Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 1 VPN Last Update 2010.11.29 1.3.0.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Identifying MPLS Applications
Guide to Network Defense and Countermeasures Second Edition
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)
COS 338 Day DAY 12 Agenda Capstone Proposal Overdue 3 accepted, 2 in mediation, 1 MIA Assignment 4 Due Lab 4 is Today & Oct 24 (After exam) OpNet.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Virtual Private Networking Karlene R. Samuels COSC513.
Internet Protocol Security (IPSec)
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Virtual Private Network
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
MPLS networking at PSP Co Multi-Protocol Label Switching Presented by: Hamid Sheikhghanbari 1.
Selecting a WAN Technology Lecture 4: WAN Devices &Technology.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
DSL Modem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
1 Wide Area Network. 2 What is a WAN? A wide area network (WAN ) is a data communications network that covers a relatively broad geographic area and that.
EWAN Equipment Last Update Copyright 2010 Kenneth M. Chipps Ph.D. 1.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
WAN Technologies Dial-up modem connections
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Lab MPLS Basic Configuration Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Emerging Technologies. Emerging Technology Overview  Emerging technologies are those which are just beginning to be adopted or are at the initial acceptance.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
VPN. What is VPN An arrangement that provides connections between: An arrangement that provides connections between: –Offices –remote workers and –the.
Virtual Private Networks (VPNs) Source: VPN Technologies: Definitions and Requirements. VPN Consortium, July 2008.VPN Technologies: Definitions and Requirements.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
MPLS Label Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Understand Internet Security LESSON Security Fundamentals.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Remote Access and Long-Distance Communications. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Typical Telephone.
K. Salah1 Security Protocols in the Internet IPSec.
Virtuelne Privatne Mreže 1 Dr Milan Marković. VPN implementations  In the following sections we will discuss these popular VPN implementation methods,
Securing Access to Data Using IPsec Josh Jones Cosc352.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Virtual Private Network Wo Yan Lam. Overview What is Virtual Private Network Different types of VPN –Remote-Access VPN –Site-to-site VPN Security features.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
Virtual Private Networks
Virtual Private Network (VPN)
Wide Area Network.
Virtual Private Networks (VPN)
Chapter 1: WAN Concepts Connecting Networks
Virtual Private Network (VPN)
Virtual Private Network
Cengage Learning: Computer Networking from LANs to WANs
Unit 8 Network Security.
Presentation transcript:

Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update

Objective Learn what a VPN is and why you would use one Copyright Kenneth M. Chipps Ph.D. 2

3 What is a VPN A VPN – Virtual Private Network is a method used to add security to a WAN link This added security is especially important for those methods of linking Point A to Point B that make the link through the Internet

Copyright Kenneth M. Chipps Ph.D. 4 Types of VPNs A VPN can be purchased as a service from a service provider or it can be setup by the end user If a service provider is used, this service provider can be the same one that provided the data line or a provider that just adds a VPN on top of the data line

Copyright Kenneth M. Chipps Ph.D. 5 Types of VPNs Service provider offerings are typically one of two methods –IPSec-encrypted tunnel VPN –MPLS VPN IPSec tunnel-based VPNs are sometimes referred to as client-premises equipment- based VPNs because the service provider typically places equipment at the client site

Copyright Kenneth M. Chipps Ph.D. 6 Types of VPNs This device handles encryption and decryption of traffic before it goes out over the service providers' network Traffic within the service provider network is routed the same as any other IP traffic, and the service provider has no visibility into the IP tunnel

Copyright Kenneth M. Chipps Ph.D. 7 Types of VPNs Nor does the service provider network need to be configured in any special manner to support IPSec VPNs Because traffic in an IPSec-based VPN is encrypted, it is generally considered secure to use IPSec to transport sensitive traffic over a public IP network

Copyright Kenneth M. Chipps Ph.D. 8 Types of VPNs An IPSec-based VPN can also be offered by a service provider as a managed service With this type of VPN, the service provider deploys and manages the customer premises equipment, and all traffic is carried over that provider's network This lets the provider offer service-level guarantees for assured performance

Copyright Kenneth M. Chipps Ph.D. 9 Types of VPNs These are also called Private IP Networks sometimes A end user can also deploy their own VPN devices This approach is recommended for connecting branch offices that only have one Internet connection

Copyright Kenneth M. Chipps Ph.D Types of VPNs The disadvantages to the do it yourself method is that you are responsible for managing VPN configurations, and because traffic is transversing the Internet, there are no performance guarantees However, a do it yourself approach lets corporations establish a VPN to any site that has access to the Internet regardless of whose network they must use to do this

