3 - 1
Encryption and Exploits - SANS
©2001
1
Introduction to VPNs,
PKI, and PGP
Security Essentials
The SANS Institute
Hello, in this module we continue our discussion of encryption and we look at some practical
applications of it. We start off by looking at VPN’s or virtual private networks and see how you can
use them to create secure communications using public networks such as the Internet. We than
briefly look at the problem of key management and finish our discussion with a look at PGP or Pretty
Good Privacy, which is an application that allows you to encrypt files and send encrypted email.
3 - 2
VPNs, PKI, and PGP - SANS
©2001
2
Foundations of a VPN
• VPNs use cryptography to
communicate
securely in the presence of adversaries
–Encryption: Scramble data into something
difficult to read without a key.
–Decryption
: the opposite process of
encrypting.
– Authentication
: How are you sure you’re
talking to the right person?
To architect and deploy a VPN, we need to understand how to apply these three tools. These
concepts are easy to grasp at the conceptual level, but the devil is in the details as they say. Crypto

has evolved from an abstract playground for mathematicians to something with widespread public
awareness (those little solid, gold keys in the browser have people asking the darndest questions).
Likewise, authentication is a discipline in its own right. We’ll be discussing authentication systems
and client-side web certificates.
3 - 3
VPNs, PKI, and PGP - SANS
©2001
3
What is a VPN?
• Dedicated leased lines are expensive
• Most locations have low-cost
connectivity to the Internet
• Why not use the Internet as the
communication media and use
encryption for security
• So, a VPN is a secure communication
path that utilizes public networks
In its most basic sense, VPN’s, or virtual private networks, are a secure communication path that
utilizes public networks. Having dedicated leased lines between locations provides for secure
communications but can get very expensive. With most leased lines, you pay by the distance. So the
greater the distance between two locations, the more expensive the line. But most sites have fairly
inexpensive connections to the Internet, so why not use those connections in order to communicate?
The main problem is security. Public networks, such as the Internet, have no security built-in.
However, if we encrypt the data that is sent over the lines, we now have the security we need with
the costs that we like, thus a VPN.
3 - 4
VPNs, PKI, and PGP - SANS
©2001
4
Why Use a VPN?

• Flexibility
– A VPN “tunnel” over the Internet can be set up
rapidly. A frame circuit can take weeks.
– A good VPN will also support Quality of Service
(QOS).
•Cost
– There are documented cases of a VPN paying for
itself in weeks or months.
– There are also cases where the hidden costs sunk
the project!
One of the biggest benefits of VPN technology is their flexibility. Need a secure channel between
two hosts for only a day? Maybe just for an hour every business day? A VPN may fit the bill. Once
you have the components, setting up a VPN is a software change. This makes the technology far
more flexible than legacy frame and dedicated circuits which must be wired and possibly require
additional hardware. This flexibility lends itself to creating new business solutions. For example its
not cost-effective to wire a T1 for every employee who works from home. Its very practical however
to load up software on their laptop and let them connect to the home office via a VPN over the
Internet.
In looking for VPNs, ask about quality of service (QOS). Leased and dial-up lines offer both
bandwidth and latency guarantees, while dedicated connection technologies, like ATM and Frame
Relay, have extensive mechanisms for similar guarantees. As IP-based VPNs become more widely
deployed, there will be market demand for similar guarantees, in order to ensure end-to-end
application transparency.
Cost is another potential benefit. With a frame or dedicated circuit, you typically pay a flat monthly
fee so even if the circuit goes unused, its costing you money. Also, crossing state and government
boundaries with a dedicated circuit only increases their cost. With a VPN, you pay for a local
connection to the Internet with no “distance” charges.
Given these benefits, its not surprising that Taylor and Hecht report that VPN technology is expected
to expand 300-1000% by 2003 (Taylor and Hecht).
3 - 5

