SlideShare a Scribd company logo

VPN (virtual private network)

Netwax Lab
Netwax Lab

A VPN (Virtual Private Network) extends a private network across a public network, such as the Internet. A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN ensures privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). Data is encrypted at the sending end and decrypted at the receiving end.

Technology
1 of 14
Download to read offline
VPN (Virtual Private Network) A VPN (Virtual Private Network) extends a private network across a public network, such as the Internet. A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN ensures privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). Data is encrypted at the sending end and decrypted at the receiving end. A VPN connection across the Internet is similar to a wide area network (WAN) link between websites. From a user perspective, the extended network resources are accessed in the same way as resources available within the private network. One major limitation of traditional VPNs is that they are point-to- point, and do not tend to support or connect broadcast domains. Therefore communication, software, and networking, which are based on layer 2 and broadcast packets, such as NetBIOS used in Windows networking, may not be fully supported or work exactly as they would on a real LAN. Variants on VPN, such as Virtual Private LAN Service (VPLS), and layer 2 tunneling protocols, are designed to overcome this limitation. VPNs allow employees to securely access their company's intranet while traveling outside the office. Similarly, VPNs securely connect geographically separated offices of an organization, creating one cohesive network. VPN technology is also used by individual Internet users to secure their wireless transactions, to circumvent geo restrictions and censorship, and to connect to proxy servers for the purpose of protecting personal identity and location. Figure 1 what is VPN?
VPN (Virtual Private Network) A well-designed VPN can greatly benefit a company. For example, it can: 1. Extend geographic connectivity 2. Reduce operational costs versus traditional WANs 3. Reduce transit times and traveling costs for remote users 4. Improve productivity 5. Simplify network topology 6. Provide global networking opportunities 7. Provide telecommuter support 8. Provide faster Return On Investment (ROI) than traditional WAN What features are needed in a well-designed VPN? It should incorporate these items: 1. Security 2. Reliability 3. Scalability 4. Network Management 5. Policy Management 6. Security mechanisms To prevent disclosure of private information, VPNs typically allow only authenticated remote access and make use of encryption techniques. VPNs provide security by the use of tunneling protocols and through security procedures such as encryption. The VPN security model provides: 1. Confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and Deep packet inspection), an attacker would only see encrypted data. 2. Sender authentication to prevent unauthorized users from accessing the VPN. 3. Message integrity to detect any instances of tampering with transmitted messages. Secure VPN protocols include the following: 1. Internet Protocol Security (IPsec) as initially developed by the Internet Engineering Task Force (IETF) for IPv6, which was required in all standards-compliant implementations of IPv6 before RFC 6434 made it only a recommendation. This standards-based security protocol is also widely used with IPv4 and the Layer 2 Tunneling Protocol. Its design meets most security goals: authentication, integrity, and confidentiality. IPsec uses encryption, encapsulating an IP packet inside an IPsec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination.
VPN (Virtual Private Network) 2. Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic (as it does in the OpenVPN project and SoftEther VPN project) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network Address Translation and firewall rules. 3. Datagram Transport Layer Security (DTLS)- Used in Cisco AnyConnect VPN and in OpenConnect VPN to solve the issues SSL/TLS has with tunneling over UDP. 4. Microsoft Point-to-Point Encryption (MPPE) works with the Point-to-Point Tunneling Protocol and in several compatible implementations on other platforms. 5. Microsoft Secure Socket Tunneling Protocol (SSTP) tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL 3.0 channel. (SSTP was introduced in Windows Server 2008 and in Windows Vista Service Pack 1 6. Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered trademark "MPVPN". 7. Secure Shell (SSH) VPN- OpenSSH offers VPN tunneling (distinct from port forwarding) to secure remote connections to a network or to inter-network links. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication. Authentication Tunnel endpoints must be authenticated before secure VPN tunnels can be established. User-created remote-access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods. Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the user. Types of VPN  Site-to-site VPN Figure 2 Site to Site VPN VPN
VPN (Virtual Private Network) Often abbreviated to S2SVPN. It’s a connection between two sites and encrypts all traffic between two (or multiple) subnets. There are two types of S2SVPN: 1. Policy-based: interesting traffic triggers an ACL and is encrypted and sent to the remote VPN peer. 2. Routed: traffic is routed into an encrypted tunnel to the remote VPN peer.  DMVPN (Dynamic Multipoint VPN) A Dynamic Multipoint VPN is not a protocol but more a technique using different protocols. One or more central hub routers are required, but the remote (spoke) routers can have dynamic IPs and more can be added without having to modify the configuration on the hub router(s), or any other spoke routers. The routers use a next-hop resolution protocol, combined with a dynamic routing protocol to discover remote peers and subnets. The VPN itself is a mGRE tunnel (GRE with multiple endpoints) which is encrypted. This way, traffic between spoke routers does not have to go through the hub router but can be sent directly from spoke to spoke.  Client VPN A Client VPN is an encrypted connection from one device towards a VPN router. It makes that one remote device appear as a member of a local subnet behind the VPN router. Traffic is tunneled from the device (usually a computer or laptop of a teleworker) towards the VPN router so that user has access to resources inside the company. It requires client software that needs to be installed and configured. Figure 3 DMVPN (Dynamic Multipoint VPN) Figure 4 Client VPN
VPN (Virtual Private Network)  SSLVPN This type of VPN works like a client VPN. The difference is that the remote client does not need preconfigured software, but instead the browser acts as VPN software. The browser needs to support active content, which every modern browser supports, either directly or through a plug-in. Traffic is tunneled over SSL (or TLS) to the SSLVPN router. From a networking perspective, traffic is tunneled over layer 4 instead of layer 3. The benefit is that the remote user does not need to configure anything and can simply log in to a web page to start the tunnel. The drawback that you’ll likely need a dedicated device as SSLVPN endpoint because this is not a standard feature. Protocols? For secure VPNs: 1. General IPsec 2. ESP and AH (encryption and authentication headers) 3. Key exchange (ISAKMP, IKE, and others) 4. Cryptographic algorithms 5. IPsec policy handling 6. Remote access 7. SSL and TLS For trusted VPNs: 1. General MPLS 2. MPLS constrained by BGP routing 3. Transport of layer 2 frames over MPLS How VPNs Work? When planning or extending a VPN, though, you should consider the following equipment: 1. Network Access Server- As previously described, a NAS is responsible for setting up and maintaining each tunnel in a remote-access VPN. Figure 5 SSLVPN
