Virtual Private Networks Updated
-
Upload
alexsoh-sohlinkeong -
Category
Documents
-
view
227 -
download
0
Transcript of Virtual Private Networks Updated
-
7/31/2019 Virtual Private Networks Updated
1/33
Virtual Private Networks
(VPNs)
By: Agasi AslanyanJoel Almasol
Joe Nghe
Michael Wong
CIS 484
May 20, 2004
-
7/31/2019 Virtual Private Networks Updated
2/33
Table Of Contents
VPN IntroductionWhat is VPN and who uses it?
3 Types of VPNs
VPN Protocols
VPN Tunneling
VPN Packet Transmission
VPN Security: Firewalls
VPN Devices
VPN Advantages/Disadvantages
VPN Connections in Windows XP
Summary/Conclusion
-
7/31/2019 Virtual Private Networks Updated
3/33
What is a VPN?
A virtual private
network (VPN) is anetwork that uses
public means of
transmission (Internet)
as its WAN link
-
7/31/2019 Virtual Private Networks Updated
4/33
What is a VPN? (Cont.)
A VPN can be created by connecting offices
and single users (including mobile users) to
the nearest service providers POP (Point of
Presence) and using that service providers
backbone network, or even the Internet, as
the tunnel between offices
Traffic that flows through the backbone is
encrypted to prevent intruders from spying
or intercepting the data
-
7/31/2019 Virtual Private Networks Updated
5/33
What is a VPN? (Cont.)
-
7/31/2019 Virtual Private Networks Updated
6/33
Who uses VPNs?
VPNs can be found in homes, workplaces, or
anywhere else as long as an ISP (Internet Service
Provider) is available.
VPNs allow company employees who travel
often or who are outside their company
headquarters to safely and securely connect to
their companys Intranet
-
7/31/2019 Virtual Private Networks Updated
7/33
3 Types of VPN
Remote-Access VPN
Site-to-Site VPN (Intranet-based)
Site-to-Site VPN (Extranet-based)
-
7/31/2019 Virtual Private Networks Updated
8/33
Remote-Access VPN
Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LANconnection used by a company that has employeeswho need to connect to the private network from
various remote locations.
A good example of a company that needs aremote-access VPN would be a large firm with
hundreds of sales people in the field.
Remote-access VPNs permit secure, encryptedconnections between a company's private network
and remote users through a third-party serviceprovider.
-
7/31/2019 Virtual Private Networks Updated
9/33
Site-to-Site VPN
Intranet-based - If a company has one or more
remote locations that they wish to join in a single
private network, they can create an intranet VPN
to connect LAN to LAN. Extranet-based - When a company has a close
relationship with another company (for example, a
partner, supplier or customer), they can build an
extranet VPN that connects LAN to LAN, and that
allows all of the various companies to work in a
shared environment.
-
7/31/2019 Virtual Private Networks Updated
10/33
All 3 types of VPN
-
7/31/2019 Virtual Private Networks Updated
11/33
VPN Protocols
There are three mainprotocols that power thevast majority of VPNs:
PPTP
L2TP
IPsec
All three protocolsemphasize encryption andauthentication; preservingdata integrity that may besensitive and allowingclients/servers to establish
an identity on the network
-
7/31/2019 Virtual Private Networks Updated
12/33
VPN Protocols (In depth)
Point-to-point tunneling protocol (PPTP) PPTP is widely supported by Microsoft as it is built
into the various flavors of the Windows OS
PPTP initially had weak security features, however,
Microsoft continues to improve its support Layer Two tunneling protocol (L2TP)
L2TP was the original competitor to PPTP and wasimplemented primarily in Cisco products
L2TP is a combination of the best features of an olderprotocol L2F and PPTP
L2TP exists at the datalink layer (Layer 2) of the OSImodel
-
7/31/2019 Virtual Private Networks Updated
13/33
Internet Protocol Security Protocol (IPSec) providesenhanced security features such as better encryptionalgorithms and more comprehensive authentication.
IPSec has two encryption modes: tunnel and transport.Tunnel encrypts the header and the payload of each
packet while transport only encrypts the payload. Onlysystems that are IPSec compliant can take advantage ofthis protocol.
IPSec can encrypt data between various devices, such as:
Router to routerFirewall to router
PC to router
PC to server
VPN Protocols (continued)
-
7/31/2019 Virtual Private Networks Updated
14/33
VPN Tunneling
VPN Tunneling supports two types: voluntary tunneling and
compulsory tunneling
Voluntary tunneling is where the VPN client manages the connection
setup.
Compulsory tunneling is where the carrier network provider managesthe VPN connection setup.
-
7/31/2019 Virtual Private Networks Updated
15/33
Tunneling
Most VPNs rely on tunneling to create a privatenetwork that reaches across the Internet. Essentially,tunneling is the process of placing an entire packetwithin another packet and sending it over a network.