VPNs, PKI, and PGP - SANS
©2001
5
What VPN systems are
Made of
• Routers, Firewalls
• Servers, clients
• Public Key
Infrastructure
• X.509 Digital
Certificates
•LDAP Server
• Key Management
Schemes
• Load balance, QOS,
failover, redundancy
•Encryption
The fundamental components of VPN’s can usually be built on existing equipment. Most routers and
firewalls have capabilities for providing VPN capabilities, or dedicated boxes can also be purchased.
The thing to remember is in order to properly create a VPN, it requires several other components
such as a PKI or public key infrastructure, X.509 certificates, key management schemes, etc. One of
the biggest problems that companies face is they try to setup a VPN without proper planning. VPN’s
can be straightforward to configure and setup but only if you do your homework and plan properly.
3 - 6
VPNs, PKI, and PGP - SANS
©2001
6
Security Issue
• If you are encrypting tunneled data
coming into your network, you lose

a number of checks and balances.
– What ELSE is connected to the VPN
client that is connected to YOU?
192.68.0.10
Public IP
Network
Security
Gateway A
Security
Gateway B
IP address = 192.67.1.1
IP address = 10.0.1.1
192.68.0.0
10.0.0.0
10.0.0.10
?
VPN’s are good but remember that they are encrypting the data so that no one else can read it.
Depending on where your VPN device is, one of the devices that might not be able to read the
encrypted data is your firewall. A firewall cannot really do its job if it allows encrypted data
through. Or to put it another way,allows un-trusted data into your network. Since the firewall cannot
read the data, it cannot provide proper filtering.
3 - 7
VPNs, PKI, and PGP - SANS
©2001
7
IPSec Review
• IETF standard enables encrypted
communication between users and devices
– Implemented transparently into the network
infrastructure

– Scales from small to very large networks
• Open standard enables multivendor
interoperability
• Most VPN devices and clients are IPSec
compliant
Now I’m going to spend some time discussing some of the aspects you should understand about
IPSec technology as part of your security solution. IPSec is a Layer 3 method for providing tunnels.
It is an IETF standard, enabling encrypted communication between users and devices as illustrated
here. The goal is enabling a lot of different types of devices to understand one another. One of the
first applications of IPSec is Remote Access VPNs.
IPSec is transparent to the network infrastructure, and is scalable from very small applications to
very large networks.
As an open standard, IPSec is available to everyone, so vendors can ensure interoperability. As of
now, there are different levels of implementation available among the different vendors, but ideally
the same technology needs to be available to everyone to assure future interoperability in
multivendor networks, including the Internet.
At Cisco, IPSec functionality is available in Cisco IOS software releases 11.3T and later. Initially,
Cisco targeted gateway devices for IPSec, including routers and access servers.
3 - 8
VPNs, PKI, and PGP - SANS
©2001
8
IPSec Components
• IPSec (RFC 2401)—framework for security
protocols to provide:
–Data integrity
–Data authentication
–Data confidentiality
–Encryption protocols
• Internet Key Exchange (RFC 2406)—provides:

–Security association management
–Key management
At the IETF, IPSec includes security protocols that provide:
•Data integrity monitoring
•Data, user, and device authentication capabilities
•Data confidentiality, including encryption protocols
There are also Internet Key Exchange (IKE) capabilities that provide security association
management and key management. (The RFC numbers are listed here for you to look up on the
IETF web site if you like.)
3 - 9
VPNs, PKI, and PGP - SANS
©2001
9
IPSec Overview
•Headers
– Authentication Header
• Integrity, Authentication
–Encapsulating Security
Payload
• Confidentiality, Integrity
and Authentication
•Modes
– Transport
• IP Payload Only
– Tunnel
• Entire datagram
•Encryption
– DES, 3DES
• Key Exchange Policy
Management

–IKE
• Negotiates security
parameters
– Diffie-Hellman
• Negotiates digital
certificates
–ISAKMP/Oakley
• Generates shares secret
keys
The following is a breakdown of the different areas of IPSec:
Headers
Authentication Header
Integrity and Authentication
Encapsulating Security Payload
Confidentiality, Integrity, and Authentication
Modes
Transport
IP payload only
Tunnel
Entire datagram
Encryption
DES, 3DES
Key Exchange Policy Management
IKE
Negotiates security parameters
Diffie-Hellman
Negotiates digital certificates
ISAKMP/Oakley
Generates/shares secret keys
3 - 10

