VIRTUAL PRIVATE NETWORKS (VPN’S)

(1)

VIRTUAL PRIVATE

NETWORKS

(VPN’S)

Mrs. Ansif Arooj Lecturer CS

University of Education

S & T, Township Campus, Lahore

[email protected] [email protected]

(2)

What is a VPN?

◻ A virtual private

network (VPN) is a network that uses public means of

(4)

What is a VPN? (Cont.)

◻

A VPN can be created by connecting offices and

single users (including mobile users) to the

nearest service providers POP (Point of

Presence) and using that service provider’s

backbone network, or even the Internet, as the

tunnel between offices

◻

Traffic that flows through the backbone is

(5)

(6)

Who uses VPN’s?

◻ VPN’s can be found in homes, workplaces, or

anywhere else as long as an ISP (Internet Service Provider) is available.

◻ VPN’s allow company employees who travel often

(7)

3 Types of VPN

◻

Remote-Access VPN

◻

Site-to-Site VPN (

Intranet-based

)

(8)

(1)Remote-Access VPN

◻ Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LAN connection used by a company that has employees who need to

connect to the private network from various remote locations.

◻ A good example of a company that needs a

remote-access VPN would be a large firm with hundreds of sales people in the field.

◻ Remote-access VPNs permit secure, encrypted

connections between a company's private network and remote users through a third-party service

(9)

(2,3)Site-to-Site VPN

◻ Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN.

◻ Extranet-based - When a company has a close

(10)

(11)

VPN Protocols

◻ There are three main

protocols that power the vast majority of VPN’s:

PPTP L2TP IPsec

◻ All three protocols

emphasize encryption and authentication; preserving data integrity that may be sensitive and allowing

(12)

VPN Protocols (In depth)

◻ Point-to-point tunneling protocol (PPTP)

PPTP is widely supported by Microsoft as it is built into the various flavors of the Windows OS

PPTP initially had weak security features, however, Microsoft continues to improve its support

◻ Layer Two tunneling protocol (L2TP)

L2TP was the original competitor to PPTP and was implemented primarily in Cisco products

L2TP is a combination of the best features of an older protocol L2F and PPTP

(13)

◻ Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication.

◻ IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of each packet while

transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this protocol.

◻ IPSec can encrypt data between various devices, such as: Router to router

Firewall to router PC to router

PC to server

(14)

VPN Tunneling

◻ VPN Tunneling supports two types: voluntary tunneling and compulsory tunneling

◻ Voluntary tunneling is where the VPN client manages the connection setup.

(15)

Tunneling

◻ Most VPNs rely on tunneling to create a private

network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network.

Tunneling requires three different protocols:

◻ Passenger protocol - The original data (IPX, IP) being carried

◻ Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the

original data

(16)

VPN Packet Transmission

◻ Packets are first encrypted before sent out for

transmission over the Internet. The encrypted packet is placed inside an unencrypted packet. The

unencrypted outer packet is read by the routing equipment so that it may be properly routed to its destination

◻ Once the packet reaches its destination, the outer

(17)

VPN Security: Firewalls

A well-designed VPN uses several methods for keeping your connection and data secure:

◻ Firewalls

◻ Encryption

◻ IPSec

◻ AAA Server

◻ You can set firewalls to restrict the number of open

(18)

Some VPN products, such as Cisco 1700 routers, can be

upgraded to include firewall capabilities by running the appropriate Cisco IOS on them.

(19)

VPN Concentrator

◻ Incorporating the most advanced encryption and authentication techniques available, Cisco VPN concentrators are built specifically for creating a remote-access VPN.

◻ The concentrators are offered in

(20)

Advantages of VPN’s

◻ There are two main advantages

of VPN’s, namely cost savings and scalability

◻ VPN’s lower costs by eliminating

the need for expensive

long-distance leased lines. A local leased line or even a

broadband connection is all that’s needed to connect to the Internet and utilize the public network to securely tunnel a private

(21)

Advantages of VPN’s (continued)

◻

As the number of company branches grows,

purchasing additional leased-lines increases cost

exponentially, which is why VPN’s offer even

greater cost savings when scalability is an issue

◻

VPN’s may also be used to span globally, which

lowers cost even more when compared to

(22)

Disadvantages of VPN’s

◻

Because the connection travels over public lines, a

strong understanding of network security issues and

proper precautions before VPN deployment are

necessary

◻

VPN connection stability is mainly in control of the

Internet stability, factors outside an organizations

control

◻

Differing VPN technologies may not work together

(23)

(24)

(25)

(26)

(27)

(28)

(29)

(30)

(31)

Summary

◻ A virtual private network (VPN) is a network that uses public means of transmission (Internet) as its WAN link, connecting clients who are geographically separated

through secure tunneling methods

◻ Main VPN protocols include PPTP, L2TP, and IPsec