Tunneling requires three different protocols:
Passenger protocol - The original data (IPX, IP)being carried
Encapsulating protocol - The protocol (GRE, IPSec,
L2F, PPTP, L2TP) that is wrapped around theoriginal data
Carrier protocol - The protocol used by the networkthat the information is traveling over
-
7/31/2019 Virtual Private Networks Updated
16/33
VPN Packet Transmission
Packets are first encrypted before sent out for
transmission over the Internet. The encrypted
packet is placed inside an unencrypted packet. The
unencrypted outer packet is read by the routingequipment so that it may be properly routed to its
destination
Once the packet reaches its destination, the outer
packet is stripped off and the inner packet is
decrypted
-
7/31/2019 Virtual Private Networks Updated
17/33
VPN Security: Firewalls
A well-designed VPN uses several methods forkeeping your connection and data secure:
Firewalls
Encryption
IPSec AAA Server
You can set firewalls to restrict the number of open
ports, what type of packets are passed through andwhich protocols are allowed through.
-
7/31/2019 Virtual Private Networks Updated
18/33
Some VPN products,such as Cisco 1700
routers, can beupgraded to includefirewall capabilities byrunning the appropriateCisco IOS on them.
Cisco 1700 Series Routers
-
7/31/2019 Virtual Private Networks Updated
19/33
VPN Concentrator
Incorporating the mostadvanced encryption andauthentication techniquesavailable, Cisco VPN
concentrators are builtspecifically for creating aremote-access VPN.
The concentrators are offered inmodels suitable for everything
from small businesses with upto 100 remote-access users tolarge organizations with up to10,000 simultaneous remoteusers.
-
7/31/2019 Virtual Private Networks Updated
20/33
Advantages of VPNs
There are two main advantages
of VPNs, namely cost savings
and scalability
VPNs lower costs byeliminating the need for
expensive long-distance leased
lines. A local leased line or even
a broadband connection is all
thats needed to connect to the
Internet and utilize the public
network to securely tunnel a
private connection
-
7/31/2019 Virtual Private Networks Updated
21/33
Advantages of VPNs (continued)
As the number of company branches grows,
purchasing additional leased-lines increases
cost exponentially, which is why VPNs
offer even greater cost savings when
scalability is an issue
VPNs may also be used to span globally,
which lowers cost even more when
compared to traditional leased lines
-
7/31/2019 Virtual Private Networks Updated
22/33
Disadvantages of VPNs
Because the connection travels over publiclines, a strong understanding of networksecurity issues and proper precautions
before VPN deployment are necessary VPN connection stability is mainly in
control of the Internet stability, factorsoutside an organizations control
Differing VPN technologies may not worktogether due to immature standards
-
7/31/2019 Virtual Private Networks Updated
23/33
VPN Connection in XP
-
7/31/2019 Virtual Private Networks Updated
24/33
-
7/31/2019 Virtual Private Networks Updated
25/33
-
7/31/2019 Virtual Private Networks Updated
26/33
-
7/31/2019 Virtual Private Networks Updated
27/33
-
7/31/2019 Virtual Private Networks Updated
28/33
-
7/31/2019 Virtual Private Networks Updated
29/33
-
7/31/2019 Virtual Private Networks Updated
30/33
-
7/31/2019 Virtual Private Networks Updated
31/33
Summary
A virtual private network (VPN) is a network that
uses public means of transmission (Internet) as itsWAN link, connecting clients who aregeographically separated through secure tunnelingmethods
Main VPN protocols include PPTP, L2TP, andIPsec
VPN Tunneling supports two types: voluntarytunneling and compulsory tunneling
Cost and Scalability are the main advantages of aVPN
Network security and Internet stability are the
main concerns for VPNs
-
7/31/2019 Virtual Private Networks Updated
32/33
Resources Used
http://vpn.shmoo.com/
http://www.uwsp.edu/it/vpn/
http://info.lib.uh.edu/services/vpn.html http://www.cites.uiuc.edu/vpn/
http://www.positivenetworks.net/images/cli
ent-uploads/jumppage2.htm
http://vpn.shmoo.com/http://www.uwsp.edu/it/vpn/http://info.lib.uh.edu/services/vpn.htmlhttp://www.cites.uiuc.edu/vpn/http://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.positivenetworks.net/images/client-uploads/jumppage2.htmhttp://www.cites.uiuc.edu/vpn/http://info.lib.uh.edu/services/vpn.htmlhttp://www.uwsp.edu/it/vpn/http://vpn.shmoo.com/ -
7/31/2019 Virtual Private Networks Updated
33/33
The End
Thank you all for your time. We hope you
found this presentation informative.