A VPN is a virtual private network that uses public telecommunication networks like the internet to connect private networks. It became popular as more employees worked remotely. A VPN uses encryption and authentication to securely connect offices, remote users, and mobile users to a private network. Common uses include allowing remote employees to access a company network and sharing networks between partner organizations. VPNs provide cost-effective security and mobility compared to traditional private networks.

1. By – K.Darshana Viduranga – 54
HNDIT -2nd
year

2. What is a VPN?What is a VPN?
 Virtual Private Network is aVirtual Private Network is a
type of private network thattype of private network that
uses publicuses public
telecommunication, such astelecommunication, such as
the Internet, instead of leasedthe Internet, instead of leased
lines to communicate.lines to communicate.
 Became popular as moreBecame popular as more
employees worked in remoteemployees worked in remote
locations.locations.

3. What is a VPN? (Cont.)What is a VPN? (Cont.)
 A VPN can be created by connectingA VPN can be created by connecting
offices and single users (including mobileoffices and single users (including mobile
users) to the nearest service providers POPusers) to the nearest service providers POP
(Point of Presence) and using that service(Point of Presence) and using that service
provider’s backbone network, or even theprovider’s backbone network, or even the
Internet, as the tunnel between officesInternet, as the tunnel between offices
 A VPN includes authentication andA VPN includes authentication and
encryption to protect data integrity andencryption to protect data integrity and
confidentialityconfidentiality

4. Who uses VPN’s?Who uses VPN’s?
 VPN’s can be found in homes, workplaces, orVPN’s can be found in homes, workplaces, or
anywhere else as long as an ISP (Internet Serviceanywhere else as long as an ISP (Internet Service
Provider) is available.Provider) is available.
 VPN’s allow company employees who travelVPN’s allow company employees who travel
often or who are outside their companyoften or who are outside their company
headquarters to safely and securely connect toheadquarters to safely and securely connect to
their company’s Intranettheir company’s Intranet

5. Types of VPNTypes of VPN
 Remote-Access VPNRemote-Access VPN
 Site-to-Site VPNSite-to-Site VPN

6. Remote-Access VPNRemote-Access VPN
 Remote-accessRemote-access, also called a, also called a virtual private dial-virtual private dial-
up networkup network ((VPDNVPDN), is a user-to-LAN), is a user-to-LAN
connection used by a company that has employeesconnection used by a company that has employees
who need to connect to the private network fromwho need to connect to the private network from
various remote locations.various remote locations.
 A good example of a company that needs aA good example of a company that needs a
remote-access VPN would be a large firm withremote-access VPN would be a large firm with
hundreds of sales people in the field.hundreds of sales people in the field.
 Remote-access VPNs permit secure, encryptedRemote-access VPNs permit secure, encrypted
connections between a company's private networkconnections between a company's private network
and remote users through a third-party serviceand remote users through a third-party service
provider.provider.

7. Site-to-Site VPNSite-to-Site VPN
 Intranet-basedIntranet-based - If a company has one or more- If a company has one or more
remote locations that they wish to join in a singleremote locations that they wish to join in a single
private network, they can create an intranet VPNprivate network, they can create an intranet VPN
to connect LAN to LAN.to connect LAN to LAN.
 Extranet-basedExtranet-based - When a company has a close- When a company has a close
relationship with another company (for example, arelationship with another company (for example, a
partner, supplier or customer), they can build anpartner, supplier or customer), they can build an
extranet VPN that connects LAN to LAN, and thatextranet VPN that connects LAN to LAN, and that
allows all of the various companies to work in aallows all of the various companies to work in a
shared environment.shared environment.

8. Brief Overview of How itBrief Overview of How it
WorksWorks
 Two connections – one is made to theTwo connections – one is made to the
Internet and the second is made to the VPN.Internet and the second is made to the VPN.
 Datagrams – contains data, destination andDatagrams – contains data, destination and
source information.source information.
 Firewalls – VPNs allow authorized users toFirewalls – VPNs allow authorized users to
pass through the firewalls.pass through the firewalls.
 Protocols – protocols create the VPNProtocols – protocols create the VPN
tunnels.tunnels.

9. VPN ProtocolsVPN Protocols
 There are three mainThere are three main
protocols that power theprotocols that power the
vast majority of VPN’s:vast majority of VPN’s:
– PPTPPPTP
– L2TPL2TP
– IPsecIPsec
 All three protocolsAll three protocols
emphasize encryption andemphasize encryption and
authentication; preservingauthentication; preserving
data integrity that may bedata integrity that may be
sensitive and allowingsensitive and allowing
clients/servers to establishclients/servers to establish
an identity on the networkan identity on the network

10. Four Critical FunctionsFour Critical Functions
 AuthenticationAuthentication – validates that the data was sent from the– validates that the data was sent from the
sender.sender.
 Access controlAccess control – limiting unauthorized users from– limiting unauthorized users from
accessing the network.accessing the network.
 ConfidentialityConfidentiality – preventing the data to be read or copied– preventing the data to be read or copied
as the data is being transported.as the data is being transported.
 Data IntegrityData Integrity – ensuring that the data– ensuring that the data
has not been alteredhas not been altered
 This functions achieved by Using VPN protocolsThis functions achieved by Using VPN protocols

