Virtual Private Networks Updated

7/31/2019 Virtual Private Networks Updated

1/33

Virtual Private Networks

(VPNs)

By: Agasi AslanyanJoel Almasol

Joe Nghe

Michael Wong

CIS 484

May 20, 2004


2/33

Table Of Contents

VPN IntroductionWhat is VPN and who uses it?

3 Types of VPNs

VPN Protocols

VPN Tunneling

VPN Packet Transmission

VPN Security: Firewalls

VPN Devices

VPN Advantages/Disadvantages

VPN Connections in Windows XP

Summary/Conclusion


3/33

What is a VPN?

A virtual private

network (VPN) is anetwork that uses

public means of

transmission (Internet)

as its WAN link


4/33

What is a VPN? (Cont.)

A VPN can be created by connecting offices

and single users (including mobile users) to

the nearest service providers POP (Point of

Presence) and using that service providers

backbone network, or even the Internet, as

the tunnel between offices

Traffic that flows through the backbone is

encrypted to prevent intruders from spying

or intercepting the data


5/33

What is a VPN? (Cont.)


6/33

Who uses VPNs?

VPNs can be found in homes, workplaces, or

anywhere else as long as an ISP (Internet Service

Provider) is available.

VPNs allow company employees who travel

often or who are outside their company

headquarters to safely and securely connect to

their companys Intranet


7/33

3 Types of VPN

Remote-Access VPN

Site-to-Site VPN (Intranet-based)

Site-to-Site VPN (Extranet-based)


8/33

Remote-Access VPN

Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LANconnection used by a company that has employeeswho need to connect to the private network from

various remote locations.

A good example of a company that needs aremote-access VPN would be a large firm with

hundreds of sales people in the field.

Remote-access VPNs permit secure, encryptedconnections between a company's private network

and remote users through a third-party serviceprovider.


9/33

Site-to-Site VPN

Intranet-based - If a company has one or more

remote locations that they wish to join in a single

private network, they can create an intranet VPN

to connect LAN to LAN. Extranet-based - When a company has a close

relationship with another company (for example, a

partner, supplier or customer), they can build an

extranet VPN that connects LAN to LAN, and that

allows all of the various companies to work in a

shared environment.


10/33

All 3 types of VPN


11/33

VPN Protocols

There are three mainprotocols that power thevast majority of VPNs:

PPTP

L2TP

IPsec

All three protocolsemphasize encryption andauthentication; preservingdata integrity that may besensitive and allowingclients/servers to establish

an identity on the network


12/33

VPN Protocols (In depth)

Point-to-point tunneling protocol (PPTP) PPTP is widely supported by Microsoft as it is built

into the various flavors of the Windows OS

PPTP initially had weak security features, however,

Microsoft continues to improve its support Layer Two tunneling protocol (L2TP)

L2TP was the original competitor to PPTP and wasimplemented primarily in Cisco products

L2TP is a combination of the best features of an olderprotocol L2F and PPTP

L2TP exists at the datalink layer (Layer 2) of the OSImodel


13/33

Internet Protocol Security Protocol (IPSec) providesenhanced security features such as better encryptionalgorithms and more comprehensive authentication.

IPSec has two encryption modes: tunnel and transport.Tunnel encrypts the header and the payload of each

packet while transport only encrypts the payload. Onlysystems that are IPSec compliant can take advantage ofthis protocol.

IPSec can encrypt data between various devices, such as:

Router to routerFirewall to router

PC to router

PC to server

VPN Protocols (continued)


14/33

VPN Tunneling

VPN Tunneling supports two types: voluntary tunneling and

compulsory tunneling

Voluntary tunneling is where the VPN client manages the connection

setup.

Compulsory tunneling is where the carrier network provider managesthe VPN connection setup.


15/33

Tunneling

Most VPNs rely on tunneling to create a privatenetwork that reaches across the Internet. Essentially,tunneling is the process of placing an entire packetwithin another packet and sending it over a network.

Tunneling requires three different protocols:

Passenger protocol - The original data (IPX, IP)being carried

Encapsulating protocol - The protocol (GRE, IPSec,

L2F, PPTP, L2TP) that is wrapped around theoriginal data

Carrier protocol - The protocol used by the networkthat the information is traveling over


16/33

VPN Packet Transmission

Packets are first encrypted before sent out for

transmission over the Internet. The encrypted

packet is placed inside an unencrypted packet. The

unencrypted outer packet is read by the routingequipment so that it may be properly routed to its

destination

Once the packet reaches its destination, the outer

packet is stripped off and the inner packet is

decrypted


17/33

VPN Security: Firewalls

A well-designed VPN uses several methods forkeeping your connection and data secure:

Firewalls

Encryption

IPSec AAA Server

You can set firewalls to restrict the number of open

ports, what type of packets are passed through andwhich protocols are allowed through.


18/33

Some VPN products,such as Cisco 1700

routers, can beupgraded to includefirewall capabilities byrunning the appropriateCisco IOS on them.

Cisco 1700 Series Routers


19/33

VPN Concentrator

Incorporating the mostadvanced encryption andauthentication techniquesavailable, Cisco VPN

concentrators are builtspecifically for creating aremote-access VPN.

The concentrators are offered inmodels suitable for everything

from small businesses with upto 100 remote-access users tolarge organizations with up to10,000 simultaneous remoteusers.


20/33

Advantages of VPNs

There are two main advantages

of VPNs, namely cost savings

and scalability

VPNs lower costs byeliminating the need for

expensive long-distance leased

lines. A local leased line or even

a broadband connection is all

thats needed to connect to the

Internet and utilize the public

network to securely tunnel a

private connection


21/33

Advantages of VPNs (continued)

As the number of company branches grows,

purchasing additional leased-lines increases

cost exponentially, which is why VPNs

offer even greater cost savings when

scalability is an issue

VPNs may also be used to span globally,

which lowers cost even more when

compared to traditional leased lines


22/33

Disadvantages of VPNs

Because the connection travels over publiclines, a strong understanding of networksecurity issues and proper precautions

before VPN deployment are necessary VPN connection stability is mainly in

control of the Internet stability, factorsoutside an organizations control

Differing VPN technologies may not worktogether due to immature standards


23/33

VPN Connection in XP


24/33


25/33


26/33


27/33


28/33


29/33


30/33


31/33

Summary

A virtual private network (VPN) is a network that

uses public means of transmission (Internet) as itsWAN link, connecting clients who aregeographically separated through secure tunnelingmethods

Main VPN protocols include PPTP, L2TP, andIPsec

VPN Tunneling supports two types: voluntarytunneling and compulsory tunneling

Cost and Scalability are the main advantages of aVPN

Network security and Internet stability are the

main concerns for VPNs


32/33

Resources Used

http://vpn.shmoo.com/

http://www.uwsp.edu/it/vpn/

http://info.lib.uh.edu/services/vpn.html http://www.cites.uiuc.edu/vpn/

http://www.positivenetworks.net/images/cli

ent-uploads/jumppage2.htm
http://vpn.shmoo.com/http://www.uwsp.edu/it/vpn/http://info.lib.uh.edu/services/vpn.htmlhttp://www.cites.uiuc.edu/vpn/http://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.cites.uiuc.edu/vpn/http://info.lib.uh.edu/services/vpn.htmlhttp://www.uwsp.edu/it/vpn/http://vpn.shmoo.com/


33/33

The End

Thank you all for your time. We hope you

found this presentation informative.

Virtual Private Networks Updated

Documents

Transcript of Virtual Private Networks Updated