VIRTUAL PRIVATE VIRTUAL PRIVATE NETWORKS (VPN)NETWORKS (VPN)
By By s k satapathys k satapathy
clicktechsolution.comclicktechsolution.com
Traditional Connectivity Traditional Connectivity
[From Gartner Consulting][From Gartner Consulting]clicktechsolution.comclicktechsolution.com
What is VPN?What is VPN?Virtual Private Network is a type of private Virtual Private Network is a type of private
network that uses public telecommunication, network that uses public telecommunication, such as the Internet, instead of leased lines to such as the Internet, instead of leased lines to communicate.communicate.
Became popular as more employees worked in Became popular as more employees worked in remote locations.remote locations.
Terminologies to understand how VPNs work.Terminologies to understand how VPNs work.
clicktechsolution.comclicktechsolution.com
Private Networks Private Networks vs. vs.
Virtual Private NetworksVirtual Private NetworksEmployees can access the network (Intranet) from remote Employees can access the network (Intranet) from remote
locations.locations.
Secured networks.Secured networks.
The Internet is used as the backbone for VPNsThe Internet is used as the backbone for VPNs
Saves cost tremendously from reduction of equipment Saves cost tremendously from reduction of equipment and maintenance costs.and maintenance costs.
ScalabilityScalabilityclicktechsolution.comclicktechsolution.com
Remote Access Virtual Private Remote Access Virtual Private NetworkNetwork
(From Gartner Consulting) clicktechsolution.comclicktechsolution.com
Brief Overview of How it WorksBrief Overview of How it Works
Two connections – one is made to the Two connections – one is made to the Internet and the second is made to the Internet and the second is made to the VPN.VPN.
Datagrams – contains data, destination Datagrams – contains data, destination and source information.and source information.
Firewalls – VPNs allow authorized users Firewalls – VPNs allow authorized users to pass through the firewalls.to pass through the firewalls.
Protocols – protocols create the VPN Protocols – protocols create the VPN tunnels.tunnels.
clicktechsolution.comclicktechsolution.com
Four Critical FunctionsFour Critical FunctionsAuthenticationAuthentication – validates that the data was – validates that the data was
sent from the sender.sent from the sender.Access controlAccess control – limiting unauthorized users – limiting unauthorized users
from accessing the network.from accessing the network.ConfidentialityConfidentiality – preventing the data to be – preventing the data to be
read or copied as the data is being read or copied as the data is being transported.transported.
Data IntegrityData Integrity – ensuring that the data has – ensuring that the data has not been altered not been altered
clicktechsolution.comclicktechsolution.com
EncryptionEncryptionEncryption -- is a method of “scrambling” Encryption -- is a method of “scrambling”
data before transmitting it onto the data before transmitting it onto the Internet.Internet.
Public Key Encryption TechniquePublic Key Encryption Technique
Digital signature – for authenticationDigital signature – for authentication
clicktechsolution.comclicktechsolution.com
TunnelingTunneling
A virtual point-to-point connectionA virtual point-to-point connectionmade through a public network. It transportsmade through a public network. It transportsencapsulated datagrams.encapsulated datagrams.
Encrypted Inner Datagram
Datagram Header Outer Datagram Data Area
Original Datagram
Data Encapsulation [From Comer]
Two types of end points: Remote Access Site-to-Site
clicktechsolution.comclicktechsolution.com
Four Protocols used in VPNFour Protocols used in VPNPPTP -- Point-to-Point Tunneling ProtocolPPTP -- Point-to-Point Tunneling Protocol
L2TP -- Layer 2 Tunneling ProtocolL2TP -- Layer 2 Tunneling Protocol
IPsec -- Internet Protocol SecurityIPsec -- Internet Protocol Security
SOCKS – is not used as much as the SOCKS – is not used as much as the ones above ones above
clicktechsolution.comclicktechsolution.com
VPN Encapsulation of PacketsVPN Encapsulation of Packets
clicktechsolution.comclicktechsolution.com
Types of ImplementationsTypes of ImplementationsWhat does “implementation” mean in What does “implementation” mean in
VPNs?VPNs?
