Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 1 VPN Last Update 2010.11.29 1.3.0.

Published byBryan Thomas Green Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 1 VPN Last Update 2010.11.29 1.3.0."— Presentation transcript:

1 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 1 VPN Last Update 2010.11.29 1.3.0

2 Objective Learn what a VPN is and why you would use one Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 2

3 3 What is a VPN A VPN – Virtual Private Network is a method used to add security to a WAN link This added security is especially important for those methods of linking Point A to Point B that make the link through the Internet

4 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 4 Types of VPNs A VPN can be purchased as a service from a service provider or it can be setup by the end user If a service provider is used, this service provider can be the same one that provided the data line or a provider that just adds a VPN on top of the data line

5 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 5 Types of VPNs Service provider offerings are typically one of two methods –IPSec-encrypted tunnel VPN –MPLS VPN IPSec tunnel-based VPNs are sometimes referred to as client-premises equipment- based VPNs because the service provider typically places equipment at the client site

6 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 6 Types of VPNs This device handles encryption and decryption of traffic before it goes out over the service providers' network Traffic within the service provider network is routed the same as any other IP traffic, and the service provider has no visibility into the IP tunnel

7 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 7 Types of VPNs Nor does the service provider network need to be configured in any special manner to support IPSec VPNs Because traffic in an IPSec-based VPN is encrypted, it is generally considered secure to use IPSec to transport sensitive traffic over a public IP network

8 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 8 Types of VPNs An IPSec-based VPN can also be offered by a service provider as a managed service With this type of VPN, the service provider deploys and manages the customer premises equipment, and all traffic is carried over that provider's network This lets the provider offer service-level guarantees for assured performance

9 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 9 Types of VPNs These are also called Private IP Networks sometimes A end user can also deploy their own VPN devices This approach is recommended for connecting branch offices that only have one Internet connection

10 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 10 Types of VPNs The disadvantages to the do it yourself method is that you are responsible for managing VPN configurations, and because traffic is transversing the Internet, there are no performance guarantees However, a do it yourself approach lets corporations establish a VPN to any site that has access to the Internet regardless of whose network they must use to do this

11 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 11 Types of VPNs The second type of service provider based VPN operates at either layer 2 or layer 3 Layer 2 VPNs based on the IETF - Internet Engineering Task Force's Martini draft or Kompella draft simply emulate layer 2 services such as Frame Relay, ATM or Ethernet

12 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 12 Types of VPNs Typically, layer 2 MPLS VPNs are invisible to the end user, much in the same way the underlying ATM infrastructure is invisible to Frame Relay users The customer is still buying Frame Relay or ATM, regardless of how the provider provisions the service

13 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 13 Types of VPNs With layer 3 MPLS VPNs, also known as IP enabled or Private IP VPNs, service providers assign labels to IP traffic flows These labels represent unique identifiers and allow for the creation of virtual IP circuits or LSP - Label Switched Paths within an IP network

14 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 14 Types of VPNs By using labels, a service provider can create closed paths that are isolated from other traffic within the service provider's network, providing the same level of security as other PVC - Private Virtual Circuit type of services such as Frame Relay or ATM

15 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 15 Types of VPNs Because MPLS VPNs require the service provider to modify its network, they are considered network-based VPNs MPLS-based VPNs require no client devices, and tunnels usually terminate at the service provider edge-router Layer 3 VPNs offer significant advantages to traditional Layer 2 services

16 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 16 Types of VPNs Because they rely on IP routing to build paths, they easily can be used to create fully or partially meshed networks within a service provider cloud, with only one entry point into the cloud from each location

17 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 17 Sources The preceding is from a discussion from April 2002 in Network Fusion by Irwin Lazar

18 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 18 Types of VPNs When an organization sets up their own VPN connections they can also use a IPSec based VPN Considering the difficulty in distributing the required certificates, many have begun switching to SSL instead This is the same Secure Sockets Layer that is used for online web purchases

19 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 19 Types of VPNs By using SSL the need to load special software on each workstation is avoided At present SSL is limited to just a few applications as they must be browser based

20 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 20 How to Create a VPN To create a VPN – Virtual Private Network connection two things are required –A tunnel –An encryption method

21 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 21 The Tunnel The tunnel is the VPN connection

22 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 22 An Encryption Method The encryption method makes the data unreadable

23 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 23 Type of VPNs Remote Access Site to Site

24 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 24 Remote Access A single computer connecting to a centralized VPN server is remote access

25 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 25 Site to Site A site to site or gateway to gateway VPN uses devices at each end to allow to LANs to connect to each other

26 IPSec Process An IPSec VPN relies on three things to ensure the data is safe –Encryption –Authentiction –Message Integrity Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 26

27 Encryption IPSec encryption uses two pairs of encryption algorithms to –Hide the data –Recover the data Here is the process as shown in Wendell Odom’s ICDN2 book Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 27

28 Encryption Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 28

29 Encryption There are several algorithms of increasing security but increasing load on the devices using them As shown in Wendell Odom’s ICDN2 book Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 29

30 Encryption Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 30

31 Encryption As discussed above the process requires a key How is the key to be exchanged before the VPN is established This can be through a phone call, a letter, or unsecured email This is simply the PSK – Pre Shared Key process Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 31

32 Encryption The other problem is once the PSK is distributed it is rarely changed Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 32

33 Authentication Authentication is part of the PSK process Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 33

34 Message Integrity Message integrity is part of this basic process as well Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 34

35 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 35 Common VPN Alternatives Here is table showing the common VPN alternatives as of May 2006 This is copied from Cisco’s Packet magazine

36 Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 36 Common VPN Alternatives

Download ppt "Copyright 2005-2010 Kenneth M. Chipps Ph.D. www.chipps.com 1 VPN Last Update 2010.11.29 1.3.0."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Identifying MPLS Applications

Identifying MPLS Applications
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
COS 338 Day 12. 2 DAY 12 Agenda Capstone Proposal Overdue 3 accepted, 2 in mediation, 1 MIA Assignment 4 Due Lab 4 is Today & Oct 24 (After exam) OpNet.

COS 338 Day DAY 12 Agenda Capstone Proposal Overdue 3 accepted, 2 in mediation, 1 MIA Assignment 4 Due Lab 4 is Today & Oct 24 (After exam) OpNet.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Virtual Private Networking Karlene R. Samuels COSC513.

Virtual Private Networking Karlene R. Samuels COSC513.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Virtual Private Network

Virtual Private Network
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
MPLS networking at PSP Co Multi-Protocol Label Switching Presented by: Hamid Sheikhghanbari 1.

MPLS networking at PSP Co Multi-Protocol Label Switching Presented by: Hamid Sheikhghanbari 1.

Similar presentations

Ads by Google