Virtual private networks (VPNs) allow secure connections over public networks like the Internet instead of expensive leased lines. There are three main types of VPNs: trusted VPNs rely on a single provider's network for security; secure VPNs encrypt and authenticate all traffic between agreed parties; and hybrid VPNs combine secure VPN technologies running over trusted VPN technologies. VPNs use technologies like IPSec, SSL/TLS, and PPTP to provide critical functions of authentication, access control, confidentiality, and data integrity. They are commonly used by industries for remote access, site-to-site connectivity between offices, and access to networks for business partners and customers.

1. VIRTUAL PRIVATE
NETWORK
Presented by:
Shradha Maheshwari
CS-08

2. Traditional Networking
Remote Locations
Corporate
Leased Lines Headquarters
Customers, Suppliers &
Consultants
Remote Users Modem Bank

3. A New Solution: VPN
Virtual Private Networking
Allowing cost effective expansion of private and secure networks
Telecommuters &
Mobile Users
Corporate
Internet Headquarters
Remote Locations
Customers, Suppliers &
Consultants

4. VPN Introduction
• Virtual Private Network is a type of private
network that uses public telecommunication,
such as the Internet, instead of leased lines to
communicate.
• Users only make a local call to the ISP instead
of expensive long distance telephone calls to
the remote access server.

5. Types of VPN
 TRUSTED VPN:
 Use dedicated circuitry.
 Path must be set and consistent.
 Rely on the security of a single provider’s network
to protect the traffic.
Technologies used
 MPLS and L2F

7.  SECURE VPN:
 All traffic is encrypted and authenticated
 The security properties of the VPN must be agreed
to by all parties in the VPN.
 No one outside the VPN can affect the security
properties of the VPN.
Technologies used
IPSec
SSL/TLS
PPTP

8. HYBRID VPN:
 The address boundaries of the secure VPN within the
trusted VPN must be extremely clear.
Technologies used
Any supported secure VPN technologies running
over any supported trusted VPN technology.

9. Brief Overview Of How VPN
Works
1. Two connections – one is made to the Internet
and the second is made to the VPN.
2. Datagrams – contains data, destination and
source information.
3. Firewalls – VPNs allow authorized users to
pass through the firewalls.
4. Protocols – protocols create the VPN tunnels.

11. Four Critical Functions
• Authentication – validates that the data was
sent by the sender.
• Access control – limiting unauthorized users
from accessing the network.
• Confidentiality – preventing the data to be read
or copied as the data is being transported.
• Data Integrity – ensuring that the data has not
been altered

12. VPN Security
 Encryption
 AAA servers
 IPSec
 Firewalls

13. Encryption
• It is a method of “scrambling” data before
transmitting it onto the Internet.
• Two common techniques used for encryption
are:
a) Symmetric key encryption
b) Public key encryption

14. AAA Servers
• Authentication in VPN is determining if the remote
VPN user is who or what it is declared to be.
• The use of digital certificates is considered as the
strong mechanism for authentication.
• Authorization in VPN is determining what the user is
allowed to do.
• Accounting in VPN is determining what the user
actually does.

15. IPSec
• Internet Protocol Security (IPSec) is an industry
standard enabling secure communications over
the Internet.
• IPSec is a peer-negotiated network layer protocol
that can be implemented in one of the two modes:
a) Transport mode
b) Tunnel mode
• The disadvantage of IPSec is that it might be
incompatible with many NAT implementations.

16. IPSec VPN

17. SSL/TLS
• TLS and it’s predecessor, SSL, are cryptographic
protocols that provide communications security
over the Internet.
• Operate at the session layer.
• It can force the browser to run applets.

18. SSL v/s IPSec
SSL VPN IPSec
• Implemented through every • Requires installation of client
web browser without the need program on the end user
of additional client s/w. machine.
• Works at the session layer of • Works at the network layer of
OSI model. OSI model.
• Lower support costs. • Higher support costs
• Network Address Translation • It is incompatible with
is not a problem. Network Address Translation.
• Relatively simple. • Complex in nature.

19. Firewalls
• Monitors traffic crossing network
parameters and protects enterprises from
unauthorized access.
• Packet-level firewall checks source and
destination.
• Application-level firewall acts as a host
computer between the organization’s
network and the Internet.

