Presentation is loading. Please wait.

Presentation is loading. Please wait.

VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,

Published byCaroline Atkins Modified over 8 years ago

Similar presentations

Presentation on theme: "VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,"— Presentation transcript:

1 VIRTUAL PRIVATE NETWORKS Lab#9

2 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers, links, DNS infrastructure.  With a VPN, institution’s inter-office traffic is sent over public Internet instead.  But inter-office traffic is encrypted before entering public Internet

3 3 IP header IP header IPsec header IPsec header Secure payload Secure payload IP header IP header IPsec header IPsec header Secure payload Secure payload IP header IP header IPsec header IPsec header Secure payload Secure payload IP header IP header payload IP header IP header payload headquarters branch office salesperson in hotel Public Internet laptop w/ IPsec Router w/ IPv4 and IPsec Router w/ IPv4 and IPsec Virtual Private Network (VPN)

4 What is VPN  Virtual Private Network is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated connection such as leased line, a VPN uses “virtual” connections routed though the internet.  A method of ensuring private, secure communication between hosts over an insecure medium using tunneling

5 What is tunneling? ECE 4112 - Internetwork Security  Most VPNs rely on tunneling to create a private network that reaches across the Internet.  Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network.

6 Example: AppleTalk over IP Tunnel ECE 4112 - Internetwork Security

7 Tunneling Payload Original IP Header New IP Header Original IP Header

8 Types of VPN ECE 4112 - Internetwork Security  Uses some means of encryption to secure communications  IPSec  SSH  Software could be written to support any type of encryption scheme  Two main types of VPNs –  Remote-Access  Site-to-Site

9 What is a VPN? (cont…) ECE 4112 - Internetwork Security  Remote-Access  The typical example of this is a dial-up connection from home or for a mobile worker, who needs to connect to secure materials remotely  Site-to-Site  The typical example of this is a company that has offices in two different geographical locations, and wants to have a secure network connection between the two

10 Remote-Access VPN  Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations.  A good example of a company that needs a remote- access VPN would be a large firm with hundreds of sales people in the field.  Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider.

11 Remote-Access Example ECE 4112 - Internetwork Security

12 Site-to-Site VPN  Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN.  Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.

13 Site-to-Site Example ECE 4112 - Internetwork Security

14 VPN

15 VPN Protocols  There are three main protocols that power the vast majority of VPN’s:  PPTP  L2TP  IPsec  All three protocols emphasize encryption and authentication; preserving data integrity that may be sensitive and allowing clients/servers to establish an identity on the network

16 VPN Protocols (In depth)  Point-to-point tunneling protocol (PPTP)  PPTP is widely supported by Microsoft as it is built into the various flavors of the Windows OS  PPTP initially had weak security features, however, Microsoft continues to improve its support  Layer Two tunneling protocol (L2TP)  L2TP was the original competitor to PPTP and was implemented primarily in Cisco products  L2TP is a combination of the best features of an older protocol L2F and PPTP  L2TP exists at the datalink layer (Layer 2) of the OSI model

17 VPN Protocols and Their Uses Slide 17 Firewalls & Network Security, 2nd ed. - Chapter 11

18 Why Use a VPN? ECE 4112 - Internetwork Security  Originally designed as inexpensive alternative WAN over leased lines  Now mostly used to securely connect computers over the internet  Convenient  Lot’s of cheap and convenient protocols are insecure (IP, 802.11, etc)  Can now communicate securely over these insecure protocols

19 VPN Advantages ECE 4112 - Internetwork Security  Improved Security  Consolidation of Scattered Resources  Reduced Cost (vs. Leased Lines)

20 VPN Disadvantages ECE 4112 - Internetwork Security  Time Consuming Setup  Possibly Frustrating Troubleshooting  Interoperability with other Networks/VPNs  Small performance overhead

21 VPN Security ECE 4112 - Internetwork Security  In academic terms, VPN can provide Confidentiality, Integrity, and Authenticity  Security against determined hacker depends largely upon underlying protocols used  Assuming security of SSH, IPSec, or other protocol used, should be secure

22 Summary  To enable remote user to connect to a VPN, issue that user VPN client software  Make sure user’s computer has anti-virus software and a firewall  May need to obtain key for remote user if using IPSec to make VPN connection  VPN best practices include:  Security policy rules specific to the VPN  Integration of firewall packet filtering and VPN traffic  Auditing VPN to ensure acceptable performance Slide 22 Firewalls & Network Security, 2nd ed. - Chapter 11

Download ppt "VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,"

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
11 Setting Up a Virtual Private Network

11 Setting Up a Virtual Private Network
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
Remote Desktop Connection Techniques Wireless Communication Networks.

Remote Desktop Connection Techniques Wireless Communication Networks.
TCP/IP Protocol Suite 1 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference between.

TCP/IP Protocol Suite 1 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference between.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.
Virtual Private Networking Karlene R. Samuels COSC513.

Virtual Private Networking Karlene R. Samuels COSC513.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Networks (VPN’s)

Virtual Private Networks (VPN’s)

Similar presentations

Ads by Google