vpn

Submitted

BY 

Mr.Milan Patel (110090107006)

Mr.Vimal Gajera (110090107014)

Submitted To

Supervisor

Prof. Saurabh Tandel

Virtual Private Network (VPN)

Department of Computer EngineeringC. K. PITHAWALLA COLLEGE OF ENGINEERING

AND TECHNOLOGY, SURAT

Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.

It is virtual because it exists as a virtual entity within a public network

It is private because it is confined to a set of private users

What is VPN?

Provide users with secured remote access over the Internet to corporate resources

Connect two computer networks securely over the InternetExample: Connect a branch office

network to the network in the head office

Secure part of a corporate network for security and confidentiality purpose

Some Common Uses of VPN

Two connections – one is made to the Internet and the second is made to the VPN.

Datagrams – contains data, destination and source information.

Firewalls – VPNs allow authorized users to pass through the firewalls.

Protocols – protocols create the VPN tunnels.

Brief Overview of How it Works

Remote Access Over the Internet

User Authentication

Address Management

Data Encryption

Key Management

Multi-protocol Support

Basic VPN Requirements

User Authentication

VPN must be able to verify user authentication and allow only authorized users to access the network

Address Management

Assign addresses to clients and ensure that private addresses are kept private on the VPN

Data Encryption

Encrypt and decrypt the data to ensure that others on the not have access to the data

Key Management

Keys must be generated and refreshed for encryption at the server and the client

Note that keys are required for encryption

Multi-protocol Support

The VPN technology must support commons protocols on the Internet such as IP, IPX etc.

Four Protocols used in VPN

PPTP -- Point-to-Point Tunneling Protocol

L2TP -- Layer 2 Tunneling Protocol

IPsec -- Internet Protocol Security

SOCKS – is not used as much as the ones above

Point-to-Point Tunneling Protocol (PPTP)

Encapsulate and encrypt the data to be sent over a corporate or public IP network

Level 2 Tunneling Protocol ( L2TP)

Encrypted and encapsulated to be sent over a communication links that support user datagram mode of transmission Examples of links include X . 2 5,

Frame Relay and ATM

IPSec Tunnel Mode

Encapsulate and encrypt in an IP header for transmission over an IP network

VPN SecurityFIREWALLS

ENCRYPTION

IPSEC PROTOCOL

AAA SERVER

FIREWALLS

Symmetric-key encryption

Public-key encryption

ENCRYPTION

IPSEC PROTOCOL

AAA means Authentication, Authorization and Accounting servers

AAA then checks the following:

Who you are (authentication) What you are allowed to do

(authorization) What you actually do (accounting)

AAA SERVER

Tunneling involves the encapsulation, transmission and decapsulation of data packets

The data is encapsulated with additional headers

The additional headers provide routing information for encapsulated data to be routed between the end points of a tunnel

Tunneling

A virtual point-to-point connection made through a public network. It

transports encapsulated datagrams.

Tunneling (2)

Original Datagram

Encrypted Inner Datagram

Datagram Header Outer Datagram Data Area

Data Encapsulation [From Comer]

Tunneling (3)

Advantages VS.

Disadvantages

Eliminating the need for expensive long-distance leased lines

Reducing the long-distance telephone charges for remote access.

Transferring the support burden to the service providers

Operational costs

Cisco VPN Savings Calculator

Advantages: Cost Savings

Flexibility of growth

Efficiency with broadband technology

Advantages: Scalability

VPNs require an in-depth understanding of public network security issues and proper deployment of precautions

Availability and performance depends on factors largely outside of their control

Immature standards

VPNs need to accommodate protocols other than IP and existing internal network technology

Disadvantages

Large-scale encryption between multiple fixed sites such as remote offices and central offices

Network traffic is sent over the branch office Internet connection

This saves the company hardware and management expenses

Applications: Site-to-Site VPNs

Site-to-Site VPNs

Encrypted connections between mobile or remote users and their corporate networks

Remote user can make a local call to an ISP, as opposed to a long distance call to the corporate remote access server.

Ideal for a telecommuter or mobile sales people.

VPN allows mobile workers & telecommuters to take advantage of broadband connectivity. i.e. DSL, Cable

Applications: Remote Access

Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider

Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely

Retail: able to securely transfer sales data or customer info between stores & the headquarters

Bankin g /Financial : enables account information to be transferred safely within departments & branches

General Business: communication between remote employees can be securely exchanged

Industries That May Use a VPN

Statistics From Gartner – Consulting*

50%

63%

79%

90%

0% 20% 40% 60% 80% 100%

Access to ne twork forbusiness

partners /customers

Site -to-s ite connectivitybe tween office s

Remote acce ss foremployees while

trave ling

Remote acce ss foremployees working out

of homes

% of Respondents

Percentages

*Source: www.cisco.com

CVS Pharmaceutical Corporation upgraded their frame relay network to an IP VPN

ITW Foilmark secured remote location orders, running reports, & internet / intranet communications w/ a 168 -bit encryption by switching to OpenReach VPN

Bacardi & Co. Implemented a 21 -country, 44-location VPN

Some Businesses using a VPN

VPNs are continually being enhanced. Example: Equant NV

As the VPN market becomes larger, more applications will be created along with more VPN providers and new VPN types.Networks are expected to converge to create an integrated VPNImproved protocols are expected, which will also improve VPNs.

Where Do We See VPNs Going in the Future?

THANK YOU !