VPNs, PKI, and PGP - SANS
©2001
10
AH
Data
Data
Router
IP HDR
IP HDR
Router
Authentication Header
All Data-encrypted
Encapsulated Security Payload
IPSec Overview: Headers
• Two types: Encapsulated Security Payload
(ESP) and Authentication Header (AH)
– Data integrity-no modification of data in transit
– Origin authentication-identifies where data
originated
– AH does not provide confidentiality; industry
moving toward ESP, which does
IPSec takes an IP packet and adds two headers to it.
First, it provides an authentication header, which provides knowledge that a packet originated from a
trusted source. It also guarantees that if a packet is changed, you know it. This is not encryption. It
just ensures that information is not intercepted, nor has its content changed.
The second header is the encapsulated security payload. This does the same thing as the
authentication header and also allows you to encrypt the payload.
3 - 11
VPNs, PKI, and PGP - SANS
©2001

11
IP HDR
IP HDR
Encrypted
IP HDR
IP HDR
DATA
DATA
IPSec HDR
IPSec HDR
DATA
DATA
Tunnel Mode
Transport Mode
IP HDR
IP HDR
DATA
DATA
IPSec HDR
IPSec HDR
IP HDR
IP HDR
New IP HDR
New IP HDR
Encrypted
DATA
DATA
IPSec Modes—Security
Associations
•Two types of SA

• Tunnel mode: applied
to an IP tunnel
–Outer IP header specifies
IPSec processing destination
–Inner IP header specifies
ultimate packet destination
• Transport mode:
between two hosts
–Header after IP header,
before TCP/UDP header
When you are encrypting information, there are two basic modes you can use. The first and most
commonly used is the Tunnel Mode. This is applied to an IP tunnel between gateway devices. It
can also be used on remote clients talking to gateways. In Tunnel Mode, the original packet is
encrypted. Then the IPSec header is added (as we just talked about), along with a second IP header
that corresponds to the gateway you want to talk to. The flow here goes like this: information goes
to the first gateway, which encodes the payload, puts a new header on, and sends it to the second
gateway. The second gateway strips the new header, decrypts the payload, checks the packet for
integrity, and forwards it to the destination.
Transport Mode happens between two hosts. As diagrammed here, the packet header is removed,
the payload is encrypted, an IPSec header is added, the first header is reattached, and the packet is
forwarded.
3 - 12
VPNs, PKI, and PGP - SANS
©2001
12
Encryption: DES and 3DES
• Widely adopted standard
• Encrypts plain text, which becomes
“cyphertext”
•Triple DES

– The 56 bit DES algorithm run 3 times
– 112-bit triple DES includes 2 keys
– 168- bit triple DES includes 3 keys
• Accomplished on VPN client, server,
router, or firewall
IPSec provides a framework for plugging in and using many different encryption algorithms. The
most common are Data Encryption Standard, or DES, and Triple DES. DES is lighter than Triple
DES. Triple DES does multiple passes over the packets. This can be applied at IPSec termination
points on the VPN client, a server, router, or firewall.
DES is a symmetric encryption algorithm. I use a key on the front-end to encrypt the data, and the
same key on the back-end to decipher it to get the original data. IPSec lets you re-key the DES key.
The end points renegotiate the DES key they wish to use. So if you want to, you can make a
different key periodically and stump any hackers.
As a quick disclaimer, there are export limitations on encryption technology depending upon which
technology it is and where you want to send it.
3 - 13
VPNs, PKI, and PGP - SANS
©2001
13
Internet Key Exchange (IKE)
• Authenticates peers
–Pre-shared keys
–Public key
cryptography
–Digital signatures
• Negotiates policy to
protect
communication
•Key exchange
–Diffie-Hellman

IKE
1st
IPSec
Next
Ifyou have two end points, the first thing they need to do is agree upon who they are. The second
thing they do is figure out a series of algorithms for authentication and encryption so they can talk
to each other. After that, they start bulk encryption and start passing data back and forth. This
process is called the IKE, or Internet Key Exchange negotiation.
Once the initial handshake is agreed upon, the endpoints set up a security association that defines
the parameters they will use for bulk data transfer. That’s the next step, the IPSec step.
Part of the initial IKE negotiation commonly uses a Diffie-Hellman algorithm. This is the way the
end points agree on the encryption key they will use for the bulk data transfer.
3 - 14
VPNs, PKI, and PGP - SANS
©2001
14
Credential Ties
a Name
or Identity to a
Public Key
The Authenticity of the
Certificate Is
Guaranteed by the
Digital Signature
Generated Using the
CA’s Private Key
Credential
Expiration
Subject Name:
“Internet, Organization,

