A Framework for the Performance Analysis and Tuning of Virtual Private Networks Fridrich Shane Perez Brigham Young University
Total Page:16
File Type:pdf, Size:1020Kb
Brigham Young University BYU ScholarsArchive All Theses and Dissertations 2018-06-01 A Framework for the Performance Analysis and Tuning of Virtual Private Networks Fridrich Shane Perez Brigham Young University Follow this and additional works at: https://scholarsarchive.byu.edu/etd Part of the Science and Technology Studies Commons BYU ScholarsArchive Citation Perez, Fridrich Shane, "A Framework for the Performance Analysis and Tuning of Virtual Private Networks" (2018). All Theses and Dissertations. 6867. https://scholarsarchive.byu.edu/etd/6867 This Thesis is brought to you for free and open access by BYU ScholarsArchive. It has been accepted for inclusion in All Theses and Dissertations by an authorized administrator of BYU ScholarsArchive. For more information, please contact [email protected], [email protected]. A Framework for the Performance Analysis and Tuning of Virtual Private Networks Fridrich Shane Perez A thesis submitted to the faculty of Brigham Young University in partial fulfillment of the requirements for the degree of Master of Science Dale C. Rowe, Chair Chia-Chi Teng Derek L. Hansen School of Technology Brigham Young University Copyright © 2018 Fridrich Shane Perez All Rights Reserved ABSTRACT A Framework for the Performance Analysis and Tuning of Virtual Private Networks Fridrich Shane Perez School of Technology, BYU Master of Science With the rising trend of personal devices like laptops and smartphones being used in businesses and significant enterprises, the concern for preserving security arises. In addition to preserving security measures in outside devices, the network speed and performance capable by these devices need to be balanced with the security aspect to avoid slowing down virtual private network (VPN) activity. Performance tests have been done in the past to evaluate available software, hardware, and network security protocol options that will best benefit an entity according to its specific needs. With a variety of comparable frameworks available currently, it is a matter of pick and choose. This study is dedicated to developing a unique process-testing framework for personal devices by comparing the default security encryptions of different VPN architectures to the Federal Information Processing Standards (FIPS) set of complying encryptions. VPN architectures include a vendor-supplied VPN, Palo Alto Networks, open-sourced OpenVPN application, and a Windows PPTP server to test security protocols and measure network speed through different operating platforms. The results achieved in this research reveal the differences between the default security configurations and the encryption settings enforced by FIPS, shown through the collected averaged bandwidth between multiple network tests under those settings. The results have been given additional analysis and confidence through t-tests and standard deviation. The configurations, including difficulty in establishing, between different VPNs also contribute to discovering OpenVPN under FIPS settings to be favorable over a Palo Alto firewall using FIPS- CC mode due to higher bandwidth rate despite following the same encryption standards. Keywords: VPN, FIPS, security protocol, encryption, network security, bandwidth, performance, framework ACKNOWLEDGEMENTS I would like to express my gratitude to the BYU IT faculty for their patience and assistance in guiding me through my studies in the graduate program. I want to thank Dr. Dale Rowe and the BYU Cyber Security Research Lab for providing the workspace, machines, and additional resources to use for my research, as well as the support and morale they’ve shared. I want to give recognition to Palo Alto Networks’ sponsorship for the CSRL and allowing use of their resources for this endeavor. Lastly, I want to thank my family for their constant moral inspiration and encouragement in pursuing continuous learning. TABLE OF CONTENTS TABLE OF CONTENTS ............................................................................................................... iv LIST OF TABLES ........................................................................................................................ vii LIST OF FIGURES ..................................................................................................................... viii 1 Introduction ............................................................................................................................. 1 Background & Motivation ............................................................................................... 1 Objectives / Goals ............................................................................................................ 4 Problem Statement / Hypotheses...................................................................................... 5 Methodology .................................................................................................................... 6 Delimitations / Assumptions ............................................................................................ 8 Glossary ............................................................................................................................ 9 2 Literature Review .................................................................................................................. 11 VPN Security Protocols ................................................................................................. 11 VPN Applications .......................................................................................................... 13 Commodity Hardware & Frameworks ........................................................................... 15 Performance Testing ...................................................................................................... 17 Encryption Algorithms ................................................................................................... 21 3 Methodology .......................................................................................................................... 24 RO-1: Framework Development and Testing ................................................................ 24 3.1.1 Network Performance Testing ................................................................................ 26 3.1.2 Network Measuring Tools ...................................................................................... 27 3.1.3 Framework Arrangement ........................................................................................ 29 RQ-2: Determining Differences ..................................................................................... 30 iv 3.2.1 Network Traffic Monitoring ................................................................................... 31 3.2.2 VPN Infrastructure Settings .................................................................................... 34 RH-2: Bandwidth Differences ........................................................................................ 42 3.3.1 Device Information ................................................................................................. 42 3.3.2 Tuning Factors ........................................................................................................ 43 4 Results & Analysis ................................................................................................................ 46 Data Collection ............................................................................................................... 46 4.1.1 Fixed Transfer Bandwidth ...................................................................................... 47 4.1.2 Windows Client Results .......................................................................................... 48 4.1.3 Mac Client Results .................................................................................................. 51 4.1.4 Android Client Results ............................................................................................ 55 Framework Analysis ...................................................................................................... 59 4.2.1 Limitations .............................................................................................................. 60 4.2.2 VPN Traffic Explanation ........................................................................................ 61 4.2.3 FIPS Application ..................................................................................................... 69 4.2.4 Framework Validation ............................................................................................ 69 5 Conclusion & Future Work ................................................................................................... 71 Future Research .............................................................................................................. 72 5.1.1 Linux Involvement .................................................................................................. 72 5.1.2 Automated Tests ..................................................................................................... 73 Observations ................................................................................................................... 74 References ..................................................................................................................................... 75 v Appendix A. OpenVPN Server Configured Files ....................................................................