Table of Contents

Chapter 1: Introduction

Chapter 2: Literature Review

Chapter 3: Research methodology

Chapter 4: Result and Discussion

Chapter 5: Conclusion

References 

Chapter 1: Introduction

Background

The Internet has become a popular low-cost backbone infrastructure. Because of its universal availability, many companies are under pressure to consider creating a secure virtual private network (VPN) via the public Internet. In today's global business environment, the challenge of VPN design is to use the public Internet backbone for both inter-agency and interconnection communications while securing traditional private, autonomous enterprise networks. Conventional corporate networks are often operated by their owners and the data travels with their personal interests, leaving very little traffic or corporate networks in such a self-employed environment, these networks were generally considered secure.

VPN relies on private backs and takes advantage of the global span of the public Internet to expand the reach of traditional corporate networks. However, there are many important challenges. No single entity sets the ownership or policy of the Internet. Data from a variety of sources flows through a common backbone infrastructure and routers. As e-business grows, more data flows between companies. This model is very different from the conventional self-incorporated enterprise networks within the very Internet Engineering Task Force (IETF), IP Security (IPSec) Working Group has created a framework for network-level security. The IPSec protocol supports data source authentication, data integrity, data privacy, key management and the management of security associations (Rosu, et al., 2012).

IPSec is a flexible structure that provides network-level protection. Early protection protocols often protect parts of the path from end to end. IPSec provides the opportunity to create end-to-end network-level protection and department-by-department security coverage in any way. Within the IPSec framework, organizations can integrate both locally connected users and remote access users to form a secure end-to-end solution that can support communication between organizations and different organizations.

The IPSec Working Group focuses on defining protocols that address a number of key areas. Origin verifies the data source authentication that the source of each datagram was created by the sender. Replay protection ensures that no attacker can intercept the datagram, then the encryption key can play again, and the automated management of the security organization ensures that the organization's VPN policy is small or has no manual configuration so it can be conveniently and accurately applied to the entire extended network.

The major IPSec protocols are:

IP Authentication Title (AH) provides data source authentication, data integrity, and replay protection. The Security Association and Key Management Protocol (ISAKMP) provide a mechanism for automatically setting up security associations and managing their encryption keys. In the layered communication stack model, the network layer is the lowest level that can provide protection from end to end. Network-level security protocols provide comprehensive protection for all high-level application data that carries a payload of IP datagram without the need for application changes (Niksefat & Sabaei 2010).

Research Aims and Objectives

  1. To know the concept of IPSec VPN.

  2. To identify the way corporate network is secured by IPSec VPN.

  3. To recognise the three different IPSec protocols.

Research Questions

  1. What is IPSec VPN?

  2. How IPSec VPN assist to secure to corporate network?

  3. What are the three different IPSec protocols?

Significance of The Study

IPSec VPN is regarded as one of the two popular VPN protocols, or else the set of values which are used for establishing a secure VPN connection. In addition, IPSec is set to the IP level as well as it is frequently utilised for enabling secure access of network across the whole network (not just one device). Two sorts of IPSec VPNs are there, namely: Transport mode along with Tunnel mode. Corporate VPN uses SSL or Internet Protocol Security (IPSC), which is regarded as a secure network protocol suite that encrypts and encodes IP packet for providing network security and compliance of organizations migrating in public or hybrid cloud environments. This study will discuss the importance of IPSec VPN to secure corporate network (Khanna, et al., 2011).

Chapter 2: Literature Review

There are three sorts of security domains in terms of which IPSec can be used and these are: routing security, virtual private networks along with application-level security. At these days, IPSec is mainly used in a number of VPNs. At the time of using for routing protection or application-level protection, it is perceived that IPSec is not a complete solution and should be combined with further security measures to prevent deployment within all of these domains.

Rosu, et al., (2012) stated that, two modes of operations are there in the context of The IPSec and these are tunnel mode along transport mode. At the time of operating in transport mode, whole cryptographic activities should be performed directly by source and destination hosts. A singe tunnel is used for sending encrypted data and his tunnel is made is made with L2TP (Level 2 Tunneling Protocol). Source host creates the data and destination host retrieve the data. end-to-end protection is established by this operation mode.

At the time of working in tunnel mode, cryptographic processing is performed by special gateways along with the destination and source hosts. By installing gateway protection from the gateway here, one can create several tunnels between the gateways. At the time of using one of these modes, this is significant to offer the capability to validate the packet on both ends for authentication at all gateways. Invalid packets should be discarded.

According to Salman (2017), there are two sorts of data packet encoding (DPE) which are essential for IPSec. These are Authentication Title (AH) and Encapsulating Security Payload (ESP) DPE. network level data protection is provided by these encodings. AH packets provide reliability and integrity. Authentication title is provided with a hash function, also known as Mac (message authentication code). This title also prohibits invalid changes and has the option to provide anti-play protection. AH can establish protection between all implemented AH, multiple gateways or multiple hosts and multiple hosts in English. ESP provides title encryption, data encapsulation, and data privacy. Symmetrical keys provide data privacy.

