EN253206Broadband CommunicationInternet/Intranet/Extranet and

Virtual Private Network (VPN)Asst. Prof. Nararat Ruangchaijatupon

Electrical Engineering ProgramFaculty of Engineering, KKU

Office: EN04325A, Email: nararat@kku.ac.th

What is Intranet?• An intranet is a computer network for sharing

information, collaboration tools, operational systems, and other computing services only within an organization, and to the exclusion of access by outsiders to the organization. The term is used in contrast to public networks, such as the Internet, but uses most of the same technology based on the Internet Protocol Suite

• In its simplest form, an intranet is established with the technologies for local area networks (LANs) and wide area networks (WANs)

2

Source: https://en.wikipedia.org/wiki/Intranet

Definition• Watch

– https://www.youtube.com/watch?v=dIA1KweJoRY (3.10 min) (Good!)

– https://www.youtube.com/watch?v=nojwX3_XZBs (4.50 min)

• Some networks allow users within their intranet to access public internet through firewall servers. They have the ability to screen messages coming and going, keeping security intact.

3

Source: https://en.wikipedia.org/wiki/Intranet

Intranet Connectivity Design Example 1

4

Source: https://www.researchgate.net/figure/The-network-topology-of-case-study_fig4_332759301

Intranet Connectivity Design Example 2

5

Source: https://help.sap.com/doc/saphelp_tm90/9.0/de-DE/e7/2f0050d5ac612fe10000000a44176d/content.htm?no_cache=true

Intranet Connectivity Design Example 3

6Source: http://lammengtuck.tripod.com/id15.html

Advantages of Intranet• Work force productivity/Enhance collaboration

• Relevance/Up-to-date publishing (web)

• Communication (chat, email, blog)

• Business operation and management– Workflow

– Training

• Cost-effective

• Cross-platform capability

• Supports a distributed computing architecture

• Promote common corporate culture/Employee engagement

7

Source: https://en.wikipedia.org/wiki/Intranet

What is Extranet?• An intranet is sometimes contrasted to an extranet.

While an intranet is generally restricted to employees of the organization, extranets may also be accessed by customers, suppliers, or other approved parties. Extranets extend a private network onto the Internet with special provisions for authentication, authorization and accounting

• An extranet is a controlled private network that allows access to partners, vendors and suppliers or an authorized set of customers – normally to a subset of the information accessible from an organization's intranet.

8Source: https://en.wikipedia.org/

Advantages of Extranet• Exchange large volumes of data (Electronic Data

Interexchange)

• Share data exclusively with partners

• Collaborate with other partners

• Jointly develop and use training programs with partners

• Provide or access services provided by one company to a group of other companies, such as an online banking application manages by one company on behalf of affiliated banks

• Improved efficiency9

Source: https://en.wikipedia.org/wiki/Extranet

Disadvantages of Extranet

• Extranets can be expensive to implement and maintain within an organization (e.g., hardware, software, employee training costs)– if hosted internally rather than by an application

service provider

• Security of extranets can be a concern when hosting valuable or proprietary information

10

Source: https://en.wikipedia.org/wiki/Extranet

The Internet• The Internet is the global system of interconnected

computer networks that uses the Internet protocol suite (TCP/IP) to link devices worldwide. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and file sharing

11Source: https://en.wikipedia.org/wiki/Internet

Visualization of Internet Routing Paths

12Source: By The Opte Project - https://commons.wikimedia.org/w/index.php?curid=25698718

The Internet Connectivity

13

Source: By Rarelibra - https://commons.wikimedia.org/w/index.php?curid=5542154

2007 map showing submarine fiberoptic telecommunication cables around the world

Service Tiers• Internet service providers (ISPs) establish the

worldwide connectivity at various levels.

14Source: By User:Ludovic.ferre - https://commons.wikimedia.org/w/index.php?curid=10030716

Service Tiers (cont.)

• End-users represent the bottom of the routing hierarchy

• The top are the tier 1 networks, which are large telecommunication companies that exchange traffic directly with each other with very high speed and governed by peering agreements

• List of Tier 1 networks (https://en.wikipedia.org/wiki/Tier_1_network#List_of_Tier_1_networks)

• Tier 2 and lower level networks buy Internet transit from other providers to reach at least some parties on the global Internet, though they may also engage in peering

• List of Tier 1 networks (https://en.wikipedia.org/wiki/Tier_2_network)

• Large organizations, such as academic institutions, large enterprises, and governments, may perform the same function as ISPs, engaging in peering and purchasing transit on behalf of their internal networks

15Source: https://en.wikipedia.org/wiki/Internet

Related Organizations?• IETF – Internet Engineering Task Force

• ICANN - Internet Cooperation for Assign Names and Numbers

16

Virtual Private Network (VPN)• A virtual private network (VPN) is the technology

that allows secure connection to the private network through a public network

• For security, VPN uses tunneling protocol and authentication method

• VPN creates a virtual point-to-point connection(through a tunneling protocol/dedicated circuit)

• https://www.youtube.com/watch?v=xGjGQ24cXAY (13.08 min) (Please Watch!)

