shradhamaheshwari vpn
TRANSCRIPT
VIRTUAL PRIVATE NETWORK
Presented by: Shradha Maheshwari
CS-08
Traditional Networking
Corporate Headquarters
Remote Locations
Customers, Suppliers & Consultants
Remote Users
Leased Lines
Modem Bank
A New Solution: VPNVirtual Private Networking
Internet
Telecommuters & Mobile Users
Remote Locations
Customers, Suppliers & Consultants
Corporate Headquarters
Allowing cost effective expansion of private and secure networks
VPN Introduction
• Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.
• Users only make a local call to the ISP instead of expensive long distance telephone calls to the remote access server.
Types of VPN
TRUSTED VPN: Use dedicated circuitry. Path must be set and consistent. Rely on the security of a single provider’s network to protect the traffic.
Technologies used MPLS and L2F
SECURE VPN: All traffic is encrypted and authenticated The security properties of the VPN must be agreed
to by all parties in the VPN. No one outside the VPN can affect the security
properties of the VPN.
Technologies usedIPSecSSL/TLSPPTP
HYBRID VPN:
The address boundaries of the secure VPN within the trusted VPN must be extremely clear.
Technologies usedAny supported secure VPN technologies running
over any supported trusted VPN technology.
Brief Overview Of How VPN Works
1. Two connections – one is made to the Internet and the second is made to the VPN.
2. Datagrams – contains data, destination and source information.
3. Firewalls – VPNs allow authorized users to pass through the firewalls.
4. Protocols – protocols create the VPN tunnels.
Four Critical Functions
• Authentication – validates that the data was sent by the sender.
• Access control – limiting unauthorized users from accessing the network.
• Confidentiality – preventing the data to be read or copied as the data is being transported.
• Data Integrity – ensuring that the data has not been altered
VPN Security
Encryption
AAA servers
IPSec
Firewalls
Encryption
• It is a method of “scrambling” data before transmitting it onto the Internet.
• Two common techniques used for encryption are:
a) Symmetric key encryption
b) Public key encryption
AAA Servers• Authentication in VPN is determining if the remote
VPN user is who or what it is declared to be.
• The use of digital certificates is considered as the strong mechanism for authentication.
• Authorization in VPN is determining what the user is allowed to do.
• Accounting in VPN is determining what the user actually does.
IPSec
• Internet Protocol Security (IPSec) is an industry standard enabling secure communications over the Internet.
• IPSec is a peer-negotiated network layer protocol that can be implemented in one of the two modes:a) Transport mode
b) Tunnel mode
• The disadvantage of IPSec is that it might be incompatible with many NAT implementations.
IPSec VPN
SSL/TLS
• TLS and it’s predecessor, SSL, are cryptographic protocols that provide communications security over the Internet.
• Operate at the session layer.
• It can force the browser to run applets.
SSL v/s IPSec
SSL VPN
• Implemented through every web browser without the need of additional client s/w.
• Works at the session layer of OSI model.
• Lower support costs.
• Network Address Translation is not a problem.
• Relatively simple.
IPSec
• Requires installation of client program on the end user machine.
• Works at the network layer of OSI model.
• Higher support costs
• It is incompatible with Network Address Translation.
• Complex in nature.
Firewalls
• Monitors traffic crossing network parameters and protects enterprises from unauthorized access.
• Packet-level firewall checks source and destination.
• Application-level firewall acts as a host computer between the organization’s network and the Internet.
VPN Tunneling
Secure VPN Tunnel
Intranet
Server
A tunnel establishes a secure connection between two private networks over a public medium like the Internet.
• A VPN tunnel software has a management protocol that creates, maintains and terminates a tunnel.
• Data is transferred through the VPN tunnel using a datagram based protocol.
• PPTP-Point to point tunneling protocol/L2TP-Layer 2 Tunneling protocol encapsulates private network traffic in packets to be transmitted over public networks (TCP/IP).
Data encapsulation[from corner]
Original Datagram
Encrypted inner datagram
Datagram Header Outer Datagram Data Area
PPTP
• It is a proposed standard sponsored by Microsoft and other companies.
• PPTP creates another layer of security within TCP/IP.
• It encapsulates IP packets for transmission over an IP based network.
• Main benefit- You can create a link from any network with Internet access.
L2TP
• Represents the best features of PPTP nad L2F protocol.
• L2TP can be used over the internet as well as over private intranets.
• It sets up an IP security connection thereby making the VPN connection more secure.
• Provides data confidentiality which is not present in PPTP.
Two types of tunneling
• Voluntary Tunneling: In this the client starts the process of initiating a connection with the VPN server. In this case the user's computer is the end point and acts as a VPN client.
• Compulsory Tunneling: In this the connection is created between two VPN servers and two VPN access devices i.e. the routers. In this the user computer is not the end point.
VPN tunnels can be created either at the data link layer or at the network layer of the OSI model.
Advantages
• Eliminating the need for expensive long-distance leased lines.
• Reducing the long-distance telephone charges for remote access.
• Greater scalability and easy to add/remove users.
• Centralization of shared data.
Disadvantages
• VPNs require an in-depth understanding of public network security issues and proper deployment of precautions
• Availability and performance depends on factors largely outside of their control
• VPNs need to accommodate protocols other than IP and existing internal network technology
• Unpredictable Internet traffic
Industries that may use VPN
• Healthcare
• Manufacturing
• Retail
• Banking/Financial
• General business
50%
63%
79%
90%
0% 20% 40% 60% 80% 100%
Access to network forbusiness
partners/customers
Site-to-site connectivitybetween offices
Remote access foremployees while
traveling
Remote access foremployees working out
of homes
% of Respondents
Percentages
Implementation
• Can be done in following ways:1. Site-to-site connection:
Intranet : within an organization Extranet : outside an organization
2. Remote access : employee to business
Site-to-site
Applications of site-to-site vpn
• Large-scale encryption between multiple fixed sites such as remote offices and central offices.
• Network traffic is sent over the branch office Internet connection.
• This saves the company hardware and management expenses
• Remote access
Applications of remote access
• Encrypted connections between mobile or remote users and their corporate networks
• Remote user can make a local call to an ISP, as opposed to a long distance call to the corporate remote access server.
• Ideal for a telecommuter or mobile sales people.
• VPN allows mobile workers & telecommuters to take advantage of broadband connectivity i.e. DSL, Cable.
REFERENCES
• Mitchell, Bradley. "VPN Tutorial." About.Com. 2007. 8 Mar. 2007 <http://compnetworking.about.com/od/vpn/l/aa010701a.htm>.
• Tyson, Jeff. "How Virtual Private Networks Work." How Stuff Works. 6 Mar. 2007 <http://computer.howstuffworks.com/vpn.htm>.
• "Virtual Private Network." Wikipedia: the Free Encyclopedia. 6 Mar. 2007. 9 Mar. 2007 <http://en.wikipedia.org/wiki/Vpn>.
• http://compnetworking.about.com/od/vpn/VPN_Virtual_Private_Networking.htm
• http://www.authorstream.com/Presentation/quangthanh-168465-vpn-abc-entertainment-ppt-powerpoint/
• www.vpntools.com
THANK YOU
ANY QUERIES??