Virtual Private Networks Updatedppt4398

7/23/2019 Virtual Private Networks Updatedppt4398

http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 1/33

Virtual Private NetworksVirtual Private Networks

(VPN’s)(VPN’s)

By: Agasi AslanyanBy: Agasi AslanyanJoel AlmasolJoel Almasol

Joe NgheJoe Nghe

Michael WongMichael Wong

!" #$#!" #$#

May %&' %&&#Ma

y %&' %&&#



ale *+ ontentsale *+ ontents VPN !ntro,uction - What is VPN an, who uses it.VPN !ntro,uction - What is VPN an, who uses it.

/ y0es o+ VPN’s/ y0es o+ VPN’s

VPN ProtocolsVPN Protocols

VPN unnelingVPN unneling

VPN Packet ransmissionVPN Packet ransmission

VPN "ecurity: 1irewallsVPN "ecurity: 1irewalls

VPN 2evicesVPN 2evices

VPN A,vantages32isa,vantagesVPN A,vantages32isa,vantages

VPN onnections in Win,ows 4PVPN onnections in Win,ows 4P

"ummary3onclusion"ummary3onclusion



What is a VPN.What is a VPN.

A virtual 0rivateA virtual 0rivate

network (VPN) is anetwork (VPN) is anetwork that usesnetwork that uses

0ulic means o+ 0ulic means o+

transmission (!nternet)transmission (!nternet)

as its WAN link as its WAN link



What is a VPN. (ont5)What is a VPN. (ont5)

A VPN can e create, y connecting o++icesA VPN can e create, y connecting o++ices

an, single users (inclu,ing moile users) toan, single users (inclu,ing moile users) to

the nearest service 0rovi,ers P*P (Point o+the nearest service 0rovi,ers P*P (Point o+

Presence) an, using that service 0rovi,er’sPresence) an, using that service 0rovi,er’s

ackone network' or even the !nternet' as ackone network' or even the !nternet' as

the tunnel etween o++icesthe tunnel etween o++ices

ra++ic that +lows through the ackone isra++ic that +lows through the ackone is

encry0te, to 0revent intru,ers +rom s0yingencry0te, to 0revent intru,ers +rom s0ying

or interce0ting the ,ataor interce0ting the ,ata



What is a VPN. (ont5)What is a VPN. (ont5)



Who uses VPN’s.Who uses VPN’s.

VPN’s can e +oun, in homes' work0laces' orVPN’s can e +oun, in homes' work0laces' or

anywhere else as long as an !"P (!nternet "erviceanywhere else as long as an !"P (!nternet "ervice

Provi,er) is availale5Provi,er) is availale5

VPN’s allow com0any em0loyees who travel o+tenVPN’s allow com0any em0loyees who travel o+ten

or who are outsi,e their com0any hea,6uarters toor who are outsi,e their com0any hea,6uarters to

sa+ely an, securely connect to their com0any’ssa+ely an, securely connect to their com0any’s

!ntranet!ntranet



/ y0es o+ VPN/ y0es o+ VPN

7emote8Access VPN7emote8Access VPN

"ite8to8"ite VPN ("ite8to8"ite VPN (Intranet-basedIntranet-based))

"ite8to8"ite VPN ("ite8to8"ite VPN (Extranet-basedExtranet-based))



7emote8Access VPN7emote8Access VPN

Remote-accessRemote-access ' also calle, a' also calle, a virtual private dial-upvirtual private dial-upnetwork network ((VPDNVPDN)' is a user8to89AN connection use,)' is a user8to89AN connection use, y a com0any that has em0loyees who nee, to connect y a com0any that has em0loyees who nee, to connectto the 0rivate network +rom various remote locations5to the 0rivate network +rom various remote locations5

A goo, eam0le o+ a com0any that nee,s a remote8A goo, eam0le o+ a com0any that nee,s a remote8access VPN woul, e a large +irm with hun,re,s o+access VPN woul, e a large +irm with hun,re,s o+sales 0eo0le in the +iel,5sales 0eo0le in the +iel,5

7emote8access VPNs 0ermit secure' encry0te,7emote8access VPNs 0ermit secure' encry0te,connections etween a com0any;s 0rivate network an,connections etween a com0any;s 0rivate network an,remote users through a thir,80arty service 0rovi,er5remote users through a thir,80arty service 0rovi,er5



