VIRTUAL PRIVATE VIRTUAL PRIVATE NETWORKS (VPN) NETWORKS (VPN) By By Mr. Amin Pathan Mr. Amin Pathan (M.Tech-CSE Pursuing, BE-IT) (M.Tech-CSE Pursuing, BE-IT)
VIRTUAL PRIVATE VIRTUAL PRIVATE NETWORKS (VPN)NETWORKS (VPN)
ByByMr. Amin PathanMr. Amin Pathan
(M.Tech-CSE Pursuing, BE-IT)(M.Tech-CSE Pursuing, BE-IT)
Traditional Connectivity Traditional Connectivity
[From Gartner Consulting][From Gartner Consulting]
What is VPN?What is VPN?
Virtual Private Network is a type of private Virtual Private Network is a type of private network that uses public telecommunication, network that uses public telecommunication, such as the Internet, instead of leased lines to such as the Internet, instead of leased lines to communicate.communicate.
Became popular as more employees worked in Became popular as more employees worked in remote locations.remote locations.
Terminologies to understand how VPNs work.Terminologies to understand how VPNs work.
Remote Access Virtual Private Remote Access Virtual Private NetworkNetwork
(From Gartner Consulting)
Brief Overview of How it WorksBrief Overview of How it Works
Two connections – one is made to the Internet Two connections – one is made to the Internet and the second is made to the VPN.and the second is made to the VPN.
Datagrams – contains data, destination and Datagrams – contains data, destination and source information.source information.
Firewalls – VPNs allow authorized users to pass Firewalls – VPNs allow authorized users to pass through the firewalls.through the firewalls.
Protocols – protocols create the VPN tunnels.Protocols – protocols create the VPN tunnels.
Four Critical FunctionsFour Critical Functions
AuthenticationAuthentication – validates that the data was sent – validates that the data was sent from the sender.from the sender.
Access controlAccess control – limiting unauthorized users from – limiting unauthorized users from accessing the network.accessing the network.
ConfidentialityConfidentiality – preventing the data to be read or – preventing the data to be read or copied as the data is being transported.copied as the data is being transported.
Data IntegrityData Integrity – ensuring that the data has not been – ensuring that the data has not been altered altered
EncryptionEncryption
Encryption -- is a method of “scrambling” data Encryption -- is a method of “scrambling” data before transmitting it onto the Internet.before transmitting it onto the Internet.
Public Key Encryption TechniquePublic Key Encryption Technique
Digital signature – for authenticationDigital signature – for authentication
TunnelingTunneling
A virtual point-to-point connectionA virtual point-to-point connection
made through a public network. It transportsmade through a public network. It transports
encapsulated datagrams.encapsulated datagrams.
Encrypted Inner Datagram
Datagram Header Outer Datagram Data Area
Original Datagram
Data Encapsulation [From Comer]
Two types of end points: Remote Access Site-to-Site
Four Protocols used in VPNFour Protocols used in VPN
PPTP -- Point-to-Point Tunneling ProtocolPPTP -- Point-to-Point Tunneling Protocol
L2TP -- Layer 2 Tunneling ProtocolL2TP -- Layer 2 Tunneling Protocol
IPsec -- Internet Protocol SecurityIPsec -- Internet Protocol Security
SOCKS – is not used as much as the ones SOCKS – is not used as much as the ones above above
VPN Encapsulation of PacketsVPN Encapsulation of Packets
Types of ImplementationsTypes of Implementations
What does “implementation” mean in VPNs?What does “implementation” mean in VPNs?
3 types3 typesIntranet – Within an organizationIntranet – Within an organizationExtranet – Outside an organizationExtranet – Outside an organizationRemote Access – Employee to BusinessRemote Access – Employee to Business
Virtual Private Networks (VPN)Basic Architecture