Document 7197098
Download
Report
Transcript Document 7197098
Virtual Private Networks
(VPN’s)
By: Agasi Aslanyan
Joel Almasol
Joe Nghe
Michael Wong
CIS 484
May 20, 2004
Table Of Contents
VPN Introduction – What is VPN and who uses it?
3 Types of VPN’s
VPN Protocols
VPN Tunneling
VPN Packet Transmission
VPN Security: Firewalls
VPN Devices
VPN Advantages/Disadvantages
VPN Connections in Windows XP
Summary/Conclusion
What is a VPN?
A virtual private
network (VPN) is a
network that uses
public means of
transmission (Internet)
as its WAN link
What is a VPN? (Cont.)
A VPN can be created by connecting offices
and single users (including mobile users) to
the nearest service providers POP (Point of
Presence) and using that service provider’s
backbone network, or even the Internet, as
the tunnel between offices
Traffic that flows through the backbone is
encrypted to prevent intruders from spying
or intercepting the data
What is a VPN? (Cont.)
Who uses VPN’s?
VPN’s can be found in homes, workplaces, or
anywhere else as long as an ISP (Internet Service
Provider) is available.
VPN’s allow company employees who travel often
or who are outside their company headquarters to
safely and securely connect to their company’s
Intranet
3 Types of VPN
Remote-Access VPN
Site-to-Site VPN (Intranet-based)
Site-to-Site VPN (Extranet-based)
Remote-Access VPN
Remote-access, also called a virtual private dialup network (VPDN), is a user-to-LAN
connection used by a company that has employees
who need to connect to the private network from
various remote locations.
A good example of a company that needs a
remote-access VPN would be a large firm with
hundreds of sales people in the field.
Remote-access VPNs permit secure, encrypted
connections between a company's private network
and remote users through a third-party service
provider.
Site-to-Site VPN
Intranet-based - If a company has one or more
remote locations that they wish to join in a single
private network, they can create an intranet VPN
to connect LAN to LAN.
Extranet-based - When a company has a close
relationship with another company (for example, a
partner, supplier or customer), they can build an
extranet VPN that connects LAN to LAN, and that
allows all of the various companies to work in a
shared environment.
All 3 types of VPN
VPN Protocols
There are three main
protocols that power the
vast majority of VPN’s:
– PPTP
– L2TP
– IPsec
All three protocols
emphasize encryption and
authentication; preserving
data integrity that may be
sensitive and allowing
clients/servers to establish
an identity on the network
VPN Protocols (In depth)
Point-to-point tunneling protocol (PPTP)
– PPTP is widely supported by Microsoft as it is built into
the various flavors of the Windows OS
– PPTP initially had weak security features, however,
Microsoft continues to improve its support
Layer Two tunneling protocol (L2TP)
– L2TP was the original competitor to PPTP and was
implemented primarily in Cisco products
– L2TP is a combination of the best features of an older
protocol L2F and PPTP
– L2TP exists at the datalink layer (Layer 2) of the OSI
model
VPN Protocols (continued)
Internet Protocol Security Protocol (IPSec) provides
enhanced security features such as better encryption
algorithms and more comprehensive authentication.
IPSec has two encryption modes: tunnel and transport.
Tunnel encrypts the header and the payload of each
packet while transport only encrypts the payload. Only
systems that are IPSec compliant can take advantage of
this protocol.
IPSec can encrypt data between various devices, such as:
– Router to router
– Firewall to router
– PC to router
– PC to server
VPN Tunneling
VPN Tunneling supports two types: voluntary tunneling and
compulsory tunneling
Voluntary tunneling is where the VPN client manages the connection
setup.
Compulsory tunneling is where the carrier network provider manages
the VPN connection setup.
Tunneling
Most VPNs rely on tunneling to create a private
network that reaches across the Internet. Essentially,
tunneling is the process of placing an entire packet
within another packet and sending it over a network.
Tunneling requires three different protocols:
Passenger protocol - The original data (IPX, IP)
being carried
Encapsulating protocol - The protocol (GRE, IPSec,
L2F, PPTP, L2TP) that is wrapped around the original
data
Carrier protocol - The protocol used by the network
that the information is traveling over
VPN Packet Transmission
Packets are first encrypted before sent out for
transmission over the Internet. The encrypted
packet is placed inside an unencrypted packet. The
unencrypted outer packet is read by the routing
equipment so that it may be properly routed to its
destination
Once the packet reaches its destination, the outer
packet is stripped off and the inner packet is
decrypted
VPN Security: Firewalls
A well-designed VPN uses several methods for
keeping your connection and data secure:
Firewalls
Encryption
IPSec
AAA Server
You can set firewalls to restrict the number of open
ports, what type of packets are passed through and
which protocols are allowed through.
Cisco 1700 Series Routers
Some VPN products,
such as Cisco 1700
routers, can be
upgraded to include
firewall capabilities by
running the appropriate
Cisco IOS on them.
VPN Concentrator
Incorporating the most
advanced encryption and
authentication techniques
available, Cisco VPN
concentrators are built
specifically for creating a
remote-access VPN.
The concentrators are offered in
models suitable for everything
from small businesses with up
to 100 remote-access users to
large organizations with up to
10,000 simultaneous remote
users.
Advantages of VPN’s
There are two main advantages
of VPN’s, namely cost savings
and scalability
VPN’s lower costs by
eliminating the need for
expensive long-distance leased
lines. A local leased line or even
a broadband connection is all
that’s needed to connect to the
Internet and utilize the public
network to securely tunnel a
private connection
Advantages of VPN’s (continued)
As the number of company branches grows,
purchasing additional leased-lines increases
cost exponentially, which is why VPN’s
offer even greater cost savings when
scalability is an issue
VPN’s may also be used to span globally,
which lowers cost even more when
compared to traditional leased lines
Disadvantages of VPN’s
Because the connection travels over public
lines, a strong understanding of network
security issues and proper precautions
before VPN deployment are necessary
VPN connection stability is mainly in
control of the Internet stability, factors
outside an organizations control
Differing VPN technologies may not work
together due to immature standards
VPN Connection in XP
Summary
A virtual private network (VPN) is a network that
uses public means of transmission (Internet) as its
WAN link, connecting clients who are
geographically separated through secure tunneling
methods
Main VPN protocols include PPTP, L2TP, and
IPsec
VPN Tunneling supports two types: voluntary
tunneling and compulsory tunneling
Cost and Scalability are the main advantages of a
VPN
Network security and Internet stability are the
main concerns for VPN’s
Resources Used
http://vpn.shmoo.com/
http://www.uwsp.edu/it/vpn/
http://info.lib.uh.edu/services/vpn.html
http://www.cites.uiuc.edu/vpn/
http://www.positivenetworks.net/images/cli
ent-uploads/jumppage2.htm
The End
Thank you all for your time. We hope you
found this presentation informative.