"ite8to8"ite VPN"ite8to8"ite VPN

Intranet-basedIntranet-based 8 !+ a com0any has one or more8 !+ a com0any has one or more

remote locations that they wish to <oin in a singleremote locations that they wish to <oin in a single

0rivate network' they can create an intranet VPN 0rivate network' they can create an intranet VPN

to connect 9AN to 9AN5to connect 9AN to 9AN5 Extranet-basedExtranet-based 8 When a com0any has a close8 When a com0any has a close

relationshi0 with another com0any (+or eam0le' arelationshi0 with another com0any (+or eam0le' a

0artner' su00lier or customer)' they can uil, an 0artner' su00lier or customer)' they can uil, an

etranet VPN that connects 9AN to 9AN' an, thatetranet VPN that connects 9AN to 9AN' an, that

allows all o+ the various com0anies to work in aallows all o+ the various com0anies to work in a

share, environment5share, environment5



All / ty0es o+ VPNAll / ty0es o+ VPN



VPN ProtocolsVPN Protocols

here are three mainhere are three main 0rotocols that 0ower the 0rotocols that 0ower thevast ma<ority o+ VPN’s:vast ma<ority o+ VPN’s:

- PPPPPP

- 9%P9%P

- !Psec!Psec All three 0rotocolsAll three 0rotocols

em0hasi=e encry0tion an,em0hasi=e encry0tion an,authentication> 0reservingauthentication> 0reserving,ata integrity that may e,ata integrity that may esensitive an, allowingsensitive an, allowingclients3servers to estalishclients3servers to estalish

an i,entity on the network an i,entity on the network



VPN Protocols (!n ,e0th)VPN Protocols (!n ,e0th)

Point8to80oint tunneling 0rotocol (PPP)Point8to80oint tunneling 0rotocol (PPP) - PPP is wi,ely su00orte, y Microso+t as it is uiltPPP is wi,ely su00orte, y Microso+t as it is uilt

into the various +lavors o+ the Win,ows *"into the various +lavors o+ the Win,ows *"

- PPP initially ha, weak security +eatures' however'PPP initially ha, weak security +eatures' however'

Microso+t continues to im0rove its su00ortMicroso+t continues to im0rove its su00ort 9ayer wo tunneling 0rotocol (9%P)9ayer wo tunneling 0rotocol (9%P)

- 9%P was the original com0etitor to PPP an, was9%P was the original com0etitor to PPP an, wasim0lemente, 0rimarily in isco 0ro,uctsim0lemente, 0rimarily in isco 0ro,ucts

- 9%P is a comination o+ the est +eatures o+ an ol,er9%P is a comination o+ the est +eatures o+ an ol,er 0rotocol 9%1 an, PPP 0rotocol 9%1 an, PPP

- 9%P eists at the ,atalink layer (9ayer %) o+ the *"!9%P eists at the ,atalink layer (9ayer %) o+ the *"!mo,elmo,el



!nternet Protocol "ecurity Protocol (!P"ec) 0rovi,es!nternet Protocol "ecurity Protocol (!P"ec) 0rovi,esenhance, security +eatures such as etter encry0tionenhance, security +eatures such as etter encry0tionalgorithms an, more com0rehensive authentication5algorithms an, more com0rehensive authentication5

!P"ec has two encry0tion mo,es:!P"ec has two encry0tion mo,es: tunneltunnel an,an, transporttransport55unnel encry0ts the hea,er an, the 0ayloa, o+ eachunnel encry0ts the hea,er an, the 0ayloa, o+ each

0acket while trans0ort only encry0ts the 0ayloa,5 *nly 0acket while trans0ort only encry0ts the 0ayloa,5 *nlysystems that are !P"ec com0liant can take a,vantage o+systems that are !P"ec com0liant can take a,vantage o+this 0rotocol5this 0rotocol5

!P"ec can encry0t ,ata etween various ,evices' such as:!P"ec can encry0t ,ata etween various ,evices' such as:

- 7outer to router7outer to router - 1irewall to router1irewall to router

- P to routerP to router

- P to server P to server

VPN Protocols (continue,)VPN Protocols (continue,)