3 types3 typesIntranet – Within an organizationIntranet – Within an organizationExtranet – Outside an organizationExtranet – Outside an organizationRemote Access – Employee to BusinessRemote Access – Employee to Business
clicktechsolution.comclicktechsolution.com
Virtual Private Networks (VPN)Basic Architecture
clicktechsolution.comclicktechsolution.com
Device TypesDevice Types
What it meansWhat it means
3 types3 types HardwareHardware FirewallFirewall SoftwareSoftware
clicktechsolution.comclicktechsolution.com
Device Types: HardwareDevice Types: Hardware
Usually a VPN type of routerUsually a VPN type of router
Pros
• Highest network throughput
• Plug and Play
• Dual-purpose
Cons
• Cost
• Lack of flexibility
clicktechsolution.comclicktechsolution.com
Device Types: FirewallDevice Types: Firewall
More security?More security?
Pros
• “Harden” Operating System
• Tri-purpose
• Cost-effective
Cons
• Still relatively costly
clicktechsolution.comclicktechsolution.com
Device Types: SoftwareDevice Types: Software
Ideal for 2 end points not in same org.Ideal for 2 end points not in same org. Great when different firewalls implementedGreat when different firewalls implemented
Pros
• Flexible
• Low relative cost
Cons
• Lack of efficiency
• More labor training required
• Lower productivity; higher labor costs clicktechsolution.comclicktechsolution.com
Advantages Advantages VS.VS.
DisadvantagesDisadvantages
clicktechsolution.comclicktechsolution.com
Eliminating the need for expensive long-distance Eliminating the need for expensive long-distance leased lines leased lines
Reducing the long-distance telephone charges Reducing the long-distance telephone charges for remote access. for remote access.
Transferring the support burden to the service Transferring the support burden to the service providers providers
Operational costsOperational costs
Cisco VPN Savings Calculator
Advantages: Cost SavingsAdvantages: Cost Savings
clicktechsolution.comclicktechsolution.com
Flexibility of growth Flexibility of growth
Efficiency with broadband technology Efficiency with broadband technology
Advantages: ScalabilityAdvantages: Scalability
clicktechsolution.comclicktechsolution.com
VPNs require an in-depth understanding of VPNs require an in-depth understanding of public network security issues and proper public network security issues and proper deployment of precautionsdeployment of precautions
Availability and performance depends on factors Availability and performance depends on factors largely outside of their control largely outside of their control
Immature standards Immature standards
VPNs need to accommodate protocols other VPNs need to accommodate protocols other than IP and existing internal network technology than IP and existing internal network technology
DisadvantagesDisadvantages
clicktechsolution.comclicktechsolution.com
Applications: Site-to-Site VPNsApplications: Site-to-Site VPNs
Large-scale encryption between multiple Large-scale encryption between multiple fixed sites such as remote offices and fixed sites such as remote offices and central offices central offices
Network traffic is sent over the branch Network traffic is sent over the branch office Internet connectionoffice Internet connection
This saves the company hardware and This saves the company hardware and management expensesmanagement expenses
clicktechsolution.comclicktechsolution.com
Site-to-Site VPNsSite-to-Site VPNs
clicktechsolution.comclicktechsolution.com
Applications: Remote AccessApplications: Remote AccessEncrypted connections between mobile or Encrypted connections between mobile or
remote users and their corporate networksremote users and their corporate networksRemote user can make a local call to an ISP, as Remote user can make a local call to an ISP, as
opposed to a long distance call to the corporate opposed to a long distance call to the corporate remote access server. remote access server.
