Upload
ethelbert-terry
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
Virtual Private NetworksVirtual Private Networks(VPN’s)(VPN’s)
By: Agasi AslanyanBy: Agasi Aslanyan
Joel AlmasolJoel Almasol
Joe NgheJoe Nghe
Michael WongMichael Wong
CIS 484CIS 484
May 20, 2004May 20, 2004
Table Of ContentsTable Of Contents VPN Introduction – What is VPN and who uses it?VPN Introduction – What is VPN and who uses it? 3 Types of VPN’s3 Types of VPN’s VPN ProtocolsVPN Protocols VPN TunnelingVPN Tunneling VPN Packet TransmissionVPN Packet Transmission VPN Security: FirewallsVPN Security: Firewalls VPN DevicesVPN Devices VPN Advantages/DisadvantagesVPN Advantages/Disadvantages VPN Connections in Windows XPVPN Connections in Windows XP Summary/ConclusionSummary/Conclusion
What is a VPN?What is a VPN?
A virtual private A virtual private network (VPN) is a network (VPN) is a network that uses network that uses public means of public means of transmission (Internet) transmission (Internet) as its WAN linkas its WAN link
What is a VPN? (Cont.)What is a VPN? (Cont.)
A VPN can be created by connecting A VPN can be created by connecting offices and single users (including mobile offices and single users (including mobile users) to the nearest service providers POP users) to the nearest service providers POP (Point of Presence) and using that service (Point of Presence) and using that service provider’s backbone network, or even the provider’s backbone network, or even the Internet, as the tunnel between officesInternet, as the tunnel between offices
Traffic that flows through the backbone is Traffic that flows through the backbone is encrypted to prevent intruders from spying encrypted to prevent intruders from spying or intercepting the dataor intercepting the data
What is a VPN? (Cont.)What is a VPN? (Cont.)
Who uses VPN’s?Who uses VPN’s?
VPN’s can be found in homes, workplaces, or VPN’s can be found in homes, workplaces, or anywhere else as long as an ISP (Internet Service anywhere else as long as an ISP (Internet Service Provider) is available. Provider) is available.
VPN’s allow company employees who travel VPN’s allow company employees who travel often or who are outside their company often or who are outside their company headquarters to safely and securely connect to headquarters to safely and securely connect to their company’s Intranettheir company’s Intranet
3 Types of VPN3 Types of VPN
Remote-Access VPNRemote-Access VPN
Site-to-Site VPN (Site-to-Site VPN (Intranet-basedIntranet-based))
Site-to-Site VPN (Site-to-Site VPN (Extranet-basedExtranet-based))
Remote-Access VPNRemote-Access VPN
Remote-accessRemote-access, also called a , also called a virtual private dial-up virtual private dial-up networknetwork ( (VPDNVPDN), is a user-to-LAN connection used ), is a user-to-LAN connection used by a company that has employees who need to by a company that has employees who need to connect to the private network from various remote connect to the private network from various remote locations.locations.
A good example of a company that needs a remote-A good example of a company that needs a remote-access VPN would be a large firm with hundreds of access VPN would be a large firm with hundreds of sales people in the field.sales people in the field.
Remote-access VPNs permit secure, encrypted Remote-access VPNs permit secure, encrypted connections between a company's private network and connections between a company's private network and remote users through a third-party service provider.remote users through a third-party service provider.
Site-to-Site VPNSite-to-Site VPN
Intranet-basedIntranet-based - If a company has one or more - If a company has one or more remote locations that they wish to join in a single remote locations that they wish to join in a single private network, they can create an intranet VPN private network, they can create an intranet VPN to connect LAN to LAN.to connect LAN to LAN.
Extranet-basedExtranet-based - When a company has a close - When a company has a close relationship with another company (for example, a relationship with another company (for example, a partner, supplier or customer), they can build an partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a allows all of the various companies to work in a shared environment. shared environment.