VPN unnelingVPN unneling

VPN unneling su00orts two ty0es: voluntary tunneling an, com0ulsoryVPN unneling su00orts two ty0es: voluntary tunneling an, com0ulsory

tunnelingtunneling

Voluntary tunneling is where the VPN client manages the connectionVoluntary tunneling is where the VPN client manages the connection

setu05setu05

om0ulsory tunneling is where the carrier network 0rovi,er managesom0ulsory tunneling is where the carrier network 0rovi,er managesthe VPN connection setu05the VPN connection setu05



unnelingunneling

Most VPNs rely onMost VPNs rely on tunnelingtunneling to create a 0rivateto create a 0rivatenetwork that reaches across the !nternet5 ?ssentially'network that reaches across the !nternet5 ?ssentially'tunneling is the 0rocess o+ 0lacing an entire 0ackettunneling is the 0rocess o+ 0lacing an entire 0acketwithin another 0acket an, sen,ing it over a network5within another 0acket an, sen,ing it over a network5

unneling re6uires three ,i++erent 0rotocols:unneling re6uires three ,i++erent 0rotocols: Passenger protocolPassenger protocol 8 he original ,ata (!P4' !P)8 he original ,ata (!P4' !P)

eing carrie, eing carrie,

Encapsulating protocolEncapsulating protocol

8 he 0rotocol (@7?' !P"ec'8 he 0rotocol (@7?' !P"ec'

9%1' PPP' 9%P) that is wra00e, aroun, the original9%1' PPP' 9%P) that is wra00e, aroun, the original,ata,ata

Carrier protocolCarrier protocol 8 he 0rotocol use, y the network8 he 0rotocol use, y the networkthat the in+ormation is traveling overthat the in+ormation is traveling over



VPN Packet ransmissionVPN Packet ransmission

Packets are +irst encry0te, e+ore sent out +orPackets are +irst encry0te, e+ore sent out +or

transmission over the !nternet5 he encry0te,transmission over the !nternet5 he encry0te,

0acket is 0lace, insi,e an unencry0te, 0acket5 he 0acket is 0lace, insi,e an unencry0te, 0acket5 he

unencry0te, outer 0acket is rea, y the routingunencry0te, outer 0acket is rea, y the routinge6ui0ment so that it may e 0ro0erly route, to itse6ui0ment so that it may e 0ro0erly route, to its

,estination,estination

*nce the 0acket reaches its ,estination' the outer*nce the 0acket reaches its ,estination' the outer

0acket is stri00e, o++ an, the inner 0acket is 0acket is stri00e, o++ an, the inner 0acket is

,ecry0te,,ecry0te,



VPN "ecurity: 1irewallsVPN "ecurity: 1irewalls

A well8,esigne, VPN uses several metho,s +orA well8,esigne, VPN uses several metho,s +orkee0ing your connection an, ,ata secure:kee0ing your connection an, ,ata secure:

FirewallsFirewalls EncrptionEncrption

IP!ecIP!ec """ !erver""" !erver

ou can set +irewalls to restrict the numer o+ o0enou can set +irewalls to restrict the numer o+ o0en

0orts' what ty0e o+ 0ackets are 0asse, through an, 0orts' what ty0e o+ 0ackets are 0asse, through an,which 0rotocols are allowe, through5which 0rotocols are allowe, through5



Some VPN products,Some VPN products,

such as Cisco 1700such as Cisco 1700

routers, can berouters, can beupgraded to includeupgraded to include

firewall capabilities byfirewall capabilities by

running the appropriaterunning the appropriate

Cisco IS on them!Cisco IS on them!

isco C&& "eries 7outersisco C&& "eries 7outers



VPN oncentrator VPN oncentrator

!ncor0orating the most!ncor0orating the mosta,vance, encry0tion an,a,vance, encry0tion an,authentication techni6uesauthentication techni6uesavailale' isco VPNavailale' isco VPN

concentrators are uiltconcentrators are uilts0eci+ically +or creating as0eci+ically +or creating aremote8access VPN5remote8access VPN5

he concentrators are o++ere, inhe concentrators are o++ere, inmo,els suitale +or everythingmo,els suitale +or everything

+rom small usinesses with u0+rom small usinesses with u0to && remote8access users toto && remote8access users tolarge organi=ations with u0 tolarge organi=ations with u0 to&'&&& simultaneous remote&'&&& simultaneous remoteusers5users5



