©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -1--1- outline What is a...

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

www.BZUPAGES.COMwww.BZUPAGES.COM--11--

outlineWhat is a VPN?What is a VPN?

Types of VPNTypes of VPN Why use VPNs?Why use VPNs? Disadvantage of VPNDisadvantage of VPN Types of VPN protocolsTypes of VPN protocols EncryptionEncryption



What is a VPN? A VPN is A network A VPN is A network

that uses Internet or that uses Internet or other network service other network service to transmit data.to transmit data.

A VPN includes A VPN includes authentication and authentication and encryption to protect encryption to protect data integrity and data integrity and confidentialityconfidentiality

VPN

VPN

InternetInternet



Types of VPNs Remote Access VPNRemote Access VPN

Provides access to Provides access to internal corporate internal corporate network over the network over the Internet.Internet.

Reduces long Reduces long distance, modem distance, modem bank, and technical bank, and technical support costs.support costs.

InternetInternet

CorporateSite



Types of VPNs Remote Access VPNRemote Access VPN Site-to-Site VPNSite-to-Site VPN

Connects multiple Connects multiple offices over Internetoffices over Internet

Reduces Reduces dependencies on dependencies on frame relay and frame relay and leased linesleased lines

InternetInternet

BranchOffice

CorporateSite




Extranet VPNExtranet VPN Provides business Provides business

partners access to partners access to critical information critical information (leads, sales tools, (leads, sales tools, etc)etc)

Reduces transaction Reduces transaction and operational costsand operational costs

CorporateSite

InternetInternet

Partner #1Partner #2




Extranet VPNExtranet VPN Intranet VPN:Intranet VPN:

Links corporate Links corporate headquarters, remote headquarters, remote offices, and branch offices, and branch offices over a shared offices over a shared infrastructure using infrastructure using dedicated connections.dedicated connections.

InternetInternetLAN

clients

Database Server

LAN clients with sensitive data



Why Use Virtual Private Networks?

More flexibilityMore flexibility

Use multiple connection types (cable, DSL, Use multiple connection types (cable, DSL, T1, T3)T1, T3)

Secure and low-cost way to link Secure and low-cost way to link

Ubiquitous ISP servicesUbiquitous ISP services

Easier E-commerceEasier E-commerce




More flexibilityMore flexibilityMore scalabilityMore scalability

Add new sites, users quicklyAdd new sites, users quickly Scale bandwidth to meet demandScale bandwidth to meet demand




More flexibilityMore flexibilityMore scalabilityMore scalabilityLower costsLower costs

Reduced frame relay/leased line costsReduced frame relay/leased line costs Reduced long distanceReduced long distance Reduced equipment costs (modem Reduced equipment costs (modem

banks,CSU/DSUs)banks,CSU/DSUs) Reduced technical training and supportReduced technical training and support



VPN Return on Investment

5 branch offices, 1 large corporate office, 200 remote access users.

Payback: 1.04 months. Annual Savings: 88%Check Point

VPN SolutionNon-VPN Solution

Savings with Check Point

Startup Costs (Hardware

and Software)$51,965

Existing; sunk costs =

$0 Site-to-Site

Annual Cost $30,485 $71,664 Frame relay

$41,180 /yrRAS

Annual Cost $48,000 $604,800Dial-in costs

$556,800 /yrCombined

Annual Cost $78,485 $676,464 $597,980 /yr

Case History – Professional Services Company



Disadvantages of VPNLower bandwidth available compared Lower bandwidth available compared

to dial-in lineto dial-in line Inconsistent remote access Inconsistent remote access

performance due to changes in performance due to changes in Internet connectivity Internet connectivity

No entrance into the network if the No entrance into the network if the Internet connection is broken Internet connection is broken



Point-to-Point Tunneling Protocol (PPTP)

Layer 2 remote access VPN distributed with Windows product Layer 2 remote access VPN distributed with Windows product familyfamily

Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 ProtocolsAllows multiple Layer 3 Protocols

Uses proprietary authentication and encryption Uses proprietary authentication and encryption (MPPE(MPPE ) Limited user management and scalabilityLimited user management and scalability

Used MPPE encryption methodUsed MPPE encryption method

Internet

Remote PPTP Client

ISP Remote AccessSwitch

PPTP RAS Server

Corporate Network



Layer 2 Tunneling Protocol (L2TP)

Layer 2 remote access VPN protocolLayer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco Combines and extends PPTP and L2F (Cisco

supported protocol)supported protocol) Weak authentication and encryptionWeak authentication and encryption Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP) Must be combined with IPSec for enterprise-level Must be combined with IPSec for enterprise-level

securitysecurity

Internet

Remote L2TP Client

ISP L2TP Concentrator

L2TP Server

Corporate Network



Internet Protocol Security (IPSec)

Layer 3 protocol for remote access, Layer 3 protocol for remote access, intranet, and extranet VPNsintranet, and extranet VPNs Internet standard for VPNsInternet standard for VPNs Provides flexible encryption and message Provides flexible encryption and message

authentication/integrityauthentication/integrity



EncryptionUsed to convert data to a secret code Used to convert data to a secret code

for transmission over an trusted networkfor transmission over an trusted network

EncryptionAlgorithm

“The cow jumped over the moon”

“4hsd4e3mjvd3sda1d38esdf2w4d”

Clear TextClear Text Encrypted TextEncrypted Text



Symmetric Encryption Same key used to encrypt and decrypt messageSame key used to encrypt and decrypt message Faster than asymmetric encryptionFaster than asymmetric encryption Used by IPSec to encrypt actual message dataUsed by IPSec to encrypt actual message data Examples: DES, 3DES, RC5Examples: DES, 3DES, RC5

Shared Secret KeyShared Secret Key

Data Encryption Standard Rivest Cipher



Asymmetric Encryption Different keys used to encrypt and decrypt Different keys used to encrypt and decrypt

message (One public, one private)message (One public, one private) Provides non-repudiation of message or Provides non-repudiation of message or

message integritymessage integrity Examples include RSA, DSA, SHA-1, MD-5Examples include RSA, DSA, SHA-1, MD-5

Alice Public KeyAlice Public KeyEncryptEncrypt

Alice Private KeyAlice Private KeyDecryptDecrypt

BobBob AliceAlice

Rivest, Shamir and Adleman Digital Signature Algorithm Sha Hash Algorithm Message-Digest algorithm 5



Industries That May Use a VPN Healthcare: : enables the transferring of confidential enables the transferring of confidential

patient information within the medical facilities & patient information within the medical facilities & health care providerhealth care provider

Manufacturing:: allow suppliers to view inventory & allow suppliers to view inventory & allow clients to purchase online safelyallow clients to purchase online safely

Retail:: able to securely transfer sales data or able to securely transfer sales data or customer info between stores & the headquarterscustomer info between stores & the headquarters

Banking/Financial:: enables account information to enables account information to be transferred safely within departments & branchesbe transferred safely within departments & branches

General Business:: communication between remote communication between remote employees can be securely exchangedemployees can be securely exchanged


www.BZUPAGES.COMwww.BZUPAGES.COM



Thanks for your Thanks for your attentionattention



Resource:www.vpnc.org/vpn-technologies.pdfwww.vpnc.org/vpn-technologies.pdf

www.adtran.com/www.adtran.com/

www.cisco.com/ipsec_wp.htmwww.cisco.com/ipsec_wp.htm

www.computerworld.comwww.computerworld.com

www.findvpn.comwww.findvpn.com

www.wikipedia.orgwww.wikipedia.org

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -1--1- outline What is a...

Documents

Transcript of ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -1--1- outline What is a...