Traditional ConnectivityTraditional Connectivity
[From Gartner Consulting][From Gartner Consulting]
What is VPN?What is VPN?
Virtual Private Network is a type of privateVirtual Private Network is a type of private
network that uses public telecommunication,network that uses public telecommunication,
such as the Internet, instead of leased lines tosuch as the Internet, instead of leased lines to
Became popular as more employees worked inBecame popular as more employees worked in
remote locations.remote locations.
How are VPN better than PrivateHow are VPN better than Private
Employees can access the network (Intranet)Employees can access the network (Intranet)
from remote locations.from remote locations.
Secured networks.Secured networks.
The Internet is used as the backbone for VPNsThe Internet is used as the backbone for VPNs
Saves cost tremendously from reduction ofSaves cost tremendously from reduction of
equipment and maintenance costs.equipment and maintenance costs.
Brief Overview of How it WorksBrief Overview of How it Works
Two connections – one is made to theTwo connections – one is made to the
Internet and the second is made to theInternet and the second is made to the
Datagrams – contains data, destinationDatagrams – contains data, destination
and source information.and source information.
Firewalls – VPNs allow authorized usersFirewalls – VPNs allow authorized users
to pass through the firewalls.to pass through the firewalls.
Protocols – protocols create the VPNProtocols – protocols create the VPN
Four Critical FunctionsFour Critical Functions
AuthenticationAuthentication – validates that the data was– validates that the data was
sent from the sender.sent from the sender.
Access controlAccess control – limiting unauthorized users– limiting unauthorized users
from accessing the network.from accessing the network.
ConfidentialityConfidentiality – preventing the data to be– preventing the data to be
read or copied as the data is beingread or copied as the data is being
Data IntegrityData Integrity – ensuring that the data has– ensuring that the data has
not been alterednot been altered
Encryption -- is a method of “scrambling”Encryption -- is a method of “scrambling”
data before transmitting it onto thedata before transmitting it onto the
Public Key Encryption TechniquePublic Key Encryption Technique
Digital signature – for authenticationDigital signature – for authentication
A virtual point-to-point connectionA virtual point-to-point connection
made through a public network. It transportsmade through a public network. It transports
encapsulated datagrams.encapsulated datagrams.
Encrypted Inner Datagram
Datagram Header Outer Datagram Data Area
Data Encapsulation [From Comer]
Two types of end points:
Three Protocols used in VPNThree Protocols used in VPN
PPTP -- Point-to-Point Tunneling ProtocolPPTP -- Point-to-Point Tunneling Protocol
L2TP -- Layer 2 Tunneling ProtocolL2TP -- Layer 2 Tunneling Protocol
IPsec -- Internet Protocol SecurityIPsec -- Internet Protocol Security
Types of VPNTypes of VPN
3 Types3 Types
Intranet – Within an organizationIntranet – Within an organization
Extranet – Outside an organizationExtranet – Outside an organization
Remote Access – Employee to BusinessRemote Access – Employee to Business
Eliminating the need for expensive long-distanceEliminating the need for expensive long-distance
leased linesleased lines
Reducing the long-distance telephone chargesReducing the long-distance telephone charges
for remote access.for remote access.
Transferring the support burden to the serviceTransferring the support burden to the service
Operational costsOperational costs
VPNs require an in-depth understanding ofVPNs require an in-depth understanding of
public network security issues and properpublic network security issues and proper
deployment of precautionsdeployment of precautions
Availability and performance depends on factorsAvailability and performance depends on factors
largely outside of their controllargely outside of their control
Immature standardsImmature standards
VPNs need to accommodate protocols otherVPNs need to accommodate protocols other
than IP and existing internal network technologythan IP and existing internal network technology