Virtual Private Networks Globalizing LANs Timothy Hohman
What is A VPN? <ul><li>Tell me about it Microsoft: </li></ul><ul><ul><li>“A virtual private network (VPN) is the extension...
<ul><li>Image courtesy Cisco Systems, Inc. A typical VPN might have a main  LAN  at the corporate headquarters of a compan...
How does it work? <ul><li>Data is encrypted (cannot be deciphered without the key) </li></ul><ul><li>Virtual Point to Poin...
Benefits of Using VPN <ul><li>Expand Globally </li></ul><ul><li>Costs reduced </li></ul><ul><ul><li>No dedicated lines nec...
Types of VPN <ul><li>Two Types: </li></ul><ul><ul><li>Site to Site VPN </li></ul></ul><ul><ul><li>Remote Access VPN </li><...
Remote Access VPN <ul><li>Essentially provides LAN access through dial-up connection </li></ul><ul><ul><li>Typically done ...
Site to Site VPN <ul><li>Connects two LANs over local ISP connections </li></ul><ul><li>Very useful if you need to connect...
Site to Site Connection
Two Ways to “Get it Done” <ul><li>Two Tunneling protocols can be used </li></ul><ul><ul><li>PPTP (Point to Point Tunneling...
Tunneling Protocols <ul><li>Both of these protocols support these methods: </li></ul><ul><ul><li>User Authentication </li>...
Tunneling Protocols cont. <ul><li>Each are built on PPP (Point to Point Protocol) </li></ul><ul><ul><li>4 Phases </li></ul...
Tunneling Protocols cont. <ul><li>PPTP </li></ul><ul><ul><li>Uses IP datagrams for encapsulation </li></ul></ul><ul><ul><l...
Advantages <ul><li>PPTP: </li></ul><ul><ul><li>No certificate infrastructure </li></ul></ul><ul><ul><li>Can be used on mor...
Security <ul><li>Many types of Security are offered including: </li></ul><ul><ul><li>Firewalls </li></ul></ul><ul><ul><li>...
Firewalls <ul><li>Can be used with VPN is right technology is set up on the router </li></ul><ul><ul><li>Cisco 1700 router...
Encryption <ul><li>Symmetric Key Encryption (private key) </li></ul><ul><ul><li>All communicating computers use the same k...
IPSec <ul><li>Made up of two parts </li></ul><ul><ul><li>Authentication Header </li></ul></ul><ul><ul><ul><li>Verify data ...
IPSec continued <ul><li>Authentication Header </li></ul><ul><ul><li>Authentication Data </li></ul></ul><ul><ul><li>Sequenc...
Certificates <ul><li>Used alongside public keys </li></ul><ul><ul><li>Contains: </li></ul></ul><ul><ul><ul><li>Certificate...
AAA Servers <ul><li>Authentication, Authorization, Accounting </li></ul><ul><ul><li>These advanced servers ask each user w...
How can I get this up and running? <ul><li>You need: </li></ul><ul><ul><li>Software on each end system </li></ul></ul><ul>...
A Hardware Example <ul><li>http://www.youtube.com/watch?v=lq-ShHMofEQ </li></ul>
An Example of VPN in Action <ul><li>2001, CISCO direct-connect company filed for bankruptcy </li></ul><ul><li>Changing ove...
The VPN Solution <ul><li>User managed solution based on VPN software </li></ul><ul><li>Users provide own internet connecti...
Benefits of the Change <ul><li>Productivity </li></ul><ul><li>Employee Satisfaction </li></ul><ul><ul><li>Able to work fro...
Things to Come <ul><li>Expansion </li></ul><ul><ul><li>China and India </li></ul></ul><ul><li>Faster Upgrades </li></ul><u...
Things to come cont. <ul><li>Wireless vendor support </li></ul><ul><ul><li>Access to employees from anywhere </li></ul></u...
References <ul><li>Cisco Systems (2004).  Cisco VPN Client Brings Flexibility and Cost Reduction to Cisco Remote Access So...
