VPN (virtual private network) allows users to connect securely over a public network like the internet. It uses encryption and authentication to provide a secure connection through an otherwise insecure network. The main benefits of VPNs are reduced costs compared to dedicated private networks using leased lines or dial-up. VPNs work by encapsulating packets inside packets of another protocol, called "tunneling", to create and maintain a virtual private circuit between two endpoints.
2. What is VPN?
o A VPN is a closed (private) network provided on shared
infrastructure.
o A Virtual Private Network (VPN) connects the components and
resources of a private network over a public network.
o VPNs can be provided over both packet-switched and circuit-switched
public networks.
o The shared infrastructure can be the Internet, Frame Relay, or ATM
network, or the Public Voice Networks (PSTN).
3. Objectives of VPN
From the user’s perspective, the VPN is a point-to-point
connection between the user’s computer and a corporate
server.
VPNs allow tele-commuters, remote employees, or even
branch offices to connect in a secure fashion.
4. Is VPN a Solution to All Online Security Threats?
the manager faces a fundamental requirement: security. Use of a public network
exposes corporate traffic to eavesdropping and provides an entry point for unauthorized
users. To counter this problem, a VPN is needed. In essence, a VPN uses encryption and
authentication in the lower protocol layers to provide a secure connection through an
otherwise insecure network, typically the Internet. VPNs are generally cheaper than real
private networks using private lines but rely on having the same encryption and
authentication system at both ends. The encryption may be performed by firewall
software or possibly by routers. The most common protocol mechanism used for this
purpose is at the IP level and is known as IPsec.
5. Brief Overview of How it Works
o Two connections – one is made to the Internet and
the second is made to the VPN.
o Datagrams – contains data, destination and source
information.
o Firewalls – VPNs allow authorized users to pass
through the firewalls.
o Protocols – protocols create the VPN tunnels.
6.
7. Four Critical Functions
Authentication – validates that the data was sent
from the sender.
Access control – limiting unauthorized users from
accessing the network.
Confidentiality – preventing the data to be read or
copied as the data is being transported.
Data Integrity – ensuring that the data has not been
altered
8. Encryption
o Encryption -- is a method of “scrambling” data
before transmitting it onto the Internet.
oPublic Key Encryption Technique
oDigital signature – for authentication
9. Network Isolation:VPN
Idea: I want to create a collection of hosts which operate in a
coordinated way E.g., a virtual security perimeter over physical network
Hosts work as if they are isolated from malicious hosts
Solution: Virtual Private Networks Create virtual network
topology over physical network
Use communications security protocol suites to secure virtual links
“tunneling”
Manage networks as if they are physically separate
Hosts can route traffic to regular networks (split-tunneling)
10. Tunneling
A virtual point-to-point connection made through a public
network.It transports encapsulated datagrams
Encrypted Inner Datagram
Original Datagram
Outer Datagram Data AreaDatagram Header
Data Encapsulation [From Comer]
Two types of end points:
Remote Access
Site-to-Site
11. Remote Access Virtual Private Network
Remote User Access over the Internet
• To connect remote users to a corporate intranet using an Internet Service Provider (ISP)
network.
• The VPN software creates a secure connection between the dial-up user and the
corporate intranet over the Internet.
13. Figure 19.7b shows how tunnel mode
operation can be used to set
up a virtual private network.
Case 2. Security is provided only between gateways (routers, firewalls, etc.)
and no hosts implement IPsec. This case illustrates simple virtual private network
support. The security architecture document specifies that only a single tunnel SA is
needed for this case. The tunnel could support AH, ESP, or ESP with the authentication
option. Nested tunnels are not required, because the IPsec services apply to
the entire inner packet.
14. Four Protocols used in VPN
PPTP : Point-to-Point Tunneling Protocol
L2TP : Layer 2 Tunneling Protocol
IPsec : Internet Protocol Security
SOCKS : is not used as much as the ones above
15. PPTP VPN
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing
virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel
operating to encapsulate PPP packets
It is a VPN protocol only, and relies on various authentication methods to provide security
Pros
Client built-in to just about all platforms
Very easy to set up
Fast
Cons
Not at all secure (the vulnerable MS CHAPv2 authentication is still the most common
in use)
Definitely compromised by the NSA
16. L2TP
Layer 2 Tunnel Protocol is a VPN protocol that on its own does not provide any
encryption or confidentiality to traffic that passes through it. For this reason it is usually
implemented with the IPsec encryption suite (similar to a cipher) to provide security
and privacy.
Pros
Usually considered very secure
Easy to set up
Available on all modern platforms Cons
Faster than OpenVPN
Cons
May be compromised by the NSA
(unproven)
Likely deliberately weakened by the NSA (
unproven)
Can struggle with restrictive firewalls
18. Device Types: Hardware
Usually a VPN type of router
Pros
o Highest network throughput
o Plug and Play
o Dual-purpose
Cons
o Cost
o Lack of flexibility
19. Device Types: Firewall
Pros
“Harden” Operating
System
Tri-purpose
Cost-effective
Cons
• Still relatively costly
20. Device Types: Software
o Ideal for 2 end points not in same org.
o Great when different firewalls implemented
Pros
o Flexible
o Low relative
cost
Cons
• Lack of efficiency
• More labor training required
• Lower productivity;
higher labor costs
21. Advantages:
Cost Savings
Reducing the long-distance telephone charges for remote
access.
Transferring the support burden to the service providers
Operational costs
Scalability
Flexibility of growth
Efficiency with broadband technology
23. Requirements for Internet-Based VPNs
Security Requirements: User Authentication , User’s identity
must be verified, and VPN access must be restricted to
authorized users.
Address Management and Privacy: Clients’ addresses on the
private network must be kept private and managed securely.
Data Integrity: Data carried on the public network must be
rendered unreadable to unauthorized clients.
Security can be implemented in hardware or software.
24. VPN stands for…
a) Virtual Public Network b) Virtual Private Network
c) Virtual Protocol Network d) Virtual Perimeter Network
Q.1
A.1
b) Virtual Private Network
VPN stands for…
VPN stands for "Virtual Private Network" or "Virtual Private Networking." A
VPN is a private network in the sense that it carries controlled information,
protected by various security mechanisms, between known parties. VPNs are
only "virtually" private, however, because this data actually travels over shared
public networks instead of fully dedicated private connections.
25. What are the acronyms for the 3 most common VPN
protocols?
Q.2
A.2
• PPTP
• L2TP
• IPsec
3 most common VPN protocols are…
PPTP, IPsec, and L2TP are three of today's most popular VPN tunneling protocols. Each one of these is capable
of supporting a secure VPN connection.
26. What is the main benefit of VPNs compared to dedicated networks
utilizing frame relay, leased lines, and traditional dial-up?
a) better network performance b) less downtime on average
c) reduced cost d) improved security
A.3
c) reduced cost
The main benefit of VPNs is…
The main benefit of a VPN is the potential for significant cost savings
compared to traditional leased lines or dial up networking. These savings come
with a certain amount of risk, however, particularly when using the public
Internet as the delivery mechanism for VPN data.
Q.3
27. Q.4
In VPNs, the term "tunneling" refers to
a) an optional feature that
increases network
performance if it is turned on
b) the encapsulation of packets inside packets
of a different protocol to create and maintain
the virtual circuit
c) the method a system
administrator uses to detect
hackers on the network
d) a marketing strategy that involves selling
VPN products for very low prices in return for
expensive service contracts
A.4
b) the encapsulation of packets inside packets of a different protocol to
create and maintain the virtual circuit
In VPNs, the term "tunneling" refers to…