Virtual Private NetworksVirtual Private Networks(VPNs)(VPNs)
By Ryan JoyceBy Ryan Joyce
What is a Virtual Network ?What is a Virtual Network ?An interconnected group of networks An interconnected group of networks
(an internet) that appears as one large network to (an internet) that appears as one large network to
a specific usera specific user
What is a Virtual Private Network?What is a Virtual Private Network?A Virtual Private Network is a Virtual A Virtual Private Network is a Virtual
Network that is secure and has attributes of LAN Network that is secure and has attributes of LAN but over much larger scale. but over much larger scale.
History of VPNsHistory of VPNs
Started with Started with • Wide Area Networks (WANS)Wide Area Networks (WANS)
Expansive leased linesExpansive leased lines reliablereliable securesecure Very expensiveVery expensive
• Intranets (LANs) Intranets (LANs) LimitedLimited reliablereliable SecureSecure Relatively inexpensiveRelatively inexpensive
Cost of Dedicated Private LinesCost of Dedicated Private Lines
History (continued)History (continued)
Virtual Private Networks are Virtual Private Networks are relatively newrelatively new
Technology was created in the mid Technology was created in the mid 90s90s
Was not made mains stream until Was not made mains stream until couple years agocouple years ago
Why have VPNs?Why have VPNs?
Extend communications on a global Extend communications on a global scalescale
Create better communication with Create better communication with business partnersbusiness partners
Decrease the cost of having to use Decrease the cost of having to use traditional methodstraditional methods
Faster more effective reliable Faster more effective reliable businessbusiness
VideoVideo
VPN VideoVPN Video
VPN SetupsVPN Setups
Variety of OptionsVariety of Options• Hardware basedHardware based
VPN firewallsVPN firewalls edge routersedge routers
• Software baseSoftware base VPN clientsVPN clients
• MixedMixed
VPN HardwareVPN Hardware
VPN SoftwareVPN Software
VPN SetupsVPN Setups
Remote UsersRemote Users• Refers to communication access of a Refers to communication access of a
company’s network to remote or mobile company’s network to remote or mobile employees (home users)employees (home users)
• Requires monitoring and strong Requires monitoring and strong authentication practicesauthentication practices
• Scalability remains and important issue Scalability remains and important issue must be able to handle larger number of must be able to handle larger number of users.users.
Remote SetupRemote Setup
INTERNETEncryption Router
LAN A
mobile user
Home user
VPN SetupsVPN Setups
Intranet SetupIntranet Setup• Refers to linking a companies internal Refers to linking a companies internal
branches or subsidiaries togetherbranches or subsidiaries together• Requires high security, must be able to Requires high security, must be able to
transmit and receive sensitive transmit and receive sensitive informationinformation
• Requires high reliability, applications Requires high reliability, applications that effect day to day operationsthat effect day to day operations
• Scalable to a point.Scalable to a point.
INTERNET
Encryption Router
Encryption Router
LAN A
LANB
Intranet basedIntranet based
VPN SetupsVPN Setups
Extranet SetupsExtranet Setups• Refers to VPN between companies Refers to VPN between companies
customers and supplierscustomers and suppliers• Requires standardization the IPSec Requires standardization the IPSec
current standard for VPNscurrent standard for VPNs• Need for traffic control, networks must Need for traffic control, networks must
be monitored for accurate delivery of be monitored for accurate delivery of critical datacritical data
INTERNET
Encryption Router
Encryption Router
LAN ASuppliers LAN
Extranet BasedExtranet Based
How VPNS work?How VPNS work?
TunnelingTunneling• Creating a secure point to point Creating a secure point to point
connection over a public network.connection over a public network. Each box represents encapsulationEach box represents encapsulation
Original Datagram
Encrypted Transport Datagram
Datagram Header
Security Requirements and Security Requirements and ApproachesApproaches
ConfidentialityConfidentiality• refers to the privacy of information refers to the privacy of information
being exchanged between being exchanged between communicating parties. communicating parties.
EncryptionEncryption
• secret key cryptographysecret key cryptography• Public key cryptographyPublic key cryptography
EncryptionEncryption
Public KeyPublic Key Private KeyPrivate Key MD5MD5
• Message digest “hashing” algorrithmMessage digest “hashing” algorrithm SET protocolSET protocol
• Secure electronic transactionsSecure electronic transactions SSl protocolSSl protocol
• Secure socket layer protocolSecure socket layer protocol
Security Requirements and Security Requirements and ApproachesApproaches
Data IntegrityData Integrity• Integrity ensures that information being Integrity ensures that information being
transmitted over the public Internet is transmitted over the public Internet is not altered in any way during transit. not altered in any way during transit.
