SlideShare a Scribd company logo

Insights of vpn

Download as PPTX, PDF
H
Harshika Rana

This content has been created mainly for the students who would like to understand the basics of the VPN and its 5W1H

Software
1 of 50
Insights of VPN H A R S H I K A R A N A B U S I N E S S A N A LY S T - R I S H A B H S O F T WA R E P V T LT D
Agenda VPN Introduction Functions of VPN VPN Benefits Types of VPN VPN Topology Components of VPN VPN Design VPN Implementation Methods VPN router configuration VPN Choices
What is VPN A VPN is a secure connection that can be made between a computer (such as a user's computer at home or on the road) and a protected or private corporate network (such as Parul University campus network), using an otherwise insecure public network (such as the Internet).
How it works – Basic Concept Data that is passed over the public network is encapsulated (wrapped up) and encrypted (translated into a secret code) so that it can't be intercepted or tampered with. Passing data through a network without letting the network actually see the data like this is a process known as tunneling.
Why it is called VPN In effect, the connection works just as if the computer were connected to the protected network by its own private wire with a point-to-point direct connection. Thus the name VPN, which stands for virtual private network.
Why to use VPN Accessing LAN drives. Getting to the shared network file space on Active Directory from off campus Remote desktop access. Using a personal computer from off campus to log into your office computer that is on campus requires making a VPN connection. (Again, this is necessary, but not sufficient: you also have to have previously set up the on-campus computer to allow remote connections, and you actually have to establish that connection after you have connected via the VPN.) Accessing "hidden" systems. Some systems are not directly accessible from off campus. In order to reach them, you need to make a secure connection to a system within the firewall first. Enhanced library research: external and internal resources identifies the IP and allow the access.
Four Important Functions Done at the VPN Authentication – Identify the authorized user and allow access based on the permission Access Control – Setting up the permission of usage for the resources Confidentiality – Preventing data to be read Integrity – Ensuring data is not altered
Upto Now It's an encrypted tunnel. It uses IPsec, GRE, PPTP, SSL, L2TP, or MPLS It protects traffic across the Internet. It protects your data from hackers and attacks.
https://www.youtube.com/watch ?v=_wQTRMBAvzg&t=97s
VPN Helps Protecting data from eavesdropping by using encryption technologies, such as RC-4, DES, 3DES, and AES Eavesdropping Protecting packets from tampering by using packet integrity hashing functions such as MD5 and SHA Packet Integrity Protecting against man-in-the-middle attacks by using identity authentication mechanisms, such as pre-shared keys or digital certificates Man in Middle Protecting against replay attacks by using sequence numbers when transmitting protected data Replay Defining the mechanics of how data is encapsulated and protected, and how protected traffic is transmitted between devices Encryption Defining what traffic actually needs to be protected Traffic Specific
VPN Connection Modes 1. Tunnel mode 2. Transport mode Both modes define the basic encapsulation process used to move protected data between two entities.(Lets learn it in detail)… later to the presentation
Association between entities
Types of VPN Site-to-Site VPNs Remote Access VPNs Firewall VPNs User-to-User VPNs
Site to Site VPN A site-to-site VPN uses a tunnel mode connection between VPN gateways to protect traffic between two or more sites or locations. Site-to-site connections are commonly referred to as LAN-to-LAN (L2L) connections. With L2L VPNs, a central device at each location provides the protection of traffic between the sites. Site-to-site VPNs are frequently used by companies with multiple offices in different geographic locations that need to access and use the corporate network on an ongoing basis. With a site-to-site VPN, a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.
