(Virtual Private Network (VPN

Virtual Private Network

(VPN)

Virtual Private Network

(VPN)

--22--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

“ “ If saving money is wrong, If saving money is wrong, I don’t want to be right…” I don’t want to be right…”

- - William ShartnerWilliam Shartner


outlineoutlineWhat is a VPN?What is a VPN?

Types of VPNTypes of VPN Why use VPNs?Why use VPNs? Disadvantage of VPNDisadvantage of VPN Types of VPN protocolsTypes of VPN protocols EncryptionEncryption


What is a VPN?What is a VPN? A VPN is A network A VPN is A network

that uses Internet or that uses Internet or other network service other network service to transmit data.to transmit data.

A VPN includes A VPN includes authentication and authentication and encryption to protect encryption to protect data integrity and data integrity and confidentialityconfidentiality

VPN

VPN

InternetInternet


Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN

Provides access to Provides access to internal corporate internal corporate network over the network over the Internet.Internet.

Reduces long Reduces long distance, modem distance, modem bank, and technical bank, and technical support costs.support costs.

InternetInternet

CorporateSite


Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN

Site-to-Site VPNSite-to-Site VPN Connects multiple Connects multiple

offices over Internetoffices over Internet Reduces Reduces

dependencies on dependencies on frame relay and frame relay and leased linesleased lines

InternetInternet

BranchOffice

CorporateSite


Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN Site-to-Site VPNSite-to-Site VPN

Extranet VPNExtranet VPN Provides business Provides business

partners access to partners access to critical information critical information (leads, sales tools, (leads, sales tools, etc)etc)

Reduces transaction Reduces transaction and operational costsand operational costs

CorporateSite

InternetInternet

Partner #1

Partner #2


Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN Site-to-Site VPNSite-to-Site VPN

Extranet VPNExtranet VPN Intranet VPN:Intranet VPN:

Links corporate Links corporate headquarters, remote headquarters, remote offices, and branch offices, and branch offices over a shared offices over a shared infrastructure using infrastructure using dedicated connections.dedicated connections.

InternetInternet

LAN clients

Database Server

LAN clients with sensitive data


Why Use Virtual Private Networks?


More flexibilityMore flexibility

Use multiple connection types (cable, DSL, Use multiple connection types (cable, DSL, T1, T3)T1, T3)

Secure and low-cost way to link Secure and low-cost way to link

Ubiquitous ISP servicesUbiquitous ISP services

Easier E-commerceEasier E-commerce




More flexibilityMore flexibilityMore scalabilityMore scalability

Add new sites, users quicklyAdd new sites, users quickly Scale bandwidth to meet demandScale bandwidth to meet demand




More flexibilityMore flexibilityMore scalabilityMore scalabilityLower costsLower costs

Reduced frame relay/leased line costsReduced frame relay/leased line costs Reduced long distanceReduced long distance Reduced equipment costs (modem Reduced equipment costs (modem

banks,CSU/DSUs)banks,CSU/DSUs) Reduced technical training and supportReduced technical training and support


VPN Return on InvestmentVPN Return on Investment

5 branch offices, 1 large corporate office, 200 remote access users.

Payback: 1.04 months. Annual Savings: 88%

Check Point VPN Solution

Non-VPN Solution

Savings with Check Point

Startup Costs (Hardware

and Software)$51,965

Existing; sunk costs =

$0

Site-to-Site Annual Cost

$30,485 $71,664 Frame relay

$41,180 /yr

RAS Annual Cost

$48,000 $604,800Dial-in costs

$556,800 /yr

Combined Annual Cost

$78,485 $676,464 $597,980 /yr

Case History – Professional Services Company


Disadvantages of VPNDisadvantages of VPNLower bandwidth available compared Lower bandwidth available compared

to dial-in lineto dial-in line Inconsistent remote access Inconsistent remote access

performance due to changes in performance due to changes in Internet connectivity Internet connectivity

No entrance into the network if the No entrance into the network if the Internet connection is broken Internet connection is broken


Point-to-Point Tunneling Protocol (PPTP)

Point-to-Point Tunneling Protocol (PPTP)

