Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. SEMINAR ON VIRTUAL PRIVATE NETWORK PREPARED BY Bhathiji Rahul I. (08CE202) GUIDED BY: Uma Sharma (Lecturer IT Dept.) (Gandhinagar Institute of Technology)
  2. 2. VIRTUAL PRIVATE NETWORK <ul><li>Definition and introductory notes </li></ul><ul><li>VPN is the network which uses open distributed infrastructure of the internet to transmit data between corporate sites . </li></ul>
  3. 3. NEED FOR DEVELOPING VPN <ul><li>Remote employees interested to access database of corporations. </li></ul><ul><li>Corporate sites developing new relations. </li></ul><ul><li>Increasing growth of the corporation. </li></ul>
  4. 4. VPN RESOLVES THE PROBLEM <ul><li>It provides flexibility and scalability </li></ul><ul><li>Cost advantage. </li></ul><ul><li>Makes free from maintenance and training. </li></ul>
  5. 5. WORKING OF VPN <ul><li>STEP1… </li></ul><ul><li>STEP2… </li></ul><ul><li>STEP3… </li></ul><ul><li>STEP4… </li></ul>
  6. 6. WORKING-STEP1 <ul><li>The remote user dials into their local ISP and logs into the ISP’s network as usual. </li></ul><ul><li> </li></ul>
  7. 7. WORKING-STEP2 <ul><li>When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server </li></ul>
  8. 8. WORKING-STEP3 <ul><li>The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection </li></ul><ul><li> </li></ul>
  9. 9. WORKING-STEP4 <ul><li>The destination Security server receives the encrypted data and decrypts. </li></ul>
  10. 10. TYPES OF VPN <ul><li>VLL-Virtual leased lines. </li></ul><ul><li>VPRN-virtual private routed network. </li></ul><ul><li>VPDN-virtual private dial-up network. </li></ul><ul><li>VPLS-virtual private LAN segments. </li></ul><ul><li>Intranet VPN. </li></ul><ul><li>Extranet VPN. </li></ul><ul><li>Remote access VPN. </li></ul>
  11. 11. VIRTUAL LEASED LINES <ul><li>Point to point link between two CPE </li></ul><ul><li>IP tunnel between 2 ISP edge routers. </li></ul><ul><li>Frames are relayed between IP tunnels. </li></ul>
  12. 12. VIRTUAL PRIVATE ROUTED NETWORK <ul><li>Emulation of multisite WAN using internet. </li></ul><ul><li>Packet forwarding at network layer. </li></ul><ul><li>VPRN specific forwarding table at ISP routers that forwards the traffic. </li></ul>
  13. 13. VIRTUAL PRIVATE DIAL-UP NETWORK <ul><li>On demand tunnel between remote user and corporate sites. </li></ul><ul><li>There are possible 2 tunnels. </li></ul><ul><li>1… compulsory tunnel. </li></ul><ul><li>2… voluntary tunnel </li></ul>
  14. 14. COMPULSORY TUNNEL <ul><li>In this scenario L2TP Access Contractor (LAC) acting as a dial or network access server extends a PPP session across a backbone using L2TP to a remote L2TP Network Server (LNS). The operation of initiating the PPP session to the LAC is transparent to the user. </li></ul>
  15. 15. VOLUNTARY TUNNEL <ul><li>Voluntary tunnel refers to the case where an individual host connects to a remote site using a tunnel originating on the host, with no involvement from intermediate network nodes. Tunnel mechanism chosen can be IPSec or L2TP. </li></ul>
  16. 16. VIRTUAL PRIVATE LAN SEGMENTS <ul><li>A Virtual Private LAN Segment (VPLS) is the emulation of a LAN segment using internet facilities. </li></ul>
  17. 17. INTRANET VPN <ul><li>The branch office scenario securely connects two trusted intranets within the organization. </li></ul><ul><li>Routers or firewalls acting as gateways for the office with vpn capabilities can be used to protect the corporate traffic. </li></ul>
  18. 18. EXTRANET VPN <ul><li>In this scenario multiple supplier intranets that need to access a common corporate network over the Internet. Each supplier is allowed access to only a limited set of destinations within the corporate network. </li></ul>
