Академический Документы
Профессиональный Документы
Культура Документы
By: Agasi Aslanyan Joel Almasol Joe Nghe Michael Wong CIS 484 May 20, 2004
Table Of Contents
VPN Introduction What is VPN and who uses it? 3 Types of VPNs VPN Protocols VPN Tunneling VPN Packet Transmission VPN Security: Firewalls VPN Devices VPN Advantages/Disadvantages VPN Connections in Windows XP Summary/Conclusion
What is a VPN?
A virtual private network (VPN) is a network that uses public means of transmission (Internet) as its WAN link
VPNs can be found in homes, workplaces, or anywhere else as long as an ISP (Internet Service Provider) is available. VPNs allow company employees who travel often or who are outside their company headquarters to safely and securely connect to their companys Intranet
3 Types of VPN
Remote-Access VPN
Remote-Access VPN
Remote-access, also called a virtual private dialup network (VPDN), is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. A good example of a company that needs a remote-access VPN would be a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider.
Site-to-Site VPN
Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN. Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.
VPN Protocols
There are three main protocols that power the vast majority of VPNs: PPTP L2TP IPsec All three protocols emphasize encryption and authentication; preserving data integrity that may be sensitive and allowing clients/servers to establish an identity on the network
Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication. IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this protocol. IPSec can encrypt data between various devices, such as: Router to router Firewall to router PC to router PC to server
VPN Tunneling
VPN Tunneling supports two types: voluntary tunneling and compulsory tunneling Voluntary tunneling is where the VPN client manages the connection setup. Compulsory tunneling is where the carrier network provider manages the VPN connection setup.
Tunneling
Most VPNs rely on tunneling to create a private network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network.
Tunneling requires three different protocols: Passenger protocol - The original data (IPX, IP) being carried Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data Carrier protocol - The protocol used by the network that the information is traveling over
Packets are first encrypted before sent out for transmission over the Internet. The encrypted packet is placed inside an unencrypted packet. The unencrypted outer packet is read by the routing equipment so that it may be properly routed to its destination Once the packet reaches its destination, the outer packet is stripped off and the inner packet is decrypted
A well-designed VPN uses several methods for keeping your connection and data secure: Firewalls Encryption IPSec AAA Server You can set firewalls to restrict the number of open ports, what type of packets are passed through and which protocols are allowed through.
VPN Concentrator
Incorporating the most advanced encryption and authentication techniques available, Cisco VPN concentrators are built specifically for creating a remote-access VPN. The concentrators are offered in models suitable for everything from small businesses with up to 100 remote-access users to large organizations with up to 10,000 simultaneous remote users.
Advantages of VPNs
There are two main advantages of VPNs, namely cost savings and scalability VPNs lower costs by eliminating the need for expensive long-distance leased lines. A local leased line or even a broadband connection is all thats needed to connect to the Internet and utilize the public network to securely tunnel a private connection
Disadvantages of VPNs
Because the connection travels over public lines, a strong understanding of network security issues and proper precautions before VPN deployment are necessary VPN connection stability is mainly in control of the Internet stability, factors outside an organizations control Differing VPN technologies may not work together due to immature standards
VPN Connection in XP
Summary
A virtual private network (VPN) is a network that uses public means of transmission (Internet) as its WAN link, connecting clients who are geographically separated through secure tunneling methods Main VPN protocols include PPTP, L2TP, and IPsec VPN Tunneling supports two types: voluntary tunneling and compulsory tunneling Cost and Scalability are the main advantages of a VPN Network security and Internet stability are the main concerns for VPNs
Resources Used
http://vpn.shmoo.com/ http://www.uwsp.edu/it/vpn/ http://info.lib.uh.edu/services/vpn.html http://www.cites.uiuc.edu/vpn/ http://www.positivenetworks.net/images/cli ent-uploads/jumppage2.htm
The End
Thank you all for your time. We hope you found this presentation informative.