VPN (Virtual Private Network) 2. Firewall- A firewall provides a strong barrier between your private network and the Internet. IT staff can set firewalls to restrict what type of traffic can pass through from the Internet onto a LAN, and on what TCP and UDP ports. Even without a VPN, a LAN should include a firewall to help protect against malicious Internet traffic. 3. AAA Server- The acronym stands for the server's three responsibilities: authentication, authorization and accounting. For each VPN connection, the AAA server confirms who you are (authentication), identifies what you're allowed to access over the connection (authorization) and tracks what you do while you're logged in (accounting). One widely used standard for AAA servers is Remote Authentication Dial-in User Service (RADIUS). Despite its name, RADIUS isn't just for dial-up users. When a RADIUS server is part of a VPN, it handles authentication for all connections coming through the VPN's NAS. VPN components can run alongside other software on a shared server, but this is not typical, and it could put the security and reliability of the VPN at risk. A small business that isn't outsourcing its VPN services might deploy firewall and RADIUS software on generic servers. However, as a business's VPN needs increase, so does its need for equipment that's optimized for the VPN. The following are dedicated VPN devices a business can add to its network. You can purchase these devices from companies that produce network equipment, such as Cisco: 1. VPN Concentrator- This device replaces an AAA server installed on a generic server. The hardware and software work together to establish VPN tunnels and handle large numbers of simultaneous connections. 2. VPN-enabled/VPN-optimized Router- This is a typical router that delegates traffic on a network, but with the added feature of routing traffic using protocols specific to VPNs. 3. VPN-enabled Firewall- This is a conventional firewall protecting traffic between networks, but with the added feature of managing traffic using protocols specific to VPNs. 4. VPN Client- This is software running on a dedicated device that acts as the tunnel interface for multiple connections. This setup spares each computer from having to run its own VPN client software. VPN Technologies A well-designed VPN uses several methods in order to keep your connection and data secure. Data Confidentiality- This is perhaps the most important service provided by any VPN implementation. Since your private data travels over a public network, data confidentiality is vital and can be attained by
VPN (Virtual Private Network) encrypting the data. This is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most VPNs use one of these protocols to provide encryption. IPsec- Internet Protocol Security Protocol (IPsec) provides enhanced security features such as stronger encryption algorithms and more comprehensive authentication. IPsec has two encryption modes: tunnel and transport. Tunnel mode encrypts the header and the payload of each packet while transport mode only encrypts the payload. Only systems that are IPsec-compliant can take advantage of this protocol. Also, all devices must use a common key or certificate and must have very similar security policies set up. For remote-access VPN users, some form of third-party software package provides the connection and encryption on the users PC. IPsec supports either 56-bit (single DES) or 168-bit (triple-DES) encryption. PPTP/MPPE- PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft, 3COM, Ascend, and ECI Telematics. PPTP supports multi-protocol VPNs, with 40-bit and 128-bit encryption using a protocol called Microsoft Point-to-Point Encryption (MPPE). It is important to note that PPTP by itself does not provide data encryption. L2TP/IPsec- Commonly called L2TP over IPsec, this provides the security of the IPsec protocol over the tunneling of Layer 2 Tunneling Protocol (L2TP). L2TP is the product of a partnership between the members of the PPTP forum, Cisco, and the Internet Engineering Task Force (IETF). Primarily used for remote-access VPNs with Windows 2000 operating systems, since Windows 2000 provides a native IPsec and L2TP client. Internet Service Providers can also provide L2TP connections for dial-in users, and then encrypt that traffic with IPsec between their access-point and the remote office network server. Data Integrity- While it is important that your data is encrypted over a public network, it is just as important to verify that it has not been changed while in transit. For example, IPsec has a mechanism to ensure that the encrypted portion of the packet, or the entire header and data portion of the packet, has not been tampered with. If tampering is detected, the packet is dropped. Data integrity can also involve authenticating the remote peer. Data Origin Authentication- It is extremely important to verify the identity of the source of the data that is sent. This is necessary to guard against a number of attacks that depend on spoofing the identity of the sender. Anti-Replay- This is the ability to detect and reject replayed packets and helps prevent spoofing. Data Tunneling/Traffic Flow Confidentiality- Tunneling is the process of encapsulating an entire packet within another packet and sending it over a network. Data tunneling is helpful in cases where it is desirable to hide the identity of the device originating the traffic. For example, a single device that uses IPsec encapsulates traffic that belongs to a number of hosts behind it and adds its own header on top of the existing packets. By encrypting the original packet and header (and routing the packet based on the
VPN (Virtual Private Network) additional layer 3 header added on top), the tunneling device effectively hides the actual source of the packet. Only the trusted peer is able to determine the true source, after it strips away the additional header and decrypts the original header. As noted in RFC 2401 leavingcisco.com, "...disclosure of the external characteristics of communication also can be a concern in some circumstances. Traffic flow confidentiality is the service that addresses this latter concern by concealing source and destination addresses, message length, or frequency of communication. In the IPsec context, using ESP in tunnel mode, especially at a security gateway, can provide some level of traffic flow confidentiality." All the encryption protocols listed here also use tunneling as a means to transfer the encrypted data across the public network. It is important to realize that tunneling, by itself, does not provide data security. The original packet is merely encapsulated inside another protocol and might still be visible with a packet-capture device if not encrypted. It is mentioned here, however, since it is an integral part of how VPNs function. Tunneling requires three different protocols 1. Passenger protocol- The original data (IPX, NetBeui, IP) that is carried. 