Remote Access VPN A remote access users who are working remotely to securely access and use applications and data that reside in the corporate data center and headquarters, encrypting all traffic the users send and receive. The remote access VPN does this by creating a tunnel between an organization’s network and a remote user that is “virtually private,” even though the user may be in a public location. This is because the traffic is encrypted, which makes it unintelligible to any eavesdropper. Remote users can securely access and use their organization’s network in much the same way as they would if they were physically in the office. With remote access VPN, data can be transmitted without an organization having to worry about the communication being intercepted or tampered with.
Firewall VPN A firewall VPN is basically an L2L or remote access VPN enhanced with additional security and firewall functions. Firewall VPNs typically are used when one side of the VPN connection needs enhanced security and firewall functions based on their company's security policy, and they manage or own the security solution that is currently in place in their network. Some of these security or firewall functions performed by a firewall VPN include the following: • Stateful filtering • Application layer filtering • Advanced address translation policies • Addressing issues with problematic protocols such as multimedia and voice
User to User VPN User-to-User VPNs A user-to-user VPN type is basically a transport mode VPN connection between two devices. It is more about private messaging and coupling of the resources.
Remote vs Site to Site Remote - software installation requires Client initiate the request VPN server accept/ reject Radius server – Steps to accepts the request like health policy, geo policy, etc.
Site-to Site - Full tunnel No need to install VPN software to the host Client unaware most of the time that they are using VPN Uses Ipsec ESP
https://www.youtube.com/watch ?v=CWy3x3Wux6o&t=480s
Categories of VPN Based on Topology Intranet – Within the campus Extranet – Within two business partner company/ two sites Internet – Dynamic establishment of the vpn using public network
Components of VPN Authentication Encapsulation Method Data Encryption Packet Integrity Key Management Non-Repudiation Application and Protocol Support Address Management
Authentication 1. Device: Device authentication allows you to restrict VPN access to your network based on authentication information that a remote VPN device provides. Typically this is one of the following two types of authentication: 2. Pre-shared key or keys - Pre-shared keys are typically used in smaller VPN environments. One or more keys is configured and used to authenticate a device's identity. Pre-shared keys requires you to manually configure a key or keys on each device that will participate with VPN connectivity. 3. Digital signature or certificate 4. User – User name and password
Encapsulation How user information, like data, is to be encapsulated and transported across a network. In other words, what is the actual format of the contents? You can determine this by asking the following questions: • What fields appear in the VPN header or trailer information? • In what order do the fields appear? • What is the size of the fields? How information is encapsulated is important because it can affect whether or not the data might experience problems with firewall or address translation devices
Data Encryption Data encryption is used to solve eavesdropping issues. Data encryption basically takes user data and a key value and runs it through an encryption algorithm, producing what looks like a random string of characters. Only a device with the same key value can decrypt the information. Many encryption algorithms exist, such as DES, 3DES, AES, Blowfish, RSA, IDEA, SEAL, and RC4, to name a few; however, not every VPN implementation supports all encryption algorithms.
Packet Integrity Encryption is CPU-intensive for a device. An attacker, knowing that you are using a VPN with encryption, might take advantage of this by executing a denial of service (DoS) attack against your VPN device. Basically, the hacker would spoof packets with garbage in them, using an IP address from a trusted VPN source. When your VPN device received the spoofed packets, it would try to decrypt them. Of course, it would not be successful and would throw away the spoofed packets; however, your device would have wasted CPU cycles to perform this process. Because of possible packet tampering or packet spoofing, some VPN implementations give you the option of performing packet integrity checking, or what some people commonly refer to as packet authentication. With packet authentication, a signature is attached to the packet. The signature is created by taking contents from the packet and a shared key and running this information through a hashing function, producing a fixed output, called a digital signature. This signature is then added to the original packet and the new altered packet is sent to the destination. The destination verifies the signature; and if the signature is valid, the destination will decrypt the packet contents. Verifying a hashed signature requires far fewer CPU cycles than does the decryption process. Two of the more common hashing functions used for packet integrity checking are SHA and MD5