Ideal for a telecommuter or mobile sales people. Ideal for a telecommuter or mobile sales people. VPN allows mobile workers & telecommuters to VPN allows mobile workers & telecommuters to
take advantage of broadband connectivity. take advantage of broadband connectivity. i.e. DSL, Cable i.e. DSL, Cable
clicktechsolution.comclicktechsolution.com
Industries That May Use a VPNIndustries That May Use a VPNHealthcare: Healthcare: enables the transferring of confidential patient information enables the transferring of confidential patient information
within the medical facilities & health care providerwithin the medical facilities & health care provider
ManufacturingManufacturing: allow suppliers to view inventory & allow clients to purchase : allow suppliers to view inventory & allow clients to purchase online safelyonline safely
Retail:Retail: able to securely transfer sales data or customer info between stores able to securely transfer sales data or customer info between stores & the headquarters& the headquarters
Banking/Financial:Banking/Financial: enables account information to be transferred safely enables account information to be transferred safely within departments & brancheswithin departments & branches
General Business:General Business: communication between remote employees can be communication between remote employees can be securely exchangedsecurely exchanged
clicktechsolution.comclicktechsolution.com
Statistics From Gartner-Statistics From Gartner-Consulting*Consulting*
50%
63%
79%
90%
0% 20% 40% 60% 80% 100%
Access to network forbusiness
partners/customers
Site-to-site connectivitybetween offices
Remote access foremployees while
traveling
Remote access foremployees working out
of homes
% of Respondents
Percentages
*Source: www.cisco.com clicktechsolution.comclicktechsolution.com
Some Businesses using a VPNSome Businesses using a VPN
CVS Pharmaceutical Corporation upgraded their CVS Pharmaceutical Corporation upgraded their frame relay network to an IP VPNframe relay network to an IP VPN
ITW Foilmark secured remote location orders, ITW Foilmark secured remote location orders, running reports, & internet/intranet running reports, & internet/intranet communications w/ a 168-bit encryption by communications w/ a 168-bit encryption by switching to OpenReach VPNswitching to OpenReach VPN
Bacardi & Co. Implemented a 21-country, 44-Bacardi & Co. Implemented a 21-country, 44-location VPNlocation VPN
clicktechsolution.comclicktechsolution.com
Where Do We See VPNs Where Do We See VPNs Going in the Future?Going in the Future?
VPNs are continually being enhanced. VPNs are continually being enhanced. Example:Example: Equant NV Equant NV
As the VPN market becomes larger, more As the VPN market becomes larger, more applications will be created along with applications will be created along with more VPN providers and new VPN types.more VPN providers and new VPN types.Networks are expected to converge to Networks are expected to converge to create an integrated VPNcreate an integrated VPNImproved protocols are expected, which Improved protocols are expected, which will also improve VPNs.will also improve VPNs.clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
VPN stands for…a) Virtual Public Network b) Virtual Private Network
c) Virtual Protocol Network d) Virtual Perimeter Network
Q.1Q.1
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
A.1A.1
b) Virtual Private Network VPN stands for…
VPN stands for "Virtual Private Network" or "Virtual Private Networking." A VPN is a private network in the sense that it carries controlled information, protected by various security mechanisms, between known parties. VPNs are only "virtually" private, however, because this data actually travels over shared public networks instead of fully dedicated private connections.
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
What are the acronyms for the 3 most common VPN protocols?
Q.2Q.2
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
A.2A.2
• PPTP• L2TP• IPsec
3 most common VPN protocols are…
PPTP, IPsec, and L2TP are three of today's most popular VPN tunneling protocols. Each one of these is capable of supporting a secure VPN connection.
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
What does PPTP stand for?
Q.3Q.3
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
A.3A.3
PPTP = Point-to-Point Tunneling Protocol !
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
What is the main benefit of VPNs compared to dedicated networks utilizing frame relay, leased lines, and traditional dial-up?
Q.4Q.4
a) better network performance b) less downtime on average
c) reduced cost d) improved security
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
A.4A.4
c) reduced costThe main benefit of VPNs is…
The main benefit of a VPN is the potential for significant cost savings compared to traditional leased lines or dial up networking. These savings come with a certain amount of risk, however, particularly when using the public Internet as the delivery mechanism for VPN data.
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
In VPNs, the term "tunneling" refers to
Q.5Q.5
a) an optional feature that increases network performance if it is turned on
b) the encapsulation of packets inside packets of a different protocol to create and maintain the virtual circuit
c) the method a system administrator uses to detect hackers on the network
d) a marketing strategy that involves selling VPN products for very low prices in return for expensive service contracts
clicktechsolution.comclicktechsolution.com
Pop Quiz!Pop Quiz!
A.5A.5
b) the encapsulation of packets inside packets of a different protocol to create and maintain the virtual circuit
In VPNs, the term "tunneling" refers to…
clicktechsolution.comclicktechsolution.com
Top Related