Shradhamaheshwari vpn

VIRTUAL PRIVATE NETWORK

Presented by: Shradha Maheshwari

CS-08

Traditional Networking

Corporate Headquarters

Remote Locations

Customers, Suppliers & Consultants

Remote Users

Leased Lines

Modem Bank

A New Solution: VPNVirtual Private Networking

Internet

Telecommuters & Mobile Users

Remote Locations

Customers, Suppliers & Consultants

Corporate Headquarters

Allowing cost effective expansion of private and secure networks

VPN Introduction

• Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.

• Users only make a local call to the ISP instead of expensive long distance telephone calls to the remote access server.

Types of VPN

TRUSTED VPN: Use dedicated circuitry. Path must be set and consistent. Rely on the security of a single provider’s network to protect the traffic.

Technologies used MPLS and L2F

SECURE VPN: All traffic is encrypted and authenticated The security properties of the VPN must be agreed

to by all parties in the VPN. No one outside the VPN can affect the security

properties of the VPN. 

Technologies usedIPSecSSL/TLSPPTP

HYBRID VPN:

The address boundaries of the secure VPN within the trusted VPN must be extremely clear.

Technologies usedAny supported secure VPN technologies running

over any supported trusted VPN technology.

Brief Overview Of How VPN Works

1. Two connections – one is made to the Internet and the second is made to the VPN.

2. Datagrams – contains data, destination and source information.

3. Firewalls – VPNs allow authorized users to pass through the firewalls.

4. Protocols – protocols create the VPN tunnels.

Four Critical Functions

• Authentication – validates that the data was sent by the sender.

• Access control – limiting unauthorized users from accessing the network.

• Confidentiality – preventing the data to be read or copied as the data is being transported.

• Data Integrity – ensuring that the data has not been altered

VPN Security

Encryption

AAA servers

IPSec

Firewalls

Encryption

• It is a method of “scrambling” data before transmitting it onto the Internet.

• Two common techniques used for encryption are:

a) Symmetric key encryption

b) Public key encryption

AAA Servers• Authentication in VPN is determining if the remote

VPN user is who or what it is declared to be.

• The use of digital certificates is considered as the strong mechanism for authentication.

• Authorization in VPN is determining what the user is allowed to do.

• Accounting in VPN is determining what the user actually does.

IPSec

• Internet Protocol Security (IPSec) is an industry standard enabling secure communications over the Internet.

• IPSec is a peer-negotiated network layer protocol that can be implemented in one of the two modes:a) Transport mode

b) Tunnel mode

• The disadvantage of IPSec is that it might be incompatible with many NAT implementations.

IPSec VPN

SSL/TLS

• TLS and it’s predecessor, SSL, are cryptographic protocols that provide communications security over the Internet.

• Operate at the session layer.

• It can force the browser to run applets.

SSL v/s IPSec

SSL VPN

• Implemented through every web browser without the need of additional client s/w.

• Works at the session layer of OSI model.

• Lower support costs.

• Network Address Translation is not a problem.

• Relatively simple.

IPSec

• Requires installation of client program on the end user machine.

• Works at the network layer of OSI model.

• Higher support costs

• It is incompatible with Network Address Translation.

• Complex in nature.

Firewalls

• Monitors traffic crossing network parameters and protects enterprises from unauthorized access.

• Packet-level firewall checks source and destination.

• Application-level firewall acts as a host computer between the organization’s network and the Internet.

VPN Tunneling

Secure VPN Tunnel

Intranet

Server

A tunnel establishes a secure connection between two private networks over a public medium like the Internet.

• A VPN tunnel software has a management protocol that creates, maintains and terminates a tunnel.

• Data is transferred through the VPN tunnel using a datagram based protocol.

• PPTP-Point to point tunneling protocol/L2TP-Layer 2 Tunneling protocol encapsulates private network traffic in packets to be transmitted over public networks (TCP/IP).

Data encapsulation[from corner]

Original Datagram

Encrypted inner datagram

Datagram Header Outer Datagram Data Area

PPTP

• It is a proposed standard sponsored by Microsoft and other companies.

• PPTP creates another layer of security within TCP/IP.

• It encapsulates IP packets for transmission over an IP based network.

• Main benefit- You can create a link from any network with Internet access.

L2TP

• Represents the best features of PPTP nad L2F protocol.

• L2TP can be used over the internet as well as over private intranets.

• It sets up an IP security connection thereby making the VPN connection more secure.

• Provides data confidentiality which is not present in PPTP.

Two types of tunneling

• Voluntary Tunneling: In this the client starts the process of initiating a connection with the VPN server. In this case the user's computer is the end point and acts as a VPN client.

• Compulsory Tunneling: In this the connection is created between two VPN servers and two VPN access devices i.e. the routers. In this the user computer is not the end point.

VPN tunnels can be created either at the data link layer or at the network layer of the OSI model.

Advantages

• Eliminating the need for expensive long-distance leased lines.

• Reducing the long-distance telephone charges for remote access.

• Greater scalability and easy to add/remove users.

• Centralization of shared data.

Disadvantages

• VPNs require an in-depth understanding of public network security issues and proper deployment of precautions

• Availability and performance depends on factors largely outside of their control

• VPNs need to accommodate protocols other than IP and existing internal network technology

• Unpredictable Internet traffic

Industries that may use VPN

• Healthcare

• Manufacturing

• Retail

• Banking/Financial

• General business

50%

63%

79%

90%

0% 20% 40% 60% 80% 100%

Access to network forbusiness

partners/customers

Site-to-site connectivitybetween offices

Remote access foremployees while

traveling

Remote access foremployees working out

of homes

% of Respondents

Percentages

Implementation

• Can be done in following ways:1. Site-to-site connection:

Intranet : within an organization Extranet : outside an organization

2. Remote access : employee to business

Site-to-site

Applications of site-to-site vpn

• Large-scale encryption between multiple fixed sites such as remote offices and central offices.

• Network traffic is sent over the branch office Internet connection.

• This saves the company hardware and management expenses

• Remote access

Applications of remote access

• Encrypted connections between mobile or remote users and their corporate networks

• Remote user can make a local call to an ISP, as opposed to a long distance call to the corporate remote access server.

• Ideal for a telecommuter or mobile sales people.

• VPN allows mobile workers & telecommuters to take advantage of broadband connectivity i.e. DSL, Cable.

REFERENCES

• Mitchell, Bradley. "VPN Tutorial." About.Com. 2007. 8 Mar. 2007 <http://compnetworking.about.com/od/vpn/l/aa010701a.htm>.

• Tyson, Jeff. "How Virtual Private Networks Work." How Stuff Works. 6 Mar. 2007 <http://computer.howstuffworks.com/vpn.htm>.

• "Virtual Private Network." Wikipedia: the Free Encyclopedia. 6 Mar. 2007. 9 Mar. 2007 <http://en.wikipedia.org/wiki/Vpn>.

• http://compnetworking.about.com/od/vpn/VPN_Virtual_Private_Networking.htm

• http://www.authorstream.com/Presentation/quangthanh-168465-vpn-abc-entertainment-ppt-powerpoint/

• www.vpntools.com

THANK YOU

ANY QUERIES??