Jane Doe”
Expires: 11/30/99
Signed: CA’s Signature
Serial #: 29483756
Public key:
Other Data:
10236283025273
Usage-
Specific
Attributes
Private
Private
Digital Certificate
• Binds the subject’s identity with a public key
–Signed by a “trusted” certifying authority
• Identity proved by ability to sign using associated
private key
Digital certificates are analogous to passports or driver’s licenses. It is a unique certificate for a
given user or device. It contains the kinds of information listed here, including a public key, usage-
specific attributes such as a serial number or unique qualifier, an expiration date, and the subject
name. A “public key” is stored with the certificate.
3 - 15
VPNs, PKI, and PGP - SANS
©2001
15
Other Non-IPSec VPNs
• Layer 2 Forwarding (L2F)
• Layer 2 Tunneling Protocol (L2TP),
combines PPTP and L2F
• PPP Extensible Authentication

Protocol (authentication only, RFC
2284)
• SOCKS protocol
The following are some other non-IPSec VPN solutions:
Layer 2 Forwarding (L2F)
Layer 2 Tunneling Protocol (L2TP), combines PPTP and L2F
PPP Extensible Authentication Protocol (authentication only, see RFC 2284)
SOCKS protocol
3 - 16
VPNs, PKI, and PGP - SANS
©2001
16
VPN Web Resources
–The URLs in your notes pages
provide a number of valuable
resources for researching VPNs
The following are various VPN resources that can provide additional information on VPN’s:
/> (requires USENIX
membership)
/> /> /> /> /> /> /> /> />
/>3 - 17
VPNs, PKI, and PGP - SANS
©2001
17
PKI (In a Nutshell)
• PKI, the glue that binds ecommerce
– SSL is a simple, particle example
• Boils down to resolving trust
– Who is really on *both* ends of the pipe?
• Enables remote access

– VPN connectivity, email, extranets, etc.
With VPN’s, there is a big problem with key management. PKI or public key infrastructure is the
glue that binds all of the pieces of e-commerce together. It all comes down to trust and PKI provides
the inter-trust relationship needed for people to communicate.
3 - 18
VPNs, PKI, and PGP - SANS
©2001
18
What is PKI?
• A management structure for public keys
– Ok, we both have private/public keys. Now
what?
– There is more than meets the eye
• public and private encryption keys
• digital certificates
• certificate authorities
• digital signatures
• key-management protocols
PKI is a management structure for public keys. We have all of these public and private keys but how
do we manage and track them? When it comes to PKI, the following are some of the key concerns:
•public and private encryption keys
•digital certificates
•certificate authorities
•digital signatures
•key-management protocols
3 - 19
VPNs, PKI, and PGP - SANS
©2001
19
PKI Issues

• There are a few problems
– Competing standards, or standards
still in flux
– Certification of certificate authorities
• Important issue but easy to overlook
– Cross certification between “CA’s”
– Do-it-yourself or outsource?
– User education and/or perception
PKI can get very complex very quickly because the following are some of the key problems that need
to be solved:
Competing standards, or standards still in flux
Certification of certificate authorities
Important issue but easy to overlook
Cross certification between “CA’s”
Do-it-yourself or outsource?
User education and/or perception
3 - 20
VPNs, PKI, and PGP - SANS
©2001
20
Things to Know
• Most PKI is based upon X.509
– X.509v3 standard targeted CA interoperability
– Movement is still slow
• Planning and deployment are critical to
success or failure
• Large scale management isn’t
necessarily a walk in the park
To sum up our brief discussion of PKI, most PKI is based upon X.509. X.509v3 standard targeted
CA interoperability, but movement towards a universal standard is slow.