Additional titles are added to the packet as it passes over a number of gateways along with tunnels. The datagram of each path through the gateway is covered with a new title. This title contains the Security Parameters Index (SPI), Specifies the SPI algorithm and key used in the last system to display the packet. The system also protects the payload by dropping the receiver packet as data changes and errors are detected. The title is applied at the beginning of each tunnel, verified and moved to the end of each tunnel. This method avoids creating unnecessary overhead. An important part of the IPSec is the Security Council (SA). The IP destination address is included to indicate the end point. This can be a firewall, router or end user which are Used to store all SA used by the Security Association Database (SAD). All security policies used are stored in the Security Policy database.

Authentication Header (AH)

IP authentication provides the protection against IP datagram and data source authentication, as well as replay, by disconnecting the connected head (which is per packet). Data integrity is guaranteed by a check certificate generated by a message authentication code (such as MD5). It also guarantees data source authentication to be authenticated with secret sharing key in data. Also, the sequence number titled AH is used to provide replay protection. In the IPSec vocabulary, these three separate attributes are grouped together and specified by name authentication only. Entire contents of an IP datagram is protected by AH not including some areas that may change during datagram transmission (some are called variable fields) for the purpose of calculating the solidarity test. AH can be applied in two cases: transport mode or tunnel mode (Wang & Chen 2014).

Encapsulating Security Payload (ESP)

Data privacy (encryption), connected (per packet) integrity and data source authentication and replay is provided by ESP. ESP always provides data privacy, authentication of data sources, verification of data integrity and protection from replay. A comparison of ESP and AH shows that only ESP can provide encryption otherwise it can provide authentication, integrity verification and replay protection (Fan, Li & Sun 2012).

ISAKMP

All relevant information from the Security Association (SA) is required for a communication system to run IPS protocols such as EH and ESP. For example, security associations identify cryptographic algorithms, key elements, participant identities, and more. Oakley is a mandatory key management protocol that must be used within the ISAKMP framework.

ISAKMP supports auto-negotiation and auto-generation and renewal of cryptographic keys through security associations. As VPNs grow, the ability to perform these functions with minimal or manual machine configuration becomes an important factor. Key security exchanges are the most important issue for establishing a secure communication environment. The ISAKMP method works with a start key, so it must be able to run on links where no protection is caught. That is, it is used for bootstrapping in the IPSec protocol.

Thus, the ISAKMP protocol uses the most complex and processor-intensive activities in the IPSec protocol suite. ISAKMP requires all data exchanges to be encrypted and authenticated. No one will be able to see the contents of the key, and key elements are only exchanged between authorized groups. Also, the ISAKMP method has been developed with the clear goal of providing protection against many known exposures such as protects against common attacks such as deleting messages, changing messages, reflecting the sender's message, replaying old messages and redirecting messages from unwanted recipients. Whether the offensive key will occur before or after does not provide an effective indication of breaking other keys. That is, each refresh key is rendered separately from the previous key (Rosu, et al., 2012).

Chapter 3: Research Methodology

Introduction

The path by means of which research is conducted by the researchers is known as research methodology. It helps the researcher to formulate their objectives and problems as well as to portray their outcome from the collected data throughout the study period. Henceforth, research design, research philosophy, research approach along with data collection method with regard to the present study will be discussed in this chapter.

Research Philosophy

Research philosophy in this context is imparted as how the data is gathered and analyzed and used in prior terms. The processes of collecting information from various relevant sources analyzing those data and eventually making them in use for the sake of the researcher are known as research philosophy. Positivism, realism, pragmatism, interpretivism, is the classification of research philosophy (Mitchell, and Jolley, 2012).

Justification for Using Positivism Philosophy

In order to conduct the present research on the investigation of the IPSec VPN to secure corporate networks, Positivism Philosophy will be used by the researcher since it helps the researcher to conduct the research in an efficient way. Along with that, positivism has supported for leading quantitative and qualitative data examination, for achieving the general objective of the present research (Mackey and Gass, 2015).

Research Design

An appropriate framework for the study is provided by research design. Moreover, research design is regarded as the sets of processes and methods which are utilized for obtaining and analyzing the measure of the variables which are specified in the problem research. Descriptive research design, explanatory research design along with exploratory research design is the three sorts of research design.

Justification for Using Descriptive Research Design

In the context of the present study descriptive research design will be utilised by the researcher. Moreover, with the help of this research design, researcher will be able to get the superior outcome of the study (Mkansi, and Acheampong 2012).