Key Management As mentioned three VPN components that use keys: authentication, encryption, and hashing functions. Management of keys becomes important with VPN connections. For instance, ◦ How are keys derived? ◦ Are they statically configured or randomly generated? ◦ How often are keys regenerated to increase security? For example, assume that your security policy stated that keying material used for encryption and packet integrity checking needed to be changed at least once every eight hours. If you used static keys for different sites, and had 100 sites, you would be spending about an hour each time manually changing keys. Therefore, in most instances, a dynamic key management process is needed. You should carefully evaluate how this is handled when choosing a VPN implementation.
Non Repudiation Non-repudiation can be a component of a VPN implementation. In the VPN world, non- repudiation involves two components: authentication and accounting. This could include the identities of the two devices establishing the connection, how long the connection was used, how much information was transmitted across it, what types of information traversed the connection, and so on. This can then be used later to detect access attacks and for management purposes, such as creating baselines and looking for bandwidth issues.
Address Management There are actually many ways of solving the address/assignment problem, in addition to the routing problem, for this type of situation. As to the assignment of addresses, a common solution is to use an external DHCP server or an AAA (authentication, authorization, and accounting) server to assign an address to the user.
VPN Design
Traffic Protection After you have decided what traffic needs to be protected, you'll need to determine how it should be protected. This information should be defined in your company's security policy. For example, if your policy states that you should be implementing encryption and packet integrity checking for sensitive information across public networks, you'll need to determine the encryption algorithm your VPN should use, and the hashing function. In some cases, the more secure solution you implement, the more processing overhead this will add to your VPN device; you'll need to carefully weigh the processing overhead and latency that the VPN feature adds compared to the additional security you'll gain from the feature there's always a trade-off.
VPN Implementation method GRE - Generic Route Encapsulation (GRE) PPTP - Point-to- Point Tunneling Protocol L2TP – LAYER-2 PROTOCOL MPLS - Multi- Protocol Label Switching SSL- Secure Socket Layer
Ipsec
Authentication Header & ESP – Encapsulating Security Payload
HTTPS://PACKETLIFE.NET/CAPTURES/?SORT=POPULAR
Two Modes – AH / ESP TRANSPORT TUNNEL
AH – Transport and Tunnel
ESP – Transport and Tunnel
Basic VPN Configurations on the Routers Allowing VPN traffic 1 Enabling ISAKMP (Internet Security Association and Key Management Protocol) 2 Defining ISAKMP policies 3 Configuring DPD 4 Obtaining and using certificates 5 Defining IPsec transform sets and profiles 6
VPN Choices Ipsec SSH SSL/TLS Open VPN Browser Based VPN
SSH Creates a tunnel through user name password Establish connection to single computer PuTTY will be used to configure the same Operates on the Port22
Open VPN SSL/ TLS – able to cross network and firewall Uses Open secure library HTTPS Everywhere is an extension created by EFF and the Tor Project which automatically switches thousands of sites from insecure "http" to secure "https“ HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.
BrowserVPN Browser VPN is a browser based free VPN for chrome that allows you to change your location, bypass geo-restrictions and firewalls directly from within your browser. Browser VPN allows you to use a VPN without installing any additional Windows or macOS software. Thank you!

