1 Virtual Private Network (VPN) Course: COSC513 Instructor: Professor M. Anvari Student: Xinguang Wang

2 Content Introduction VPN Technologies VPN Products Advantages and Disadvantages of VPN Conclusion

3 Public vs Private Network Public Network Accessible freely to everyone, no boundaries and few rules to manage it. Problem of security Ideal medium for illegal activity

4 Public vs Private Network Private network Owned by a single corporation Gateway routers exist between private network and public network Firewall prevents intruders coming from public network

5 Limit to Private Network Separate branches or offices Need for remote access Traditional method—using leased lines, not flexible and expensive

6 Solution: Virtual Private Network (VPN) Definition: a way to simulate a private network over a public network (Internet) Allow creation of a secure, private network over a public network such as the Internet Done through IPSec (IP Security Protocol), encryption, packet tunneling, and firewalls

7 Functions provided by VPN Authentication: ensuring that the data originates at the source that it claims access control: restricting unauthorized users from gaining admission to the network Confidentiality: preventing anyone from reading or copying data as it travels across the Internet data integrity: ensuring that no one tampers with data as it travels across the Internet

8 An Important property of VPN Virtual means dynamic—Network formed logically, no permanent links. When connection no longer needed the links is torn down—bandwidth saved.

9 How to create tunnels A tunnel is a virtual connection between locations that are connected in a VPN Host A generates an IP packet with the destination address of Host B The packet is routed to a firewall or secure router at the boundary of A’s network. The firewall filters all packets to determine the need for IPSec processing.

10 How to create a tunnel(cont) The packet is now routed to B’s firewall After detected the packet is delivered to B

11 IP Security Protocols (IPSec) IPSec is a protocol suite  a set of IP extensions that provide security services at the network level. IPSec technology is based on modern cryptographic technologies, making very strong data authentication and privacy guarantees possible.

12 IPSec functions Three facilities provided by IPSec Authentication-only Authentication/encryption Key exchange

13 Other protocols for VPN Point to point tunnel protocol (PPTP) Layer-2 forwarding (L2F) Layer-2 tunneling protocol (L2TP)

14 VPN Products Hardware-based system Encrypting routers Secure and easy to use Not flexible Firewall-based system Using farewall’s security system Restrict the access to the internal network Performance not as good as hard-ware based

15 VPN Product (cont) Software-based system, ideal when Both ends not controlled by the same corp. Different firewalls and routers implemented within the same system Harder to manage than encrypting routers

16 Advantages of VPN Lower cost Remote access Platform independent Can be used both as extranet and intranet

17 Disadvantages of VPN Lower bandwidth available compared to dial-in line Inconsistent remote access performance due to changes in Internet connectivity No entrance into the network if the Internet connection is broken

18 Conclusion The driving force for VPN is the requirement to make more secure information communication and to decrease the communication cost IPSec is the mostly used protocols for VPN

19 References 1. Virtual private networks: making the right connection, Dennis Fowler, San Francisco, CA, Morgan Kaufmann Publishers, 1999;