Research Approach

Research Approach is regarded as the essential part of the research methodology. Moreover, researchers are assisted by this for collecting primary data as well as secondary data from a number of sources. Three types of research approach are there, which are, inductive research approach, deductive research approach along with abductive research approach.

The Justification for Utilizing the Inductive Approach

With regard to the present study about the investigation of the IPSec VPN to secure corporate networks, inductive research approach will be used by the researcher. As the inductive research approach initiates with clarifications and speculations, researchers are assisted by this research approach to complete the present research study in the light of perception (Alase, 2017).

Research Methods

The research method can be mentioned as a methodical, precise as well as a logical process by means of which researchers are assisted to compile data, collect data, analyse data and interpret data as well with respect to any sort of problem of the research paper. With regard to nature and the purpose of the study research method can be classified into two sorts, these are: quantitative and qualitative research method.

Justification for Using Qualitative Research Method

Qualitative research method will be used by the researcher in order to conduct the present study on the investigation of the IPSec VPN to secure corporate networks. This method will help the researcher to collect potential data from a number of secondary sources (Bergold and Thomas, 2012).

Data Collection Method

As per the classification of data type, methods for collecting data are also categorized into two types and that are primary method for collecting data and secondary method for collecting data.

The Justification for Utilizing Secondary Data Collection Method

In order to conduct the present research on the investigation of the IPSec VPN to secure corporate networks, researcher will utilize various secondary sources to collect potential data regarding the present research. Moreover, various journal analyses will be conducted by the researcher at the time of collecting data (Alavi et al. 2018).

Ethical Aspects

Ethical aspects are contemplated as the most essential portion of any research works. At the time of collecting data from a number of secondary sources, ethical aspects were maintained properly by the researchers. Only authentic sources are used by the researchers to collect potential secondary data.

Chapter 4: Result and Discussion

Singh, P. K., & Singh, P. P. (2013). A Novel approach for the Analysis & Issues of IPsec VPN. International Journal of Science and Research, 2(7), 187-189.

Singh & Singh, (2013), conducted a study on “A Novel approach for the Analysis & Issues of IPsec VPN” and stated that a virtual private network is a technology that sets up a private network over a public network. It is a widely recognized technology in the corporate world to grow their business. A VPN connection can be presented as a pipe that carries personal data connected through a public network. This paper only discusses the qualitative issues of IPSec-based VPNs for data transmission across secure networks. VPN is the perfect new network technology. IPSec provides VPN networks with standard protection for corporate networks. IPSec is the most reliable and secure VPN solution available in the market today. The VPN conflict can be resolved by enabling IPSec and enabling both IPSec for security and protection by allowing the VPN to compromise several levels of overhead, performance (QoS) parameters.

Zaharuddin, M. H. M., Ab Rahman, R., & Kassim, M. (2010, December). Technical comparison analysis of encryption algorithm on site-to-site IPSec VPN. In 2010 International Conference on Computer Applications and Industrial Electronics (pp. 641-645). IEEE.

Zaharuddin, Ab Rahman & Kassim (2010) conducted a study on “Technical comparison analysis of encryption algorithm on site-to-site IPSec VPN”, and stated that Virtual private networks or VPNs provide secure communication for remote users to access their personal data through public networks. Security is a top priority, but so is the functionality of your VPN. This paper describes how the effectiveness of a VPN can be affected by choosing the various encryption algorithms used by the VPN device. VPN performance depends on throughput parameters. The qualification function showed that the algorithms had different throughput readings. The ES256-MD5 has faster throughput and higher throughput than other algorithm combinations. Further analysis showed that HTTP works faster than the HTTP protocol because the throughput of the VPN decreases as the file size increases.

Liao, W. H., & Su, S. C. (2011, December). A dynamic VPN architecture for private cloud computing. In 2011 Fourth IEEE International Conference on Utility and Cloud Computing (pp. 409-414). IEEE.

Liao & Su (2011) conducted a study on “A dynamic VPN architecture for private cloud computing” and stated that, the cloud computing segment includes public, private and hybrid clouds. Many companies plan to implement private cloud because they provide a secure environment for companies to run their business processes. Virtual Private Networks (VPNs) play a key role in securely connecting enterprise IT securely to the cloud. Direct-connected VPNs allow a very small amount of secure connection to a private network over a common network, usually through a small network. As the number of connections increases, VPN architectures become more complex and cannot meet the flexible tuning skills of cloud computing. A VPN architecture is proposed in this study for cloud computing. Businesses and service providers will be able to connect to this architecture through PPTP, IPSec, or SSL to reduce costs.

Ibrahim, L. (2017). Virtual private network (vpn) management and ipsec tunneling technology. Middle East, 1.

