VIRTUAL PRIVATE VIRTUAL PRIVATE NETWORKS (VPN)NETWORKS (VPN)

BY:BY: Sajal Soni Sajal Soni

Abhishek sahuAbhishek sahuDeepti SinghDeepti Singh

Deeksha sahuDeeksha sahuYashika chourasiaYashika chourasia

Subhash dewanganSubhash dewangan

Traditional Connectivity Traditional Connectivity

[From Gartner Consulting][From Gartner Consulting]

What is VPN?What is VPN?

Virtual Private Network is a type of private network that Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, uses public telecommunication, such as the Internet,

instead of leased lines to communicateinstead of leased lines to communicate..

Became popular as more employees worked in remote Became popular as more employees worked in remote locations.locations.

A VPN connection across the Internet is similar to a wide A VPN connection across the Internet is similar to a wide area network (WAN) link between the sites.area network (WAN) link between the sites.

Private Networks Private Networks vs. vs.

Virtual Private NetworksVirtual Private NetworksEmployees can access the network (Intranet) from Employees can access the network (Intranet) from

remote locations.remote locations.

Secured networks.Secured networks.

The Internet is used as the backbone for VPNsThe Internet is used as the backbone for VPNs

Saves cost tremendously from reduction of equipment Saves cost tremendously from reduction of equipment and maintenance costs.and maintenance costs.

ScalabilityScalability

Remote Access Virtual Private Remote Access Virtual Private NetworkNetwork

(From Gartner Consulting)

Brief Overview :How it Works?Brief Overview :How it Works?

Two connections – one is made to the Two connections – one is made to the Internet and the second is made to the Internet and the second is made to the VPN.VPN.

Datagrams – contains data, destination Datagrams – contains data, destination and source information.and source information.

Firewalls – VPNs allow authorized users Firewalls – VPNs allow authorized users to pass through the firewalls.to pass through the firewalls.

Protocols – protocols create the VPN Protocols – protocols create the VPN tunnels.tunnels.

Critical FunctionsCritical Functions

AuthenticationAuthentication – validates that the data was – validates that the data was sent from the sender.sent from the sender.

Access controlAccess control – limiting unauthorized users – limiting unauthorized users from accessing the network.from accessing the network.

ConfidentialityConfidentiality – preventing the data to be – preventing the data to be read or copied as the data is being read or copied as the data is being transported.transported.

Data IntegrityData Integrity – ensuring that the data has – ensuring that the data has not been altered not been altered

EncryptionEncryption

Encryption -- is a method of “scrambling” Encryption -- is a method of “scrambling” data before transmitting it onto the data before transmitting it onto the Internet.Internet.

Public Key Encryption TechniquePublic Key Encryption Technique

Digital signature – for authenticationDigital signature – for authentication

TunnelingTunneling

A virtual point-to-point connectionA virtual point-to-point connection

made through a public network. It transportsmade through a public network. It transports

encapsulated datagrams.encapsulated datagrams.

Encrypted Inner Datagram

Datagram Header Outer Datagram Data Area

Original Datagram

Data Encapsulation [From Comer]

Two types of end points: Remote Access Site-to-Site

Protocols used in VPNProtocols used in VPN

PPTP -- Point-to-Point Tunneling ProtocolPPTP -- Point-to-Point Tunneling Protocol

L2TP -- Layer 2 Tunneling ProtocolL2TP -- Layer 2 Tunneling Protocol

IPsec -- Internet Protocol SecurityIPsec -- Internet Protocol Security

SOCKS – is not used as much as the SOCKS – is not used as much as the ones above ones above

VPN Encapsulation of PacketsVPN Encapsulation of Packets

Types of ImplementationsTypes of Implementations

What does “implementation” mean in What does “implementation” mean in VPNs?VPNs?

3 types3 typesIntranet – Within an organizationIntranet – Within an organizationExtranet – Outside an organizationExtranet – Outside an organizationRemote Access – Employee to BusinessRemote Access – Employee to Business

Virtual Private Networks (VPN)Basic Architecture

Device TypesDevice Types

3 types3 types HardwareHardware FirewallFirewall SoftwareSoftware

Device Types: HardwareDevice Types: Hardware

Usually a VPN type of routerUsually a VPN type of router

Pros

• Highest network throughput

• Plug and Play

• Dual-purpose

Cons

• Cost

• Lack of flexibility

Device Types: FirewallDevice Types: Firewall

More security?More security?

Pros

• “Harden” Operating System

• Tri-purpose

• Cost-effective

Cons

• Still relatively costly

Device Types: SoftwareDevice Types: Software

Ideal for 2 end points not in same org.Ideal for 2 end points not in same org. Great when different firewalls implementedGreat when different firewalls implemented

Pros

• Flexible

• Low relative cost

Cons

• Lack of efficiency

• More labor training required

• Lower productivity; higher labor costs

Advantages Advantages VS.VS.