Upcoming SlideShare
Loading in...5
×

VPN (PPT)

2,342

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,342
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
155
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "VPN (PPT)"

  1. 1. Virtual Private Networks Globalizing LANs Timothy Hohman
  2. 2. What is A VPN? <ul><li>Tell me about it Microsoft: </li></ul><ul><ul><li>“A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet.” (Microsoft, 2001) </li></ul></ul><ul><li>It provides LAN access to end systems not physically located on the LAN </li></ul><ul><li>An alternative to WAN (Wide Area Networks) which use leased lines to connect </li></ul>
  3. 3. <ul><li>Image courtesy Cisco Systems, Inc. A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs at remote offices or facilities and individual users connecting from out in the field. </li></ul>
  4. 4. How does it work? <ul><li>Data is encrypted (cannot be deciphered without the key) </li></ul><ul><li>Virtual Point to Point Connection </li></ul><ul><ul><li>To the user, it acts like a point to point connection </li></ul></ul><ul><li>Data is packaged with a header </li></ul>
  5. 5. Benefits of Using VPN <ul><li>Expand Globally </li></ul><ul><li>Costs reduced </li></ul><ul><ul><li>No dedicated lines necessary </li></ul></ul><ul><li>Easier </li></ul><ul><li>Technology is on the end systems, which makes it more scalable </li></ul><ul><li>No single point of failure </li></ul><ul><li>Easier Network Management </li></ul>
  6. 6. Types of VPN <ul><li>Two Types: </li></ul><ul><ul><li>Site to Site VPN </li></ul></ul><ul><ul><li>Remote Access VPN </li></ul></ul>
  7. 7. Remote Access VPN <ul><li>Essentially provides LAN access through dial-up connection </li></ul><ul><ul><li>Typically done by purchasing a NAS (Network Access Server) with a toll free number </li></ul></ul><ul><ul><li>Can instead be done through normal ISP connection using the VPN software to make a virtual connection to the LAN </li></ul></ul>
  8. 8. Site to Site VPN <ul><li>Connects two LANs over local ISP connections </li></ul><ul><li>Very useful if you need to connect a branch to a main hub (Big business) </li></ul><ul><li>Much less expensive than purchasing one dedicated line between the hub and branch </li></ul><ul><li>Intranet  connects remote locations from one company </li></ul><ul><li>Extranet  connects two companies (partners) into one shared Private Network </li></ul>
  9. 9. Site to Site Connection
  10. 10. Two Ways to “Get it Done” <ul><li>Two Tunneling protocols can be used </li></ul><ul><ul><li>PPTP (Point to Point Tunneling Protocol) </li></ul></ul><ul><ul><li>L2TP (Layer Two Tunneling Protocol) </li></ul></ul><ul><ul><li>Tunneling encapsulates frames in an extra header to be passed over the internet appearing as normal frames. The process includes: </li></ul></ul><ul><ul><ul><li>Encapsulation (adding extra frame), transmission, Decapsulation </li></ul></ul></ul>
  11. 11. Tunneling Protocols <ul><li>Both of these protocols support these methods: </li></ul><ul><ul><li>User Authentication </li></ul></ul><ul><ul><li>Token Card Support (one time passwords) </li></ul></ul><ul><ul><li>Dynamic Address Assignment </li></ul></ul><ul><ul><li>Data Compression </li></ul></ul><ul><ul><li>Data Encryption </li></ul></ul><ul><ul><li>Key Management </li></ul></ul><ul><ul><li>Multi-protocol Support </li></ul></ul>
