• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
VPN presentation

VPN presentation






Total Views
Views on SlideShare
Embed Views



2 Embeds 9

http://sslwebproxy.me 8
http://www.slideshare.net 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    VPN presentation VPN presentation Presentation Transcript

    • VPN Solutions for Campus
    • Agenda
      • What is a VPN?
        • Different technologies
        • Tunnel (IPSec)
        • WebVPN (SSL)
      • Why use VPN services?
        • Secure channel back to Campus
        • User benefits
      • What VPN services does OIT provide?
        • Supported technologies and platforms
    • What is a VPN?
      • Virtual Private Network
        • Secure, private connection thru a public network
        • Encryption and tunneling protocols
        • Requires sending and receiving ends
        • Gives users ability to access private network resources
        • Many different types
    • What is a VPN? (cont)
      • Common VPN Protocols
        • Point-to-Point Tunneling Protocol (PPTP)
          • Designed for client/server connectivity
          • Point-to-point connection between two computers
          • Layer 2 on IP only networks
        • Layer 2 Tunneling Protocol (L2TP)
          • Combines functionality of PPTP/L2F
          • Works over multiple protocols, not just IP
        • Internet Protocol Security (IPSec)
        • Secure Sockets Layer (SSL)
    • IPSec Overview
      • Industry-standard protocol (IETF)
        • RFC 2401 “Security Architecture for the Internet Protocol”
        • RFC 2402 “IP Authentication Header”
        • RFC 2406 “IP Encapsulating Security Payload”
        • RFC 2409 “The Internet Key Exchange”
      • Provides a mechanism for secure data transmission over IP networks
      • Ensures confidentiality, integrity, authenticity, and non-repudiated data
      • Works at the network layer
      • Many components – quite complex
      • Can be used to scale from small to very large networks
    • IPSec Overview (cont)
      • Implements two basic security protocols
        • Authentication Header (AH)
          • Provides authentication of session
          • Provides integrity
        • Encapsulating Security Payload (ESP)
          • Provides same security as AH
          • Adds confidentiality through encryption
          • Most often used in VPN technology
    • IPSec Overview (cont)
      • IPSec can work in one of two modes:
        • Transport mode
          • Payload of the message is protected
          • Inserts IPSec header behind IP header
        • Tunnel mode
          • Payload and layer 3 header information is protected
          • Encapsulated in a new IP packet with a new IP header
    • IPSec Overview (cont)
      • Implements Internet Key Exchange (IKE) for automatic encryption key generation and exchange between peers
      • Security Associations (SA)
        • Negotiated policy of handling data
        • Contains authentication and encryption keys, algorithms, key lifetime, and source IP address
        • SA for each communication channel
        • Security Parameter Index (SPI) keeps track of SA associations
    • IPSec Overview (cont) Step 1 IPSec process initiated – Traffic to be encrypted as specified by the IPSec security policy starts the IKE process Step 2 IKE Phase 1-IKE authenticates IPSec peers and negotiates IKE SAs Step 3 IKE Phase 2-IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers Step 4 Data Transfer-Tunnel is built and data is transferred securely Step 5 IPSec tunnel termination-SAs terminated through deletion or by timing out
    • SSL Overview
      • Secure Sockets Layer
      • Protects a communication channel
      • Uses public key encryption
      • Works at the transport layer/session layer
      • Provides
        • Data encryption
        • Server authentication
        • Message integrity
        • Optional client authentication
    • SSL Overview (cont)
    • Why Use a VPN Connection?
      • Different types of threats continue to increase - security
      • It’s available and supported
      • You can connect from anywhere and be ensured you have a secure communication channel back to Campus
      • It’s supported across multiple platforms
      • Extends the Campus network to remote users
    • Connection Without VPN
      • Vulnerable to several security threat agents
      • Loss of privacy – packet sniffers, clear text
      • Loss of data integrity – modified transactions
      • Identity spoofing – impersonations
      • Difficult to secure
    • Secure with VPN
      • Protected secure communication channel
      • Encrypted data prevents exploits
      • Provides authentication
      • Can connect from anywhere
      • Easier to secure at resource side
    • What VPN Services Does OIT Offer?
      • Network Operations & Services manages the Cisco 3030 Concentrator
        • Supports 1500 simultaneous tunnels
        • Uses 3DES with 168 bit key size for symmetric encryption on IPSec Tunnels
        • Clientless WebVPN over SSL
        • Authentication is performed by Campus RADIUS service
        • 100Mbps uplink
    • What VPN Services Does OIT Offer?
      • Technical Support provides services for client related issues
        • VPN client operates on Windows, MacOS, Linux, and Solaris
        • End user can install the client by visiting http://www.netcom.utah.edu/computer/vpn/individual.html
        • PCF file for group authentication
        • Installs a driver for the VPN IP stack
        • This virtual interface is what the world sees
    • What VPN Services Does OIT Offer?
      • Free service for all faculty, staff, and students
      • User will receive a global IP address from a pool
      • Departments have the option of static IP addresses for their users http://www.netcom.utah.edu/computer/vpn/dept.html
        • RADIUS server determines IP address assignments
        • Gives departments the ability to secure resources based on IP address
    • VPN Demonstration
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • VPN Demonstration (cont)
    • Conclusion
      • VPN is a secure alternative to an insecure public network
      • Utilizes standardized protocols
      • Supported technology
      • Extends the Campus network to the remote user
      • Easier to secure resources
      • Free for all faculty, staff, and students