All 3 types of VPNAll 3 types of VPN
VPN ProtocolsVPN Protocols
There are three main There are three main protocols that power the protocols that power the vast majority of VPN’s:vast majority of VPN’s:– PPTPPPTP– L2TPL2TP– IPsecIPsec
All three protocols All three protocols emphasize encryption and emphasize encryption and authentication; preserving authentication; preserving data integrity that may be data integrity that may be sensitive and allowing sensitive and allowing clients/servers to establish clients/servers to establish an identity on the networkan identity on the network
VPN Protocols (In depth)VPN Protocols (In depth)
Point-to-point tunneling protocol (PPTP)Point-to-point tunneling protocol (PPTP)– PPTP is widely supported by Microsoft as it is built PPTP is widely supported by Microsoft as it is built
into the various flavors of the Windows OSinto the various flavors of the Windows OS– PPTP initially had weak security features, however, PPTP initially had weak security features, however,
Microsoft continues to improve its supportMicrosoft continues to improve its support Layer Two tunneling protocol (L2TP)Layer Two tunneling protocol (L2TP)
– L2TP was the original competitor to PPTP and was L2TP was the original competitor to PPTP and was implemented primarily in Cisco productsimplemented primarily in Cisco products
– L2TP is a combination of the best features of an older L2TP is a combination of the best features of an older protocol L2F and PPTPprotocol L2F and PPTP
– L2TP exists at the datalink layer (Layer 2) of the OSI L2TP exists at the datalink layer (Layer 2) of the OSI modelmodel
Internet Protocol Security Protocol (IPSec) provides Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption enhanced security features such as better encryption algorithms and more comprehensive authentication.algorithms and more comprehensive authentication.
IPSec has two encryption modes: IPSec has two encryption modes: tunneltunnel and and transporttransport. . Tunnel encrypts the header and the payload of each Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of systems that are IPSec compliant can take advantage of this protocol. this protocol.
IPSec can encrypt data between various devices, such as: IPSec can encrypt data between various devices, such as: – Router to router Router to router – Firewall to router Firewall to router – PC to router PC to router – PC to serverPC to server
VPN Protocols (continued)VPN Protocols (continued)
VPN TunnelingVPN Tunneling
VPN Tunneling supports two types: voluntary tunneling and VPN Tunneling supports two types: voluntary tunneling and compulsory tunnelingcompulsory tunneling
Voluntary tunneling is where the VPN client manages the connection Voluntary tunneling is where the VPN client manages the connection setup. setup.
Compulsory tunneling is where the carrier network provider manages Compulsory tunneling is where the carrier network provider manages the VPN connection setup. the VPN connection setup.
TunnelingTunneling Most VPNs rely on Most VPNs rely on tunnelingtunneling to create a private to create a private
network that reaches across the Internet. Essentially, network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet tunneling is the process of placing an entire packet within another packet and sending it over a network.within another packet and sending it over a network.
Tunneling requires three different protocols: Tunneling requires three different protocols: Passenger protocolPassenger protocol - The original data (IPX, IP) - The original data (IPX, IP)
being carriedbeing carried Encapsulating protocolEncapsulating protocol - The protocol (GRE, IPSec, - The protocol (GRE, IPSec,
L2F, PPTP, L2TP) that is wrapped around the L2F, PPTP, L2TP) that is wrapped around the original dataoriginal data
Carrier protocolCarrier protocol - The protocol used by the network - The protocol used by the network that the information is traveling over that the information is traveling over
VPN Packet TransmissionVPN Packet Transmission
Packets are first encrypted before sent out for Packets are first encrypted before sent out for transmission over the Internet. The encrypted transmission over the Internet. The encrypted packet is placed inside an unencrypted packet. The packet is placed inside an unencrypted packet. The unencrypted outer packet is read by the routing unencrypted outer packet is read by the routing equipment so that it may be properly routed to its equipment so that it may be properly routed to its destinationdestination
Once the packet reaches its destination, the outer Once the packet reaches its destination, the outer packet is stripped off and the inner packet is packet is stripped off and the inner packet is decrypteddecrypted
VPN Security: FirewallsVPN Security: FirewallsA well-designed VPN uses several methods for A well-designed VPN uses several methods for keeping your connection and data secure: keeping your connection and data secure:
FirewallsFirewalls EncryptionEncryption IPSecIPSec AAA ServerAAA Server
You can set firewalls to restrict the number of open You can set firewalls to restrict the number of open ports, what type of packets are passed through and ports, what type of packets are passed through and which protocols are allowed through.which protocols are allowed through.
