Virtual Private Networks (VPN’s)

1
Virtual Private Networks(VPNs)

• By Agasi Aslanyan
• Joel Almasol
• Joe Nghe
• Michael Wong
• CIS 484
• May 20, 2004

2
Table Of Contents

• VPN Introduction What is VPN and who uses it?
• 3 Types of VPNs
• VPN Protocols
• VPN Tunneling
• VPN Packet Transmission
• VPN Security Firewalls
• VPN Devices
• VPN Advantages/Disadvantages
• VPN Connections in Windows XP
• Summary/Conclusion

3
What is a VPN?

• A virtual private network (VPN) is a network that
  uses public means of transmission (Internet) as
  its WAN link

4
What is a VPN? (Cont.)

• A VPN can be created by connecting offices and
  single users (including mobile users) to the
  nearest service providers POP (Point of Presence)
  and using that service providers backbone
  network, or even the Internet, as the tunnel
  between offices
• Traffic that flows through the backbone is
  encrypted to prevent intruders from spying or
  intercepting the data

5
What is a VPN? (Cont.)
6
Who uses VPNs?

• VPNs can be found in homes, workplaces, or
  anywhere else as long as an ISP (Internet Service
  Provider) is available.
• VPNs allow company employees who travel often or
  who are outside their company headquarters to
  safely and securely connect to their companys
  Intranet

7
3 Types of VPN

• Remote-Access VPN
• Site-to-Site VPN (Intranet-based)
• Site-to-Site VPN (Extranet-based)

8
Remote-Access VPN

• Remote-access, also called a virtual private
  dial-up network (VPDN), is a user-to-LAN
  connection used by a company that has employees
  who need to connect to the private network from
  various remote locations.
• A good example of a company that needs a
  remote-access VPN would be a large firm with
  hundreds of sales people in the field.
• Remote-access VPNs permit secure, encrypted
  connections between a company's private network
  and remote users through a third-party service
  provider.

9
Site-to-Site VPN

• Intranet-based - If a company has one or more
  remote locations that they wish to join in a
  single private network, they can create an
  intranet VPN to connect LAN to LAN.
• Extranet-based - When a company has a close
  relationship with another company (for example, a
  partner, supplier or customer), they can build an
  extranet VPN that connects LAN to LAN, and that
  allows all of the various companies to work in a
  shared environment.

10
All 3 types of VPN
11
VPN Protocols

• There are three main protocols that power the
  vast majority of VPNs
• PPTP
• L2TP
• IPsec
• All three protocols emphasize encryption and
  authentication preserving data integrity that
  may be sensitive and allowing clients/servers to
  establish an identity on the network

12
VPN Protocols (In depth)

• Point-to-point tunneling protocol (PPTP)
• PPTP is widely supported by Microsoft as it is
  built into the various flavors of the Windows OS
• PPTP initially had weak security features,
  however, Microsoft continues to improve its
  support
• Layer Two tunneling protocol (L2TP)
• L2TP was the original competitor to PPTP and was
  implemented primarily in Cisco products
• L2TP is a combination of the best features of an
  older protocol L2F and PPTP
• L2TP exists at the datalink layer (Layer 2) of
  the OSI model

13
VPN Protocols (continued)

• Internet Protocol Security Protocol (IPSec)
  provides enhanced security features such as
  better encryption algorithms and more
  comprehensive authentication.
• IPSec has two encryption modes tunnel and
  transport. Tunnel encrypts the header and the
  payload of each packet while transport only
  encrypts the payload. Only systems that are IPSec
  compliant can take advantage of this protocol.
• IPSec can encrypt data between various devices,
  such as
• Router to router
• Firewall to router
• PC to router
• PC to server

14
VPN Tunneling

• VPN Tunneling supports two types voluntary
  tunneling and compulsory tunneling
• Voluntary tunneling is where the VPN client
  manages the connection setup.
• Compulsory tunneling is where the carrier network
  provider manages the VPN connection setup.

15
Tunneling

• Most VPNs rely on tunneling to create a private
  network that reaches across the Internet.
  Essentially, tunneling is the process of placing
  an entire packet within another packet and
  sending it over a network.
• Tunneling requires three different protocols
• Passenger protocol - The original data (IPX, IP)
  being carried
• Encapsulating protocol - The protocol (GRE,
  IPSec, L2F, PPTP, L2TP) that is wrapped around
  the original data
• Carrier protocol - The protocol used by the
  network that the information is traveling over

16
VPN Packet Transmission

• Packets are first encrypted before sent out for
  transmission over the Internet. The encrypted
  packet is placed inside an unencrypted packet.
  The unencrypted outer packet is read by the
  routing equipment so that it may be properly
  routed to its destination
• Once the packet reaches its destination, the
  outer packet is stripped off and the inner packet
  is decrypted

17
VPN Security Firewalls

• A well-designed VPN uses several methods for
  keeping your connection and data secure
• Firewalls
• Encryption
• IPSec
• AAA Server
• You can set firewalls to restrict the number of
  open ports, what type of packets are passed
  through and which protocols are allowed through.

18
Cisco 1700 Series Routers
Some VPN products, such as Cisco 1700 routers,
can be upgraded to include firewall capabilities
by running the appropriate Cisco IOS on them.
19
VPN Concentrator

• Incorporating the most advanced encryption and
  authentication techniques available, Cisco VPN
  concentrators are built specifically for creating
  a remote-access VPN.
• The concentrators are offered in models suitable
  for everything from small businesses with up to
  100 remote-access users to large organizations
  with up to 10,000 simultaneous remote users.

20
Advantages of VPNs

• There are two main advantages of VPNs, namely
  cost savings and scalability
• VPNs lower costs by eliminating the need for
  expensive long-distance leased lines. A local
  leased line or even a broadband connection is all
  thats needed to connect to the Internet and
  utilize the public network to securely tunnel a
  private connection

21
Advantages of VPNs (continued)

• As the number of company branches grows,
  purchasing additional leased-lines increases cost
  exponentially, which is why VPNs offer even
  greater cost savings when scalability is an issue
• VPNs may also be used to span globally, which
  lowers cost even more when compared to
  traditional leased lines

22
Disadvantages of VPNs

• Because the connection travels over public lines,
  a strong understanding of network security issues
  and proper precautions before VPN deployment are
  necessary
• VPN connection stability is mainly in control of
  the Internet stability, factors outside an
  organizations control
• Differing VPN technologies may not work together
  due to immature standards

23
VPN Connection in XP
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
Summary

• A virtual private network (VPN) is a network that
  uses public means of transmission (Internet) as
  its WAN link, connecting clients who are
  geographically separated through secure tunneling
  methods
• Main VPN protocols include PPTP, L2TP, and IPsec
• VPN Tunneling supports two types voluntary
  tunneling and compulsory tunneling
• Cost and Scalability are the main advantages of a
  VPN
• Network security and Internet stability are the
  main concerns for VPNs

32
Resources Used

• http//vpn.shmoo.com/
• http//www.uwsp.edu/it/vpn/
• http//info.lib.uh.edu/services/vpn.html
• http//www.cites.uiuc.edu/vpn/
• http//www.positivenetworks.net/images/client-uplo
  ads/jumppage2.htm

33
The End

• Thank you all for your time. We hope you found
  this presentation informative.