Recommended

Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Rajendra Dangwal
 
Vpn security
Vpn security Vpn security
Vpn security
AnushiyaAron
 
Firewall notes
Firewall notesFirewall notes
Firewall notesnetlabacademy
 
Network security
Network securityNetwork security
Network securitySidiq Dwi Laksana
 
Wireless security
Wireless securityWireless security
Wireless securityparipec
 
Vpn
Vpn Vpn
Vpn
Vikram Rathore
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configuration
Muhammad Baqar Kazmi
 

Recommended

Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Rajendra Dangwal
 
Vpn security
Vpn security Vpn security
Vpn security
AnushiyaAron
 
Firewall notes
Firewall notesFirewall notes
Firewall notesnetlabacademy
 
Network security
Network securityNetwork security
Network securitySidiq Dwi Laksana
 
Wireless security
Wireless securityWireless security
Wireless securityparipec
 
Vpn
Vpn Vpn
Vpn
Vikram Rathore
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configuration
Muhammad Baqar Kazmi
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Mariana Hansen
 
IRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private Networks
IRJET Journal
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
Nutan Kumar Panda
 
Cn36539543
Cn36539543Cn36539543
Cn36539543
IJERA Editor
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET Journal
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
Swarup Kumar Mall
 
woot15-paper-novella
woot15-paper-novellawoot15-paper-novella
woot15-paper-novellaEduardo Novella
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocolsguestfbf635
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
BharathiKrishna6
 
Security & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudySecurity & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case Study
Mohammad Mahmud Kabir
 
Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpn
Joseph Sebastian
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol SecurityDavid Barker
 
Firewalls
FirewallsFirewalls
FirewallsShashwat Shriparv
 
Vpn
VpnVpn
Vpnsurendrabane
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 
Blug Talk
Blug TalkBlug Talk
Blug Talkguestb9d7f98
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
Chetan Kumar S
 
Firewall
FirewallFirewall
FirewallManikyala Rao
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
Anthony Daniel
 
The vpn
The vpnThe vpn
The vpnAbhinav Dwivedi
 

More Related Content

What's hot

VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Mariana Hansen
 
IRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private Networks
IRJET Journal
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
Nutan Kumar Panda
 
Cn36539543
Cn36539543Cn36539543
Cn36539543
IJERA Editor
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET Journal
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
Swarup Kumar Mall
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocolsguestfbf635
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
BharathiKrishna6
 
Security & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudySecurity & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case Study
Mohammad Mahmud Kabir
 
Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpn
Joseph Sebastian
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol SecurityDavid Barker
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
Chetan Kumar S
 

What's hot (20)

VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
IRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private Networks
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Cn36539543
Cn36539543Cn36539543
Cn36539543
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
woot15-paper-novella
woot15-paper-novellawoot15-paper-novella
woot15-paper-novella
 
Firewalls
FirewallsFirewalls
Firewalls
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocols
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Security & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudySecurity & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case Study
 
Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpn
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol Security
 
Firewalls
FirewallsFirewalls
Firewalls
 
Vpn
VpnVpn
Vpn
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 
Blug Talk
Blug TalkBlug Talk
Blug Talk
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
 
Firewall
FirewallFirewall
Firewall
 

Similar to Insights of vpn

Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
Anthony Daniel
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
@zenafaris91
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdf
ssusera1b6c7
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSowmia Sathyan
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajan Kumar
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)
Abrish06
 
Virtual private networks by darshana viduranga
Virtual private networks by darshana vidurangaVirtual private networks by darshana viduranga
Virtual private networks by darshana viduranga
Darshana Viduranga
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private NetworkAbhinav Dwivedi
 
Vpn
VpnVpn
Vpn
Kajal Thakkar
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
earleanp
 
VPN_basics_and_necssitated_Technologies.ppt
VPN_basics_and_necssitated_Technologies.pptVPN_basics_and_necssitated_Technologies.ppt
VPN_basics_and_necssitated_Technologies.ppt
shabdrang
 
virtual private network vpn pros and cons
virtual private network vpn pros and consvirtual private network vpn pros and cons
virtual private network vpn pros and cons
tgmrcr
 
Fundamentals of Virtual Private Networks (VPNs)
Fundamentals of Virtual Private Networks (VPNs)Fundamentals of Virtual Private Networks (VPNs)
Fundamentals of Virtual Private Networks (VPNs)
ssusera07323
 
Vvirtualnet-basic.ppt
Vvirtualnet-basic.pptVvirtualnet-basic.ppt
Vvirtualnet-basic.ppt
ssusera1b6c7
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
Netwax Lab
 
Vpn-Virtual Private Network
Vpn-Virtual Private NetworkVpn-Virtual Private Network
Vpn-Virtual Private Network
Abduhalim Beknazarov
 
Husky VPN.pdf
Husky VPN.pdfHusky VPN.pdf
Husky VPN.pdf
Vograce
 

Similar to Insights of vpn (20)

Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
 
The vpn
The vpnThe vpn
The vpn
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdf
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)
 
Virtual private networks by darshana viduranga
Virtual private networks by darshana vidurangaVirtual private networks by darshana viduranga
Virtual private networks by darshana viduranga
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private Network
 