2. Encapsulating protocol- The protocol (GRE, IPsec, L2F, PPTP, L2TP) that is wrapped around the original data. 3. Carrier protocol- The protocol used by the network over which the information is traveling. The original packet (Passenger protocol) is encapsulated inside the encapsulating protocol, which is then put inside the carrier protocol's header (usually IP) for transmission over the public network. Note that the encapsulating protocol also quite often carries out the encryption of the data. Protocols such as IPX and NetBeui, which would normally not be transferred across the Internet, can safely and securely be transmitted. For site-to-site VPNs, the encapsulating protocol is usually IPsec or Generic Routing Encapsulation (GRE). GRE includes information on what type of packet you are encapsulating and information about the connection between the client and server. For remote-access VPNs, tunneling normally takes place using Point-to-Point Protocol (PPP). Part of the TCP/IP stack, PPP is the carrier for other IP protocols when communicating over the network between the host computer and a remote system. PPP tunneling will use one of PPTP, L2TP or Cisco's Layer 2 Forwarding (L2F). AAA- Authentication, authorization, and accounting is used for more secure access in a remote-access VPN environment. Without user authentication, anyone who sits at a laptop/PC with pre-configured VPN client software can establish a secure connection into the remote network. With user authentication however, a valid username and password also has to be entered before the connection is completed. Usernames and passwords can be stored on the VPN termination device itself, or on an external AAA server, which can provide authentication to numerous other databases such as Windows NT, Novell, LDAP, and so on.
VPN (Virtual Private Network) When a request to establish a tunnel comes in from a dial-up client, the VPN device prompts for a username and password. This can then be authenticated locally or sent to the external AAA server, which checks:  Who you are (Authentication)  What you are allowed to do (Authorization)  What you actually do (Accounting) The Accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes. Nonrepudiation- In certain data transfers, especially those related to financial transactions, nonrepudiation is a highly desirable feature. This is helpful in preventing situations where one end denies having taken part in a transaction. Much like a bank requires your signature before honoring your check, nonrepudiation works by attaching a digital signature to the sent message, thus precluding the possibility of sender denying participation in the transaction. A number of protocols exist that can be used to build a VPN solution. All of these protocols provide some subset of the services listed in this document. The choice of a protocol depends on the desired set of services. For example, an organization might be comfortable with the data being transferred in clear text but extremely concerned about maintaining its integrity, while another organization might find maintaining data confidentiality absolutely essential. Their choice of protocols might thus be different. Site to Site or Lan to Lan VPN Figure 6 Site to Site VPN
VPN (Virtual Private Network) It provides secure IP communication over insecure network between two branches. IPSec/VPN 1. IKE (Internet Key Exchange) 2. ESP (Encapsulating Security Pay Load) 3. AH (Authentication Header) VPN Features 1. Confidentiality- Data will keep as a secret using encryption. DES, 3DES, AES. 2. Integrity- It means your data will not alter during transmission using Hash, Md-5, SHA. 3. Data Origin Authentication- It means both devices will authenticate to each other using pre- shared key, Certificate. 4. Anti-Replay- It means if your data will arrive late, it will consider as alter, and it will drop. Time & Volume. IKE- IKE provides a frame work to exchange the security parameters and policies between two VPN peers. IKE Modes IKE Phase Main Mode Or Aggressive Phase 1 Quick Mode Phase 2 Phase 2  Main Mode- In main mode 6 attributes are divided in to three steps: (Note: Proposal = security parameters and policies.) 1. They will exchange proposal 2. They will exchange key 3. They will authenticate to each other Figure 7
VPN (Virtual Private Network)  Aggressive Mode 1. Initiator will send own proposal and secret to responder 2. Responder will authenticate it. And responder will send won proposal and secret to initiator. 3. Initiator will authenticate the session.  Quick Mode- In quick mode they will re check their security parameters and policies. Phase 1 In IKE Phase 1 they create single IKE bi directional tunnel Phase 2 In IKE phase II they create multiple IP sec unidirectional tunnel. VPN Features ESP AH Confidentiality Yes No Integrity Yes Yes DOA Yes Yes Anti-Replay In protocol No 50 In protocol No 50 IP sec modes (Protect L4 and Upper Layer) 1. Transport Mode 2. Tunnel Mode (Protect L3 and Upper Layer) S to S, GET VPN  ISAKMP– Internet Security Association Key Management Protocol. IKE is a Management Protocol. It uses another Protocol for Key exchange. That is called ISAKMP. It use UDP port no 500. Figure 8
VPN (Virtual Private Network) Example PC1(config)#int fa0/0 PC1(config-if)#ip add 192.168.101.100 255.255.255.0 PC1(config-if)#no shut PC1(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.101.1 PC2(config)#int fa0/0 PC2(config-if)#ip add 192.168.102.100 255.255.255.0 PC2(config-if)#no shut PC2(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.102.1 R1(config)#int fa0/0 R1(config-if)#ip add 192.168.101.1 255.255.255.0 R1(config-if)#no shut R1(config)#int s0/0 R1(config-if)#ip add 101.1.1.100 255.255.255.0 R1(config-if)#no shut R1(config-if)#ip route 0.0.0.0 0.0.0.0 101.1.1.1 R1#sh ip route static Figure 9 Site to Site VPN Topology
VPN (Virtual Private Network) ISP(config)#int s0/0 ISP(config-if)#ip add 101.1.1.1 255.255.255.0 ISP(config-if)#no shut ISP(config)#int s0/1 ISP(config)#ip add 102.1.1.1 255.255.255.0 ISP(config-if)#no shut R2(config)#int fa0/0 R2(config-if)#ip add 192.168.102.1 255.255.255.0 R2(config-if)#no shut R2(config)#int s0/0 R2(config-if)#ip add 102.1.1.100 255.255.255.0 R2(config-if)#no shut R2(config-if)#ip route 0.0.0.0 0.0.0.0 102.1.1.1 R2#sh ip route static R2#ping 101.1.1.100 Successful R2#ping 192.168.102.100 Successful R2#ping 102.1.1.100 Successful R1#ping 192.168.101.100 Successful PC1#ping 192.168.102.100 R1(config)#crypto isakmp policy 1 R1(config-isakmp)#authentication pre-share R1(config-isakmp)#encryption ? R1(config-isakmp)#encryption aes R1(config-isakmp)#hash ? R1(config-isakmp)#hash sha R1(config-isakmp)#group ? R1(config-isakmp)#group 5 R1(config-isakmp)#lifetime 1800 R1(config-isakmp)#exit R1(config)#crypto isakmp key mani add 102.1.1.100 R1(config)# crypto ipsec transform-set t-set esp-aes esp-shahmac R1(cfg-crypto-trans)#mode tunnel R1(cfg-crypto-trans)#exit R1(config)#crypto ipsec security-association lifetime seconds 1800
VPN (Virtual Private Network) R1(config)#access-list 101 permit ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255 R1(config)#crypto map test 10 ipsec-isakmp R1(config-crypto-map)#set peer 102.1.1.100 R1(config-crypto-map)#set transform-set t-set R1(config-crypto-map)#match address 101 R1(config-crypto-map)#int s0/0 R1(config-if)#crypto map test R1#sh his R2(config)#crypto isakmp policy 1 R2(config-isakmp)#authentication pre-share R2(config-isakmp)#encryption aes R2(config-isakmp)#hash sha R2(config-isakmp)#group 5 R2(config-isakmp)#Lifetime 1800 R2(config-isakmp)#exit R2(config)#crypto isakmp key mani add 101.1.1.100 R2(config)#crypto ipsec transform-set ttt esp-aes esp-sha-hmac R2(config-crypto-trans)#mode tunnel 1 R2(config-crypto-trans)#exit R2(config)#crypto ipsec security-association lifetime seconds 1800 R2(config)#access-list 102 permit ip 192.168.102.0 0.0.0.255 192.168.101.0 0.0.0.255 R2(config)#crypto map test 10 ipsec-isakmp R2(config-crypto-map)#set peer 101.1.1.100 R2(config-crypto-map)#set transform-set ttt R2(config-crypto-map)#match address 102 R2(config-crypto-map)#int s0/0 R2(config-if)#crypto map test R2#sh his PC1#ping 192.168.102.100 repeat 300 Successful

