VPNVirtual Private Networks___________________________________________________Raghavendra KN Rao
In today's insecure world, there comes a need to gain ability to transfer information in a network that won't be seen, or intercepted by unauthorized people. The traditional way was to use a point to point lines where the lines were just for you and the people you need to pass covert information to. However, these lines were very expensive, and inflexible. What they needed was to the ability to communicate safely through a public network. Thus came theVirtual Private Network ( VPN )
A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet),maintaining privacy using encryption and, tunneling protocol and security procedures to connect users securely.What is VPN ? ( Definition )virtual implies that there is no physical connection between the two networks; Instead connections routed through the Internetprivate implies that the transmitted data is kept confidential (encryption and secured tunneling)network implies communication medium using private, public,wired, wireless, Internet or any resource available
Why VPN ? Low-cost Secured and reliable communication Dynamic access to private networks Such access would otherwise only be possible Using expensive leased dedicated lines provided by telephone companies point to point dedicated digital circuit Dialing into the local area network (LAN)
How VPN works ? ( Example )Home CompOffice ComputerVPN Firewall / RouterVPN Firewall / RouterTypical VPN NetworkWhen I' am sending a mail from my home computer to office computer thru VPN network ;VPN enabled Firewall / Router will encapsulate / encrypt the mailMail will go thru Public network ( Internet ) encryptedVPN enabled Firewall / Router will decrypt the mail and pass it
Types Of VPNsRemote AccessThis type of VPN is a user-to-LAN connection via a public or shared network. Many large companies have employees that have a need to connect to the corporate LAN from the field. These field agents will access the corporate LAN by using their remote computers and laptops. Their systems use special client-loaded software that enables a secure link between themselves and the corporate LAN.User from HomeInternetCorporate HQContinued.
Site-to-siteA Site-to-site VPN connects fixed sites to a corporate LAN, thus extending it over a public or shared network.
There are two types of Site-to-site VPNs:Intranet-based - This type of Site-to-site VPN is used to extend a company's existing LAN to other buildings and sites, so that these remote employees can utilize the same network services.Extranet-based- With an Extranet-based VPN two or more companies can establish a secure network connection in order to enjoy a shared computing environment. A good example would be companies that work closely with suppliers and partners to achieve common goals such as supply and demand relationships. Such as, when one company has a demand for supplies and the supplier fulfills the demand based upon the company's needs. Working across an Extranet, these two companies can share information much faster.
Remote Access NetworkA remote access VPN is for home or traveling users who need to access their corporate network from a remote location. They dial their ISP and connect over the Internet to companys internal WAN. This is made possible by installing client software program on the remote users laptop or PC that deals with the encryption and decryption of the VPN traffic between itself and the VPN gateway on the central LAN.
Site- to- Site Connection NetworkA Fixed VPN is normally used between two or more sites allowing a central LAN to be accessed by remote LANs over the Internet of private communication lines using VPN Gateways. VPN Gateways (Normally a VPN- enabled router) are placed at each remote site and at the central site to allow all encryption and decryption and tunneling to be carried out transparently.
Design Goals and Features of VPNSecurity - Tunneling support between sites with at least 128 bit encryptions of the data.
Confidentiality Protects Privacy
Private key cryptography Public key cryptography
Integrity - Ensures that the information being transmitted over the Internet is not being altered
One-way hash functions Message Authentication codes (encryption of hash) Digital Signatures (Hash functions + Private Key)Authentication - Ensures the identity of all communicating parties
Password Authentication Digital Certificates - is a file that binds an identity to the associated public key. This binding is validated by a trusted third party, the certification authority (CA)
Scalability - Extra users and bandwidth can be added easily to adapt new requirements.
QoS (Quality of Services) Reports on user activity, management of user policies and monitoring of VPN.
VPN TunnelingVoluntary Tunneling:
The VPN Client manages connection setup. The client first makes a connection to the carrier network provider (ISP) and then, the VPN Client application creates the tunnel to a VPN server over this live connection.