Vpn
VpnVpn
Vpn
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
 
VPN_basics_and_necssitated_Technologies.ppt
VPN_basics_and_necssitated_Technologies.pptVPN_basics_and_necssitated_Technologies.ppt
VPN_basics_and_necssitated_Technologies.ppt
 
virtual private network vpn pros and cons
virtual private network vpn pros and consvirtual private network vpn pros and cons
virtual private network vpn pros and cons
 
Fundamentals of Virtual Private Networks (VPNs)
Fundamentals of Virtual Private Networks (VPNs)Fundamentals of Virtual Private Networks (VPNs)
Fundamentals of Virtual Private Networks (VPNs)
 
Vvirtualnet-basic.ppt
Vvirtualnet-basic.pptVvirtualnet-basic.ppt
Vvirtualnet-basic.ppt
 
VPN_ppt.ppt
VPN_ppt.pptVPN_ppt.ppt
VPN_ppt.ppt
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
Vpn-Virtual Private Network
Vpn-Virtual Private NetworkVpn-Virtual Private Network
Vpn-Virtual Private Network
 
Ch11 Vpn
Ch11 VpnCh11 Vpn
Ch11 Vpn
 
Husky VPN.pdf
Husky VPN.pdfHusky VPN.pdf
Husky VPN.pdf
 

Recently uploaded

A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Jay Das
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
Srikant77
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 

Recently uploaded (20)