Some VPN products, Some VPN products, such as Cisco 1700 such as Cisco 1700 routers, can be routers, can be upgraded to include upgraded to include firewall capabilities by firewall capabilities by running the appropriate running the appropriate Cisco IOS on them.Cisco IOS on them.
Cisco 1700 Series RoutersCisco 1700 Series Routers
VPN ConcentratorVPN Concentrator
Incorporating the most Incorporating the most advanced encryption and advanced encryption and authentication techniques authentication techniques available, Cisco VPN available, Cisco VPN concentrators are built concentrators are built specifically for creating a specifically for creating a remote-access VPN.remote-access VPN.
The concentrators are offered in The concentrators are offered in models suitable for everything models suitable for everything from small businesses with up from small businesses with up to 100 remote-access users to to 100 remote-access users to large organizations with up to large organizations with up to 10,000 simultaneous remote 10,000 simultaneous remote users.users.
Advantages of VPN’sAdvantages of VPN’s
There are two main advantages of There are two main advantages of VPN’s, namely cost savings and VPN’s, namely cost savings and scalabilityscalability
VPN’s lower costs by eliminating VPN’s lower costs by eliminating the need for expensive long-the need for expensive long-distance leased lines. A local distance leased lines. A local leased line or even a broadband leased line or even a broadband connection is all that’s needed to connection is all that’s needed to connect to the Internet and utilize connect to the Internet and utilize the public network to securely the public network to securely tunnel a private connectiontunnel a private connection
Advantages of VPN’s (continued)Advantages of VPN’s (continued)
As the number of company branches grows, As the number of company branches grows, purchasing additional leased-lines increases purchasing additional leased-lines increases cost exponentially, which is why VPN’s cost exponentially, which is why VPN’s offer even greater cost savings when offer even greater cost savings when scalability is an issuescalability is an issue
VPN’s may also be used to span globally, VPN’s may also be used to span globally, which lowers cost even more when which lowers cost even more when compared to traditional leased linescompared to traditional leased lines
Disadvantages of VPN’sDisadvantages of VPN’s
Because the connection travels over public Because the connection travels over public lines, a strong understanding of network lines, a strong understanding of network security issues and proper precautions security issues and proper precautions before VPN deployment are necessarybefore VPN deployment are necessary
VPN connection stability is mainly in VPN connection stability is mainly in control of the Internet stability, factors control of the Internet stability, factors outside an organizations controloutside an organizations control
Differing VPN technologies may not work Differing VPN technologies may not work together due to immature standardstogether due to immature standards
VPN Connection in XPVPN Connection in XP
SummarySummary A virtual private network (VPN) is a network that A virtual private network (VPN) is a network that
uses public means of transmission (Internet) as its uses public means of transmission (Internet) as its WAN link, connecting clients who are WAN link, connecting clients who are geographically separated through secure tunneling geographically separated through secure tunneling methodsmethods
Main VPN protocols include PPTP, L2TP, and Main VPN protocols include PPTP, L2TP, and IPsecIPsec
VPN Tunneling supports two types: voluntary VPN Tunneling supports two types: voluntary tunneling and compulsory tunnelingtunneling and compulsory tunneling
Cost and Scalability are the main advantages of a Cost and Scalability are the main advantages of a VPNVPN
Network security and Internet stability are the Network security and Internet stability are the main concerns for VPN’smain concerns for VPN’s
Resources UsedResources Used
http://vpn.shmoo.com/http://vpn.shmoo.com/ http://www.uwsp.edu/it/vpn/http://www.uwsp.edu/it/vpn/ http://info.lib.uh.edu/services/vpn.htmlhttp://info.lib.uh.edu/services/vpn.html http://www.cites.uiuc.edu/vpn/http://www.cites.uiuc.edu/vpn/ http://www.positivenetworks.net/images/clihttp://www.positivenetworks.net/images/cli
ent-uploads/jumppage2.htment-uploads/jumppage2.htm
The EndThe End
Thank you all for your time. We hope you Thank you all for your time. We hope you found this presentation informative. found this presentation informative.