Scribd Logo
Upload

Welcome to Scribd!

  • 25 views

    Virtual Private Network (VPN)

    Uploaded by

    wengie
    A VPN allows for private communication over a public network like the Internet by creating a virtual private network. It uses encryption and tunneling protocols to securely transmit data as if it were traveling over a private, dedicated connection. Common uses of VPNs include enabling remote access for mobile users and establishing secure connections between organization offices over long distances. VPNs use components like security protocols, firewalls, and appliances to protect the private network connections from unauthorized access while traveling over the public Internet.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Virtual Private Network (VPN)

    Uploaded by

    wengie
    25 views19 pages
    A VPN allows for private communication over a public network like the Internet by creating a virtual private network. It uses encryption and tunneling protocols to securely transmit data as if it were traveling over a private, dedicated connection. Common uses of VPNs include enabling remote access for mobile users and establishing secure connections between organization offices over long distances. VPNs use components like security protocols, firewalls, and appliances to protect the private network connections from unauthorized access while traveling over the public Internet.

    Original Title

    VPN PRESENTATION.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    A VPN allows for private communication over a public network like the Internet by creating a virtual private network. It uses encryption and tunneling protocols to securely transmit data as if it were traveling over a private, dedicated connection. Common uses of VPNs include enabling remote access for mobile users and establishing secure connections between organization offices over long distances. VPNs use components like security protocols, firewalls, and appliances to protect the private network connections from unauthorized access while traveling over the public Internet.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    25 views19 pages

    Virtual Private Network (VPN)

    Uploaded by

    wengie
    A VPN allows for private communication over a public network like the Internet by creating a virtual private network. It uses encryption and tunneling protocols to securely transmit data as if it were traveling over a private, dedicated connection. Common uses of VPNs include enabling remote access for mobile users and establishing secure connections between organization offices over long distances. VPNs use components like security protocols, firewalls, and appliances to protect the private network connections from unauthorized access while traveling over the public Internet.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 19

    VIRTUAL PRIVATE NETWORK (VPN)

    Virtual. Virtual means not real or in a different state of being. In a VPN, private
    communication between two or more devices is achieved through a public network the
    Internet. Therefore, the communication is virtually but not physically there.

    Private. Private means to keep something a secret from the general public. Although
    those two devices are communicating with each other in a public environment, there is
    no third party who can interrupt this communication or receive any data that is
    exchanged between them.

    Network. A network consists of two or more devices that can freely and electronically
    communicate with each other via cables and wire. A VPN is a network. It can transmit
    information over long distances effectively and efficiently.
    VIRTUAL PRIVATE NETWORK (VPN)
    BUILDING BLOCKS
    Before IP based networking, corporations had expended considerable amounts of time and
    resources, to set up complex private networks, now commonly called Intranets. These
    networks were installed using costly leased line services, Frame Relay, and ATM to
    incorporate remote users.

    As the Internet became more and more accessible and bandwidth capacities grew, companies
    began to put their Intranets onto the web and create what are now known as Extranets to
    link internal and external users. However, as cost-effective and quick-to-deploy as the
    Internet is, there is one fundamental problem – security.

    Today’s VPN solutions overcome the security factor using special tunneling protocols and
    complex encryption procedures, data integrity and privacy is achieved, and the new
    connection produces what seems to be a dedicated point-to point connection.
    VIRTUAL PRIVATE NETWORK (VPN)

    DEFINITION

    Simply put, a VPN, Virtual Private Network, is defined as a network that uses public

    network paths but maintains the security and protection of private.

    Better still, A VPN (Virtual Private Network) is an enterprise network which traverses

    a shared or public infrastructure, like the Internet and establishes private and secure

    connections over an untrusted network, with geographically dispersed users,

    customers, and business partners.


