Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS682 – Network Management and Security Session 7.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS682 – Network Management and Security Session 7."— Presentation transcript:

1 CS682 – Network Management and Security Session 7

2 Virtual Private Networking If we have a network in NY and a network in SF we want them to be able to communicate with each other. Solutions: Land based telco lines (T1, T3, etc) Satellite based communications Virtual Private Network

3 Cost of operation A T1 line from coast to coast can cost over $3000/month A satellite link from coast to coast has very high startup costs and significant monthly costs. A VPN costs only as much as your internet conection

4 Virtual Private Network A VPN is defined as a system in which two networks are connected through a third, untrusted, network. The two networks are usually a main office and a satellite office, and the third network is usually the Internet.

5 Security for VPNs 1. We will be sending data over an untrusted network, so it should be encrypted 2. We will have to allow connections to our encrypting host, which presents the usually security issues 3. Can the other side of the VPN be trusted???

6 1. The Untrusted Network Your ISP may employ someone who has in interest in capturing your data as it traverses the Internet. If your data is unencrypted you may be sending your company secrets to your competors. Encryption must be employed to protect your data

7 VPN encryption schemes Usually use multiple schemes for Encryption, Authentication, and key management Encryption: DES, or 3DES, IPSec, Blowfish, etc Message Authentication: MD5, SHA-1 Key management (if nescessary): IKE, SKIP

8 If not using Public key/Private Key Again we get the issue of how to agree on a key Usually the two Security Administrators meet 2-3 times/year and agree on a new (impossible to guess) key.

9 2. Open Connections Depending on which host is doing our encryption/routing for the VPN we will have to leave application ports open through the firewall. Frequently there is one or more ports for control connections and then data is streamed over IP protocol 47 (gre). This leaves open not a port but an entire protocol!

10 Which host??? Today routing/VPN is done on either of two places, a server or the router. If the server is to do the routing/ encryption/encapsulation, it shouldn’t be doing anything else! If the router is doing the job, it should be a high performance router! In either case we can usually assist the task by purchasing specialized hardware to do the encryption calculations.

11 3. Can the other side be trusted? The DoD was hacked a few years ago not directly, but through their VPN. One of their associated agencies was negligent in their task of protecting their Internet connection. A Hacker intruded the agency and used their VPN to attack the DoD.

12 Problems with VPNs Additional Firewalls Current firewalls to protect the VPN Limitations of the VPN Larger packets (additional header)

13 Benefits of VPN Two RFC-1918 (not routable Internet addresses) can communicate over the Internet. Since the data is in a “Tunnel” the IP header that is used for routing needs to have a valid IP Much less expensive than a dedicated line

14 Other uses for VPNs Telecommuting workers Associations with other companies Offsite Backups

15 Telecommuting Workers Anyone working offsite should have the same availability to the network as someone working on our network. All windows operating systems in use today have support for Point to Point Tunneling Protocol (PPTP). A Microsoft PPTP server can be set up to allow employees to call in and work as if they were at their desks.

16 Problems with Telecommuting Workers Most Employees are not “tech-savvy” enough to be able to configure a VPN connection. If there are any problems with the VPN will a technician be able to come to their house? A better option would be a solution such as Terminal Server.

Download ppt "CS682 – Network Management and Security Session 7."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.

Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.
Remote Networking Architectures

Remote Networking Architectures
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network

Virtual Private Network
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Similar presentations

Ads by Google