vpn virtual private networks - thmhg10013/lehre/mms/ws0304...vpn - virtual private networks mathias...
TRANSCRIPT
![Page 1: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/1.jpg)
VPNVirtual Private Networks
Mathias Schäfer
WS 2003/2004
![Page 2: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/2.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
2Overview
Overview Why VPNs
VPN-use-cases
VPN-technology vs. conventional solutions
Requirements
Tunneling
Security
Performance
Conclusion
![Page 3: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/3.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
3Why VPNs
Why VPNsIn business-solutions VPN-technology gains
in weight
Enterprises are acting more and more on global range
There is the need of cost-effective solutions to integrate satillite workplaces, like branch offices suppliers field services
into an enterprise-network
![Page 4: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/4.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
4VPN-use-cases
VPN-use-cases
Enterprises are usually composed of
Head office
Branch offices
Outdoor staff
additionally there are suppliers which are not really part of the company
![Page 5: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/5.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
5VPN-use-cases
VPN-use-cases
To reflect business-processes in the companys network structure all components of the whole enterprise need to be integrated
VPN-types are classified similar to the use cases
Remote-Access-VPN - field services Branch-Office-VPN - Branch offices Extranet-VPN - Suppliers
![Page 6: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/6.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
6VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Conventional solutions mostly use wired or dial-in connections between both endpoints
These connections get very expensive in case of long distance or international linking
On central office side lots of connection interfaces are needed to fulfil all connection requests
![Page 7: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/7.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
7VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
VPN-technology concretely Internet-VPN- or IP-VPN-technology uses the available Internet to split long-distance connections
Instead of establishing connections between endpoints there is only the need of connecting endpoints to the nearest Internet-node
Decrease of distance and fees
![Page 8: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/8.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
8VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Remote-Access
In case of Remote-Access for outdoor staff, there are many connections needed
Usually there are ppp-dial-in connections used to establish links between outdoor staff and head office
A Remote-Access-Concentrator (RAC) is used to terminate connections on head office side
Normally the RAC is connected to the providers telephone-network using PMX
![Page 9: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/9.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
9VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Remote-Access
![Page 10: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/10.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
10VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Remote-Access-VPN
In case of Internet-VPN-technology usage, the outdoor staff connects to the Internet via any link-technology which is provided by local ISP
Head office is connected to the Internet via one broadband link, there is a VPN-Concentrator instead of the RAC
The data link connection is implemented as a tunnel-connection through the Internet, and is terminated inside the VPN-Concentrator
![Page 11: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/11.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
11VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Remote-Access-VPN
![Page 12: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/12.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
12VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Branch-Office
Conventional connection-types for the link between branch-office-networks and the head-office-network, are normally based on wired technology, ATM or Frame Relay
Router-equipment on both sides of this connection terminates the link
Similar to Remote-Access the costs of this solution depend on the distance and get very high in case of international connections
![Page 13: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/13.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
13VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Branch-Office
![Page 14: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/14.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
14VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Branch-Office-VPN
In case of Branch-Office-VPN the router-equipment is replaced by VPN-gateways which terminate the virtual tunnel-connection between the endpoints
Both endpoints are physically connected only to the Internet not to their opposite
![Page 15: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/15.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
15VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Branch-Office-VPN
![Page 16: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/16.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
16VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Extranet-VPN
To allow faster reaction it is advisable to integrate suppliers into the companys network
They should have limited access, because they are not really part of the company
Usally Firewalls limit the access to the Intranet, apart from that the structure is similar to a Branch-Office-VPN
![Page 17: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/17.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
17VPN-technology vs. conventional solutions
VPN-technology vs. conventional solutions
Extranet-VPN
![Page 18: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/18.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
18Requirements
RequirementsSecurity Confidential information
Transmitted information has to be protected against unauthorized access
Integrity of informationTransmitted information must not be altered during transmission
AuthentificationAuthenticity of communication-partners has to be proved and warranted during connection-time
![Page 19: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/19.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
19Requirements
RequirementsAvailability
There has to be a guaranted availability of service
Maximum downtime or minimum uptime percentages are agreed by contract with service provider in SLAs
![Page 20: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/20.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
20Requirements
RequirementsPerformance
Minimum bandwith and maximum latency are the main performance aspects of a connection
In case of Internet-VPNs it is normally not possible for a service provider to guarantee these parameters
SLAs mostly declare contractual penaltys
![Page 21: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/21.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
21Tunneling