• https://www.youtube.com/watch?v=IDFa1cGHOm4 (6.14 min) (Please Watch!)

17

Introduction to VPNAfter watching the 1st VDO, answer the questions.

• What is my ip address (.com)

• Where is the dangerous/unsecure location?

• Downside of VPN?

18

Introduction to VPN (cont.1)

19Source: https://www.youtube.com/watch?v=xGjGQ24cXAY

Introduction to VPN (cont.2)

20Source: https://www.youtube.com/watch?v=xGjGQ24cXAY

Introduction to VPN (cont.3)

21Source: https://www.youtube.com/watch?v=xGjGQ24cXAY

Introduction to VPN (cont.4)

22Source: https://www.youtube.com/watch?v=xGjGQ24cXAY

Introduction to VPN (cont.5)

23Source: https://www.youtube.com/watch?v=bfHwbHytzZY

• VPN server can be provided by:

– Your own (private/corporate) network

– VPN service provider

Introduction to VPN (cont.6)

After watching the 2nd VDO, answer the questions.

• Types of VPN are:

• Name 3 Tunneling Protocols

• What is encryption?

24

VPN EncryptionThe VPN security model provides:

• Confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and deep packet inspection), an attacker would see only encrypted data

• Sender authentication to prevent unauthorized users from accessing the VPN

• Message integrity to detect any instances of tampering with transmitted messages

25Source: https://en.wikipedia.org/wiki/Virtual_private_network

VPN Encryption (cont.1)

• Types: Symmetry-key (in VPN)/Public-key

• Handshake Encryption (RSA) used in TLS handshake– More about TLS handshake ->

https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/

– https://www.youtube.com/watch?v=sEkw8ZcxtFk (start at 2.35-5.03 min) (Please Watch!)

• Secure Hash Algorithm (SHA) for SSL/TLS connections

26

TLS/SSL Handshake

27

Source: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/

VPN Encryption (cont.2)

Remote-access VPN

• Authentication– Password

• Tunneling protocol– SSL/TSL

– Point-to-point Protocol

– L2F – Layer 2 Forwarding

– PPTP - Point-to-point Tunneling Protocol

– L2TP - Layer 2 Tunneling Protocol

Sit-to-site VPN

• Authentication– Certificate

• Tunneling protocol– IPSec – Internet Protocol

Security protocol

– GRE – Generic Routing Encapsulation

28Source: https://computer.howstuffworks.com/vpn7.htm

IPSec• Encrypt data between various devices

– Router to router, firewall to router, desktop to router, desktop to server

• Consists of two sub-protocols

– Encapsulated Security Payload (ESP) encrypts the packet's payload (the data it's transporting) with a symmetric key

– Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender's identity) until it gets to its destination

29Source: https://computer.howstuffworks.com/vpn7.htm

IPSec (cont.)

• Networked devices can use IPSec in one of two encryption modes

– In transport mode, devices encrypt the data traveling between them

– In tunnel mode, the devices build a virtual tunnel between two networks

• VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together

• Good Watch– https://www.youtube.com/watch?v=tuDVWQO

G0C0 (9.43 min) (Please Watch!)30

VPN Encryption Ciphers• Blowfish – blowfish-128

– 64-bit block size

• Twofish – twofish-128,192, or 256

– 128-bit block size

• AES - AES-128,192, or 256

• Camellia - Camellia-128,192, or 256

– No certification

• TripleDES – TripleDES-56,112, 168

– also 64-bit block size

• MPPE – MPPE-40, 56, 128

– Microsoft Point-to-Point Encryption, used in PPTP31

Source: https://www.cactusvpn.com/beginners-guide-to-vpn/vpn-encryption/

OpenVPN

• Open-source commercial software

• Secure point-to-point or site-to-site connections

• It uses a custom security protocol

– Utilizes SSL/TLS for key exchange.

• It is capable of traversing network address translators (NATs) and firewalls

32

SoftEther VPN• Free open-source,

cross-platform, multi-protocol VPN client/server software

• Developed as part of Daiyuu Nobori'smaster's thesis at the University of Tsukuba

• Supports SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol in a single VPN server

• Supports NAT traversal

33

KKU VPN• https://vpn-portal.kku.ac.th/

• VDO instructionhttps://www.youtube.com/watch?v=taxADPPvugw

34

Recommended Resources• Encryption and Security Protocols in a

VPN (Good! Please read!)– https://computer.howstuffworks.com/vpn7.htm

• How to Test VPN Encryption– https://www.cactusvpn.com/beginners-guide-

to-vpn/vpn-encryption/

• Concern and Vulnerability of VPN– https://www.youtube.com/watch?v=q4P4BjjXg

hQ (start at 14.01-22.17 min) Please watch!

35

Question & DiscussionIn-class Quiz

AssignmentLet’s the students familiarize themselves

with all terminologies and how the protocols work