Virtual Private Networks Ed Wagner CS 7493

Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion

Introduction Virtual Private Network o a secure network that uses primarily public telecommunication infrastructures, such as the internet, to provide remote offices or traveling users an access to a centralized organizational network.

Types of VPNs PPTP IPSEC L2TP OpenVPN (SSL) Hybrid VPN MPLS VPN

PPTP Point to Point Tunneling Protocol o The most common and widely used VPN. o Defined in RFC 2637, in 1999 o Developed by Microsof and 3com. o PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. o PPTP does not specified encryption or authentication.  Security and authentication provided by the Microsoft PPTP software stack. o Authentication and Encryption  Authentication - MS-CHAPv2  Encryption - Microsoft Point to Point Encryption (MPPE) - RC4 stream cipher

PPTP Pros/Cons of PPTP + Cheap to setup - not as secure + pre-existing technology- security not native

IPSEC Internet Protocol Security Protocol o a protocol suite for securing IP communications by authenticating and encrypting each IP packet. o Developed at the Naval Research Lab. o Operates in the OSI layer 3, much lower than other VPN protocols. o 2 modes of transmission:  Tunnel - entire packet is encrypted, then encapsulated in a new ip packet. used in network to network vpns, and host to network vpn NAT transversal  Transport - Only the payload of the IP packet is encrypted o When the authentication header effects routing, use NAT-T

IPSEC Pros/Cons of IPSEC + Highest security + when used with l2tp, data is encapsulated twice. - harder to setup - possible routing issues - requires more processing power

L2TP Layer 2 Tunneling Protocol o a tunneling protocol used to support vpns. o does not provide any encryption or authentication  usually used encrypted with IPsec. o Proposed in 1999, RFC 2661 o Entire packet, both header and payload are sent as a UDP packet on port 1701.

L2TP Pros/Cons of L2TP + native windows support + feature rich backend allows use of other protocols - No native security - slower than other vpn sources

OpenVPN An open source software applications that implements VPN techniques for creating secure point to point or site to site connections in routed/bridged networks Created in 2002, by James Yonan Uses SSL for encryption Authentication is done with pre-shared keys

OpenVPN Pros/Cons of OpenVPN + great community support + free + easy to setup - SSL can require more processing power.

Hybrid VPNs Hybrid VPN servers are able to accept connections from multiple types of VPN clients. For example, combining the features of SSL and IPSEC

Hybrid VPNS Pros/Cons of Hybrid + Ability to use different protocols to provide greater usage. - expensive to implement.

MPLS VPN Multi-Protocol Label Switching o a family of methods for harnessing the power of multiprotocol label switching to create VPNs. o MPLS VPNs give network engineers the flexibility to transport and route several types of network traffic using the technologies of a MPLS backbone  Related to telecommunication standards

MPLS Pros/Cons of MPLS + use of different network technologies to provide a VPN network. - Not easy to setup.

Encrypting and Tunneling Encrypting o Encoding a packet of information using a known and tested algorithm. o Ex: IPsec, MPPE Tunneling o Creating a path where all packets are routed to the next path in the circuit, whether encrypted or not. o Ex: L2TP, PPTP (not with MPPE)

Conclusion There are various options for VPNs. The major factors for an SA setting up a VPN network would be the Needs for Mobility, the complexity of security, and the expense that will be used to implement the VPN

Questions?

Works cited