11.  Internet Protocol Security Protocol (IPSec) providesInternet Protocol Security Protocol (IPSec) provides
enhanced security features such as better encryptionenhanced security features such as better encryption
algorithms and more comprehensive authentication.algorithms and more comprehensive authentication.
 IPSec has two encryption modes:IPSec has two encryption modes: tunneltunnel andand transporttransport..
Tunnel encrypts the header and the payload of eachTunnel encrypts the header and the payload of each
packet while transport only encrypts the payload.packet while transport only encrypts the payload.
 IPSec can encrypt data between various devices, such as:IPSec can encrypt data between various devices, such as:
– Router to routerRouter to router
– Firewall to routerFirewall to router
– PC to routerPC to router
– PC to serverPC to server
VPN Protocols (continued)VPN Protocols (continued)

12. VPN TunnelingVPN Tunneling
 VPN Tunneling supports two types: voluntary tunneling andVPN Tunneling supports two types: voluntary tunneling and
compulsory tunnelingcompulsory tunneling
 Voluntary tunneling is where the VPN client manages theVoluntary tunneling is where the VPN client manages the
connection setup.connection setup.
 Compulsory tunneling is where the carrier network providerCompulsory tunneling is where the carrier network provider
manages the VPN connection setup.manages the VPN connection setup.

13. TunnelingTunneling
– allows senders to encapsulate their data in IP packets thatallows senders to encapsulate their data in IP packets that
hide the routing and switching infrastructure of the Internethide the routing and switching infrastructure of the Internet
– to ensure data security against unwanted viewers, orto ensure data security against unwanted viewers, or
hackershackers
Tunneling requires three different protocolsTunneling requires three different protocols::
 Passenger protocolPassenger protocol - The original data (IPX, IP)- The original data (IPX, IP)
being carriedbeing carried
 Encapsulating protocolEncapsulating protocol - The protocol (GRE, IPSec,- The protocol (GRE, IPSec,
L2F, PPTP, L2TP) that is wrapped around theL2F, PPTP, L2TP) that is wrapped around the
original dataoriginal data
 Carrier protocolCarrier protocol - The protocol used by the network- The protocol used by the network
that the information is traveling overthat the information is traveling over

14. VPN Packet TransmissionVPN Packet Transmission
 Packets are first encrypted before sent out forPackets are first encrypted before sent out for
transmission over the Internet. The encryptedtransmission over the Internet. The encrypted
packet is placed inside an unencrypted packet. Thepacket is placed inside an unencrypted packet. The
unencrypted outer packet is read by the routingunencrypted outer packet is read by the routing
equipment so that it may be properly routed to itsequipment so that it may be properly routed to its
destinationdestination
 Once the packet reaches its destination, the outerOnce the packet reaches its destination, the outer
packet is stripped off and the inner packet ispacket is stripped off and the inner packet is
decrypteddecrypted

15. VPN Security: FirewallsVPN Security: Firewalls
A well-designed VPN uses several methods forA well-designed VPN uses several methods for
keeping your connection and data secure:keeping your connection and data secure:
 FirewallsFirewalls
 EncryptionEncryption
 IPSecIPSec
 AuthenticationAuthentication
 You can set firewalls to restrict the number of openYou can set firewalls to restrict the number of open
ports, what type of packets are passed through andports, what type of packets are passed through and
which protocols are allowed through.which protocols are allowed through.

16. VPN EncapsulationVPN Encapsulation

17. Advantages of VPN’sAdvantages of VPN’s
 Cost EffectiveCost Effective
 Greater scalabilityGreater scalability
 Easy to add/remove usersEasy to add/remove users
 MobilityMobility
 SecuritySecurity

18. Disadvantages of VPN’sDisadvantages of VPN’s
 Because the connection travels over publicBecause the connection travels over public
lines, a strong understanding of networklines, a strong understanding of network
security issues and proper precautionssecurity issues and proper precautions
before VPN deployment are necessarybefore VPN deployment are necessary
 VPN connection stability is mainly inVPN connection stability is mainly in
control of the Internet stability, factorscontrol of the Internet stability, factors
outside an organizations controloutside an organizations control
 Differing VPN technologies may not workDiffering VPN technologies may not work
together due to immature standardstogether due to immature standards

19. Virtual Private Networks (VPN)Virtual Private Networks (VPN)
Basic ArchitectureBasic Architecture

20. Resources UsedResources Used
 http://wiki.answer.orghttp://wiki.answer.org
 http://www.uwsp.edu/it/vpn/http://www.uwsp.edu/it/vpn/
 http://info.lib.uh.edu/services/vpn.htmlhttp://info.lib.uh.edu/services/vpn.html
 http://www.cites.uiuc.edu/vpn/http://www.cites.uiuc.edu/vpn/
 http://www.positivenetworks.net/images/clihttp://www.positivenetworks.net/images/cli
ent-uploads/jumppage2.htment-uploads/jumppage2.htm