2. About Me
http://bkaeg.org/blog https://identi.ca/sunzofman1
http://linkedin.com/in/bkaeg
https://twitter.com/sunzofman1
Alfred Green - Principal
3. A Bit More
● 15yrs experience with Free and Open Source
Software (FOSS)
● Using Slackware Linux Distro for Primary
Desktop Since '96
● Easily Integrates Free Software with MSFT
solutions
● Staunch Supporter of Autodidacticism
● Fascinated with Computer Networking and
Data Encryption
Alfred Green - Principal
5. What is a Virtual Private Network (VPN)?
A Virtual Private Network is a means to securely share data across public Internet by hiding data traffic in a tunnel
Example VPN Protocols: IPSEC, PPTP, L2TP, and SSL
Commercial and Open Products: Cisco,Hamachi, HotSpotVPN, OpenVPN, FreeS/WAN and OpenS/WAN
Alfred Green - Principal
7. Where has Virtual Private Networking traditionally been used?
Businesses which seek to support telecommuters
Encapsulating data packets of well understood protocols (ie, SIP, SSL, HTTP(S), CIFS)
Alfred Green - Principal
8. Virtual Private Networking is Not..
Microsoft Remote Desktop Protocol (RDP) over TCP 3389
Virtual Network Computing (VNC)
While SSH is powerful, not very elegant for scalable VPN
Alfred Green - Principal
9. Basic Architecture
● Network Address Translation (NAT)
● Firewall
● Packet Encryption
Alfred Green - Principal
10. Factoid
● Roughly 75% of SMB owners run some variant
of MSFT Small Business Server Edition, Out of
the Box They are Equipped to Run the MSFT
VPN (PPTP)
Alfred Green - Principal
11. All VPN Solutions are not Created Equal..
The ubiquitous Microsoft PPTP is perhaps the worst possible VPN solution
● MS-CHAPv1 and MS-CHAPv2 both have vulnerabilities which make PPTP poor VPN
● Security Expert Bruce Schneier's Paper
● Cryptanalysis of Microsoft's PPTP Authentication Extensions
● PPTP was written initially to support the very old PPP protocol for dial-up connections
Alfred Green - Principal
12. The Case for OpenVPN?
● Software Libre (Free as in Free Speech)
● Private Key Infrastructure (PKI)
● OpenSSL/TLS
● Supports Multiple Encryption Algorithms
● UDP instead of TCP
● Pseudo Two-Factor Authentication
● Several Available Software Clients (Linux, Windows, OSX,
and BSD)
Alfred Green - Principal
13. Private Key Infrastructure (PKI)
● Strength of OpenVPN
● Control Large Group of Clients
● No Central Signing Authority Required
● Error Logs are Your Friend
Alfred Green - Principal
16. Glossary of Acronyms
CIFS – Common Internet File System
IPSEC – Internet Protocol Security
L2TP – Layer 2 Tunneling Protocol
PPTP – Point-to-Point Tunneling Protocol
SSH – Secure Shell
Alfred Green - Principal