Insuring Data Insuring Data • One way hash functionsOne way hash functions• Message-authentication codesMessage-authentication codes• Digital signaturesDigital signatures
Security Requirements and Security Requirements and ApproachesApproaches
AuthenticationAuthentication• Ensuring the identities of all Ensuring the identities of all
communicating parties.communicating parties. Authentication practicesAuthentication practices
• Password authenticationPassword authentication• Digital certificatesDigital certificates• Token cards created from a time stampToken cards created from a time stamp
VPN ProtocolsVPN Protocols
IPSec (Internet Protocol Security)IPSec (Internet Protocol Security)• Developed by IETFDeveloped by IETF• designed to address IP based networksdesigned to address IP based networks• encapsulates a packet with another encapsulates a packet with another
packet and encrypts the packetpacket and encrypts the packet PPTP (Point to Point Tunneling Protocol)PPTP (Point to Point Tunneling Protocol)
• Used for remote usersUsed for remote users• Encapsulates packetsEncapsulates packets
VPN ProtocolsVPN Protocols(continued)(continued)
L2TP (Layer 2 tunneling protocol)L2TP (Layer 2 tunneling protocol)• Evolved from PPTPEvolved from PPTP• Client aware tunnelingClient aware tunneling• Client transparent tunnelingClient transparent tunneling
Socks5Socks5• Circuit level protocol Circuit level protocol • Originally designed to authenticate protocolsOriginally designed to authenticate protocols• mainly use for extranet configurationsmainly use for extranet configurations• great for user level application controlgreat for user level application control
Selecting A VPNSelecting A VPN
Things to considerThings to consider IntegrationIntegration
• Will it be compatible with existing Will it be compatible with existing intranetsintranets
• Software versus HardwareSoftware versus Hardware Software cheap more difficult to implement Software cheap more difficult to implement
less reliable slowerless reliable slower Hardware more expensive easy to set up Hardware more expensive easy to set up
more reliable fastermore reliable faster
Applications of VPNsApplications of VPNs ManufacturingManufacturing
• Factory operations linking corporate Factory operations linking corporate headquarters to all of its facilitiesheadquarters to all of its facilities
RetailRetail• Local stores connected directly to regional Local stores connected directly to regional
offices delivering relevant sales dataoffices delivering relevant sales data MedicalMedical
• Transferring patient data across hospital Transferring patient data across hospital networksnetworks
FinanceFinance• Online banking transactions, remote user Online banking transactions, remote user
accessaccess
Applications VPNsApplications VPNs
Home usersHome users
Windows VPN connectionWindows VPN connection VPN Connection VideoVPN Connection Video
Problems with VPNsProblems with VPNs
Setup TimesSetup Times Difficult Trouble ShootingDifficult Trouble Shooting Interoperability with other networksInteroperability with other networks Reliability with ISPsReliability with ISPs Bandwidth ConstraintsBandwidth Constraints
Optimizing VPNsOptimizing VPNs
Single VPN Two path waysSingle VPN Two path ways
Optimizing VPNsOptimizing VPNs
Multi VPNs Multi pathwaysMulti VPNs Multi pathways
The Future of VPNsThe Future of VPNs
Protocol StandardizationProtocol Standardization New hardware New hardware Better SoftwareBetter Software Used more frequentlyUsed more frequently Will become the new business Will become the new business
standardstandard
ReferencesReferences Dunigan, Tom. Virtual Private Networks Retrieved October 15, Dunigan, Tom. Virtual Private Networks Retrieved October 15,
2007 Posted October 13, 2004 2007 Posted October 13, 2004 http://www.csm.ornl.gov/~dunigan/vpn.htmlhttp://www.csm.ornl.gov/~dunigan/vpn.html
McDonald, Christopher. Virtual Private Networks An overview McDonald, Christopher. Virtual Private Networks An overview RetrievedOctober 16, 2007 from Intranet Journal.com RetrievedOctober 16, 2007 from Intranet Journal.com http://www.intranetjournal.com/foundation/vpn-1.shtmlhttp://www.intranetjournal.com/foundation/vpn-1.shtml
Virtual Private Networks. Retrieved October 16, 2007 from Cisco Virtual Private Networks. Retrieved October 16, 2007 from Cisco Posted October 12 , 2006. Posted October 12 , 2006. http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/vpn.htmhttp://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/vpn.htm
Virtual Private Networking Retrieved October 15, 2007 Virtual Private Networking Retrieved October 15, 2007
http://www.microsoft.com/technet/isa/2004/help/fw_VPNIntro.msphttp://www.microsoft.com/technet/isa/2004/help/fw_VPNIntro.mspx?mfr=truex?mfr=true