Recommended

Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
VPN
VPNVPN
VPNShiraz316
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajendra Dangwal
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)Avinash Nath
 
Vpn
VpnVpn
VpnKajal Thakkar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 

Recommended

Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
VPN
VPNVPN
VPNShiraz316
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajendra Dangwal
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)Avinash Nath
 
Vpn
VpnVpn
VpnKajal Thakkar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptOECLIB Odisha Electronics Control Library
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSowmia Sathyan
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPNFarah M. Altufaili
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2Swarup Kumar Mall
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajan Kumar
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)Abrish06
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefitsqaisar17
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 
DMVPN
DMVPNDMVPN
DMVPNNetProtocol Xpert
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...Tarun Khaneja
 
Vpn
VpnVpn
Vpnsaisravanthi11
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
Subnetting
SubnettingSubnetting
SubnettingGichelle Amon
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking pptEr. Anmol Bhagat
 
Static Routing
Static RoutingStatic Routing
Static RoutingKishore Kumar
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)sonalikasingh15
 
Snmp
SnmpSnmp
Snmphetaljadav
 
V P N
V P NV P N
V P Nbhathiji
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRicha Singh
 

More Related Content

What's hot

Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSowmia Sathyan
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajan Kumar
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)Abrish06
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefitsqaisar17
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...Tarun Khaneja
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)sonalikasingh15
 

What's hot (20)

Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefits
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)
 
DMVPN
DMVPNDMVPN
DMVPN
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
 
Vpn
VpnVpn
Vpn
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
Subnetting
SubnettingSubnetting
Subnetting
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
Firewalls
FirewallsFirewalls
Firewalls
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)
 
Snmp
SnmpSnmp
Snmp
 

Similar to VPN (virtual private network)

Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRicha Singh
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual NetworksNicole Gomez
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdfssusera1b6c7
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxearleanp
 
Virtual private network
Virtual private network Virtual private network
Virtual private network Parth Akbari
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefitsAnthony Daniel
 
Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Murniana Shazwen
 
Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Murniana Shazwen
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfHirazNor
 

Similar to VPN (virtual private network) (20)

V P N
V P NV P N
V P N
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual Networks
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Virtual private networks
Virtual private networks Virtual private networks
Virtual private networks
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdf
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
 
Virtual private network
Virtual private network Virtual private network
Virtual private network
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latest
 
Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvp
 
Katuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfKatuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdf
 
Vpn
Vpn Vpn
Vpn
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
 
Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)
 
Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdf
 

More from Netwax Lab

Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeNetwax Lab
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Netwax Lab
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionNetwax Lab
 
Eincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionEincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionNetwax Lab
 
Nxll12 zone based firewall
Nxll12 zone based firewallNxll12 zone based firewall
Nxll12 zone based firewallNetwax Lab
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access listNetwax Lab
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNetwax Lab
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunkingNetwax Lab
 
Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Netwax Lab
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting Netwax Lab
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNetwax Lab
 
Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Netwax Lab
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Netwax Lab
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cliNetwax Lab
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failoverNetwax Lab
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iiiNetwax Lab
 

More from Netwax Lab (20)

Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static route
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: Redistribution
 
Eincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionEincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route Redistribution
 
Nxll12 zone based firewall
Nxll12 zone based firewallNxll12 zone based firewall
Nxll12 zone based firewall
 
Nxll11 bgp
Nxll11 bgpNxll11 bgp
Nxll11 bgp
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access list
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarization
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunking
 
Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Nxll16 basic asa v8.2
Nxll16 basic asa v8.2
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asa
 
Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cli
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failover
 
Nxll26 bgp ii
Nxll26 bgp iiNxll26 bgp ii
Nxll26 bgp ii
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iii
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

VPN (virtual private network)

