What Technology Lies Behind VPN

728 views

Published on

The document explains the technology underlying the Virtual Private Networks. It is intended for newbies to the field, It is explained in a layman's language.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
728
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

What Technology Lies Behind VPN

  1. 1. TECHNOLOGY BEHIND VPN Sovello Hildebrand Mgani IT Consultant - FUGIT Consult Tanzania sovellohpmgani@gmail.com
  2. 2. Outline: Design:  security gateways, security policy servers and certificate authorities. Implementation options:  VPN appliances (integrated [firewalls and routers] & standalone)  VPN Servers  Managed Service: (AT&T, WorldCom, Quest, etc.) Security: IPSec, L2F, L2TP, PPTP
  3. 3. Design: Basic questions to ask before embarking onto VPN  How many users are at each site?  What are the bandwidth requirements for each needed connection?  Does the connection need to be permanent or on-demand (dial-up)?  How much traffic will the site generate?  Are there times when traffic is higher than others?  What are the service-level requirements?  Are there any problems existing in your company that will be solved by the implementation of a VPN?  Why is a VPN better than the next competing alternative?  Should the VPN be outsourced or built in-house?
  4. 4. Design: ... Besides the internet there are three other important pieces for a VPN:  security gateways: to provide security against unauthorized access to the information on the inside. Include: routers, firewalls, VPN hardware and or software  security policy servers: contain the access- information list, to dictate what and who to allow and disallow access the resources.  certificate authorities: for key verification. It could be a database for example. An outsourced one is the best option.
  5. 5. Implementation Options: VPN Appliances:  Integrated appliances: come embedded in routers or firewalls.  Reduced costs.  Standalone: Concentrators, have to be bought on their own. VPN Servers: come in as software (Oss). Consider the hassle of managing the operating system and the network itself. Managed Service: Outsourcing. AT&T, WorldCom, etc.
  6. 6. Security Requirements to transfer data via VPN:  Integrity  Tamper-resistance  Protection from duplication by unauthorized parties  Confidentiality: from source to destination.
  7. 7. Security: Protocols These requirements are met through tunnelling protocols as described here:  PPTP: uses Point to Point Protocol. PPP packets are encapsulated by using a modified version of GRE (Generic Routing Encapsulation) Protocol. which allows other protocols to be utilized by PPTP e.g. IPX and NetBEUI.  L2F: works by encapsulation of PPP packets within IP Packets.  L2TP: this combines the best of both PPTP and L2F
  8. 8. Security: Protocols IPSec: originally developed to plug the security inadequacies of IPv4 in the next generation of IP protocols, Ipv6 as Ipv4 was developed without consideration on security.  IPSec can be used by two methods: tunnel mode and transport mode,  This is possible because of the ability to separate authentication and encryption application to each packet.  In transport mode, the transport layer is the only segment that is authenticated or encrypted.  Tunnel mode authenticates or encrypts the entire packet, providing even more protection against unauthorized access, interception, or attack.

×