3. What is a VPN?
Virtual Private Network is aVirtual Private Network is a
type of private network thattype of private network that
uses public network, such asuses public network, such as
the Internet, instead of leasedthe Internet, instead of leased
lines to communicate.lines to communicate.
A VPN includes authenticationA VPN includes authentication
and encryption to protect dataand encryption to protect data
integrity and confidentialityintegrity and confidentiality
VPN
VPN
InternetInternet
4. Four Critical Functions
AuthenticationAuthentication – validates that the data was– validates that the data was
sent from the sender.sent from the sender.
Access controlAccess control – limiting unauthorized users– limiting unauthorized users
from accessing the network.from accessing the network.
ConfidentialityConfidentiality – preventing the data to be– preventing the data to be
read or copied as the data is beingread or copied as the data is being
transported.transported.
Data IntegrityData Integrity – ensuring that the data has– ensuring that the data has
not been alterednot been altered
5. Private Networks vs.
Virtual Private Networks
Employees can access the network (Intranet) fromEmployees can access the network (Intranet) from
remote locations.remote locations.
Secured networks.Secured networks.
The Internet is used as the backbone for VPNsThe Internet is used as the backbone for VPNs
Saves cost tremendously from reduction ofSaves cost tremendously from reduction of
equipment and maintenance costs.equipment and maintenance costs.
ScalabilityScalability
6. Types of VPNs
Remote Access VPNRemote Access VPN
Provides access toProvides access to
internal corporateinternal corporate
network over thenetwork over the
Internet.Internet.
Reduces longReduces long
distance, modemdistance, modem
bank, and technicalbank, and technical
support costs.support costs.
InternetInternet
Corporate
Site
10. Types of VPNs
Remote Access VPNRemote Access VPN
Site-to-Site VPNSite-to-Site VPN
Extranet VPNExtranet VPN
Provides businessProvides business
partners access topartners access to
critical informationcritical information
(leads, sales tools,(leads, sales tools,
etc)etc)
Reduces transactionReduces transaction
and operational costsand operational costs
Corporate
Site
InternetInternet
Partner #1
Partner #2
11. Types of VPNs
Remote Access VPNRemote Access VPN
Site-to-Site VPNSite-to-Site VPN
Extranet VPNExtranet VPN
Intranet VPN:Intranet VPN:
Links corporateLinks corporate
headquarters, remoteheadquarters, remote
offices, and branchoffices, and branch
offices over a sharedoffices over a shared
infrastructure usinginfrastructure using
dedicated connections.dedicated connections.
InternetInternet
LAN
clients
Database
Server
LAN clients with
sensitive data
12. Brief Overview of How it Works
Two connections – one is made to theTwo connections – one is made to the
Internet and the second is made to theInternet and the second is made to the
VPN.VPN.
Datagrams – contains data, destinationDatagrams – contains data, destination
and source information.and source information.
Firewalls – VPNs allow authorizedFirewalls – VPNs allow authorized
users to pass through the firewalls.users to pass through the firewalls.
Protocols – protocols create the VPNProtocols – protocols create the VPN
tunnels.tunnels.
13. How security is maintain
The endpoints of VPN uses someThe endpoints of VPN uses some
standard mechanisms for establishedstandard mechanisms for established
identification and authorisation.identification and authorisation.
And for data communication both of theAnd for data communication both of the
endpoints use some common methodsendpoints use some common methods
of encryption protocol like PPTP, L2TPof encryption protocol like PPTP, L2TP
& IPSec.& IPSec.
14. Tunneling
A virtual point-to-point connectionA virtual point-to-point connection
made through a public network. It transportsmade through a public network. It transports
encapsulated datagrams.encapsulated datagrams.
Encrypted Inner Datagram
Datagram Header Outer Datagram Data Area
Original Datagram
Data Encapsulation
15. Three Protocols used in VPN
PPTP -- Point-to-Point TunnelingPPTP -- Point-to-Point Tunneling
ProtocolProtocol
L2TP -- Layer 2 Tunneling ProtocolL2TP -- Layer 2 Tunneling Protocol
IPsec -- Internet Protocol SecurityIPsec -- Internet Protocol Security
16. Protocol
L2TP :- Layer 2 tunneling protocolL2TP :- Layer 2 tunneling protocol
PPTP :- Point to point tunneling protocolPPTP :- Point to point tunneling protocol
((both are works on OSI layer 2 and by the encapsulation of packetboth are works on OSI layer 2 and by the encapsulation of packet
with in another, this allows you to hide the original packet fromwith in another, this allows you to hide the original packet from
view or change the nature of transport)view or change the nature of transport)
IPsec :- Internet protocol securityIPsec :- Internet protocol security
(works on layer 3 of OSI model)(works on layer 3 of OSI model)
17. Point-to-Point Tunneling
Protocol (PPTP)
Layer 2 remote access VPN distributed with Windows productLayer 2 remote access VPN distributed with Windows product
familyfamily
Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP)
Allows multiple Layer 3 ProtocolsAllows multiple Layer 3 Protocols
Uses proprietary authentication and encryptionUses proprietary authentication and encryption
Limited user management and scalabilityLimited user management and scalability
Internet
Remote PPTP Client
ISP Remote Access
Switch
PPTP RAS Server
Corporate Network
18. Layer 2 Tunneling Protocol
(L2TP)
Layer 2 remote access VPN protocolLayer 2 remote access VPN protocol
Combines and extends PPTP and L2F (CiscoCombines and extends PPTP and L2F (Cisco
supported protocol)supported protocol)
Weak authentication and encryptionWeak authentication and encryption
Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP)
Must be combined with IPSec for enterprise-levelMust be combined with IPSec for enterprise-level