When is comes to PKI, it can be very complicated and may not move too fast. Planning and
deployment are critical to success or failure. Large scale management isn’t necessarily a walk in the
park.
Now, lets take a look at PGP.
3 - 21
VPNs, PKI, and PGP - SANS
©2001
21
PGP
Now that we have a good grasp of encryption, lets look at an application that you can utilize to send
encrypted information: PGP. I hope you will consider getting Pretty Good Privacy (PGP) and
trading keys with people that we may need to communicate with in a secure manner. PGP is easy,
widespread, and free-to-low cost. There is no excuse for not having this tool in your toolbox.
3 - 22
VPNs, PKI, and PGP - SANS
©2001
22
Secure Email -
a Simple Example
• PGP – A pioneer, still going strong
– PGP started out in 1991 as a way to bring privacy
to a very new, very public communication
medium: email.
– PGP at version 2.6.2 became a de-facto standard
for email encryption.
– PGP became part of Network Associates, and
moved to version 6.0.X.
– PGP is now at version 6.5.8 with new features.
Phillip Zimmermann was the person that brought PGP to the world. He wanted to make PGP a free
software tool to keep email private, releasing the software in 1991. The United States government

viewed this as a violation of the export restrictions for cryptographic software, and made his life pretty
tough until the case was dropped in 1996. Though there is now a commercial version of PGP, Phil
Zimmermann continues to make it possible to acquire free versions.
Because it was free and very hard (at the time) to break, it became very effective in hiding data from
anyone. There have been many versions of PGP and many restrictions placed on it, as a result. The
Massachusetts Institute of Technology (MIT) distributes the new PGP and PGPNet version 6.5.8.
Network Associates owns the commercial version of PGP, and in concert with MIT, distributes the
free version as well.
3 - 23
VPNs, PKI, and PGP - SANS
©2001
23
How to Install and Use PGP
• What you will need
– An email system to exchange email
– To get PGP and get more information
on PGP 6.5.x:
• />– To get the latest International version
of PGP 6.5.xi
• />PGP 6.5.x will work with Outlook 97, 98, or 2000 and Outlook Express 4.x/5.x. Also, PGP 6.5.x will
support Qualcomm Eudora; Lotus Notes; Novell GroupWise; and the Claris emailer for Macintosh if
you are not using any of the Microsoft products. On the UNIX side, support is available for exmh and
Mailcrypt, among others.
You can run Windows 2000 to use PGP 6.5.x or PGP 6.5.xi. Windows 2000 is a VPN beast by the
way, and may well become a major player in the secured communications realm. You can now run
the PGP 6.5.x products on Windows 95 and Windows 95a. This used to be a big limitation. The
newest version of PGP also supports the Intel III processor math enhancements as well.
I will be covering the United States version of PGP in this presentation, but you can download the
International version of PGP and still follow along if you are unable to obtain the domestic US and
Canada version. Keep in mind the key sizes will be different on the International version.

3 - 24
VPNs, PKI, and PGP - SANS
©2001
24
Establish a Key (Generate a
Public / Private Key Pair)
• In PGP, you will get a screen like this wizard
to generate a key pair:
The first part of the wizard establishes the information (or label) that will be associated with your key.
You will want to give your correct name, if you are not making a test key, so that your key will be
easy to identify. You will also want to use your correct email address, as it will be bound to your key.
When you change email addresses, you will have to get a new key, as the trust level of your key will
look suspicious coming from a different email address then the one that is bound to your key.
You can always get a permanent email address, which entails obtaining a domain, then either an email
forwarding service, or your own equipment. This way you would never have to change your key
again.
Remember though, you had better not forget your password or passphrase or lose that key - anything
that you have encrypted (files or email) and have not decrypted, will be forever lost if you either lose
the key, or forget the password.
3 - 25
VPNs, PKI, and PGP - SANS
©2001
25
Generating Your Key
• You will be prompted to choose a key type
and size:
You have two choices of key types, Diffie-Hellman/DSS or RSA. Diffe-Hellman/DSS is an older
public key cryptography method with the “DSS” added later. The DSS stands for Digital Signature
Standard, and was added to Diffie-Hellman to prevent man-in-the-middle attacks.
Briefly, what this means, is that someone can intercept your public key and generate their own public

key and impersonate you. A message is passed, you intercept it, decrypt it, read and alter (if
necessary) the message, and re-encrypt it with your imposter key. The person that the message was
originally intended for, gets the message with the assumption that the person they sent it to, was the
originator of the message they just got. The Digital Signature was added to include Station-to-Station
(STS) information into the Diffie-Hellman standard, preventing man-in-the-middle attacks.
RSA is already a Digital Signature-based public key system. There are no advantages between using
one over the other; they are essentially equal in power.
Now, we have a very important issue about key length or key size. The key length that you choose is
really based on how long you want to keep your information secret and how long the data needs to be
hidden.