    VIRTUAL PRIVATE NETWORK (VPN)

    EXAMPLE
    For example, BICEC BANK has two locations, one in Douala (A) and Kumba(B).
    In order for both locations to communicate efficiently, BICEC BANK has the choice to set up private lines
    between the two locations.
    Although private lines would restrict public access and extend the use of their bandwidth, it will
    cost BICEC BANK a great deal of money since they would have to purchase the communication lines per mile.
    The more viable option is to implement a VPN. BICEC BANK can hook their communication lines with a local
    ISP in both cities. The ISP would act as a middleman, connecting the two locations. This would create
    an affordable small area network for BICEC BANK.
    VIRTUAL PRIVATE NETWORK (VPN)
    Categories of VPNs

    VPNs are broken into 4 categories-

    Trusted VPN: A customer “trusted” the leased circuits of a service provider and used
    it to communicate without interruption. Although it is “trusted” it is not secured.

    Secure VPN: With security becoming more of an issue for users, encryption and
    decryption was used on both ends to safeguard the information passed to and fro. This
    ensured the security needed to satisfy corporations, customers, and providers.

    Hybrid VPN: A mix of a secure and trusted VPN. A customer controls the secure
    parts of the VPN while the provider, such as an ISP, guarantees the trusted aspect.

    Provider-provisioned VPN: A VPN that is administered by a service provider.


    VIRTUAL PRIVATE NETWORK (VPN)
    How VPN works Internally
     To begin using a VPN, an Internet connection is needed; the Internet connection can be
    leased from an ISP and range from a dial up connection for home users to faster connections
    for businesses.
     A specially designed router or switch is then connected to each Internet access circuit to
    provide access from the origin networks to the VPN.
     The VPN devices create PVCs (Permanent Virtual Circuit- a virtual circuit that
    resembles a leased line because it can be dedicated to a single user) through tunnels allowing
    senders to encapsulate their data in IP packets that hide the underlying routing and switching
    infrastructure of the Internet from both the senders and receivers.
     The VPN device at the sending facility takes the outgoing packet or frame and encapsulates
    it to move through the VPN tunnel across the Internet to the receiving end.
     The process of moving the packet using VPN is transparent to both the users, Internet
    Service Providers and the Internet as a whole.
     When the packet arrives on the receiving end, another device will strip off the VPN frame
    and deliver the original packet to the destination network.
    VIRTUAL PRIVATE NETWORK (VPN)
    Types of VPN
    There are currently three types of VPN in use: remote access VPN, intranet VPN,
    extranet VPN.
    1. REMOTE ACCESS VPNs enables mobile users to establish a connection to an
    organization server by using the infrastructure provided by an ISP (Internet
    Services Provider).
     Remote access VPN allows users to connect to their corporate intranets
    or extranets wherever or whenever is needed.
     Users have access to all the resources on the organization’s network as if they
    are physically located in organization.
     The user connects to a local ISP that supports VPN using plain old telephone
    services (POTS), integrated services digital network (ISDN), digital subscriber
    line (DSL), etc.
     The VPN device at the ISP accepts the user’s login, then establishes the tunnel to
    the VPN device at the organization’s office and finally begins forwarding packets
    over the Internet
    VIRTUAL PRIVATE NETWORK (VPN)

    Remote access VPN offers advantages such as:

     Reduced capital costs associated with modem and terminal server equipment
     Greater scalability and easy to add new users
     Reduced long-distance telecommunications costs, nationwide toll-free number is no
    longer needed to connect to the organization’s modems.
    VIRTUAL PRIVATE NETWORK (VPN)

    2. INTRANET VPNS, provides virtual circuits between organization offices over the
    Internet. They are built using the Internet, service provider IP, Frame Relay, or ATM
    networks.

    An IP WAN infrastructure uses IPSec or GRE to create secure traffic tunnels across the
    network.

    Benefits of an intranet VPN include the following:


     Reduced WAN bandwidth costs, efficient use of WAN bandwidth
     Flexible topologies
     Congestion avoidance with the use of bandwidth management traffic shaping

    3. EXTRANET VPNS. The concept of setting up extranet VPNs are the same as intranet
    VPN.
    The only difference is the users. Extranet VPN are built for users such as customers,
    suppliers, or different organizations over the Internet.
    VIRTUAL PRIVATE NETWORK (VPN)
    COMPONETS OF VPN
    In order for a VPN to be beneficial a VPN platform needs to be reliable, manageable
    across the enterprise and secure from intrusion.