Copyright Kenneth M. Chipps Ph.D Types of VPNs The second type of service provider based VPN operates at either layer 2 or layer 3 Layer 2 VPNs based on the IETF - Internet Engineering Task Force's Martini draft or Kompella draft simply emulate layer 2 services such as Frame Relay, ATM or Ethernet

Copyright Kenneth M. Chipps Ph.D Types of VPNs Typically, layer 2 MPLS VPNs are invisible to the end user, much in the same way the underlying ATM infrastructure is invisible to Frame Relay users The customer is still buying Frame Relay or ATM, regardless of how the provider provisions the service

Copyright Kenneth M. Chipps Ph.D Types of VPNs With layer 3 MPLS VPNs, also known as IP enabled or Private IP VPNs, service providers assign labels to IP traffic flows These labels represent unique identifiers and allow for the creation of virtual IP circuits or LSP - Label Switched Paths within an IP network

Copyright Kenneth M. Chipps Ph.D Types of VPNs By using labels, a service provider can create closed paths that are isolated from other traffic within the service provider's network, providing the same level of security as other PVC - Private Virtual Circuit type of services such as Frame Relay or ATM

Copyright Kenneth M. Chipps Ph.D Types of VPNs Because MPLS VPNs require the service provider to modify its network, they are considered network-based VPNs MPLS-based VPNs require no client devices, and tunnels usually terminate at the service provider edge-router Layer 3 VPNs offer significant advantages to traditional Layer 2 services

Copyright Kenneth M. Chipps Ph.D Types of VPNs Because they rely on IP routing to build paths, they easily can be used to create fully or partially meshed networks within a service provider cloud, with only one entry point into the cloud from each location

Copyright Kenneth M. Chipps Ph.D Sources The preceding is from a discussion from April 2002 in Network Fusion by Irwin Lazar

Copyright Kenneth M. Chipps Ph.D Types of VPNs When an organization sets up their own VPN connections they can also use a IPSec based VPN Considering the difficulty in distributing the required certificates, many have begun switching to SSL instead This is the same Secure Sockets Layer that is used for online web purchases

Copyright Kenneth M. Chipps Ph.D Types of VPNs By using SSL the need to load special software on each workstation is avoided At present SSL is limited to just a few applications as they must be browser based

Copyright Kenneth M. Chipps Ph.D How to Create a VPN To create a VPN – Virtual Private Network connection two things are required –A tunnel –An encryption method

Copyright Kenneth M. Chipps Ph.D The Tunnel The tunnel is the VPN connection

Copyright Kenneth M. Chipps Ph.D An Encryption Method The encryption method makes the data unreadable

Copyright Kenneth M. Chipps Ph.D Type of VPNs Remote Access Site to Site

Copyright Kenneth M. Chipps Ph.D Remote Access A single computer connecting to a centralized VPN server is remote access

Copyright Kenneth M. Chipps Ph.D Site to Site A site to site or gateway to gateway VPN uses devices at each end to allow to LANs to connect to each other

IPSec Process An IPSec VPN relies on three things to ensure the data is safe –Encryption –Authentiction –Message Integrity Copyright Kenneth M. Chipps Ph.D. 26

Encryption IPSec encryption uses two pairs of encryption algorithms to –Hide the data –Recover the data Here is the process as shown in Wendell Odom’s ICDN2 book Copyright Kenneth M. Chipps Ph.D. 27

Encryption Copyright Kenneth M. Chipps Ph.D. 28

Encryption There are several algorithms of increasing security but increasing load on the devices using them As shown in Wendell Odom’s ICDN2 book Copyright Kenneth M. Chipps Ph.D. 29

Encryption Copyright Kenneth M. Chipps Ph.D. 30

Encryption As discussed above the process requires a key How is the key to be exchanged before the VPN is established This can be through a phone call, a letter, or unsecured This is simply the PSK – Pre Shared Key process Copyright Kenneth M. Chipps Ph.D. 31

Encryption The other problem is once the PSK is distributed it is rarely changed Copyright Kenneth M. Chipps Ph.D. 32

Authentication Authentication is part of the PSK process Copyright Kenneth M. Chipps Ph.D. 33

Message Integrity Message integrity is part of this basic process as well Copyright Kenneth M. Chipps Ph.D. 34

Copyright Kenneth M. Chipps Ph.D Common VPN Alternatives Here is table showing the common VPN alternatives as of May 2006 This is copied from Cisco’s Packet magazine

Copyright Kenneth M. Chipps Ph.D Common VPN Alternatives

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.