mandate meaningful communication between individuals. IT people have to earn the right to play a meaningful role in management forums. Based on the findings from this study, one important way for an IT person to be heard is for him/her to devote the time necessary to create competitive advantage and develop shared domain knowledge, the most influential construct in the research model. An IT person needs to understand the leverage points of the industry, the history and current issues of the business units, and to learn to apply business oriented objectives in the application of technology to business problems. This change in view would help focus their attention on security technology and ideas that could produce the most benefit and create competitive advantage, rather than those that offer the most technical promise. Virtual Private Network VPN Competitive advantages Management information system Empirical methods Descriptive methods Interpretive methods

Search results