  12. 12. Tunneling Protocols cont. <ul><li>Each are built on PPP (Point to Point Protocol) </li></ul><ul><ul><li>4 Phases </li></ul></ul><ul><ul><ul><li>1) Link Establishment - a physical link between ends </li></ul></ul></ul><ul><ul><ul><li>2) User Authentication – Password protocols used </li></ul></ul></ul><ul><ul><ul><ul><li>PAP, CHAP, MS-CHAP </li></ul></ul></ul></ul><ul><ul><ul><li>3) Call Back Control – optional </li></ul></ul></ul><ul><ul><ul><ul><li>Disconnects and server calls back after authentication </li></ul></ul></ul></ul><ul><ul><ul><li>4) Data Transfer Phase – exactly what it sounds like </li></ul></ul></ul>
  13. 13. Tunneling Protocols cont. <ul><li>PPTP </li></ul><ul><ul><li>Uses IP datagrams for encapsulation </li></ul></ul><ul><ul><li>Uses TCP for tunnel maintenance </li></ul></ul><ul><ul><li>Uses encryption and compression </li></ul></ul><ul><li>L2TP </li></ul><ul><ul><li>Encapsulation in IP, ATM, Frame Relay, X.25 </li></ul></ul><ul><ul><ul><li>IP when going over internet </li></ul></ul></ul><ul><ul><li>UDP used for tunnel maintenance </li></ul></ul>
  14. 14. Advantages <ul><li>PPTP: </li></ul><ul><ul><li>No certificate infrastructure </li></ul></ul><ul><ul><li>Can be used on more operating systems </li></ul></ul><ul><ul><li>Can operate behind NATs </li></ul></ul><ul><li>L2TP: </li></ul><ul><ul><li>More tools to guarantee packet integrity and data security </li></ul></ul><ul><ul><li>Require user and computer certificates </li></ul></ul><ul><ul><li>PPP authentication is encrypted (takes place after IP security check) </li></ul></ul>
  15. 15. Security <ul><li>Many types of Security are offered including: </li></ul><ul><ul><li>Firewalls </li></ul></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><li>IPSec </li></ul></ul><ul><ul><li>Certificates </li></ul></ul><ul><ul><li>AAA servers </li></ul></ul>
  16. 16. Firewalls <ul><li>Can be used with VPN is right technology is set up on the router </li></ul><ul><ul><li>Cisco 1700 router for example </li></ul></ul><ul><li>Can restrict: </li></ul><ul><ul><li>The type of data being transferred </li></ul></ul><ul><ul><li>The number of ports open </li></ul></ul><ul><ul><li>Which protocols are allowed through </li></ul></ul>
  17. 17. Encryption <ul><li>Symmetric Key Encryption (private key) </li></ul><ul><ul><li>All communicating computers use the same key stored on their computer </li></ul></ul><ul><li>Asymmetric Key Encryption </li></ul><ul><ul><li>Uses a Private key and a Public Key </li></ul></ul><ul><ul><ul><li>Private key on local computer </li></ul></ul></ul><ul><ul><ul><li>Public key sent out to anyone who you want to communicate with </li></ul></ul></ul><ul><ul><ul><li>Mathematically related through encryption algorithm </li></ul></ul></ul><ul><ul><ul><li>Both must be used to decrypt anything sent </li></ul></ul></ul>
  18. 18. IPSec <ul><li>Made up of two parts </li></ul><ul><ul><li>Authentication Header </li></ul></ul><ul><ul><ul><li>Verify data integrity </li></ul></ul></ul><ul><ul><li>Encapsulation Security Payload </li></ul></ul><ul><ul><ul><li>Data integrity </li></ul></ul></ul><ul><ul><ul><li>Data encryption </li></ul></ul></ul>
  19. 19. IPSec continued <ul><li>Authentication Header </li></ul><ul><ul><li>Authentication Data </li></ul></ul><ul><ul><li>Sequence number </li></ul></ul><ul><li>Encapsulating Security Payload </li></ul><ul><ul><li>Encrypt data </li></ul></ul><ul><ul><li>Another layer of integrity and authentication checks </li></ul></ul>
  20. 20. Certificates <ul><li>Used alongside public keys </li></ul><ul><ul><li>Contains: </li></ul></ul><ul><ul><ul><li>Certificate Name </li></ul></ul></ul><ul><ul><ul><li>Owner of the public key </li></ul></ul></ul><ul><ul><ul><li>Public key itself </li></ul></ul></ul><ul><ul><ul><li>Expiration date </li></ul></ul></ul><ul><ul><ul><li>Certificate authority </li></ul></ul></ul><ul><ul><li>Verifies that information is coming from the private key </li></ul></ul><ul><ul><li>Can be distributed on disks, smart cards, or electronically </li></ul></ul>
