SEMINAR ON VIRTUAL PRIVATE NETWORK PREPARED BY Bhathiji Rahul I. (08CE202) GUIDED BY: Uma Sharma (Lecturer IT Dept.) (Gandhinagar Institute of Technology)
VIRTUAL PRIVATE NETWORK
Definition and introductory notes
VPN is the network which uses open distributed infrastructure of the internet to transmit data between corporate sites .
NEED FOR DEVELOPING VPN
Remote employees interested to access database of corporations.
Corporate sites developing new relations.
Increasing growth of the corporation.
VPN RESOLVES THE PROBLEM
It provides flexibility and scalability
Makes free from maintenance and training.
WORKING OF VPN
The remote user dials into their local ISP and logs into the ISP’s network as usual.
When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server
The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection
The destination Security server receives the encrypted data and decrypts.
TYPES OF VPN
VLL-Virtual leased lines.
VPRN-virtual private routed network.
VPDN-virtual private dial-up network.
VPLS-virtual private LAN segments.
Remote access VPN.
VIRTUAL LEASED LINES
Point to point link between two CPE
IP tunnel between 2 ISP edge routers.
Frames are relayed between IP tunnels.
VIRTUAL PRIVATE ROUTED NETWORK
Emulation of multisite WAN using internet.
Packet forwarding at network layer.
VPRN specific forwarding table at ISP routers that forwards the traffic.
VIRTUAL PRIVATE DIAL-UP NETWORK
On demand tunnel between remote user and corporate sites.
There are possible 2 tunnels.
1… compulsory tunnel.
2… voluntary tunnel
In this scenario L2TP Access Contractor (LAC) acting as a dial or network access server extends a PPP session across a backbone using L2TP to a remote L2TP Network Server (LNS). The operation of initiating the PPP session to the LAC is transparent to the user.
Voluntary tunnel refers to the case where an individual host connects to a remote site using a tunnel originating on the host, with no involvement from intermediate network nodes. Tunnel mechanism chosen can be IPSec or L2TP.
VIRTUAL PRIVATE LAN SEGMENTS
A Virtual Private LAN Segment (VPLS) is the emulation of a LAN segment using internet facilities.
The branch office scenario securely connects two trusted intranets within the organization.
Routers or firewalls acting as gateways for the office with vpn capabilities can be used to protect the corporate traffic.
In this scenario multiple supplier intranets that need to access a common corporate network over the Internet. Each supplier is allowed access to only a limited set of destinations within the corporate network.
REMOTE ACCESS VPN
A remote user wants to be able to communicate securely and cost-effectively to his corporate intranet. This can be done by use of an VPN IPSec enabled remote client and firewall (or gateway).
tunneling is the process of placing an entire packet within another packet and sending it over a network.
Tunneling requires Two different protocols
EXAMPLE OF TUNNELING
The truck is the carrier protocol, the box is the encapsulating protocol and the computer is the passenger protocol.
1. PPTP (Point-to-point tunneling protocol)
2. IPsec (IP security).
POINT TO POINT TUNNELING PROTOCOL
A specification for PPTP was published as RFC 2637 . PPTP has not been proposed or ratified as a standard by the IETF .
PPTP works by sending a regular PPP session to the peer with the Generic Routing Encapsulation (GRE) protocol. A second session on TCP port 1723 is used to initiate and manage the GRE session. PPTP is difficult to forward past a network firewall because it requires two network sessions. As such, firewalls are unable to let pass this traffic flawlessly, resulting in an inability to connect. This rarely happens in Windows or Mac OS, though.
PPTP connections are authenticated with Microsoft MSCHAP-v2 or EAP-TLS . VPN traffic is optionally protected by Microsoft Point-to-Point Encryption (MPPE), which is described by RFC 3078 .
INTERNET PROTOCOL SECURITY
Internet Protocol Security ( IPsec ) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream . IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers ), between a pair of security gateways (e.g. routers or firewalls ), or between a security gateway and a host. 
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3 . Some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of these models. Hence, IPsec can be used for protecting any application traffic across the Internet. Applications need not be specifically designed to use IPsec. The use of TLS/SSL, on the other hand, must typically be incorporated into the design of applications.
CERTAIN H/W AND S/W SPECIFICATIONS…
Desktop software client for each remote user
Dedicate hardware such as a VPN Concentrator or Secure
Dedicated VPN server for dial-up services
NAS (Network Access Server) used by service provider for
remote user VPN access
It incorporates the most advanced encryption and authentication techniques for Remote access VPN.
VPN-optimized routers provide scalability, routing, security and quality of service.
Firewall combines dynamic network address translation, proxy server, packet filtration, firewall and VPN capabilities in a single piece of hardware.
ADVANTAGES OF VPN
Reduces the long distance charges of electronic transactions.
DISADVANTAGES OF VPN
VPNs require an in-depth understanding of public network security issues and taking proper precautions in VPN deployment. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control. VPN technologies from different vendors may not work well together due to immature standards.
From this we can conclude that VPN provides a very safe , secure and cost-effective communication infrastructure.