1. The carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier immediately brokers a VPN connection between the client and a VPN server. From the client point of view, VPN connections are setup in just one step compared to the two- step procedure for voluntary tunnels
2. Compulsory VPN tunneling authenticates clients and associates them with specific VPN server using logic built into the broker device. It also hides the details of VPN server connectivity from VPN client.Tunneling is a way of forwarding multiprotocol packets from a remote user to a corporate network or a third-party Internet Service Provider (ISP) using an ISP that supports Virtual Private Networking (VPN).
VPN ProtocolsLayer 2 - Data Link Layer:
PPTP - Point-to-Point Tunneling Protocol
L2F - Layer 2 Forwarding Protocol
L2TP - Layer 2 Tunneling Protocol
CHAP - Challenged Handshake Authentication Protocol
PAP - Password Authentication Protocol
MS-CHAP - Microsoft Challenged Handshake Authentication Protocol
Layer 3 Network Layer (IP):
IPSec - Internet Protocol Security
Transport Layer (TCP/UDP):
SOCKS V5 - Sock-et-S version 5
SSL -Secure Socket Layer
Dell Wireless Routers SpecificDoes the Dell TrueMobile 2300 support Virtual Private Networking (VPN)?Yes, the Dell TrueMobile 2300 supports PPTP, IPSec, L2TP VPN pass-through.Does the Dell TrueMobile 1184 support Virtual Private Networking (VPN)?Yes, the Dell TrueMobile 1184 supports PPTP, IPSec, L2TP VPN pass-through. http://training.us.dell.com/training/new_products/Peripherals_Portables/network/ozzy/usergde/enu/help/index.htmhttp://training.us.dell.com/training/new_products/Peripherals_Portables/network/ziggy/UG/English/help/index.htm
IPSec Internet Protocol Security Network Layer Protocol Layer 3 Solution
A set of authentication and encryption the only protocol with Standard of IFTF (Internet Engineering task Force)
Data confidentiality, integrity, authentication and key management, in addition to tunneling
Typically works on the edges of a security domain.
Supports Ipv4 and IPv6
Encapsulates each packet by wrapping another packet around itand then encrypts the entire packet. This encrypted stream oftraffic forms a secure tunnel across an otherwise unsecurednetwork.
Majority VPN vendors are implementing IPSec in their solutions
PPTP Point- to- Point Tunneling Protocol PPTP is a tunneling protocol provided by Microsoft, which provides remote users, encrypted, multi protocol access to a corporate network over the Internet.
It encapsulates PPP frames in IP data grams (IP, IPX and NetBEUI are encapsulated)
PPTP is built in to NT 4.0 and the client is free for the older versions such as Windows 95.
Microsofts implementation of PPTP has been found to have several problems that make it vulnerable to attacks, and it also lakes the scalability in that it only supports 255 concurrent connections per server.
Require an IP Network between PPTP Client and PPTP Server ( either LAN or dial- up)
PPTP can support only one tunnel at a time for each user.
Uses TCP Port 1723
L2TP Layer 2 Tunneling Protocol PPTPs successor L2TP (a hybrid of Microsofts PPTP and Cisco Systems Layer 2 Forwarding - L2F protocol) can support multiple, simultaneous tunnels for each user. It encapsulates PPP frames in IP data grams
Extends from the remote host to all the way back to corporate gateway. In effect, the remote host appears to be on the same subnet as the corporate gateway
It Uses UDP and supports any routed protocol, including IP, IPX and AppleTalk, including frame relay, ATM, X. 25
Because of L2TPs use of PPTP, it is included as part of the remote access features of most Windows Products
It does not provide cryptographically key security features
It can support IPSec for data encryption and integrity
Compulsory tunneling Model
UDP Port 1701
VPN Advantages Authenticate all packets of data received, ensuring that they are from a trusted source and encryption ensures the data remains confidential