    1. Security – Companies need to keep their VPNs secure from tampering and
    unauthorized users. Some examples of technologies that VPN’s use is; IP Security
    (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol
    and Multiprotocol Label Switching (MPLS) along with Data Encryption Standard
    (DES), and others to manage security.
    VIRTUAL PRIVATE NETWORK (VPN)
    A further description of these technologies is detailed next.
    A. Layer Two Tunneling Protocol (L2TP) exists at the data link layer of the OSI
    model. L2TP is a combination of the PPTP and Layer two Forwarding
    (L2F).
    Layer two forwarding was also designed for traffic tunneling from mobile users to
    their corporate server.
     L2F is able to work with media such as frame relay or asynchronous
    transfer mode (ATM) because it does not dependent on IP.
     L2F also uses PPP authentication methods for dial up users, and it also
    allows a tunnel to support more than one connection.)
     L2TP uses a compulsory tunneling method, where a tunnel is created without
    any action from the user, and without allowing the user to choose a
    tunnel.
    VIRTUAL PRIVATE NETWORK (VPN)

    B. IPSec uses data encryption standard (DES) and other algorithms for
    encrypting data, public-key cryptography to guarantee the identities of
    the two parties to avoid man-in-the-middle attack, and digital certificates for
    validating public keys.
    IPSec can operate in either transport mode or tunnel mode.
    In tunnel model, intruders can only see where the end points of the
    tunnel are, but not the destinations of the packet and the sources. IPSec encrypts
    the whole packet and adds a new IP packet that contains the encrypted packet. The
    new IP packet only identifies the destination’s encryption agent. When the IPSec
    packet arrives at the encryption agent, the new encrypted packet is stripped and the
    original packet continues to its destination.
    In Transport mode, IPSec leaves the IP packet header unchanged and
    only encrypts the IP payload to ease the transmission through the Internet. IPSec
    here adds an encapsulating security payload at the start of the IP packet for security
    through the Internet. The payload header provides the source and destination
    addresses and control information.
    VIRTUAL PRIVATE NETWORK (VPN)
    Appliances – intrusion detection firewalls
    Firewalls monitors traffic crossing network parameter and protect enterprises from
    unauthorized access.
    The organization should design a network that has a firewall in place on
    every network connection between the organization and the Internet.
    Two commonly used types of firewalls are packet-level firewalls and application-level
    firewalls.
    Packet-level firewall checks the source and destination address of every packet
    that is trying to passes through the network.
    Packet-level firewall only lets the user in and out of the organization’s network only
    if the users have an acceptable packet with the correspondent source and destination
    address.
    Disadvantage of packet-level firewall is that it does not check the packet contents, or why
    they are being transmitted, and resources that are not disabled are available to all users.
    VIRTUAL PRIVATE NETWORK (VPN)
    Application-level firewall acts as a host computer between the organization’s
    network and the Internet. Users who want to access the organization’s network
    must first log in to the application-level firewall and only allow the information they
    are authorized for.

    Advantages for using application-level firewall are: users access level control, and
    resources authorization level. Only resources that are authorized are accessible.

    In contrast, the user will have to remember extra set of passwords when they try to
    login through the Internet.
    VIRTUAL PRIVATE NETWORK (VPN)

    3. Management – managing security policies, access allowances, and traffic


    management VPN’s need to be flexible to a company’s management, some companies
    chooses to manage all deployment and daily operation of their VPN, while others
    might choose to outsource it to service providers.
    VIRTUAL PRIVATE NETWORK (VPN)
    VIRTUAL PRIVATE NETWORK (VPN)
    VIRTUAL PRIVATE NETWORK (VPN)
    VIRTUAL PRIVATE NETWORK (VPN)

    You might also like