  19. 19. REMOTE ACCESS VPN <ul><li>A remote user wants to be able to communicate securely and cost-effectively to his corporate intranet. This can be done by use of an VPN IPSec enabled remote client and firewall (or gateway). </li></ul>
  20. 20. TUNNELING <ul><li>tunneling is the process of placing an entire packet within another packet and sending it over a network. </li></ul><ul><li>Tunneling requires Two different protocols </li></ul>
  21. 21. EXAMPLE OF TUNNELING <ul><li>The truck is the carrier protocol, the box is the encapsulating protocol and the computer is the passenger protocol. </li></ul>
  22. 22. VPN PROTOCOLS <ul><li>1. PPTP (Point-to-point tunneling protocol) </li></ul><ul><li>2. IPsec (IP security). </li></ul>
  23. 23. POINT TO POINT TUNNELING PROTOCOL <ul><li>A specification for PPTP was published as RFC 2637 . PPTP has not been proposed or ratified as a standard by the IETF . </li></ul><ul><li>PPTP works by sending a regular PPP session to the peer with the Generic Routing Encapsulation (GRE) protocol. A second session on TCP port 1723 is used to initiate and manage the GRE session. PPTP is difficult to forward past a network firewall because it requires two network sessions. As such, firewalls are unable to let pass this traffic flawlessly, resulting in an inability to connect. This rarely happens in Windows or Mac OS, though. </li></ul><ul><li>PPTP connections are authenticated with Microsoft MSCHAP-v2 or EAP-TLS . VPN traffic is optionally protected by Microsoft Point-to-Point Encryption (MPPE), which is described by RFC 3078 . </li></ul>
  24. 24. INTERNET PROTOCOL SECURITY <ul><li>Internet Protocol Security ( IPsec ) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream . IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers ), between a pair of security gateways (e.g. routers or firewalls ), or between a security gateway and a host. [1] </li></ul><ul><li>IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3 . Some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of these models. Hence, IPsec can be used for protecting any application traffic across the Internet. Applications need not be specifically designed to use IPsec. The use of TLS/SSL, on the other hand, must typically be incorporated into the design of applications. </li></ul>
  25. 25. CERTAIN H/W AND S/W SPECIFICATIONS… <ul><li>Desktop software client for each remote user </li></ul><ul><li>Dedicate hardware such as a VPN Concentrator or Secure </li></ul><ul><li>PIX Firewall </li></ul><ul><li>Dedicated VPN server for dial-up services </li></ul><ul><li>NAS (Network Access Server) used by service provider for </li></ul><ul><li>remote user VPN access </li></ul>
  26. 26. VPN CONCENTRATOR <ul><li>It incorporates the most advanced encryption and authentication techniques for Remote access VPN. </li></ul>
  27. 27. VPN-OPTIMIZED ROUTER <ul><li>VPN-optimized routers provide scalability, routing, security and quality of service. </li></ul>
  28. 28. PIX FIREWALL <ul><li>Firewall combines dynamic network address translation, proxy server, packet filtration, firewall and VPN capabilities in a single piece of hardware. </li></ul>
  29. 29. ADVANTAGES OF VPN <ul><li>Cost saving. </li></ul><ul><li>Reduces the long distance charges of electronic transactions. </li></ul><ul><li>Concrete security. </li></ul>
  30. 30. DISADVANTAGES OF VPN <ul><li>VPNs require an in-depth understanding of public network security issues and taking proper precautions in VPN deployment. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control. VPN technologies from different vendors may not work well together due to immature standards. </li></ul>
  31. 31. CONCLUSION <ul><li>From this we can conclude that VPN provides a very safe , secure and cost-effective communication infrastructure. </li></ul>
  32. 32. THANK YOU !!!