Presentation is loading. Please wait.

Presentation is loading. Please wait.

VPN’s & Remote Access Issues David Trepp VP of Technology

Published byCynthia Green Modified over 8 years ago

Similar presentations

Presentation on theme: "VPN’s & Remote Access Issues David Trepp VP of Technology"— Presentation transcript:

1 VPN’s & Remote Access Issues David Trepp VP of Technology davidt@infogroupnw.com

2 Housekeeping Issues Duration: 1.25 hours +/- Questions & comments: early and often

3 Why We’re Here Examine a brief summary of considerations surrounding successful VPN and remote access planning, deployment and management. Note other perimeter security issues.

4 What is a VPN? Virtual Private Network - A network that performs private, trusted data transmissions over a public, untrusted network (e.g. the Internet). Usage: –Point to Point(s) –Remote Access –Hybrid

5 Essential VPN Definitions Authentication – A method of establishing identity between systems or users. Authorization – The right to access a network service after authentication has taken place. CIA – Confidentiality, Integrity, Availability – The three primary ways your (or your customer’s) information can be compromised.

6 More Essential VPN Definitions (Cont.) Encryption – The process of converting cleartext into what appears to be random characters (a.k.a. ciphertext) – FIPS standards include DES, 3DES, AES Tunneling – Encapsulation of packets within other packets, primarily for transmission across public IP networks (e.g. the Internet) – i.e. IPSec, L2TP, PPTP, PPP

7 VPN Economic Considerations VPN’s can be less expensive than WAN’s and more functional and secure than modem banks. Often cost-benefit compared with voice over solutions. Decision criteria include: –Current connectivity costs –Distances –Locations –# of sites –Type & volume of traffic –Existing equipment & software

8 Basic VPN Connectivity Steps Site-to-Site –1) Authenticate once –2) Encapsulate an IP packet –3) Encrypt and transmit –4) De-crypt –5) Un-encapsulate Remote Access –1) Authenticate each time a session begins –2) See 2 – 5 above

9 VPN Scaling Considerations Processor Cycles: number of tunnels (hence, processor cycles) is greater for remote user deployments than for a single site-to-site connection (i.e. 10 remote users require more processor cycles than 100 users across a site- to-site VPN). Bandwidth: depends on how the applications are deployed, but the VPN tunnel itself adds approximately 10-30% overhead.

10 VPN Security Considerations Authentication & Authorization! Centrally manageable firewalls at remote sites and/or users. Generic O/S’s vs. pre-hardened firewall/VPN device O/S’s. Application security.

11 VPN Technical Considerations Latency > 200ms causes application errors – (often a problem for remote users with DSL connections). Non-standard tunneling, encryption and hardware/software solutions can cause problems. Meshing site-to-site(s) VPN’s for fault tolerance is complex. VPN access for remote users does not mean complete network/application access. Every O/S on remote user PC’s has its own idiosyncrasies.

12 Proven VPN & Remote Access Solutions CheckPoint VPN-1: + Management of remote site and user security + Runs on appliances w/ hardened O/S’s (e.g. Nokia) + Supports many authentication schemes - $ Citrix NFUSE with Secure Gateway + Requires only browser and authentication mechanism + Supports many authentication schemes - Not a complete solution for site-to-site VPN Cisco/Altiga VPN + VPN concentrator has easy remote client setup + Runs on appliance w/ hardened O/S + Supports many authentication schemes - Limited management of remote user security

13 Other Perimeter Security Considerations Mail Relay/Virus Scanning Intrusion Detection Voice Systems Backdoors Web Servers Vendor/Business Partners

14 Regulatory Considerations FITSAF (any departments dealing with the federal government) –http://www.cio.gov/documents/federal_it_secu rity_assessment_framework_112800.htmlhttp://www.cio.gov/documents/federal_it_secu rity_assessment_framework_112800.html HIPAA (health departments) –http://aspe.os.dhhs.gov/adminsimp/nprm/seclis t.htmhttp://aspe.os.dhhs.gov/adminsimp/nprm/seclis t.htm

15

16

17 References http://www.rsasecurity.com/solutions/vpn/infocenter/ Good white papers and suchhttp://www.rsasecurity.com/solutions/vpn/infocenter/ http://www.internetwk.com/VPN/default.html Internet Week VPN sitehttp://www.internetwk.com/VPN/default.html http://www.checkpoint.com/products/security/gateway_ vpnsolutions.htmlhttp://www.checkpoint.com/products/security/gateway_ vpnsolutions.html Check Point VPN site http://www.citrix.com/press/news/releases/20011030_ga teway.asphttp://www.citrix.com/press/news/releases/20011030_ga teway.asp Citrix Secure gateway press release http://www.cisco.com/warp/public/779/largeent/learn/te chnologies/VPNs.htmlhttp://www.cisco.com/warp/public/779/largeent/learn/te chnologies/VPNs.html Cisco VPN site

Download ppt "VPN’s & Remote Access Issues David Trepp VP of Technology"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.

Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Virtual Private Networking Karlene R. Samuels COSC513.

Virtual Private Networking Karlene R. Samuels COSC513.
Internet Security Seminar Class CS591 Presentation Topic: VPN.

Internet Security Seminar Class CS591 Presentation Topic: VPN.
Remote Networking Architectures

Remote Networking Architectures
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Networks (VPN’s)

Virtual Private Networks (VPN’s)
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Virtual Private Network

Virtual Private Network
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Similar presentations

Ads by Google