Ibrahim (2017), conducted a study on “Virtual private network (vpn) management and ipsec tunneling technology”, and stated that a Virtual Private Network (VPN) is a virtual network built on a public network infrastructure similar to the World Wide Web. Enterprises can use VPNs to secure connections to remote offices and users by providing affordable third-party Internet access. VPN authentication technology provides the highest level of protection via IP-based VPN, encrypted IPS, or Secure Sockets Layer (SSL). All of these technologies protect data transmitted over VPN networks from unauthorized access. This white paper describes the Cisco Easy VPN Server as a solution to complex network and VPN connection problems, as security issues are so important in connection that they directly affect productivity.

Chapter 5: Conclusion

The IPSec protocol suite provides a flexible and robust approach to building secure networks. Network operators can use AH tunnels, AH transports, ESP tunnels, and ESP transports to integrate a variety of common configurations. Also, by incorporating routing functionality into the VPN firewall, one can implement a dynamic, routing-responsive VPN with the IPSec protocol suite. ISAKMP / Oakley can provide a secure and automated way to communicate with secure organizations and distribute encrypted keys and even secure links. IPSec can provide robust protection against other popular protocols such as L2TP but individually provides minimal protection. To create a complete, easy-to-deploy and easy-to-manage VPN solution, the complete VPN solution may include other complementary protocols and methods (certificate management, use of top-level security protocols, etc.). In short, IPSEC provides a very flexible and robust structure to create the best protection solution for your specific needs (Chen, 2010).

References

Alase, A., (2017). The interpretative phenomenological analysis (IPA): A guide to a good qualitative research approach. International Journal of Education and Literacy Studies, 5(2), pp.9-19.

Alavi, M., Archibald, M., McMaster, R., Lopez, V. & Cleary, M., (2018). Aligning theory and methodology in mixed methods research: before design theoretical placement. International Journal of Social Research Methodology, 21(5), pp.527-540.

Bergold, J. & Thomas, S., (2012). Participatory research methods: A methodological approach in motion. Historical Social Research/Historische Sozialforschung, pp.191-222.

Chen, P. F. (2010). U.S. Patent Application No. 12/376,879.

Fan, Y. Q., Li, C., & Sun, C. (2012). Secure VPN based on combination of L2TP and IPSec. Journal of Networks, 7(1), 141.

Khanna, B., Chao, J., Jesuraj, R., & Lee, R. (2011). U.S. Patent No. 7,907,595. Washington, DC: U.S. Patent and Trademark Office.

Mackey, A. & Gass, S.M., (2015). Second language research: Methodology and design. Routledge.

Mackey, A. & Marsden, E. eds., (2015). Advancing methodology and practice: The IRIS repository of instruments for research into second languages. Routledge.

Mitchell, M. L., & Jolley, J. M. (2012). Research design explained. Cengage Learning.

Niksefat, S., & Sabaei, M. (2010, April). Efficient algorithms for dynamic detection and resolution of IPSec/VPN security policy conflicts. In 2010 24th IEEE International Conference on Advanced Information Networking and Applications (pp. 737-744). IEEE.

Rosu, S. M., Popescu, M. M., Dragoi, G., & Guica, I. R. (2012). The Virtual Enterprise Network based on IPSec VPN Solutions and Management. International Journal of Advanced Computer Science and Applications, 3(11).

Rosu, S. M., Popescu, M. M., Dragoi, G., & Guica, I. R. (2012). The Virtual Enterprise Network based on IPSec VPN Solutions and Management. International Journal of Advanced Computer Science and Applications, 3(11).

Rosu, S. M., Popescu, M. M., Dragoi, G., & Guica, I. R. (2012). The Virtual Enterprise Network based on IPSec VPN Solutions and Management. International Journal of Advanced Computer Science and Applications, 3(11).

Salman, F. A. (2017). Implementation of IPsec-VPN tunneling using GNS3. Indonesian Journal of Electrical Engineering and Computer Science, 7(3), 855-860.

Wang, C., & Chen, J. Y. (2014, May). Implementation of GRE over IPsec VPN enterprise network based on Cisco packet tracer. In 2nd International Conference on Soft Computing in Information Communication Technology. Atlantis Press.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help

Get It Done! Today

Upload your assignment
  • 1,212,718Orders

  • 4.9/5Rating

  • 5,063Experts

Highlights

  • 21 Step Quality Check
  • 2000+ Ph.D Experts
  • Live Expert Sessions
  • Dedicated App
  • Earn while you Learn with us
  • Confidentiality Agreement
  • Money Back Guarantee
  • Customer Feedback

Just Pay for your Assignment

  • Turnitin Report

    $10.00
  • Proofreading and Editing

    $9.00Per Page
  • Consultation with Expert

    $35.00Per Hour
  • Live Session 1-on-1

    $40.00Per 30 min.
  • Quality Check

    $25.00
  • Total

    Free
  • Let's Start

Browse across 1 Million Assignment Samples for Free

Explore MASS
Order Now

My Assignment Services- Whatsapp Tap to ChatGet instant assignment help

refresh