By – K.Darshana Viduranga – 54 HNDIT -2nd year

What is a VPN?What is a VPN?

Virtual Private Network is a Virtual Private Network is a type of private network that type of private network that uses public uses public telecommunication, such as telecommunication, such as the Internet, instead of leased the Internet, instead of leased lines to communicate.lines to communicate.

Became popular as more Became popular as more employees worked in remote employees worked in remote locations.locations.

What is a VPN? (Cont.)What is a VPN? (Cont.)

A VPN can be created by connecting A VPN can be created by connecting offices and single users (including mobile offices and single users (including mobile users) to the nearest service providers POP users) to the nearest service providers POP (Point of Presence) and using that service (Point of Presence) and using that service provider’s backbone network, or even the provider’s backbone network, or even the Internet, as the tunnel between officesInternet, as the tunnel between offices

A VPN includes authentication and A VPN includes authentication and encryption to protect data integrity and encryption to protect data integrity and confidentialityconfidentiality

Who uses VPN’s?Who uses VPN’s?

VPN’s can be found in homes, workplaces, or VPN’s can be found in homes, workplaces, or anywhere else as long as an ISP (Internet Service anywhere else as long as an ISP (Internet Service Provider) is available. Provider) is available.

VPN’s allow company employees who travel VPN’s allow company employees who travel often or who are outside their company often or who are outside their company headquarters to safely and securely connect to headquarters to safely and securely connect to their company’s Intranettheir company’s Intranet

Types of VPNTypes of VPN

Remote-Access VPNRemote-Access VPN

Site-to-Site VPNSite-to-Site VPN

Remote-Access VPNRemote-Access VPN

Remote-accessRemote-access, also called a , also called a virtual private dial-up virtual private dial-up networknetwork ( (VPDNVPDN), is a user-to-LAN connection used ), is a user-to-LAN connection used by a company that has employees who need to by a company that has employees who need to connect to the private network from various remote connect to the private network from various remote locations.locations.

A good example of a company that needs a remote-A good example of a company that needs a remote-access VPN would be a large firm with hundreds of access VPN would be a large firm with hundreds of sales people in the field.sales people in the field.

Remote-access VPNs permit secure, encrypted Remote-access VPNs permit secure, encrypted connections between a company's private network and connections between a company's private network and remote users through a third-party service provider.remote users through a third-party service provider.

Site-to-Site VPNSite-to-Site VPN

Intranet-basedIntranet-based - If a company has one or more - If a company has one or more remote locations that they wish to join in a single remote locations that they wish to join in a single private network, they can create an intranet VPN private network, they can create an intranet VPN to connect LAN to LAN.to connect LAN to LAN.

Extranet-basedExtranet-based - When a company has a close - When a company has a close relationship with another company (for example, a relationship with another company (for example, a partner, supplier or customer), they can build an partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a allows all of the various companies to work in a shared environment. shared environment.

Brief Overview of How it Brief Overview of How it WorksWorks

Two connections – one is made to the Two connections – one is made to the Internet and the second is made to the VPN.Internet and the second is made to the VPN.

Datagrams – contains data, destination and Datagrams – contains data, destination and source information.source information.

Firewalls – VPNs allow authorized users to Firewalls – VPNs allow authorized users to pass through the firewalls.pass through the firewalls.

Protocols – protocols create the VPN Protocols – protocols create the VPN tunnels.tunnels.

VPN ProtocolsVPN Protocols

There are three main There are three main protocols that power the protocols that power the vast majority of VPN’s:vast majority of VPN’s:– PPTPPPTP– L2TPL2TP– IPsecIPsec

All three protocols All three protocols emphasize encryption and emphasize encryption and authentication; preserving authentication; preserving data integrity that may be data integrity that may be sensitive and allowing sensitive and allowing clients/servers to establish clients/servers to establish an identity on the networkan identity on the network

Four Critical FunctionsFour Critical Functions

AuthenticationAuthentication – validates that the data was sent from the – validates that the data was sent from the sender.sender.

Access controlAccess control – limiting unauthorized users from – limiting unauthorized users from accessing the network.accessing the network.

ConfidentialityConfidentiality – preventing the data to be read or copied – preventing the data to be read or copied as the data is being transported.as the data is being transported.