A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 

Insights of vpn

  • 1. Insights of VPN H A R S H I K A R A N A B U S I N E S S A N A LY S T - R I S H A B H S O F T WA R E P V T LT D
  • 2. Agenda VPN Introduction Functions of VPN VPN Benefits Types of VPN VPN Topology Components of VPN VPN Design VPN Implementation Methods VPN router configuration VPN Choices
  • 3. What is VPN A VPN is a secure connection that can be made between a computer (such as a user's computer at home or on the road) and a protected or private corporate network (such as Parul University campus network), using an otherwise insecure public network (such as the Internet).
  • 4. How it works – Basic Concept Data that is passed over the public network is encapsulated (wrapped up) and encrypted (translated into a secret code) so that it can't be intercepted or tampered with. Passing data through a network without letting the network actually see the data like this is a process known as tunneling.
  • 5. Why it is called VPN In effect, the connection works just as if the computer were connected to the protected network by its own private wire with a point-to-point direct connection. Thus the name VPN, which stands for virtual private network.
  • 6. Why to use VPN Accessing LAN drives. Getting to the shared network file space on Active Directory from off campus Remote desktop access. Using a personal computer from off campus to log into your office computer that is on campus requires making a VPN connection. (Again, this is necessary, but not sufficient: you also have to have previously set up the on-campus computer to allow remote connections, and you actually have to establish that connection after you have connected via the VPN.) Accessing "hidden" systems. Some systems are not directly accessible from off campus. In order to reach them, you need to make a secure connection to a system within the firewall first. Enhanced library research: external and internal resources identifies the IP and allow the access.
  • 7. Four Important Functions Done at the VPN Authentication – Identify the authorized user and allow access based on the permission Access Control – Setting up the permission of usage for the resources Confidentiality – Preventing data to be read Integrity – Ensuring data is not altered
  • 8. Upto Now It's an encrypted tunnel. It uses IPsec, GRE, PPTP, SSL, L2TP, or MPLS It protects traffic across the Internet. It protects your data from hackers and attacks.
  • 10. VPN Helps Protecting data from eavesdropping by using encryption technologies, such as RC-4, DES, 3DES, and AES Eavesdropping Protecting packets from tampering by using packet integrity hashing functions such as MD5 and SHA Packet Integrity Protecting against man-in-the-middle attacks by using identity authentication mechanisms, such as pre-shared keys or digital certificates Man in Middle Protecting against replay attacks by using sequence numbers when transmitting protected data Replay Defining the mechanics of how data is encapsulated and protected, and how protected traffic is transmitted between devices Encryption Defining what traffic actually needs to be protected Traffic Specific
  • 11. VPN Connection Modes 1. Tunnel mode 2. Transport mode Both modes define the basic encapsulation process used to move protected data between two entities.(Lets learn it in detail)… later to the presentation
  • 13. Types of VPN Site-to-Site VPNs Remote Access VPNs Firewall VPNs User-to-User VPNs
  • 14. Site to Site VPN A site-to-site VPN uses a tunnel mode connection between VPN gateways to protect traffic between two or more sites or locations. Site-to-site connections are commonly referred to as LAN-to-LAN (L2L) connections. With L2L VPNs, a central device at each location provides the protection of traffic between the sites. Site-to-site VPNs are frequently used by companies with multiple offices in different geographic locations that need to access and use the corporate network on an ongoing basis. With a site-to-site VPN, a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.
  • 15.
  • 16. Remote Access VPN A remote access users who are working remotely to securely access and use applications and data that reside in the corporate data center and headquarters, encrypting all traffic the users send and receive. The remote access VPN does this by creating a tunnel between an organization’s network and a remote user that is “virtually private,” even though the user may be in a public location. This is because the traffic is encrypted, which makes it unintelligible to any eavesdropper. Remote users can securely access and use their organization’s network in much the same way as they would if they were physically in the office. With remote access VPN, data can be transmitted without an organization having to worry about the communication being intercepted or tampered with.
  • 17.
  • 18. Firewall VPN A firewall VPN is basically an L2L or remote access VPN enhanced with additional security and firewall functions. Firewall VPNs typically are used when one side of the VPN connection needs enhanced security and firewall functions based on their company's security policy, and they manage or own the security solution that is currently in place in their network. Some of these security or firewall functions performed by a firewall VPN include the following: • Stateful filtering • Application layer filtering • Advanced address translation policies • Addressing issues with problematic protocols such as multimedia and voice
  • 19.
  • 20. User to User VPN User-to-User VPNs A user-to-user VPN type is basically a transport mode VPN connection between two devices. It is more about private messaging and coupling of the resources.
  • 21. Remote vs Site to Site Remote - software installation requires Client initiate the request VPN server accept/ reject Radius server – Steps to accepts the request like health policy, geo policy, etc.
  • 22. Site-to Site - Full tunnel No need to install VPN software to the host Client unaware most of the time that they are using VPN Uses Ipsec ESP
  • 24. Categories of VPN Based on Topology Intranet – Within the campus Extranet – Within two business partner company/ two sites Internet – Dynamic establishment of the vpn using public network
  • 25. Components of VPN Authentication Encapsulation Method Data Encryption Packet Integrity Key Management Non-Repudiation Application and Protocol Support Address Management
