Traditional NetworkingRemote Locations Corporate Leased Lines Headquarters Customers, Suppliers & ConsultantsRemote Users Modem Bank
A New Solution: VPN Virtual Private Networking Allowing cost effective expansion of private and secure networksTelecommuters &Mobile Users Corporate Internet Headquarters Remote Locations Customers, Suppliers & Consultants
VPN Introduction• Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.• Users only make a local call to the ISP instead of expensive long distance telephone calls to the remote access server.
Types of VPN TRUSTED VPN: Use dedicated circuitry. Path must be set and consistent. Rely on the security of a single provider’s network to protect the traffic. Technologies used MPLS and L2F
SECURE VPN: All traffic is encrypted and authenticated The security properties of the VPN must be agreed to by all parties in the VPN. No one outside the VPN can affect the security properties of the VPN. Technologies used IPSec SSL/TLS PPTP
HYBRID VPN: The address boundaries of the secure VPN within the trusted VPN must be extremely clear. Technologies used Any supported secure VPN technologies running over any supported trusted VPN technology.
Brief Overview Of How VPN Works1. Two connections – one is made to the Internet and the second is made to the VPN.2. Datagrams – contains data, destination and source information.3. Firewalls – VPNs allow authorized users to pass through the firewalls.4. Protocols – protocols create the VPN tunnels.
Four Critical Functions• Authentication – validates that the data was sent by the sender.• Access control – limiting unauthorized users from accessing the network.• Confidentiality – preventing the data to be read or copied as the data is being transported.• Data Integrity – ensuring that the data has not been altered
Encryption• It is a method of “scrambling” data before transmitting it onto the Internet.• Two common techniques used for encryption are: a) Symmetric key encryption b) Public key encryption
AAA Servers• Authentication in VPN is determining if the remote VPN user is who or what it is declared to be.• The use of digital certificates is considered as the strong mechanism for authentication.• Authorization in VPN is determining what the user is allowed to do.• Accounting in VPN is determining what the user actually does.
IPSec• Internet Protocol Security (IPSec) is an industry standard enabling secure communications over the Internet.• IPSec is a peer-negotiated network layer protocol that can be implemented in one of the two modes: a) Transport mode b) Tunnel mode• The disadvantage of IPSec is that it might be incompatible with many NAT implementations.
SSL/TLS• TLS and it’s predecessor, SSL, are cryptographic protocols that provide communications security over the Internet.• Operate at the session layer.• It can force the browser to run applets.
SSL v/s IPSec SSL VPN IPSec• Implemented through every • Requires installation of client web browser without the need program on the end user of additional client s/w. machine.• Works at the session layer of • Works at the network layer of OSI model. OSI model.• Lower support costs. • Higher support costs• Network Address Translation • It is incompatible with is not a problem. Network Address Translation.• Relatively simple. • Complex in nature.
Firewalls• Monitors traffic crossing network parameters and protects enterprises from unauthorized access.• Packet-level firewall checks source and destination.• Application-level firewall acts as a host computer between the organization’s network and the Internet.
VPN TunnelingA tunnel establishes a secure connectionbetween two private networks over a publicmedium like the Internet. Server Intranet Secure VPN Tunnel
• A VPN tunnel software has a management protocol that creates, maintains and terminates a tunnel.• Data is transferred through the VPN tunnel using a datagram based protocol.• PPTP-Point to point tunneling protocol/L2TP- Layer 2 Tunneling protocol encapsulates private network traffic in packets to be transmitted over public networks (TCP/IP).
Original Datagram Encrypted inner datagramDatagram Header Outer Datagram Data Area Data encapsulation[from corner]
PPTP• It is a proposed standard sponsored by Microsoft and other companies.• PPTP creates another layer of security within TCP/IP.• It encapsulates IP packets for transmission over an IP based network.• Main benefit- You can create a link from any network with Internet access.
L2TP• Represents the best features of PPTP nad L2F protocol.• L2TP can be used over the internet as well as over private intranets.• It sets up an IP security connection thereby making the VPN connection more secure.• Provides data confidentiality which is not present in PPTP.
Two types of tunneling• Voluntary Tunneling: In this the client starts the process of initiating a connection with the VPN server. In this case the users computer is the end point and acts as a VPN client.• Compulsory Tunneling: In this the connection is created between two VPN servers and two VPN access devices i.e. the routers. In this the user computer is not the end point. VPN tunnels can be created either at the data link layer or at the network layer of the OSI model.
Advantages• Eliminating the need for expensive long- distance leased lines.• Reducing the long-distance telephone charges for remote access.• Greater scalability and easy to add/remove users.• Centralization of shared data.
Disadvantages• VPNs require an in-depth understanding of public network security issues and proper deployment of precautions• Availability and performance depends on factors largely outside of their control• VPNs need to accommodate protocols other than IP and existing internal network technology• Unpredictable Internet traffic
Industries that may use VPN• Healthcare• Manufacturing• Retail• Banking/Financial• General business
Remote access foremployees working out 90% of homes Remote access for employees while 79% traveling PercentagesSite-to-site connectivity between offices 63% Access to network for business 50% partners/customers 0% 20% 40% 60% 80% 100% % of Respondents
Implementation• Can be done in following ways: 1. Site-to-site connection: Intranet : within an organization Extranet : outside an organization 1. Remote access : employee to business
Applications of site-to-site vpn• Large-scale encryption between multiple fixed sites such as remote offices and central offices.• Network traffic is sent over the branch office Internet connection.• This saves the company hardware and management expenses
• Remote access
Applications of remote access• Encrypted connections between mobile or remote users and their corporate networks• Remote user can make a local call to an ISP, as opposed to a long distance call to the corporate remote access server.• Ideal for a telecommuter or mobile sales people.• VPN allows mobile workers & telecommuters to take advantage of broadband connectivity i.e. DSL, Cable.
REFERENCES• Mitchell, Bradley. "VPN Tutorial." About.Com. 2007. 8 Mar. 2007 <http://compnetworking.about.com/od/vpn/l/aa010701a.htm>.• Tyson, Jeff. "How Virtual Private Networks Work." How Stuff Works. 6 Mar. 2007 <http://computer.howstuffworks.com/vpn.htm>.• "Virtual Private Network." Wikipedia: the Free Encyclopedia. 6 Mar. 2007. 9 Mar. 2007 <http://en.wikipedia.org/wiki/Vpn>.• http://compnetworking.about.com/od/vpn/VPN_Virtual_Private_Netw orking.htm• http://www.authorstream.com/Presentation/quangthanh-168465-vpn- abc-entertainment-ppt-powerpoint/• www.vpntools.com