20. VPN Tunneling
A tunnel establishes a secure connection
between two private networks over a public
medium like the Internet.
Server
Intranet
Secure VPN Tunnel

21. • A VPN tunnel software has a management
protocol that creates, maintains and terminates
a tunnel.
• Data is transferred through the VPN tunnel
using a datagram based protocol.
• PPTP-Point to point tunneling protocol/L2TP-
Layer 2 Tunneling protocol encapsulates
private network traffic in packets to be
transmitted over public networks (TCP/IP).

22. Original Datagram
Encrypted inner datagram
Datagram Header Outer Datagram Data Area
Data encapsulation[from corner]

23. PPTP
• It is a proposed standard sponsored by
Microsoft and other companies.
• PPTP creates another layer of security
within TCP/IP.
• It encapsulates IP packets for transmission
over an IP based network.
• Main benefit- You can create a link from
any network with Internet access.

24. L2TP
• Represents the best features of PPTP nad
L2F protocol.
• L2TP can be used over the internet as well
as over private intranets.
• It sets up an IP security connection thereby
making the VPN connection more secure.
• Provides data confidentiality which is not
present in PPTP.

25. Two types of tunneling
• Voluntary Tunneling: In this the client starts the
process of initiating a connection with the VPN server.
In this case the user's computer is the end point and acts
as a VPN client.
• Compulsory Tunneling: In this the connection is
created between two VPN servers and two VPN access
devices i.e. the routers. In this the user computer is not
the end point.
VPN tunnels can be created either at the data link layer
or at the network layer of the OSI model.

27. Advantages
• Eliminating the need for expensive long-
distance leased lines.
• Reducing the long-distance telephone
charges for remote access.
• Greater scalability and easy to add/remove
users.
• Centralization of shared data.

28. Disadvantages
• VPNs require an in-depth understanding of
public network security issues and proper
deployment of precautions
• Availability and performance depends on
factors largely outside of their control
• VPNs need to accommodate protocols other
than IP and existing internal network
technology
• Unpredictable Internet traffic

29. Industries that may use VPN
• Healthcare
• Manufacturing
• Retail
• Banking/Financial
• General business

30. Remote access for
employees working out 90%
of homes
Remote access for
employees while 79%
traveling
Percentages
Site-to-site connectivity
between offices 63%
Access to network for
business 50%
partners/customers
0% 20% 40% 60% 80% 100%
% of Respondents

31. Implementation
• Can be done in following ways:
1. Site-to-site connection:
 Intranet : within an organization
 Extranet : outside an organization
1. Remote access : employee to business

32. Site-to-site

33. Applications of site-to-site vpn
• Large-scale encryption between multiple fixed
sites such as remote offices and central offices.
• Network traffic is sent over the branch office
Internet connection.
• This saves the company hardware and
management expenses

34. • Remote access

35. Applications of remote access
• Encrypted connections between mobile or
remote users and their corporate networks
• Remote user can make a local call to an ISP, as
opposed to a long distance call to the corporate
remote access server.
• Ideal for a telecommuter or mobile sales people.
• VPN allows mobile workers & telecommuters to
take advantage of broadband connectivity i.e.
DSL, Cable.

36. REFERENCES
• Mitchell, Bradley. "VPN Tutorial." About.Com. 2007. 8 Mar. 2007
<http://compnetworking.about.com/od/vpn/l/aa010701a.htm>.
• Tyson, Jeff. "How Virtual Private Networks Work." How Stuff
Works. 6 Mar. 2007 <http://computer.howstuffworks.com/vpn.htm>.
• "Virtual Private Network." Wikipedia: the Free Encyclopedia. 6 Mar.
2007. 9 Mar. 2007 <http://en.wikipedia.org/wiki/Vpn>.
• http://compnetworking.about.com/od/vpn/VPN_Virtual_Private_Netw
orking.htm
• http://www.authorstream.com/Presentation/quangthanh-168465-vpn-
abc-entertainment-ppt-powerpoint/
• www.vpntools.com

37. THANK YOU

38. ANY QUERIES??