  • 26. Authentication 1. Device: Device authentication allows you to restrict VPN access to your network based on authentication information that a remote VPN device provides. Typically this is one of the following two types of authentication: 2. Pre-shared key or keys - Pre-shared keys are typically used in smaller VPN environments. One or more keys is configured and used to authenticate a device's identity. Pre-shared keys requires you to manually configure a key or keys on each device that will participate with VPN connectivity. 3. Digital signature or certificate 4. User – User name and password
  • 27. Encapsulation How user information, like data, is to be encapsulated and transported across a network. In other words, what is the actual format of the contents? You can determine this by asking the following questions: • What fields appear in the VPN header or trailer information? • In what order do the fields appear? • What is the size of the fields? How information is encapsulated is important because it can affect whether or not the data might experience problems with firewall or address translation devices
  • 28. Data Encryption Data encryption is used to solve eavesdropping issues. Data encryption basically takes user data and a key value and runs it through an encryption algorithm, producing what looks like a random string of characters. Only a device with the same key value can decrypt the information. Many encryption algorithms exist, such as DES, 3DES, AES, Blowfish, RSA, IDEA, SEAL, and RC4, to name a few; however, not every VPN implementation supports all encryption algorithms.
  • 29. Packet Integrity Encryption is CPU-intensive for a device. An attacker, knowing that you are using a VPN with encryption, might take advantage of this by executing a denial of service (DoS) attack against your VPN device. Basically, the hacker would spoof packets with garbage in them, using an IP address from a trusted VPN source. When your VPN device received the spoofed packets, it would try to decrypt them. Of course, it would not be successful and would throw away the spoofed packets; however, your device would have wasted CPU cycles to perform this process. Because of possible packet tampering or packet spoofing, some VPN implementations give you the option of performing packet integrity checking, or what some people commonly refer to as packet authentication. With packet authentication, a signature is attached to the packet. The signature is created by taking contents from the packet and a shared key and running this information through a hashing function, producing a fixed output, called a digital signature. This signature is then added to the original packet and the new altered packet is sent to the destination. The destination verifies the signature; and if the signature is valid, the destination will decrypt the packet contents. Verifying a hashed signature requires far fewer CPU cycles than does the decryption process. Two of the more common hashing functions used for packet integrity checking are SHA and MD5
  • 30. Key Management As mentioned three VPN components that use keys: authentication, encryption, and hashing functions. Management of keys becomes important with VPN connections. For instance, ◦ How are keys derived? ◦ Are they statically configured or randomly generated? ◦ How often are keys regenerated to increase security? For example, assume that your security policy stated that keying material used for encryption and packet integrity checking needed to be changed at least once every eight hours. If you used static keys for different sites, and had 100 sites, you would be spending about an hour each time manually changing keys. Therefore, in most instances, a dynamic key management process is needed. You should carefully evaluate how this is handled when choosing a VPN implementation.
  • 31. Non Repudiation Non-repudiation can be a component of a VPN implementation. In the VPN world, non- repudiation involves two components: authentication and accounting. This could include the identities of the two devices establishing the connection, how long the connection was used, how much information was transmitted across it, what types of information traversed the connection, and so on. This can then be used later to detect access attacks and for management purposes, such as creating baselines and looking for bandwidth issues.
  • 32. Address Management There are actually many ways of solving the address/assignment problem, in addition to the routing problem, for this type of situation. As to the assignment of addresses, a common solution is to use an external DHCP server or an AAA (authentication, authorization, and accounting) server to assign an address to the user.
  • 34. Traffic Protection After you have decided what traffic needs to be protected, you'll need to determine how it should be protected. This information should be defined in your company's security policy. For example, if your policy states that you should be implementing encryption and packet integrity checking for sensitive information across public networks, you'll need to determine the encryption algorithm your VPN should use, and the hashing function. In some cases, the more secure solution you implement, the more processing overhead this will add to your VPN device; you'll need to carefully weigh the processing overhead and latency that the VPN feature adds compared to the additional security you'll gain from the feature there's always a trade-off.
  • 35. VPN Implementation method GRE - Generic Route Encapsulation (GRE) PPTP - Point-to- Point Tunneling Protocol L2TP – LAYER-2 PROTOCOL MPLS - Multi- Protocol Label Switching SSL- Secure Socket Layer
  • 36. Ipsec
  • 37. Authentication Header & ESP – Encapsulating Security Payload
  • 39. Two Modes – AH / ESP TRANSPORT TUNNEL
  • 42. Basic VPN Configurations on the Routers Allowing VPN traffic 1 Enabling ISAKMP (Internet Security Association and Key Management Protocol) 2 Defining ISAKMP policies 3 Configuring DPD 4 Obtaining and using certificates 5 Defining IPsec transform sets and profiles 6
  • 43.
  • 44.
  • 45.
  • 46.
  • 48. SSH Creates a tunnel through user name password Establish connection to single computer PuTTY will be used to configure the same Operates on the Port22
  • 49. Open VPN SSL/ TLS – able to cross network and firewall Uses Open secure library HTTPS Everywhere is an extension created by EFF and the Tor Project which automatically switches thousands of sites from insecure "http" to secure "https“ HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.
  • 50. BrowserVPN Browser VPN is a browser based free VPN for chrome that allows you to change your location, bypass geo-restrictions and firewalls directly from within your browser. Browser VPN allows you to use a VPN without installing any additional Windows or macOS software. Thank you!