Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.

Slides:



Advertisements
Similar presentations
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Advertisements

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Virtual Private Networks Globalizing LANs Timothy Hohman.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
Remote Networking Architectures
Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.
Virtual Private Networks
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
1 L2TP OVERVIEW 18-May Agenda VPN Tunneling PPTP L2F LT2P.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
Chapter 12 Chapter 12: Remote Access and Virtual Private Networks.
Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Module 6: Configuring and Troubleshooting Routing and Remote Access
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Module 5: Configuring Access for Remote Clients and Networks.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN.
Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
Virtual Private Networks
Virtual Private Networks
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
Virtual Private Networks (VPN)
Virtual Private Network (VPN)
Server-to-Client Remote Access and DirectAccess
Virtual Private Networks (VPN)
Presentation transcript:

Virtual Private Networks Alberto Pace

IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely over the internet

IT/IS Technical Meeting – January 2002 What is a VPN ? u The remote computer can connect to the internet using an arbitrary Internet Service Provider (ISP) and have an IP Address in the intranet. u The computer can act as if it was on the intranet

IT/IS Technical Meeting – January 2002 Point-to-Point Tunneling Protocol u You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). (VPN) u Developed as an extension of the Point-to-Point Protocol (PPP),Point-to-Point Protocol (PPP) u PPTP tunnels or encapsulates, IP, IPX, or NetBEUI protocols inside of PPP datagrams u PPTP does not require a dial-up connection. It does, however, require IP connectivity between your computer and the server u My understanding is that it uses Microsoft Point-to-Point Encryption (MPPE)

IT/IS Technical Meeting – January 2002 Layer Two Tunneling Protocol u L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP).Point-to-Point Tunneling Protocol (PPTP) u Like PPTP, L2TP encapsulates Point-to-Point Protocol (PPP) frames, which in turn encapsulate IP, IPX, or NetBEUI protocolsPoint-to-Point Protocol (PPP) u With L2TP, the computer performs all security checks and validations, and enables data encryption, which makes it much safer to send information over nonsecure networks by using the new Internet Protocol security (IPSec) u In this case data transfer through a L2TP-enabled VPN is as secure as within a single LAN at a corporate site

IT/IS Technical Meeting – January 2002 Internet Protocol security (IPSec) u IPSec provides machine-level authentication, as well as data encryption. u IPSec negotiates between your computer and its remote tunnel server before an L2TP connection is established, which secures both passwords and data

IT/IS Technical Meeting – January 2002 Authentication Methods u Challenge Handshake Authentication Protocol (CHAP) u Uses Message Digest 5 (MD5) / challenge-response u MS-CHAP u Same as Chap + functionality to which LAN-based users are accustomed u MS-CHAP is consistent with standard CHAP (superset of functionalities) u You must at least use MS-CHAP to use MPPE (encryption) u MS-CHAP v2 u both the client and the server prove their identities. Not only the client. V2 ensures that you can configure a your connection can be configured to connect to the expected server u Extensible Authentication Protocol (EAP) u Allows to use other security devices. EAP provides a standard mechanism for support of additional authentication methods within PPP including token cards, one-time passwords, public key authentication using smart cards, certificates, and otherssmart cardscertificates

IT/IS Technical Meeting – January 2002 Types of VPNs u Router-to-Router

IT/IS Technical Meeting – January 2002 Types of VPNs u Remote Access VPNs

IT/IS Technical Meeting – January 2002 Tests at CERN u PCAP7 (computer in my office)

IT/IS Technical Meeting – January 2002 From the client u The machine we have in on the intranet only. We have to simulate internet/intranet. u The page considers intranet the address xxxhttp://cern.ch/Win/Temp/vpn.asp

IT/IS Technical Meeting – January 2002 Connect to the VPN u From “My Network Places” – Right-Click – “Properties” – “Create New Connection”

IT/IS Technical Meeting – January 2002 Try to connect

IT/IS Technical Meeting – January 2002 Conclusions so far u If we open the pptp port on address , we have today a working solution with the following limitations u Uses PPTP and Microsoft Point-to-Point Encryption u Windows computer have all necessary software natively u Windows Machines can be identified (as member of the domain or an ad-hoc domain) u Security is strengthened by domain logon that can be tightened to anything you want u This is the current “industry standard” u Used world-wide, secure and proven technology u Evolution towards L2TP and IPSec coming, but slowly (requires heavy infrastructure)

IT/IS Technical Meeting – January 2002 More conclusion so far u Using this technology, we could open rapidly a VPN service for WINDOWS users u Time to install and configure the VPN server ~ 8 hours u Time to install a windows client that has already TCP/IP connectivity ~ 1 minute u Support for Linux users could come for the “community” u May be very expensive to formally support Linux clients u Not a standard technology – to my knowledge, no companies have “roaming linux users” on the internet to the same extent that we have u Deploying the IPsec infrastructure to support L2TP will require an administrative office to distribute, revoke and maintain computer certificates and user certificates. u May not be possible within the current resources / May require several years u Yet another computer Registration ? Yet another user Registration ? u Should try to have LANDB and CCDB moving in this direction. Only if this happens the investment can be justified.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.