A,vantages o+ VPN’sA,vantages o+ VPN’s

here are two main a,vantageshere are two main a,vantages

o+ VPN’s' namely cost savingso+ VPN’s' namely cost savings

an, scalailityan, scalaility

VPN’s lower costs y eliminatingVPN’s lower costs y eliminatingthe nee, +or e0ensive long8the nee, +or e0ensive long8

,istance lease, lines5 A local,istance lease, lines5 A local

lease, line or even a roa,an,lease, line or even a roa,an,

connection is all that’s nee,e, toconnection is all that’s nee,e, to

connect to the !nternet an, utili=econnect to the !nternet an, utili=e

the 0ulic network to securelythe 0ulic network to securely

tunnel a 0rivate connectiontunnel a 0rivate connection



A,vantages o+ VPN’s (continue,)A,vantages o+ VPN’s (continue,)

As the numer o+ com0any ranches grows'As the numer o+ com0any ranches grows'

0urchasing a,,itional lease,8lines increases 0urchasing a,,itional lease,8lines increases

cost e0onentially' which is why VPN’scost e0onentially' which is why VPN’s

o++er even greater cost savings wheno++er even greater cost savings when

scalaility is an issuescalaility is an issue

VPN’s may also e use, to s0an gloally'VPN’s may also e use, to s0an gloally'

which lowers cost even more whenwhich lowers cost even more when

com0are, to tra,itional lease, linescom0are, to tra,itional lease, lines



2isa,vantages o+ VPN’s2isa,vantages o+ VPN’s

Because the connection travels over 0ulicBecause the connection travels over 0uliclines' a strong un,erstan,ing o+ networklines' a strong un,erstan,ing o+ networksecurity issues an, 0ro0er 0recautionssecurity issues an, 0ro0er 0recautions

e+ore VPN ,e0loyment are necessary e+ore VPN ,e0loyment are necessary VPN connection staility is mainly inVPN connection staility is mainly in

control o+ the !nternet staility' +actorscontrol o+ the !nternet staility' +actors

outsi,e an organi=ations controloutsi,e an organi=ations control 2i++ering VPN technologies may not work2i++ering VPN technologies may not work

together ,ue to immature stan,ar,stogether ,ue to immature stan,ar,s



VPN onnection in 4PVPN onnection in 4P

















"ummary"ummary

A virtual 0rivate network (VPN) is a network thatA virtual 0rivate network (VPN) is a network thatuses 0ulic means o+ transmission (!nternet) as itsuses 0ulic means o+ transmission (!nternet) as itsWAN link' connecting clients who areWAN link' connecting clients who aregeogra0hically se0arate, through secure tunnelinggeogra0hically se0arate, through secure tunnelingmetho,smetho,s

Main VPN 0rotocols inclu,e PPP' 9%P' an,Main VPN 0rotocols inclu,e PPP' 9%P' an,!Psec!Psec

VPN unneling su00orts two ty0es: voluntaryVPN unneling su00orts two ty0es: voluntarytunneling an, com0ulsory tunnelingtunneling an, com0ulsory tunneling

ost an, "calaility are the main a,vantages o+ aost an, "calaility are the main a,vantages o+ aVPNVPN

Network security an, !nternet staility are the main Network security an, !nternet staility are the main

concerns +or VPN’sconcerns +or VPN’s



7esources Dse,7esources Dse,

htt0:33v0n5shmoo5com3htt0:33v0n5shmoo5com3

htt0:33www5uws05e,u3it3v0n3htt0:33www5uws05e,u3it3v0n3

htt0:33in+o5li5uh5e,u3services3v0n5htmlhtt0:33in+o5li5uh5e,u3services3v0n5html htt0:33www5cites5uiuc5e,u3v0n3htt0:33www5cites5uiuc5e,u3v0n3

htt0:33www50ositivenetworks5net3images3clhtt0:33www50ositivenetworks5net3images3cl

ient8u0loa,s3<um00age%5htmient8u0loa,s3<um00age%5htm

http://vpn.shmoo.com/


http://www.uwsp.edu/it/vpn/


http://info.lib.uh.edu/services/vpn.html


http://www.cites.uiuc.edu/vpn/


http://www.positivenetworks.net/images/client-uploads/jumppage2.htm












he ?n,he ?n,

hank you all +or your time5 We ho0e youhank you all +or your time5 We ho0e you

+oun, this 0resentation in+ormative5+oun, this 0resentation in+ormative5

Documents

Virtual Private Networks Updatedppt4398