Virtual Private NetworksVirtual Private Networks(VPNs)(VPNs)

By Ryan JoyceBy Ryan Joyce

What is a Virtual Network ?What is a Virtual Network ?An interconnected group of networks An interconnected group of networks

(an internet) that appears as one large network to (an internet) that appears as one large network to

a specific usera specific user

What is a Virtual Private Network?What is a Virtual Private Network?A Virtual Private Network is a Virtual A Virtual Private Network is a Virtual

Network that is secure and has attributes of LAN Network that is secure and has attributes of LAN but over much larger scale. but over much larger scale.

History of VPNsHistory of VPNs

Started with Started with • Wide Area Networks (WANS)Wide Area Networks (WANS)

Expansive leased linesExpansive leased lines reliablereliable securesecure Very expensiveVery expensive

• Intranets (LANs) Intranets (LANs) LimitedLimited reliablereliable SecureSecure Relatively inexpensiveRelatively inexpensive

Cost of Dedicated Private LinesCost of Dedicated Private Lines

History (continued)History (continued)

Virtual Private Networks are Virtual Private Networks are relatively newrelatively new

Technology was created in the mid Technology was created in the mid 90s90s

Was not made mains stream until Was not made mains stream until couple years agocouple years ago

Why have VPNs?Why have VPNs?

Extend communications on a global Extend communications on a global scalescale

Create better communication with Create better communication with business partnersbusiness partners

Decrease the cost of having to use Decrease the cost of having to use traditional methodstraditional methods

Faster more effective reliable Faster more effective reliable businessbusiness

VideoVideo

VPN VideoVPN Video

VPN SetupsVPN Setups

Variety of OptionsVariety of Options• Hardware basedHardware based

VPN firewallsVPN firewalls edge routersedge routers

• Software baseSoftware base VPN clientsVPN clients

• MixedMixed

VPN HardwareVPN Hardware

VPN SoftwareVPN Software

VPN SetupsVPN Setups

Remote UsersRemote Users• Refers to communication access of a Refers to communication access of a

company’s network to remote or mobile company’s network to remote or mobile employees (home users)employees (home users)

• Requires monitoring and strong Requires monitoring and strong authentication practicesauthentication practices

• Scalability remains and important issue Scalability remains and important issue must be able to handle larger number of must be able to handle larger number of users.users.

Remote SetupRemote Setup

INTERNETEncryption Router

LAN A

mobile user

Home user

VPN SetupsVPN Setups

Intranet SetupIntranet Setup• Refers to linking a companies internal Refers to linking a companies internal

branches or subsidiaries togetherbranches or subsidiaries together• Requires high security, must be able to Requires high security, must be able to

transmit and receive sensitive transmit and receive sensitive informationinformation

• Requires high reliability, applications Requires high reliability, applications that effect day to day operationsthat effect day to day operations

• Scalable to a point.Scalable to a point.

INTERNET

Encryption Router

Encryption Router

LAN A

LANB

Intranet basedIntranet based

VPN SetupsVPN Setups

Extranet SetupsExtranet Setups• Refers to VPN between companies Refers to VPN between companies

customers and supplierscustomers and suppliers• Requires standardization the IPSec Requires standardization the IPSec

current standard for VPNscurrent standard for VPNs• Need for traffic control, networks must Need for traffic control, networks must

be monitored for accurate delivery of be monitored for accurate delivery of critical datacritical data

INTERNET

Encryption Router

Encryption Router

LAN ASuppliers LAN

Extranet BasedExtranet Based

How VPNS work?How VPNS work?

TunnelingTunneling• Creating a secure point to point Creating a secure point to point

connection over a public network.connection over a public network. Each box represents encapsulationEach box represents encapsulation

Original Datagram

Encrypted Transport Datagram

Datagram Header

Security Requirements and Security Requirements and ApproachesApproaches

ConfidentialityConfidentiality• refers to the privacy of information refers to the privacy of information

being exchanged between being exchanged between communicating parties. communicating parties.

EncryptionEncryption

• secret key cryptographysecret key cryptography• Public key cryptographyPublic key cryptography

EncryptionEncryption

Public KeyPublic Key Private KeyPrivate Key MD5MD5

• Message digest “hashing” algorrithmMessage digest “hashing” algorrithm SET protocolSET protocol

• Secure electronic transactionsSecure electronic transactions SSl protocolSSl protocol

• Secure socket layer protocolSecure socket layer protocol

Security Requirements and Security Requirements and ApproachesApproaches

Data IntegrityData Integrity• Integrity ensures that information being Integrity ensures that information being

transmitted over the public Internet is transmitted over the public Internet is not altered in any way during transit. not altered in any way during transit.

