Virtual Private Networks ...
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Virtual Private Networks ...






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Virtual Private Networks ... Presentation Transcript

  • 1. Virtual Private Networks
  • 2. Virtual Private Networks 1. Gateways have a Server "permanent" TCP connection Hub VPN Tunnel Gateway (router, f Workstations irewall, 2. They encrypt the IP packet they are combo) given and send it to the other gateway as the payload in another IP packet Network 3. The target gateway decrypts the IP Network packet and sends the result to the correct address.
  • 3. Virtual Private Networks
  • 4. Virtual Private Networks Original Original Src/Dst IP Src/Dest Payload (original, unencrypted) addresses Ports Entire IP packet encrypted by one end of VPN Revised Src/Dest IP addresses
  • 5. Virtual Private Networks VPN advantages 1. Replaces dedicated point-to-point line (why is this an advantage?) 2. Provides C I and Authentication (how?) 3. Solves "road warrior" problems and expenses (problems?) (expenses?) 4. Can secure all traffic between two networks transparently 5. Can use private address space in station-to-station chatter 6. Can deploy quickly (compare with renting a private line or pulling a cable) 7. Can choose level of encryption
  • 6. Virtual Private Networks VPN disadvantages 1. Encryption/decryption processing burden – may require an additional box or hardware accelerators ("offload cards"). 2. Will need to buy VPN software for gateways and for road warriors. Proprietary solutions. 3. Does not defend against a back door on a road warrior computer 4. Encapsulation means additional bandwidth 5. Encapsulation may mean fragmentation 6. VPN configuration (with MTU, with NAT, etc) may be difficult 7. Troubleshooting is more difficult (why) 8. Depends on Internet availability
  • 7. Virtual Private Networks VPN-capable device on the network Setup to agree on •IP subnet addresses on far side •authentication scheme, including dig. sig. exchange if desired •encryption scheme and key exchange multiple VPNs must use multiple "encryption domains"
  • 8. Virtual Private Networks Road warrior W. Stallings, Network Security, Fig 6.1
  • 9. Virtual Private Networks Road warrior Each security gateway has ??? Security Associations?
  • 10. Virtual Private Networks 8. VPN products • Strong authentication • Adequate encryption • Adherence to standards Road warrior • Integration with other services (NAT, firewalls, LDAP, monitoring software)
  • 11. Virtual Private Networks VPN vendors a) add software to existing routers 3COM, BayNetworks, Cisco, … b) install "stand-alone" boxes Road warrior Lucent, Indus Rivers, Xedia, VPNet Technologies, … c) Software-based Raptor, V-1, Trusted Info. Systems, … d) Internet Service Providers AT&T, MCI, IBM, Sprint, …