  • 1. VPN (Virtual Private Network) A VPN (Virtual Private Network) extends a private network across a public network, such as the Internet. A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN ensures privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). Data is encrypted at the sending end and decrypted at the receiving end. A VPN connection across the Internet is similar to a wide area network (WAN) link between websites. From a user perspective, the extended network resources are accessed in the same way as resources available within the private network. One major limitation of traditional VPNs is that they are point-to- point, and do not tend to support or connect broadcast domains. Therefore communication, software, and networking, which are based on layer 2 and broadcast packets, such as NetBIOS used in Windows networking, may not be fully supported or work exactly as they would on a real LAN. Variants on VPN, such as Virtual Private LAN Service (VPLS), and layer 2 tunneling protocols, are designed to overcome this limitation. VPNs allow employees to securely access their company's intranet while traveling outside the office. Similarly, VPNs securely connect geographically separated offices of an organization, creating one cohesive network. VPN technology is also used by individual Internet users to secure their wireless transactions, to circumvent geo restrictions and censorship, and to connect to proxy servers for the purpose of protecting personal identity and location. Figure 1 what is VPN?
  • 2. VPN (Virtual Private Network) A well-designed VPN can greatly benefit a company. For example, it can: 1. Extend geographic connectivity 2. Reduce operational costs versus traditional WANs 3. Reduce transit times and traveling costs for remote users 4. Improve productivity 5. Simplify network topology 6. Provide global networking opportunities 7. Provide telecommuter support 8. Provide faster Return On Investment (ROI) than traditional WAN What features are needed in a well-designed VPN? It should incorporate these items: 1. Security 2. Reliability 3. Scalability 4. Network Management 5. Policy Management 6. Security mechanisms To prevent disclosure of private information, VPNs typically allow only authenticated remote access and make use of encryption techniques. VPNs provide security by the use of tunneling protocols and through security procedures such as encryption. The VPN security model provides: 1. Confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and Deep packet inspection), an attacker would only see encrypted data. 2. Sender authentication to prevent unauthorized users from accessing the VPN. 3. Message integrity to detect any instances of tampering with transmitted messages. Secure VPN protocols include the following: 1. Internet Protocol Security (IPsec) as initially developed by the Internet Engineering Task Force (IETF) for IPv6, which was required in all standards-compliant implementations of IPv6 before RFC 6434 made it only a recommendation. This standards-based security protocol is also widely used with IPv4 and the Layer 2 Tunneling Protocol. Its design meets most security goals: authentication, integrity, and confidentiality. IPsec uses encryption, encapsulating an IP packet inside an IPsec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination.
  • 3. VPN (Virtual Private Network) 2. Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic (as it does in the OpenVPN project and SoftEther VPN project) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network Address Translation and firewall rules. 3. Datagram Transport Layer Security (DTLS)- Used in Cisco AnyConnect VPN and in OpenConnect VPN to solve the issues SSL/TLS has with tunneling over UDP. 4. Microsoft Point-to-Point Encryption (MPPE) works with the Point-to-Point Tunneling Protocol and in several compatible implementations on other platforms. 5. Microsoft Secure Socket Tunneling Protocol (SSTP) tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL 3.0 channel. (SSTP was introduced in Windows Server 2008 and in Windows Vista Service Pack 1 6. Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered trademark "MPVPN". 7. Secure Shell (SSH) VPN- OpenSSH offers VPN tunneling (distinct from port forwarding) to secure remote connections to a network or to inter-network links. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication. Authentication Tunnel endpoints must be authenticated before secure VPN tunnels can be established. User-created remote-access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods. Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the user. Types of VPN  Site-to-site VPN Figure 2 Site to Site VPN VPN
  • 4. VPN (Virtual Private Network) Often abbreviated to S2SVPN. It’s a connection between two sites and encrypts all traffic between two (or multiple) subnets. There are two types of S2SVPN: 1. Policy-based: interesting traffic triggers an ACL and is encrypted and sent to the remote VPN peer. 2. Routed: traffic is routed into an encrypted tunnel to the remote VPN peer.  DMVPN (Dynamic Multipoint VPN) A Dynamic Multipoint VPN is not a protocol but more a technique using different protocols. One or more central hub routers are required, but the remote (spoke) routers can have dynamic IPs and more can be added without having to modify the configuration on the hub router(s), or any other spoke routers. The routers use a next-hop resolution protocol, combined with a dynamic routing protocol to discover remote peers and subnets. The VPN itself is a mGRE tunnel (GRE with multiple endpoints) which is encrypted. This way, traffic between spoke routers does not have to go through the hub router but can be sent directly from spoke to spoke.  Client VPN A Client VPN is an encrypted connection from one device towards a VPN router. It makes that one remote device appear as a member of a local subnet behind the VPN router. Traffic is tunneled from the device (usually a computer or laptop of a teleworker) towards the VPN router so that user has access to resources inside the company. It requires client software that needs to be installed and configured. Figure 3 DMVPN (Dynamic Multipoint VPN) Figure 4 Client VPN
  • 5. VPN (Virtual Private Network)  SSLVPN This type of VPN works like a client VPN. The difference is that the remote client does not need preconfigured software, but instead the browser acts as VPN software. The browser needs to support active content, which every modern browser supports, either directly or through a plug-in. Traffic is tunneled over SSL (or TLS) to the SSLVPN router. From a networking perspective, traffic is tunneled over layer 4 instead of layer 3. The benefit is that the remote user does not need to configure anything and can simply log in to a web page to start the tunnel. The drawback that you’ll likely need a dedicated device as SSLVPN endpoint because this is not a standard feature. Protocols? For secure VPNs: 1. General IPsec 2. ESP and AH (encryption and authentication headers) 3. Key exchange (ISAKMP, IKE, and others) 4. Cryptographic algorithms 5. IPsec policy handling 6. Remote access 7. SSL and TLS For trusted VPNs: 1. General MPLS 2. MPLS constrained by BGP routing 3. Transport of layer 2 frames over MPLS How VPNs Work? When planning or extending a VPN, though, you should consider the following equipment: 1. Network Access Server- As previously described, a NAS is responsible for setting up and maintaining each tunnel in a remote-access VPN. Figure 5 SSLVPN
