Virtual Private Networks An Economical Option for Broadband Connectivity.

Slides:



Advertisements
Similar presentations
Guide to Network Defense and Countermeasures Second Edition
Advertisements

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Human Computer Interaction - Fall 2010 Class project By Khang Nguyen Virtual Private Network Design for Remote Access Cambridge - SFO Airport.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.
VIRTUAL PRIVATE NETWORKS (VPN). GROUP MEMBERS ERVAND AKOPYAN ORLANDO CANTON JR. JUAN DAVID OROZCO.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Virtual Private Networking Karlene R. Samuels COSC513.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Networks (VPN’s)
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
WAN Technologies Dial-up modem connections
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Module 4: Designing Routing and Switching Requirements.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
Guide to Firewalls and VPNs, 3 rd Edition Chapter Ten Setting Up A Virtual Private Network.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
1 Virtual Private Network (VPN) Course: COSC513 Instructor: Professor M. Anvari Student: Xinguang Wang.
Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
Providing Teleworker Services
Module 10: Providing Secure Access to Remote Offices.
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Virtual Private Networks Manraj Sekhon. What is a VPN?
Network Access for Remote Users Dr John S. Graham ULCC
VPN Alex Carr. Overview  Introduction  3 Main Purposes of a VPN  Equipment  Remote-Access VPN  Site-to-Site VPN  Extranet Based  Intranet Based.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Windows Vista Configuration MCTS : Advanced Networking.
Virtual Private Network Wo Yan Lam. Overview What is Virtual Private Network Different types of VPN –Remote-Access VPN –Site-to-site VPN Security features.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
SECURITY IN VIRTUAL PRIVATE NETWORKS PRESENTED BY : NISHANT SURESH.
Virtual Private Networks (VPN)
Providing Teleworker Services
Virtual Private Networks (VPN)
Providing Teleworker Services
Providing Teleworker Services
Cengage Learning: Computer Networking from LANs to WANs
Providing Teleworker Services
Presentation transcript:

Virtual Private Networks An Economical Option for Broadband Connectivity

Virtual Private Networks Darin Dugan Brian Webster

3 Agenda Current ISU Extension network Why do we need a Virtual Private Network? What is a Virtual Private Network? Types of VPNs, typical configurations What ISU Extension has done Lessons learned Cost analysis Conclusion

4 Current ISU Extension network 107 county and area offices Frame-relay 56k links aggregated into 3 T1s Bandwidth unchanged since 1994 Local file storage and network printing managed centrally from ISU campus

5 Problems Low speed High cost

6 Solutions Increase spending (funding) Find alternative technologies

7 Increase spending Increase state/federal appropriations Pursue grants Form strategic partnerships Any way you cut it, this is a difficult thing to do

8 Alternative technologies Broadband options are increasingly common A connection to the Internet is probably less costly than a connection to your central site How to manage effectively? Virtual Private Networks

9 Why do we need a VPN? Security Remote management Ability to “touch” workstations Network identity ISP service filtering and firewalls

10 What is a Virtual Private Network? According to Webopedia.com: a network that is constructed by using public wires to connect nodes. For example … using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

11 What is a Virtual Private Network? Uses a public network (the Internet) Secured through encryption Limited access Logically acts like a traditional private network

12 Benefits Connection-independent Comparable equipment cost Secure – all data encrypted Extend the network to anywhere

13 Typical VPN tunnel IPSec 3DES encryption Pre-shared keys L2TP with IPSec 3DES encryption Digital certificates Multi-protocol PPTP MPPE encryption

14 Two types of VPNs Remote-user Usually software-based Workstation to central site Best for roaming users Remote-site Connect sites to each other Hardware- or software-based Best for entire office

15 Typical frame-relay network Remote Office (Field) Central Site (Campus) Internet physical and logical

16 Typical Internet-connected network Remote Office (Field) Central Site (Campus) Internet physical and logical

17 Typical virtual private network Remote Office (Field) Central Site (Campus) Internet logical physical

18 Split-tunneling Two logical networks VPN tunnel to central site Direct to Internet (not tunneled) Reduces bandwidth used at central site Allows Internet access when central site is down Could introduce security risks – bypasses central site firewall, policies, etc

19 Split-tunneled VPN Remote Office (Field) Central Site (Campus) Internet

20 Equipment options Software-based Linux, BSD, Windows 2000, etc Re/use commodity PC hardware Might perform double-duty as fileserver, etc Hardware-based Dedicated system “Black box” Alcatel, Check Point, Cisco, Intel, Network Associates, SonicWALL, others

21 Hardware used Cisco VPN devices Familiar with Cisco brand Most of ISU uses Cisco devices State contract Existing Cisco infrastructure

22 Hardware used – central site Cisco VPN 3030 Concentrator Hardware-based encryption Up to 1500 simultaneous tunnels Up to 50 Mbit encrypted throughput Appliance-like functionality Does not use Cisco IOS

23 Hardware used – remote sites Cisco VPN 3002 Client Hardware-based encryption Up to 2 Mbit encrypted throughput Appliance-like functionality Does not use Cisco IOS Two modes Client mode – uses NAT to hide LAN Network Extension Mode – LAN is fully routable

24 Real-world testing Positive results DSL, cable, wireless, dial-up About 10% overhead Two active pilots DSL – over three months Wireless – over four months Negative results Satellite

25 Lessons learned – VPN 3000 series Easy to set up and configure Reliability depends on service Works well for both site-to-site and remote- user tunnels Appliance-like functionality Not as flexible as some other products Does not properly support split-tunneling

26 Other Cisco hardware choices 1710 or 1720 for remote sites Most flexible Uses Cisco IOS Up to 4 Mbit encrypted throughput 3600, 7100 or 7200 series for central site Most flexible Uses Cisco IOS Multi-purpose

27 Cost Analysis Frame-relay 56 Kbit service Line charges: $275k per year Average $2570 per office per year Average $214 per office per month Remote site hardware: $1500 (each, approx.)

28 Cost Analysis Virtual Private Network (actual example) 768/512 Kbit DSL service $99.95 per office per month $1200 per office per year 20 service locations Remote site hardware: $900 (each, approx.)

29 Cost Analysis Line cost savings: $ $1200 = $1370 per office per year Hardware cost: $ $900 = $470 still saved! Pays for itself within the first year Bandwidth dramatically increased After the first year, saves $25k+ per year

30 More information VPN Concepts /vpnmon/1_x/1_0/using/vpnmcon.htm /vpnmon/1_x/1_0/using/vpnmcon.htm Virtual Private Network Consortium Introduction to IPSec Various whitepapers Private_Networks/Whitepapers/ Private_Networks/Whitepapers/

31 Questions Darin Dugan Brian Webster