securitysecurity
Internet
Remote L2TP Client
ISP L2TP Concentrator
L2TP Server
Corporate Network
19. Internet Protocol Security
(IPSec)
Layer 3 protocol for remote access,Layer 3 protocol for remote access,
intranet, and extranet VPNsintranet, and extranet VPNs
Internet standard for VPNsInternet standard for VPNs
Provides flexible encryption and messageProvides flexible encryption and message
authentication/integrityauthentication/integrity
20. Encryption
Used to convert data to a secret codeUsed to convert data to a secret code
for transmission over an trustedfor transmission over an trusted
networknetwork
Encryption
Algorithm
“The cow jumped
over the moon”
“4hsd4e3mjvd3sd
a1d38esdf2w4d”
Clear TextClear Text Encrypted TextEncrypted Text
21. Symmetric Encryption
Same key used to encrypt and decryptSame key used to encrypt and decrypt
messagemessage
Faster than asymmetric encryptionFaster than asymmetric encryption
Used by IPSec to encrypt actual messageUsed by IPSec to encrypt actual message
datadata
Examples: RSA, DES, 3DES, RC5Examples: RSA, DES, 3DES, RC5
Shared Secret KeyShared Secret Key
22. Asymmetric Encryption
Different keys used to encrypt and decryptDifferent keys used to encrypt and decrypt
message (One public, one private)message (One public, one private)
Provides non-repudiation of message orProvides non-repudiation of message or
message integritymessage integrity
Examples include DSA, SHA-1, MD-5Examples include DSA, SHA-1, MD-5
Alice Public KeyAlice Public Key
EncryptEncrypt
Alice Private KeyAlice Private Key
DecryptDecrypt
BobBob AliceAlice
23. Eliminating the need for expensive long-Eliminating the need for expensive long-
distance leased linesdistance leased lines
Reducing the long-distance telephoneReducing the long-distance telephone
charges for remote access.charges for remote access.
Transferring the support burden to the serviceTransferring the support burden to the service
providersproviders
Operational costsOperational costs
Advantages: Cost Savings
24. Flexibility of growthFlexibility of growth
Efficiency with broadband technologyEfficiency with broadband technology
Advantages: Scalability
25. VPNs require an in-depth understanding ofVPNs require an in-depth understanding of
public network security issues and properpublic network security issues and proper
deployment of precautionsdeployment of precautions
Availability and performance depends on factorsAvailability and performance depends on factors
largely outside of their controllargely outside of their control
VPNs need to accommodate protocols otherVPNs need to accommodate protocols other
than IP and existing internal network technologythan IP and existing internal network technology
Disadvantages of VPN
26. Industries That May Use a VPN
Healthcare:: enables the transferring of confidentialenables the transferring of confidential
patient information within the medical facilities &patient information within the medical facilities &
health care providerhealth care provider
Manufacturing:: allow suppliers to view inventory &allow suppliers to view inventory &
allow clients to purchase online safelyallow clients to purchase online safely
Retail:: able to securely transfer sales data orable to securely transfer sales data or
customer info between stores & the headquarterscustomer info between stores & the headquarters
Banking/Financial:: enables account information toenables account information to
be transferred safely within departments & branchesbe transferred safely within departments & branches
General Business:: communication between remotecommunication between remote
employees can be securely exchangedemployees can be securely exchanged
29. RSA SecurID – the standard for ThreeRSA SecurID – the standard for Three
scientist last namescientist last name
RIVEST SHAMIR ADLEMANRIVEST SHAMIR ADLEMAN
1.1. RON RIVESTRON RIVEST
2.2. ADI SHAMIRADI SHAMIR
3.3. LEONARD ADLEMANLEONARD ADLEMAN
30. 03/19/18
Components of the SecurID®
System
TokensTokens
Authentication ServerAuthentication Server
AlgorithmAlgorithm
33. RSA SecurID
Time Synchronous Two-Factor Authentication
RSA
Authentication
Manager
RAS,
VPN,
Web Server,
WAP
etc.
RSA
Authentication
Agent
SeedTime
Algorithm
SeedTime
032848032848
Algorithm
Same SeedSame Seed
Same TimeSame Time
34. 03/19/18
Components of the SecurID®
System
Authentication ServerAuthentication Server
Maintains database of user assignedMaintains database of user assigned
tokenstokens
Generates pass code following the sameGenerates pass code following the same
algorithm as the tokenalgorithm as the token
Seed – similar to symmetric keySeed – similar to symmetric key
35. 03/19/18
Components of the SecurID®
System
AlgorithmAlgorithm
Brainard’s Hashing AlgorithmBrainard’s Hashing Algorithm
AES Hashing AlgorithmAES Hashing Algorithm
36. 03/19/18
Comparison to Password
Systems
Password systems are built-in, noPassword systems are built-in, no
additional implementation cost?additional implementation cost?
Administration CostsAdministration Costs
Security CostsSecurity Costs
SecurIDSecurID
No need to regularly change passwordsNo need to regularly change passwords
No changes as long as tokensNo changes as long as tokens
uncompromised (and hash function)uncompromised (and hash function)
A Virtual Private Network is a private connection over an open network. This could mean encrypting traffic as it passes over a frame relay circuit, but the term is most commonly used to describe a method of sending information privately between two points across the Internet or other IP-based network.
It enables organizations to quickly set up confidential communications to branch sites, remote workers, or to business partners in a cost effective way. To accomplish this, a VPN needs to have a standard way of encrypting data and ensuring the the identities of all parties.
There are four basic types of deployment that VPNs are use for: Remote Access, Site-to-Site, Extranet, and Client/Server. We’ll look at each in more detail.