  • 6. VPN (Virtual Private Network) 2. Firewall- A firewall provides a strong barrier between your private network and the Internet. IT staff can set firewalls to restrict what type of traffic can pass through from the Internet onto a LAN, and on what TCP and UDP ports. Even without a VPN, a LAN should include a firewall to help protect against malicious Internet traffic. 3. AAA Server- The acronym stands for the server's three responsibilities: authentication, authorization and accounting. For each VPN connection, the AAA server confirms who you are (authentication), identifies what you're allowed to access over the connection (authorization) and tracks what you do while you're logged in (accounting). One widely used standard for AAA servers is Remote Authentication Dial-in User Service (RADIUS). Despite its name, RADIUS isn't just for dial-up users. When a RADIUS server is part of a VPN, it handles authentication for all connections coming through the VPN's NAS. VPN components can run alongside other software on a shared server, but this is not typical, and it could put the security and reliability of the VPN at risk. A small business that isn't outsourcing its VPN services might deploy firewall and RADIUS software on generic servers. However, as a business's VPN needs increase, so does its need for equipment that's optimized for the VPN. The following are dedicated VPN devices a business can add to its network. You can purchase these devices from companies that produce network equipment, such as Cisco: 1. VPN Concentrator- This device replaces an AAA server installed on a generic server. The hardware and software work together to establish VPN tunnels and handle large numbers of simultaneous connections. 2. VPN-enabled/VPN-optimized Router- This is a typical router that delegates traffic on a network, but with the added feature of routing traffic using protocols specific to VPNs. 3. VPN-enabled Firewall- This is a conventional firewall protecting traffic between networks, but with the added feature of managing traffic using protocols specific to VPNs. 4. VPN Client- This is software running on a dedicated device that acts as the tunnel interface for multiple connections. This setup spares each computer from having to run its own VPN client software. VPN Technologies A well-designed VPN uses several methods in order to keep your connection and data secure. Data Confidentiality- This is perhaps the most important service provided by any VPN implementation. Since your private data travels over a public network, data confidentiality is vital and can be attained by
  • 7. VPN (Virtual Private Network) encrypting the data. This is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most VPNs use one of these protocols to provide encryption. IPsec- Internet Protocol Security Protocol (IPsec) provides enhanced security features such as stronger encryption algorithms and more comprehensive authentication. IPsec has two encryption modes: tunnel and transport. Tunnel mode encrypts the header and the payload of each packet while transport mode only encrypts the payload. Only systems that are IPsec-compliant can take advantage of this protocol. Also, all devices must use a common key or certificate and must have very similar security policies set up. For remote-access VPN users, some form of third-party software package provides the connection and encryption on the users PC. IPsec supports either 56-bit (single DES) or 168-bit (triple-DES) encryption. PPTP/MPPE- PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft, 3COM, Ascend, and ECI Telematics. PPTP supports multi-protocol VPNs, with 40-bit and 128-bit encryption using a protocol called Microsoft Point-to-Point Encryption (MPPE). It is important to note that PPTP by itself does not provide data encryption. L2TP/IPsec- Commonly called L2TP over IPsec, this provides the security of the IPsec protocol over the tunneling of Layer 2 Tunneling Protocol (L2TP). L2TP is the product of a partnership between the members of the PPTP forum, Cisco, and the Internet Engineering Task Force (IETF). Primarily used for remote-access VPNs with Windows 2000 operating systems, since Windows 2000 provides a native IPsec and L2TP client. Internet Service Providers can also provide L2TP connections for dial-in users, and then encrypt that traffic with IPsec between their access-point and the remote office network server. Data Integrity- While it is important that your data is encrypted over a public network, it is just as important to verify that it has not been changed while in transit. For example, IPsec has a mechanism to ensure that the encrypted portion of the packet, or the entire header and data portion of the packet, has not been tampered with. If tampering is detected, the packet is dropped. Data integrity can also involve authenticating the remote peer. Data Origin Authentication- It is extremely important to verify the identity of the source of the data that is sent. This is necessary to guard against a number of attacks that depend on spoofing the identity of the sender. Anti-Replay- This is the ability to detect and reject replayed packets and helps prevent spoofing. Data Tunneling/Traffic Flow Confidentiality- Tunneling is the process of encapsulating an entire packet within another packet and sending it over a network. Data tunneling is helpful in cases where it is desirable to hide the identity of the device originating the traffic. For example, a single device that uses IPsec encapsulates traffic that belongs to a number of hosts behind it and adds its own header on top of the existing packets. By encrypting the original packet and header (and routing the packet based on the
  • 8. VPN (Virtual Private Network) additional layer 3 header added on top), the tunneling device effectively hides the actual source of the packet. Only the trusted peer is able to determine the true source, after it strips away the additional header and decrypts the original header. As noted in RFC 2401 leavingcisco.com, "...disclosure of the external characteristics of communication also can be a concern in some circumstances. Traffic flow confidentiality is the service that addresses this latter concern by concealing source and destination addresses, message length, or frequency of communication. In the IPsec context, using ESP in tunnel mode, especially at a security gateway, can provide some level of traffic flow confidentiality." All the encryption protocols listed here also use tunneling as a means to transfer the encrypted data across the public network. It is important to realize that tunneling, by itself, does not provide data security. The original packet is merely encapsulated inside another protocol and might still be visible with a packet-capture device if not encrypted. It is mentioned here, however, since it is an integral part of how VPNs function. Tunneling requires three different protocols 1. Passenger protocol- The original data (IPX, NetBeui, IP) that is carried. 