DisadvantagesDisadvantages

Eliminating the need for expensive long-distance Eliminating the need for expensive long-distance leased lines leased lines

Reducing the long-distance telephone charges Reducing the long-distance telephone charges for remote access. for remote access.

Transferring the support burden to the service Transferring the support burden to the service providers providers

Operational costsOperational costs

Cisco VPN Savings Calculator

Advantages: Cost SavingsAdvantages: Cost Savings

Flexibility of growth Flexibility of growth

Efficiency with broadband technology Efficiency with broadband technology

Advantages: ScalabilityAdvantages: Scalability

VPNs require an in-depth understanding of VPNs require an in-depth understanding of public network security issues and proper public network security issues and proper deployment of precautionsdeployment of precautions

Availability and performance depends on factors Availability and performance depends on factors largely outside of their control largely outside of their control

Immature standards Immature standards

VPNs need to accommodate protocols other VPNs need to accommodate protocols other than IP and existing internal network technology than IP and existing internal network technology

DisadvantagesDisadvantages

Applications: Site-to-Site VPNsApplications: Site-to-Site VPNs

Large-scale encryption between multiple Large-scale encryption between multiple fixed sites such as remote offices and fixed sites such as remote offices and central offices central offices

Network traffic is sent over the branch Network traffic is sent over the branch office Internet connectionoffice Internet connection

This saves the company hardware and This saves the company hardware and management expensesmanagement expenses

Site-to-Site VPNsSite-to-Site VPNs

Applications: Remote AccessApplications: Remote AccessEncrypted connections between mobile or Encrypted connections between mobile or

remote users and their corporate networksremote users and their corporate networksRemote user can make a local call to an ISP, as Remote user can make a local call to an ISP, as

opposed to a long distance call to the corporate opposed to a long distance call to the corporate remote access server. remote access server.

Ideal for a telecommuter or mobile sales people. Ideal for a telecommuter or mobile sales people. VPN allows mobile workers & telecommuters to VPN allows mobile workers & telecommuters to

take advantage of broadband connectivity. take advantage of broadband connectivity. i.e. DSL, Cable i.e. DSL, Cable

Industries that may use a VPNIndustries that may use a VPNHealthcare: Healthcare: enables the transferring of confidential patient information enables the transferring of confidential patient information

within the medical facilities & health care providerwithin the medical facilities & health care provider

ManufacturingManufacturing: allow suppliers to view inventory & allow clients to : allow suppliers to view inventory & allow clients to purchase online safelypurchase online safely

Retail:Retail: able to securely transfer sales data or customer info between able to securely transfer sales data or customer info between stores & the headquartersstores & the headquarters

Banking/Financial:Banking/Financial: enables account information to be transferred safely enables account information to be transferred safely within departments & brancheswithin departments & branches

General Business:General Business: communication between remote employees can be communication between remote employees can be securely exchangedsecurely exchanged

Statistics from Gartner-Statistics from Gartner-Consulting*Consulting*

50%

63%

79%

90%

0% 20% 40% 60% 80% 100%

Access to network forbusiness

partners/customers

Site-to-site connectivitybetween offices

Remote access foremployees while

traveling

Remote access foremployees working out

of homes

% of Respondents

Percentages

*Source: www.cisco.com

Some Businesses using a VPNSome Businesses using a VPN

CVS Pharmaceutical Corporation upgraded their CVS Pharmaceutical Corporation upgraded their frame relay network to an IP VPNframe relay network to an IP VPN

ITW Foilmark secured remote location orders, ITW Foilmark secured remote location orders, running reports, & internet/intranet running reports, & internet/intranet communications w/ a 168-bit encryption by communications w/ a 168-bit encryption by switching to OpenReach VPNswitching to OpenReach VPN

Bacardi & Co. Implemented a 21-country, 44-Bacardi & Co. Implemented a 21-country, 44-location VPNlocation VPN

Where do we see VPNs going Where do we see VPNs going in the future?in the future?

VPNs are continually being enhanced. VPNs are continually being enhanced.

Example:Example: Equant NV Equant NV

As the VPN market becomes larger, more As the VPN market becomes larger, more applications will be created along with applications will be created along with more VPN providers and new VPN types.more VPN providers and new VPN types.

Networks are expected to converge to Networks are expected to converge to create an integrated VPNcreate an integrated VPN

Improved protocols are expected, which Improved protocols are expected, which will also improve VPNs.will also improve VPNs.