Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.

Slides:



Advertisements
Similar presentations
Computer networks Fundamentals of Information Technology Session 6.
Advertisements

Internetworking II: MPLS, Security, and Traffic Engineering
PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
Remote Desktop Connection Techniques Wireless Communication Networks.
TCP/IP Protocol Suite 1 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference between.
COS 420 Day 17. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements due Individual Project Graded 2 A’s and 1 B Today.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Virtual Private Networking Karlene R. Samuels COSC513.
K. Salah1 Security Protocols in the Internet IPSec.
A Guide to major network components
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Remote Networking Architectures
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Networks (VPN’s)
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Virtual Private Network
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
1 L2TP OVERVIEW 18-May Agenda VPN Tunneling PPTP L2F LT2P.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part XI Internetworking Part 2.4 (Datagram Encapsulation, Transmission, Fragmentation, Reassembly)
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.
Chapter 13 – Network Security
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
1 Chapter 21 Internetworking Part 2 (Datagram Encapsulation, Transmission, Fragmentation, Reassembly)
1 Virtual Private Network (VPN) Course: COSC513 Instructor: Professor M. Anvari Student: Xinguang Wang.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets, 5e By Douglas E. Comer Lecture PowerPoints.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
EECB 423 V.1 1 Internetworking 2 Datagram Encapsulation Transmission Fragmentation and Reassembly.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Virtual Private Network Wo Yan Lam. Overview What is Virtual Private Network Different types of VPN –Remote-Access VPN –Site-to-site VPN Security features.
SECURITY IN VIRTUAL PRIVATE NETWORKS PRESENTED BY : NISHANT SURESH.
MPLS Virtual Private Networks (VPNs)
Virtual Private Networks
Virtual Private Networks (VPN)
Virtual Private Networks
Virtual Private Network (VPN)
Virtual Private Network
NET 536 Network Security Firewalls and VPN
Virtual Private Networks
Virtual Private Networks (VPN)
Need for VPN As a business grows, it might expand to multiple shops or offices across the country and around the world. the people working in those locations.
Virtual Private Network (VPN)
IP Encapsulation, Fragmentation, and Reassembly
Firewalls Routers, Switches, Hubs VPNs
Virtual Private Network
Topic 12: Virtual Private Networks
Presentation transcript:

Virtual Private Network (VPN) 1

A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private network connections The corporation leases serial lines to connect its sites. Each leased connection extends from a router at one of the corporation’s sites to a router at another site; data passes directly from a router at one sit to a router at another site. – Public Internet connection. Each site contracts with a local ISP for Internet service. Data sent from one corporate site to another passes across the global Internet. 2

The chief advantage of using leased lines to interconnect sites arises because the resulting network is completely private. The chief advantage of using Internet connections is low cost. Unfortunately, the Internet cannot guarantee confindentiality. As it travels from source to destination, a datagram passes across intermediate networks that may be shared. As a consequence outsiders may be able to obtain copies of the datagram and examine the content. VPN: use the global Internet to transfer data among corporate sites, but take additional steps to ensure that the data cannot be read by outsiders. 3

A VPN is implemented in software. First, the organization obtains an Internet connection for each of its sites. Second the organization choose a router at each site to run VPN software (usually the router that connects the site to the Internet). Third, the organization configures the VPN software in each router to know about the VPN routers at each of others sites 4

VPN Software The VPN software operates like a conventional packet filter. The next hop for each outgoing datagrams must be a VPN router at another site of the organization. The traffic is restricted to pass directly from one corporate site to another exactly as the sites had leased lines connecting them VPN software encrypts each outgoing datagram before transmission. All communications remains confidential. 5

Tunneling Should the entire datagram be encrypted for transmission? If the datagram header is encrypted, routers in the Internet will not be able to interpret header fields they neeed to use when forwarding the datagram. If the header is not enctypted, outsiders will know the source and destination addresses and may be able to deduce information. To keep information completely hidden as datagrams pass across the Internet from one site to another, VPN software use an IP-in-IP tunnel 6

The sending VPN software encrypts the entire datagram and places the result inside another datagram for transmission. Suppose that a computer X at site 1 creates a datagram for a computer Y at site 3. The datagram is forwarded through site 1 at router R1 (i.e., the router that connects site 1 to Internet). The VPN software on R1 encrypts the original datagram and encapsulates it in a new datagram for transmission to router at site 2. When the encapsulated datagram arrives,VPN software on R2 decrypts the payload to extract the original datagram and them forwards it to the destination Y. 7

original (unencrypted payload) src=X dst=Y encrypt Encrypted Version of Original Datagram Encrypted datagram Encapsulated In IP For Transmission src=R1 dst=R2 8

The original datagram header has the source and destination addresses of two computers in the organization. To keep data secure during transmission across the Internet, the entire original datagram including the header, is encrypted. Thus all datagrams traveling across the Internet from site 1 to site 2 have a source address of router R1 and a destination address of router R2. 9

VPN VPN “permanent” to connect sites of a corporation. VPN “temporary” to remotely connect to the site of the corporation mobile computers. In both cases a software must be installed (in the routers belonging to the sites and/or in the personal computer of the user.) called VPN terminator. The VPN terminator encrypts the data and sends them to VPN terminator of the different site The keys needed to encrypt and decrypt are known only to the terminator software. 10