Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Networks (VPN)

Published byFemke de Haan Modified over 5 years ago

Similar presentations

Presentation on theme: "Virtual Private Networks (VPN)"— Presentation transcript:

1 Virtual Private Networks (VPN)
Based on slides accompanying the book Network Defense and Countermeasures by Chuck Easttom (2018)

2 Objectives Use a virtual private network (VPN)
Use Point-to-Point Tunneling Protocol (PPTP) as an encryption tool for VPNs Use Layer 2 Tunneling Protocol (L2TP) as an encryption tool for VPNs Add security and privacy to a communication using IPSec Understand and evaluate VPN solutions © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

3 Introduction Virtual private networks (VPNs) provide users of your network the ability to establish a secure remote connection to the network as if they were connecting locally. VPNs provide a solution to the administrator’s need for security in remote connections while solving the user’s need to connect from virtually anywhere. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

4 Basic VPN Technology Data is encapsulated with a header and transmitted over the Internet Does not require additional technologies Multiple methods of connection are available: Dial-up and modem bank High-speed (DSL, cable modem, fiber optic.) © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

5 Basic VPN Technology Remote users are not the only beneficiaries
Site-to-site connections can also be made Enables an organization to move away from expensive dedicated data lines © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

6 Protocols for VPN Encryption
PPTP L2TP IPSec © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

7 Point-to-Point Tunneling Protocol (PPTP)
Older technology than L2TP or IPSec but still widely used Near universal support among VPN equipment vendors Consumes fewer resources than L2TP and IPSec Operates at Layer 2 of OSI model Supports IPX and NetBEUI transmissions Supports two generic types of tunneling Voluntary Compulsory Discuss each of these operations. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

8 PPTP Authentication Extensible Authentication Protocol (EAP)
Designed specifically with PPTP, works from within PPP’s authentication protocol Challenge Handshake Authentication Protocol (CHAP) Three-part handshaking procedure Server sends a challenge message to the originating client Client sends back a value calculated using a one-way hash function Server checks the response against its own calculation Discuss the different types of PPTP authentication. Point out Figure 7.3 that illustrates CHAP authentication. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

9 Layer 2 Tunneling Protocol (L2TP)
New and improved version of PPTP Considered less secure than IPSec Not uncommon to be used with IPSec L2TP Authentication Supports EAP, CHAP (as PPTP does) Also supports MS-CHAP, PAP, SPAP, and Kerberos © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

10 L2TP Authentication MS-CHAP Versus CHAP
Response packet formatted for Windows compatibility Does not require the authenticator to store a clear-text or reversibly encrypted password Provides retry and password changing mechanisms Defines a set of reason-for-failure codes Elaborate on the differences between these two authentication methods. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

11 L2TP Authentication PAP Password Authentication Protocol
Most basic form of authentication Username and password transmitted in clear text Point out the illustrated figure on PAP. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

12 L2TP Authentication SPAP Shiva Password Authentication Protocol
Proprietary version of PAP Encrypted username and password Susceptible to “Playback attack” Define the playback attack. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

13 Kerberos Very well-known network authentication protocol
Sends messages between client and server The actual password is never sent, even as a hash Server uses the stored hash of the password as an encryption key to encrypt data and send it back to the client Kerberos is often on exams. Review the examples on pages © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

14 The Kerberos Process Walk students through this example, making sure they understand each step. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

15 L2TP Compared to PPTP L2TP PPTP Non IP networks
Yes, L2TP can work over X.25 networks and ATM networks No, IP only Encryption Yes, using IPSec Yes, using MPPE Authentication Yes, using EAP, MS-CHAP, CHAP, SPAP, PAP,and Kerberos Yes, EAP and CHAP Explain the differences between the two protocols. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

16 Internet Protocol Security (IPSec)
Developed by the Internet Engineering Task Force (IETF) Symmetric key encryption technology Two encryption modes Transport: Encrypts data but leaves the header unencrypted Less secure, faster Tunnel: Encrypts both the header and the data More secure, slower Elaborate on the two modes of IPSec. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

17 Other Protocols Used with IPSec
Authentication Header (AH) Authentication only Encapsulated Security Payload (ESP) Both data confidentiality and authentication Internet Key Exchange (IKE) Sets up security associations © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

18 SSL/TLS Protocols used to secure websites
SSL: Secure Sockets Layer TLS: Transport Layer Security A new type of firewall uses them to provide VPN access through a web portal © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

19 SSL/TLS Handshake © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

20 Implementing VPN Solutions
Built-in solutions Cisco Solutions Service Solutions Openswan Other Solutions Explain the different uses of the solutions listed. Built-in work primarily for home use or small offices. (These are solutions that come with an operating system.) Larger companies may need additional features that are not included in the built-in solutions. © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

21 Summary VPNs provide a secure way of connecting remote users to the network L2TP, PPTP, and IPSec are protocols that can be used PPTP is based on the PPP SSL/TLS can be used to secure a VPN connection via web access Solutions built into an operating system may not provide adequate features for large companies © 2019 by Pearson Education, Inc Chapter 7 Virtual Private Networks

Download ppt "Virtual Private Networks (VPN)"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
Remote Networking Architectures

Remote Networking Architectures
Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.

Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.
Virtual Private Networks

Virtual Private Networks
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.

Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.

Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Similar presentations

Ads by Google