  21. 21. AAA Servers <ul><li>Authentication, Authorization, Accounting </li></ul><ul><ul><li>These advanced servers ask each user who they are, what they are allowed to do, and what the actually want to do each time they connect </li></ul></ul><ul><ul><li>This allows the LAN to track usage from dial up connections and closely monitor those remotely connected as they would those physically connected. </li></ul></ul>
  22. 22. How can I get this up and running? <ul><li>You need: </li></ul><ul><ul><li>Software on each end system </li></ul></ul><ul><ul><ul><li>Windows: PPTP </li></ul></ul></ul><ul><ul><li>Dedicated hardware (firewalls, routers, etc.) </li></ul></ul><ul><ul><li>Dedicated VPN server </li></ul></ul><ul><ul><li>May need NAS </li></ul></ul>
  23. 23. A Hardware Example <ul><li>http://www.youtube.com/watch?v=lq-ShHMofEQ </li></ul>
  24. 24. An Example of VPN in Action <ul><li>2001, CISCO direct-connect company filed for bankruptcy </li></ul><ul><li>Changing over the 9000 employees to different direct-connect companies would be very costly and take 10 times the available staff to pull off </li></ul>
  25. 25. The VPN Solution <ul><li>User managed solution based on VPN software </li></ul><ul><li>Users provide own internet connection </li></ul><ul><li>Cisco provided IT support for VPN problems and provide gateway from internet to CISCO network </li></ul>
  26. 26. Benefits of the Change <ul><li>Productivity </li></ul><ul><li>Employee Satisfaction </li></ul><ul><ul><li>Able to work from home, making home work balance easier </li></ul></ul><ul><li>Globalization </li></ul><ul><li>Flexibility </li></ul><ul><li>Easier when letting employees go </li></ul><ul><ul><li>Ex-employees do not have to have their dedicated line removed, rather they just lose Authentication to AAA server </li></ul></ul><ul><li>Cost, cost, cost </li></ul>
  27. 27. Things to Come <ul><li>Expansion </li></ul><ul><ul><li>China and India </li></ul></ul><ul><li>Faster Upgrades </li></ul><ul><ul><li>Use of Microsoft installer </li></ul></ul><ul><li>Better encryption </li></ul><ul><ul><li>Advanced encryption standard </li></ul></ul><ul><li>Better compression </li></ul><ul><li>Voice and Video or VPN </li></ul>
  28. 28. Things to come cont. <ul><li>Wireless vendor support </li></ul><ul><ul><li>Access to employees from anywhere </li></ul></ul><ul><li>PDA support </li></ul><ul><ul><li>Possible software packages to be used on PDAs </li></ul></ul><ul><li>Hardware for home client </li></ul><ul><ul><li>As shown in previous clip </li></ul></ul>
  29. 29. References <ul><li>Cisco Systems (2004). Cisco VPN Client Brings Flexibility and Cost Reduction to Cisco Remote Access Solution . Retrieved from: http://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_Case_Study_VPN_Client_print.pdf </li></ul><ul><li>Jeff Tyson (2007). How Virtual Private Network Work. Retrieved from: http://computer.howstuffworks.com/vpn.htm </li></ul><ul><li>Barrel, Matthew D. (2006). Take your network anywhere. PC Magazine, 25(21), p122-122. </li></ul><ul><li>Calin, Doru; McGee, Andrew R.; Chandrashekhar, Uma; Prasad, Ramjee (2006). MAGNET: An approach for secure personal networking in beyond 3g wireless networks. Bell Labs Technical Journal, 11(1), pp. 79 – 98. </li></ul><ul><li>Tanner, John C. (2006). Ethernet rides the NGN wave. America’s Network, 110(2), pp. 40-43. </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×