TunnelingPrinciple
Tunnling is implemented by encapsulation of data-pakets during transmission
![Page 22: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/22.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
22Tunneling
TunnelingTunneling-modelsThere are differentiated tunneling-models
End-to-End-ModelNo service provider is involved in the tunneling process, except for providing the internet-connection
Intra-Provider-ModelThe company is not involved in the tunneling process
Provider-Enterprise-ModelMixed configuration, one side is provided by the service provider, the other side belongs to the company
![Page 23: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/23.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
23Tunneling
TunnelingEnd-to-End-Model
![Page 24: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/24.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
24Tunneling
TunnelingIntra-Provider-Model
![Page 25: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/25.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
25Tunneling
TunnelingProvider-Enterprise-Model
![Page 26: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/26.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
26Tunneling
TunnelingIP-Security-Protocol – IPSec
IPSec was developed for security reasons, so there are many security-options to choose
As an option there is an IPSec-tunneling-mode, with the ability of tunneling exclusively IP-Pakets
The connection-partners use unidirectional SAs which represent the configuration of an established IPSec-link
![Page 27: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/27.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
27Tunneling
TunnelingIP-Security-Protocol – IPSec
IPSec uses symmetric encryption, where the key-exchange is done with the Internet-Key-Exchange Protocol
For authentification IPSec supports Pre-Shared-Secret procedures Public Key methods Certification proceedings
IPSec hides the structure of the internal network by encrypting the internal ip-header
![Page 28: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/28.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
28Tunneling
TunnelingIP-Security-Protocol – IPSec
IPSec's primary tunneling-model is the end-to-end-model, so the client needs an IPSec-implementation
Software-implementations are available for nearly all operation systems
![Page 29: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/29.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
29Tunneling
TunnelingIP-Security-Protocol – IPSec
![Page 30: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/30.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
30Tunneling
TunnelingLayer 2 Tunneling Protocol – L2TP
L2TP encapsulates PPP-Frames, that allows tunneling of all layer 3 pakettypes which are supported by PPP
L2TP is designed as a tunneling protocol, not for security reasons, it supports only weak CHAP-like authentification and encryption of the control-channel
As the consequence, security has to be implemented on other levels
![Page 31: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/31.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
31Tunneling
TunnelingLayer 2 Tunneling Protocol – L2TP
The Provider-Enterprise-Model for Remote-Access is the primary model used for L2TP-implementations
Instead of the normal RAC a L2TP Access Concentrator is used
![Page 32: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/32.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
32Tunneling
TunnelingLayer 2 Tunneling Protocol – L2TP
Decisions how to handle incoming calls are made by called number or by prefix or suffix of the user-id
If indicated a tunnel to the enterprise-sided L2TP Network Server is established by the LAC
This enables compulsory tunneling
![Page 33: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/33.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
33Tunneling
TunnelingLayer 2 Tunneling Protocol – L2TP
![Page 34: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/34.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
34Tunneling
TunnelingLayer 2 Tunneling Protocol – L2TP
If used in the end-to-end-model, the functionality of LAC is implemented in client-side software
This implicits voluntary tunneling
![Page 35: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/35.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
35Tunneling
TunnelingIPSec secured L2TP – L2TP/IPSec
Combining L2TP and IPSec enables securityoptions supplied by IPSec and pakettype-flexibility of L2TP
This causes a lot of overhead, which forces the decision to change over to IP-based applications to enable usage of IPSec without L2TP
![Page 36: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/36.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
36Tunneling
TunnelingIPSec secured L2TP – L2TP/IPSec
![Page 37: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/37.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
37Tunneling
TunnelingIPSec secured L2TP – L2TP/IPSec
Also other combinations are possible and suggestive
Tunneling of IPSec in end-to-end-model inside L2TP in provider-enterprise-model for example enables compulsatory tunneling with IPSec security
![Page 38: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/38.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
38Security
SecurityIf security-opions are needed, IPSec is the protocol to
choose
The used cryptographic algorithms are considered as secure nowadays
IPSec's security-functionality offers Encryption Authentification Paketintegrity Hiding of internal networkstructures Protection from Replay- and Denial-of-Service-Attacks
If additionally other pakettypes than IP are used, IPSec/L2TP is the only mechanism that fulfills both needs
![Page 39: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/39.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
39Performance
Performance
In addition to the provider- and connection-dependent performance-aspects, the used hardware is also relevant to the performance of VPNs
In case of IPSec the cryptographic algorithms need a lot of computing power
Dedicated VPN-Equipment often uses specialized cryptographic processing units, which offering much better performance than normal cpu's
![Page 40: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/40.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
40Performance
Performance
In case of L2TP there are a lot of PPP-sessions which have to be terminated primarily at L2TP Network Servers
There are components which are constructed as scalable, so that they can fulfil increased needs
If L2TP/IPSec is used, increased attention has to be payed to performance-aspects
![Page 41: VPN Virtual Private Networks - THMhg10013/Lehre/MMS/WS0304...VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004 Security 38 Security If security-opions are needed, IPSec](https://reader033.vdocuments.net/reader033/viewer/2022042807/5f78dbde9e54be0e1e5b9895/html5/thumbnails/41.jpg)
VPN - Virtual Private Networks Mathias Schäfer WS 2003/2004
41Conclusion
Conclusion
Internet-VPN-technology offers cost-effective solutions if planned in detail
If all components are well choosed, IPSec offers high-security solutions, also for major projects
Most important milestone on the way to implement VPNs is a detailed analysis of needs