Layer 2 remote access VPN distributed with Windows product Layer 2 remote access VPN distributed with Windows product familyfamily

Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 ProtocolsAllows multiple Layer 3 Protocols

Uses proprietary authentication and encryptionUses proprietary authentication and encryption Limited user management and scalabilityLimited user management and scalability

Used MPPE encryption methodUsed MPPE encryption method

Internet

Remote PPTP Client

ISP Remote AccessSwitch

PPTP RAS Server

Corporate Network


Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP)

Layer 2 remote access VPN protocolLayer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco Combines and extends PPTP and L2F (Cisco

supported protocol)supported protocol) Weak authentication and encryptionWeak authentication and encryption Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP) Must be combined with IPSec for enterprise-level Must be combined with IPSec for enterprise-level

securitysecurity

Internet

Remote L2TP Client

ISP L2TP Concentrator

L2TP Server

Corporate Network


Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)

Layer 3 protocol for remote access, Layer 3 protocol for remote access, intranet, and extranet VPNsintranet, and extranet VPNs Internet standard for VPNsInternet standard for VPNs Provides flexible encryption and message Provides flexible encryption and message

authentication/integrityauthentication/integrity


EncryptionEncryptionUsed to convert data to a secret code Used to convert data to a secret code

for transmission over an trusted networkfor transmission over an trusted network

EncryptionAlgorithm

“The cow jumped over the moon”

“4hsd4e3mjvd3sda1d38esdf2w4d”

Clear TextClear Text Encrypted TextEncrypted Text


Symmetric EncryptionSymmetric Encryption Same key used to encrypt and decrypt messageSame key used to encrypt and decrypt message Faster than asymmetric encryptionFaster than asymmetric encryption Used by IPSec to encrypt actual message dataUsed by IPSec to encrypt actual message data Examples: DES, 3DES, RC5Examples: DES, 3DES, RC5

Shared Secret KeyShared Secret Key


Asymmetric EncryptionAsymmetric Encryption Different keys used to encrypt and decrypt Different keys used to encrypt and decrypt

message (One public, one private)message (One public, one private) Provides non-repudiation of message or Provides non-repudiation of message or

message integritymessage integrity Examples include RSA, DSA, SHA-1, MD-5Examples include RSA, DSA, SHA-1, MD-5

Alice Public KeyAlice Public KeyEncryptEncrypt

Alice Private KeyAlice Private KeyDecryptDecrypt

BobBob AliceAlice


Industries That May Use a VPNIndustries That May Use a VPN Healthcare: : enables the transferring of confidential enables the transferring of confidential

patient information within the medical facilities & patient information within the medical facilities & health care providerhealth care provider

Manufacturing:: allow suppliers to view inventory & allow suppliers to view inventory & allow clients to purchase online safelyallow clients to purchase online safely

Retail:: able to securely transfer sales data or able to securely transfer sales data or customer info between stores & the headquarterscustomer info between stores & the headquarters

Banking/Financial:: enables account information to enables account information to be transferred safely within departments & branchesbe transferred safely within departments & branches

General Business:: communication between remote communication between remote employees can be securely exchangedemployees can be securely exchanged


Some Businesses using a VPNSome Businesses using a VPN

CVS Pharmaceutical Corporation CVS Pharmaceutical Corporation upgraded their frame relay network to upgraded their frame relay network to an IP VPNan IP VPN

Bacardi & Co. Implemented a 21-Bacardi & Co. Implemented a 21-country, 44-location VPNcountry, 44-location VPN


Questions Questions


presented by : presented by :

Iman AbooeeIman Abooee

Thanks for your Thanks for your attentionattention

Winter 85Winter 85


Resource:Resource:www.vpnc.org/vpn-technologies.pdfwww.vpnc.org/vpn-technologies.pdf

www.adtran.com/www.adtran.com/

www.cisco.com/ipsec_wp.htmwww.cisco.com/ipsec_wp.htm

www.computerworld.comwww.computerworld.com

www.findvpn.comwww.findvpn.com

www. Shabake_mag.comwww. Shabake_mag.com

(Virtual Private Network (VPN

Documents

Transcript of (Virtual Private Network (VPN