Insuring Data Insuring Data • One way hash functionsOne way hash functions• Message-authentication codesMessage-authentication codes• Digital signaturesDigital signatures

Security Requirements and Security Requirements and ApproachesApproaches

AuthenticationAuthentication• Ensuring the identities of all Ensuring the identities of all

communicating parties.communicating parties. Authentication practicesAuthentication practices

• Password authenticationPassword authentication• Digital certificatesDigital certificates• Token cards created from a time stampToken cards created from a time stamp

VPN ProtocolsVPN Protocols

IPSec (Internet Protocol Security)IPSec (Internet Protocol Security)• Developed by IETFDeveloped by IETF• designed to address IP based networksdesigned to address IP based networks• encapsulates a packet with another encapsulates a packet with another

packet and encrypts the packetpacket and encrypts the packet PPTP (Point to Point Tunneling Protocol)PPTP (Point to Point Tunneling Protocol)

• Used for remote usersUsed for remote users• Encapsulates packetsEncapsulates packets

VPN ProtocolsVPN Protocols(continued)(continued)

L2TP (Layer 2 tunneling protocol)L2TP (Layer 2 tunneling protocol)• Evolved from PPTPEvolved from PPTP• Client aware tunnelingClient aware tunneling• Client transparent tunnelingClient transparent tunneling

Socks5Socks5• Circuit level protocol Circuit level protocol • Originally designed to authenticate protocolsOriginally designed to authenticate protocols• mainly use for extranet configurationsmainly use for extranet configurations• great for user level application controlgreat for user level application control

Selecting A VPNSelecting A VPN

Things to considerThings to consider IntegrationIntegration

• Will it be compatible with existing Will it be compatible with existing intranetsintranets

• Software versus HardwareSoftware versus Hardware Software cheap more difficult to implement Software cheap more difficult to implement

less reliable slowerless reliable slower Hardware more expensive easy to set up Hardware more expensive easy to set up

more reliable fastermore reliable faster

Applications of VPNsApplications of VPNs ManufacturingManufacturing

• Factory operations linking corporate Factory operations linking corporate headquarters to all of its facilitiesheadquarters to all of its facilities

RetailRetail• Local stores connected directly to regional Local stores connected directly to regional

offices delivering relevant sales dataoffices delivering relevant sales data MedicalMedical

• Transferring patient data across hospital Transferring patient data across hospital networksnetworks

FinanceFinance• Online banking transactions, remote user Online banking transactions, remote user

accessaccess

Applications VPNsApplications VPNs

Home usersHome users

Windows VPN connectionWindows VPN connection VPN Connection VideoVPN Connection Video

Problems with VPNsProblems with VPNs

Setup TimesSetup Times Difficult Trouble ShootingDifficult Trouble Shooting Interoperability with other networksInteroperability with other networks Reliability with ISPsReliability with ISPs Bandwidth ConstraintsBandwidth Constraints

Optimizing VPNsOptimizing VPNs

Single VPN Two path waysSingle VPN Two path ways

Optimizing VPNsOptimizing VPNs

Multi VPNs Multi pathwaysMulti VPNs Multi pathways

The Future of VPNsThe Future of VPNs

Protocol StandardizationProtocol Standardization New hardware New hardware Better SoftwareBetter Software Used more frequentlyUsed more frequently Will become the new business Will become the new business

standardstandard

ReferencesReferences Dunigan, Tom. Virtual Private Networks Retrieved October 15, Dunigan, Tom. Virtual Private Networks Retrieved October 15,

2007 Posted October 13, 2004 2007 Posted October 13, 2004 http://www.csm.ornl.gov/~dunigan/vpn.htmlhttp://www.csm.ornl.gov/~dunigan/vpn.html

McDonald, Christopher. Virtual Private Networks An overview McDonald, Christopher. Virtual Private Networks An overview RetrievedOctober 16, 2007 from Intranet Journal.com RetrievedOctober 16, 2007 from Intranet Journal.com http://www.intranetjournal.com/foundation/vpn-1.shtmlhttp://www.intranetjournal.com/foundation/vpn-1.shtml

Virtual Private Networks. Retrieved October 16, 2007 from Cisco Virtual Private Networks. Retrieved October 16, 2007 from Cisco Posted October 12 , 2006. Posted October 12 , 2006. http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/vpn.htmhttp://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/vpn.htm

Virtual Private Networking Retrieved October 15, 2007 Virtual Private Networking Retrieved October 15, 2007

http://www.microsoft.com/technet/isa/2004/help/fw_VPNIntro.msphttp://www.microsoft.com/technet/isa/2004/help/fw_VPNIntro.mspx?mfr=truex?mfr=true