Virtual Private Networks Alexandra Altea Curti 5^AiS a.s. 2014-15
What is a VPN? Virtual Private Network Private network Extended LAN WAN
What do VPNs do? Remote access Individual users Companies Offices
Remote-access VPN Individual users Secure connection NAS Client Software Like if they were directly plugged into the network’s servers.
Site-to-site VPN Offices Secure connections Intranet-based Extranet-based Extends the company’s network in such a way that the computer resources from one location are available to employees at other locations.
Security Authentication Secrecy Integrity and authenticity protocols Tunneling mechanism
Transmission mechanisms Transport mode Software Encrypted data Original header Encryption and decryption guaranteed by software
Transmission mechanisms Tunneling mode Encapsulates encrypted data New IP header Readable only with decryption key
IPsec (IP security) Securing communications Encrypts every IP packet Protocols: Authentication Header (AH) Encapsuling Security Payload (ESP) Internet Key Exchange Explain protocols fot mutual authentication!
Internet Key Exchange (IKE) Mutual authentication and key-exchange Peer-to-peer communication SA (Security Association): Security policies defined for communication between two or more entities Security associations are security policies defined for communication between two or more entities; the relationship between the entities is represented by a key. The IKE protocol ensures security for SA communication without the preconfiguration that would otherwise be required.
Cryptography Encrypted data Long key Secrecy
Proxy server VS VPN Proxy VPN Tunneling Own IP address Fully encrypted traffic High costs Own IP address Traffic not encrypted Bypassed easily
VPNinja PPTP VPN service US and UK servers Bypass corporate/government firewalls Anonymous Internet access
Other VPN services Numerous countries Local WiFi Mobile devices, PCs, tablets, computers Apple, Windows, Android
Thank you for your attention
Network Access Server (NAS) Media gateway/Remote Access Server (RAS) VPN access Authentication
Client Software VPN connection Incorporated or downloaded app Cryptography for secure connection
Intranet site-to-site VPN Offices in remote locations Separated LANs One single WAN Connect each separate LAN into a single WAN.
Extranet site-to-site VPN Partners, suppliers, clients (companies or individuals) Connect LANs Work together in a secure environment