What Technology Lies Behind VPN


Published on

The document explains the technology underlying the Virtual Private Networks. It is intended for newbies to the field, It is explained in a layman's language.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

What Technology Lies Behind VPN

  1. 1. TECHNOLOGY BEHIND VPN Sovello Hildebrand Mgani IT Consultant - FUGIT Consult Tanzania sovellohpmgani@gmail.com
  2. 2. Outline: Design:  security gateways, security policy servers and certificate authorities. Implementation options:  VPN appliances (integrated [firewalls and routers] & standalone)  VPN Servers  Managed Service: (AT&T, WorldCom, Quest, etc.) Security: IPSec, L2F, L2TP, PPTP
  3. 3. Design: Basic questions to ask before embarking onto VPN  How many users are at each site?  What are the bandwidth requirements for each needed connection?  Does the connection need to be permanent or on-demand (dial-up)?  How much traffic will the site generate?  Are there times when traffic is higher than others?  What are the service-level requirements?  Are there any problems existing in your company that will be solved by the implementation of a VPN?  Why is a VPN better than the next competing alternative?  Should the VPN be outsourced or built in-house?
  4. 4. Design: ... Besides the internet there are three other important pieces for a VPN:  security gateways: to provide security against unauthorized access to the information on the inside. Include: routers, firewalls, VPN hardware and or software  security policy servers: contain the access- information list, to dictate what and who to allow and disallow access the resources.  certificate authorities: for key verification. It could be a database for example. An outsourced one is the best option.
  5. 5. Implementation Options: VPN Appliances:  Integrated appliances: come embedded in routers or firewalls.  Reduced costs.  Standalone: Concentrators, have to be bought on their own. VPN Servers: come in as software (Oss). Consider the hassle of managing the operating system and the network itself. Managed Service: Outsourcing. AT&T, WorldCom, etc.
  6. 6. Security Requirements to transfer data via VPN:  Integrity  Tamper-resistance  Protection from duplication by unauthorized parties  Confidentiality: from source to destination.
  7. 7. Security: Protocols These requirements are met through tunnelling protocols as described here:  PPTP: uses Point to Point Protocol. PPP packets are encapsulated by using a modified version of GRE (Generic Routing Encapsulation) Protocol. which allows other protocols to be utilized by PPTP e.g. IPX and NetBEUI.  L2F: works by encapsulation of PPP packets within IP Packets.  L2TP: this combines the best of both PPTP and L2F
  8. 8. Security: Protocols IPSec: originally developed to plug the security inadequacies of IPv4 in the next generation of IP protocols, Ipv6 as Ipv4 was developed without consideration on security.  IPSec can be used by two methods: tunnel mode and transport mode,  This is possible because of the ability to separate authentication and encryption application to each packet.  In transport mode, the transport layer is the only segment that is authenticated or encrypted.  Tunnel mode authenticates or encrypts the entire packet, providing even more protection against unauthorized access, interception, or attack.