Data IntegrityData Integrity – ensuring that the data – ensuring that the data has not been altered has not been altered

This functions achieved by Using VPN protocols This functions achieved by Using VPN protocols

Internet Protocol Security Protocol (IPSec) provides Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption enhanced security features such as better encryption algorithms and more comprehensive authentication.algorithms and more comprehensive authentication.

IPSec has two encryption modes: IPSec has two encryption modes: tunneltunnel and and transporttransport. . Tunnel encrypts the header and the payload of each Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. packet while transport only encrypts the payload.

IPSec can encrypt data between various devices, such as: IPSec can encrypt data between various devices, such as: – Router to router Router to router – Firewall to router Firewall to router – PC to router PC to router – PC to serverPC to server

VPN Protocols (continued)VPN Protocols (continued)

VPN TunnelingVPN Tunneling VPN Tunneling supports two types: voluntary tunneling and VPN Tunneling supports two types: voluntary tunneling and

compulsory tunnelingcompulsory tunneling Voluntary tunneling is where the VPN client manages the Voluntary tunneling is where the VPN client manages the

connection setup. connection setup. Compulsory tunneling is where the carrier network provider Compulsory tunneling is where the carrier network provider

manages the VPN connection setup. manages the VPN connection setup.

TunnelingTunneling– allows senders to encapsulate their data in IP packets that allows senders to encapsulate their data in IP packets that

hide the routing and switching infrastructure of the Internethide the routing and switching infrastructure of the Internet– to ensure data security against unwanted viewers, or hackersto ensure data security against unwanted viewers, or hackers

Tunneling requires three different protocolsTunneling requires three different protocols: :

Passenger protocolPassenger protocol - The original data (IPX, IP) being - The original data (IPX, IP) being carriedcarried

Encapsulating protocolEncapsulating protocol - The protocol (GRE, IPSec, - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original L2F, PPTP, L2TP) that is wrapped around the original datadata

Carrier protocolCarrier protocol - The protocol used by the network - The protocol used by the network that the information is traveling over that the information is traveling over

VPN Packet TransmissionVPN Packet Transmission

Packets are first encrypted before sent out for Packets are first encrypted before sent out for transmission over the Internet. The encrypted transmission over the Internet. The encrypted packet is placed inside an unencrypted packet. The packet is placed inside an unencrypted packet. The unencrypted outer packet is read by the routing unencrypted outer packet is read by the routing equipment so that it may be properly routed to its equipment so that it may be properly routed to its destinationdestination

Once the packet reaches its destination, the outer Once the packet reaches its destination, the outer packet is stripped off and the inner packet is packet is stripped off and the inner packet is decrypteddecrypted

VPN Security: FirewallsVPN Security: FirewallsA well-designed VPN uses several methods for A well-designed VPN uses several methods for keeping your connection and data secure: keeping your connection and data secure:

FirewallsFirewalls EncryptionEncryption IPSecIPSec AuthenticationAuthentication

You can set firewalls to restrict the number of open You can set firewalls to restrict the number of open ports, what type of packets are passed through and ports, what type of packets are passed through and which protocols are allowed through.which protocols are allowed through.

VPN EncapsulationVPN Encapsulation

Advantages of VPN’s Advantages of VPN’s

Cost EffectiveCost Effective Greater scalabilityGreater scalability Easy to add/remove usersEasy to add/remove users MobilityMobility SecuritySecurity

Disadvantages of VPN’sDisadvantages of VPN’s

Because the connection travels over public Because the connection travels over public lines, a strong understanding of network lines, a strong understanding of network security issues and proper precautions security issues and proper precautions before VPN deployment are necessarybefore VPN deployment are necessary

VPN connection stability is mainly in VPN connection stability is mainly in control of the Internet stability, factors control of the Internet stability, factors outside an organizations controloutside an organizations control

Differing VPN technologies may not work Differing VPN technologies may not work together due to immature standardstogether due to immature standards

Virtual Private Networks (VPN)Virtual Private Networks (VPN)Basic ArchitectureBasic Architecture

Resources UsedResources Used

http://wiki.answer.org http://wiki.answer.org http://www.uwsp.edu/it/vpn/http://www.uwsp.edu/it/vpn/ http://info.lib.uh.edu/services/vpn.htmlhttp://info.lib.uh.edu/services/vpn.html http://www.cites.uiuc.edu/vpn/http://www.cites.uiuc.edu/vpn/ http://www.positivenetworks.net/images/http://www.positivenetworks.net/images/

client-uploads/jumppage2.htmclient-uploads/jumppage2.htm