2. Encapsulating protocol- The protocol (GRE, IPsec, L2F, PPTP, L2TP) that is wrapped around the original data. 3. Carrier protocol- The protocol used by the network over which the information is traveling. The original packet (Passenger protocol) is encapsulated inside the encapsulating protocol, which is then put inside the carrier protocol's header (usually IP) for transmission over the public network. Note that the encapsulating protocol also quite often carries out the encryption of the data. Protocols such as IPX and NetBeui, which would normally not be transferred across the Internet, can safely and securely be transmitted. For site-to-site VPNs, the encapsulating protocol is usually IPsec or Generic Routing Encapsulation (GRE). GRE includes information on what type of packet you are encapsulating and information about the connection between the client and server. For remote-access VPNs, tunneling normally takes place using Point-to-Point Protocol (PPP). Part of the TCP/IP stack, PPP is the carrier for other IP protocols when communicating over the network between the host computer and a remote system. PPP tunneling will use one of PPTP, L2TP or Cisco's Layer 2 Forwarding (L2F). AAA- Authentication, authorization, and accounting is used for more secure access in a remote-access VPN environment. Without user authentication, anyone who sits at a laptop/PC with pre-configured VPN client software can establish a secure connection into the remote network. With user authentication however, a valid username and password also has to be entered before the connection is completed. Usernames and passwords can be stored on the VPN termination device itself, or on an external AAA server, which can provide authentication to numerous other databases such as Windows NT, Novell, LDAP, and so on.
  • 9. VPN (Virtual Private Network) When a request to establish a tunnel comes in from a dial-up client, the VPN device prompts for a username and password. This can then be authenticated locally or sent to the external AAA server, which checks:  Who you are (Authentication)  What you are allowed to do (Authorization)  What you actually do (Accounting) The Accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes. Nonrepudiation- In certain data transfers, especially those related to financial transactions, nonrepudiation is a highly desirable feature. This is helpful in preventing situations where one end denies having taken part in a transaction. Much like a bank requires your signature before honoring your check, nonrepudiation works by attaching a digital signature to the sent message, thus precluding the possibility of sender denying participation in the transaction. A number of protocols exist that can be used to build a VPN solution. All of these protocols provide some subset of the services listed in this document. The choice of a protocol depends on the desired set of services. For example, an organization might be comfortable with the data being transferred in clear text but extremely concerned about maintaining its integrity, while another organization might find maintaining data confidentiality absolutely essential. Their choice of protocols might thus be different. Site to Site or Lan to Lan VPN Figure 6 Site to Site VPN
  • 10. VPN (Virtual Private Network) It provides secure IP communication over insecure network between two branches. IPSec/VPN 1. IKE (Internet Key Exchange) 2. ESP (Encapsulating Security Pay Load) 3. AH (Authentication Header) VPN Features 1. Confidentiality- Data will keep as a secret using encryption. DES, 3DES, AES. 2. Integrity- It means your data will not alter during transmission using Hash, Md-5, SHA. 3. Data Origin Authentication- It means both devices will authenticate to each other using pre- shared key, Certificate. 4. Anti-Replay- It means if your data will arrive late, it will consider as alter, and it will drop. Time & Volume. IKE- IKE provides a frame work to exchange the security parameters and policies between two VPN peers. IKE Modes IKE Phase Main Mode Or Aggressive Phase 1 Quick Mode Phase 2 Phase 2  Main Mode- In main mode 6 attributes are divided in to three steps: (Note: Proposal = security parameters and policies.) 1. They will exchange proposal 2. They will exchange key 3. They will authenticate to each other Figure 7
  • 11. VPN (Virtual Private Network)  Aggressive Mode 1. Initiator will send own proposal and secret to responder 2. Responder will authenticate it. And responder will send won proposal and secret to initiator. 3. Initiator will authenticate the session.  Quick Mode- In quick mode they will re check their security parameters and policies. Phase 1 In IKE Phase 1 they create single IKE bi directional tunnel Phase 2 In IKE phase II they create multiple IP sec unidirectional tunnel. VPN Features ESP AH Confidentiality Yes No Integrity Yes Yes DOA Yes Yes Anti-Replay In protocol No 50 In protocol No 50 IP sec modes (Protect L4 and Upper Layer) 1. Transport Mode 2. Tunnel Mode (Protect L3 and Upper Layer) S to S, GET VPN  ISAKMP– Internet Security Association Key Management Protocol. IKE is a Management Protocol. It uses another Protocol for Key exchange. That is called ISAKMP. It use UDP port no 500. Figure 8
  • 12. VPN (Virtual Private Network) Example PC1(config)#int fa0/0 PC1(config-if)#ip add 192.168.101.100 255.255.255.0 PC1(config-if)#no shut PC1(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.101.1 PC2(config)#int fa0/0 PC2(config-if)#ip add 192.168.102.100 255.255.255.0 PC2(config-if)#no shut PC2(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.102.1 R1(config)#int fa0/0 R1(config-if)#ip add 192.168.101.1 255.255.255.0 R1(config-if)#no shut R1(config)#int s0/0 R1(config-if)#ip add 101.1.1.100 255.255.255.0 R1(config-if)#no shut R1(config-if)#ip route 0.0.0.0 0.0.0.0 101.1.1.1 R1#sh ip route static Figure 9 Site to Site VPN Topology
  • 13. VPN (Virtual Private Network) ISP(config)#int s0/0 ISP(config-if)#ip add 101.1.1.1 255.255.255.0 ISP(config-if)#no shut ISP(config)#int s0/1 ISP(config)#ip add 102.1.1.1 255.255.255.0 ISP(config-if)#no shut R2(config)#int fa0/0 R2(config-if)#ip add 192.168.102.1 255.255.255.0 R2(config-if)#no shut R2(config)#int s0/0 R2(config-if)#ip add 102.1.1.100 255.255.255.0 R2(config-if)#no shut R2(config-if)#ip route 0.0.0.0 0.0.0.0 102.1.1.1 R2#sh ip route static R2#ping 101.1.1.100 Successful R2#ping 192.168.102.100 Successful R2#ping 102.1.1.100 Successful R1#ping 192.168.101.100 Successful PC1#ping 192.168.102.100 R1(config)#crypto isakmp policy 1 R1(config-isakmp)#authentication pre-share R1(config-isakmp)#encryption ? R1(config-isakmp)#encryption aes R1(config-isakmp)#hash ? R1(config-isakmp)#hash sha R1(config-isakmp)#group ? R1(config-isakmp)#group 5 R1(config-isakmp)#lifetime 1800 R1(config-isakmp)#exit R1(config)#crypto isakmp key mani add 102.1.1.100 R1(config)# crypto ipsec transform-set t-set esp-aes esp-shahmac R1(cfg-crypto-trans)#mode tunnel R1(cfg-crypto-trans)#exit R1(config)#crypto ipsec security-association lifetime seconds 1800
  • 14. VPN (Virtual Private Network) R1(config)#access-list 101 permit ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255 R1(config)#crypto map test 10 ipsec-isakmp R1(config-crypto-map)#set peer 102.1.1.100 R1(config-crypto-map)#set transform-set t-set R1(config-crypto-map)#match address 101 R1(config-crypto-map)#int s0/0 R1(config-if)#crypto map test R1#sh his R2(config)#crypto isakmp policy 1 R2(config-isakmp)#authentication pre-share R2(config-isakmp)#encryption aes R2(config-isakmp)#hash sha R2(config-isakmp)#group 5 R2(config-isakmp)#Lifetime 1800 R2(config-isakmp)#exit R2(config)#crypto isakmp key mani add 101.1.1.100 R2(config)#crypto ipsec transform-set ttt esp-aes esp-sha-hmac R2(config-crypto-trans)#mode tunnel 1 R2(config-crypto-trans)#exit R2(config)#crypto ipsec security-association lifetime seconds 1800 R2(config)#access-list 102 permit ip 192.168.102.0 0.0.0.255 192.168.101.0 0.0.0.255 R2(config)#crypto map test 10 ipsec-isakmp R2(config-crypto-map)#set peer 101.1.1.100 R2(config-crypto-map)#set transform-set ttt R2(config-crypto-map)#match address 102 R2(config-crypto-map)#int s0/0 R2(config-if)#crypto map test R2#sh his PC1#ping 192.168.102.100 repeat 300 Successful