Transcript
Virtual Private NetworksINSTITUTE OF FORENSIC SCIENCE , GFSU
JIGAR LAD
What is A VPN?
A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet.
It provides LAN access to end systems not physically located on the LAN
An alternative to WAN (Wide Area Networks) which use leased lines to connect
A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs at remote offices or
facilities and individual users connecting from out in the field.
How does it work?
Data is encrypted (cannot be deciphered without the key)
Virtual Point to Point Connection To the user, it acts like a point to point connection
Data is packaged with a header
Benefits of Using VPN
Expand Globally Costs reduced
No dedicated lines necessary
Easier Technology is on the end systems, which
makes it more scalable No single point of failure Easier Network Management
Types of VPN
Two Types: Site to Site VPN
Remote Access VPN
Remote Access VPN
Essentially provides LAN access through dial-up connection Typically done by purchasing a NAS (Network
Access Server) with a toll free number
Can instead be done through normal ISP connection using the VPN software to make a virtual connection to the LAN
Site to Site VPN
Connects two LANs over local ISP connections
Very useful if you need to connect a branch to a main hub (Big business)
Much less expensive than purchasing one dedicated line between the hub and branch
Intranet connects remote locations from one company
Extranet connects two companies (partners) into one shared Private Network
Security
Many types of Security are offered including: Firewalls
Encryption
IPSec
Certificates
AAA servers
Firewalls
Can be used with VPN is right technology is set up on the router Cisco 1700 router for example
Can restrict: The type of data being transferred
The number of ports open
Which protocols are allowed through
Encryption
Symmetric Key Encryption (private key) All communicating computers use the same key
stored on their computer
Asymmetric Key Encryption Uses a Private key and a Public Key
Private key on local computer
Public key sent out to anyone who you want to communicate with
Mathematically related through encryption algorithm
Both must be used to decrypt anything sent
IPSec
Made up of two parts Authentication Header
Verify data integrity
Encapsulation Security Payload
Data integrity
Data encryption
IPSec continued
Authentication Header Authentication Data Sequence number
Encapsulating Security Payload Encrypt data Another layer of integrity and
authentication checks
Certificates
Used alongside public keys Contains:
Certificate Name Owner of the public key Public key itself Expiration date Certificate authority
Verifies that information is coming from the private key
Can be distributed on disks, smart cards, or electronically
AAA Servers
Authentication, Authorization, Accounting These advanced servers ask each user who they
are, what they are allowed to do, and what the actually want to do each time they connect
This allows the LAN to track usage from dial up connections and closely monitor those remotely connected as they would those physically connected.
top related