Embed Size (px)
Citation preview
Virtual Private Network
(VPN)
Virtual Private Network
(VPN)
--22--
Topics DiscussionTopics DiscussionWhat is a VPN?What is a VPN?
Types of VPNTypes of VPN Why we use VPN?Why we use VPN? Disadvantage of VPNDisadvantage of VPN Types of VPN protocolsTypes of VPN protocols EncryptionEncryption
--33--
What is a VPN?What is a VPN? A VPN is A network A VPN is A network
that uses Internet or that uses Internet or other network service other network service to transmit data to transmit data securely.securely.
A VPN includes A VPN includes authentication and authentication and encryption to protect encryption to protect data integrity and data integrity and confidentialityconfidentiality
VPN
VPN
InternetInternet
--44--
Types of VPNTypes of VPN Remote Access VPNRemote Access VPN
Provides access to Provides access to internal corporate internal corporate network over the network over the Internet.Internet.
Reduces long Reduces long distance, modem distance, modem bank, and technical bank, and technical support costs.support costs.
InternetInternet
CorporateSite
--55--
Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN
Site-to-Site VPNSite-to-Site VPN Connects multiple Connects multiple
offices over Internetoffices over Internet Reduces Reduces
dependencies on dependencies on frame relay and frame relay and leased linesleased lines
InternetInternet
BranchOffice
CorporateSite
--66--
Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN Site-to-Site VPNSite-to-Site VPN
Extranet VPNExtranet VPN Provides business Provides business
partners access to partners access to critical information critical information (leads, sales tools, (leads, sales tools, etc)etc)
Reduces transaction Reduces transaction and operational costsand operational costs
CorporateSite
InternetInternet
Partner #1
Partner #2
--77--
Types of VPNTypes of VPN Remote Access VPNRemote Access VPN Site-to-Site VPNSite-to-Site VPN
Extranet VPNExtranet VPN Intranet VPN:Intranet VPN:
Links corporate Links corporate headquarters, remote headquarters, remote offices, and branch offices, and branch offices over a shared offices over a shared infrastructure using infrastructure using dedicated connections.dedicated connections.
InternetInternet
LAN clients
Database Server
LAN clients with sensitive data
--88--
Why Use Virtual Private Networks?
Why Use Virtual Private Networks?
More flexibilityMore flexibility
Use multiple connection types (cable, DSL, Use multiple connection types (cable, DSL, T1, T3)T1, T3)
Secure and low-cost way to link Secure and low-cost way to link
Ubiquitous ISP servicesUbiquitous ISP services
Easier E-commerceEasier E-commerce
--99--
Why Use Virtual Private Networks?
Why Use Virtual Private Networks?
More flexibilityMore flexibilityMore scalabilityMore scalability
Add new sites, users quicklyAdd new sites, users quickly Scale bandwidth to meet demandScale bandwidth to meet demand
--1010--
Why Use Virtual Private Networks?
Why Use Virtual Private Networks?
More flexibilityMore flexibilityMore scalabilityMore scalabilityLower costsLower costs
Reduced frame relay/leased line costsReduced frame relay/leased line costs Reduced long distanceReduced long distance Reduced equipment costs (modem Reduced equipment costs (modem
banks,CSU/DSUs)banks,CSU/DSUs) Reduced technical training and supportReduced technical training and support
--1111--
Disadvantages of VPNDisadvantages of VPNLower bandwidth available compared Lower bandwidth available compared
to dial-in lineto dial-in line Inconsistent remote access Inconsistent remote access
performance due to changes in performance due to changes in Internet connectivity Internet connectivity
No entrance into the network if the No entrance into the network if the Internet connection is broken Internet connection is broken
--1212--
Point-to-Point Tunneling Protocol (PPTP)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 remote access VPN distributed with Windows product Layer 2 remote access VPN distributed with Windows product familyfamily
Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 ProtocolsAllows multiple Layer 3 Protocols
Uses proprietary authentication and encryptionUses proprietary authentication and encryption Limited user management and scalabilityLimited user management and scalability
Used MPPE encryption methodUsed MPPE encryption method
Internet
Remote PPTP Client
ISP Remote AccessSwitch
PPTP RAS Server
Corporate Network
--1313--
Layer 2 Tunneling Protocol (L2TP)
Layer 2 Tunneling Protocol (L2TP)
Layer 2 remote access VPN protocolLayer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco Combines and extends PPTP and L2F (Cisco
supported protocol)supported protocol) Weak authentication and encryptionWeak authentication and encryption Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP) Must be combined with IPSec for enterprise-level Must be combined with IPSec for enterprise-level
securitysecurity
Internet
Remote L2TP Client
ISP L2TP Concentrator
L2TP Server
Corporate Network
--1414--
Internet Protocol Security (IPSec)
Internet Protocol Security (IPSec)
Layer 3 protocol for remote access, Layer 3 protocol for remote access, intranet, and extranet VPNsintranet, and extranet VPNs Internet standard for VPNsInternet standard for VPNs Provides flexible encryption and message Provides flexible encryption and message
authentication/integrityauthentication/integrity
--1515--
EncryptionEncryptionUsed to convert data to a secret code Used to convert data to a secret code
for transmission over an trusted networkfor transmission over an trusted network
EncryptionAlgorithm
“The cow jumped over the moon”
“4hsd4e3mjvd3sda1d38esdf2w4d”
Clear TextClear Text Encrypted TextEncrypted Text
--1616--
Symmetric EncryptionSymmetric Encryption Same key used to encrypt and decrypt messageSame key used to encrypt and decrypt message Faster than asymmetric encryptionFaster than asymmetric encryption Used by IPSec to encrypt actual message dataUsed by IPSec to encrypt actual message data Examples: DES, 3DES, RC5Examples: DES, 3DES, RC5
Shared Secret KeyShared Secret Key
--1717--
Asymmetric EncryptionAsymmetric Encryption Different keys used to encrypt and decrypt Different keys used to encrypt and decrypt
message (One public, one private)message (One public, one private) Provides non-repudiation of message or Provides non-repudiation of message or
message integritymessage integrity Examples include RSA, DSA, SHA-1, MD-5Examples include RSA, DSA, SHA-1, MD-5
Alice Public KeyAlice Public KeyEncryptEncrypt
Alice Private KeyAlice Private KeyDecryptDecrypt
AsifAsif NaeemNaeem
--1818--
Industries That May Use a VPNIndustries That May Use a VPN Healthcare: : enables the transferring of confidential enables the transferring of confidential
patient information within the medical facilities & patient information within the medical facilities & health care providerhealth care provider
Manufacturing:: allow suppliers to view inventory & allow suppliers to view inventory & allow clients to purchase online safelyallow clients to purchase online safely
Retail:: able to securely transfer sales data or able to securely transfer sales data or customer info between stores & the headquarterscustomer info between stores & the headquarters
Banking/Financial:: enables account information to enables account information to be transferred safely within departments & branchesbe transferred safely within departments & branches
General Business:: communication between remote communication between remote employees can be securely exchangedemployees can be securely exchanged
--1919--
Some Businesses using a VPNSome Businesses using a VPN
CVS Pharmaceutical Corporation CVS Pharmaceutical Corporation upgraded their frame relay network to upgraded their frame relay network to an IP VPNan IP VPN
Bacardi & Co. Implemented a 21-Bacardi & Co. Implemented a 21-country, 44-location VPNcountry, 44-location VPN
