7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 1/33
Virtual Private NetworksVirtual Private Networks
(VPN’s)(VPN’s)
By: Agasi AslanyanBy: Agasi AslanyanJoel AlmasolJoel Almasol
Joe NgheJoe Nghe
Michael WongMichael Wong
!" #$#!" #$#
May %&' %&&#Ma
y %&' %&&#
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 2/33
ale *+ ontentsale *+ ontents VPN !ntro,uction - What is VPN an, who uses it.VPN !ntro,uction - What is VPN an, who uses it.
/ y0es o+ VPN’s/ y0es o+ VPN’s
VPN ProtocolsVPN Protocols
VPN unnelingVPN unneling
VPN Packet ransmissionVPN Packet ransmission
VPN "ecurity: 1irewallsVPN "ecurity: 1irewalls
VPN 2evicesVPN 2evices
VPN A,vantages32isa,vantagesVPN A,vantages32isa,vantages
VPN onnections in Win,ows 4PVPN onnections in Win,ows 4P
"ummary3onclusion"ummary3onclusion
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 3/33
What is a VPN.What is a VPN.
A virtual 0rivateA virtual 0rivate
network (VPN) is anetwork (VPN) is anetwork that usesnetwork that uses
0ulic means o+ 0ulic means o+
transmission (!nternet)transmission (!nternet)
as its WAN link as its WAN link
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 4/33
What is a VPN. (ont5)What is a VPN. (ont5)
A VPN can e create, y connecting o++icesA VPN can e create, y connecting o++ices
an, single users (inclu,ing moile users) toan, single users (inclu,ing moile users) to
the nearest service 0rovi,ers P*P (Point o+the nearest service 0rovi,ers P*P (Point o+
Presence) an, using that service 0rovi,er’sPresence) an, using that service 0rovi,er’s
ackone network' or even the !nternet' as ackone network' or even the !nternet' as
the tunnel etween o++icesthe tunnel etween o++ices
ra++ic that +lows through the ackone isra++ic that +lows through the ackone is
encry0te, to 0revent intru,ers +rom s0yingencry0te, to 0revent intru,ers +rom s0ying
or interce0ting the ,ataor interce0ting the ,ata
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 5/33
What is a VPN. (ont5)What is a VPN. (ont5)
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 6/33
Who uses VPN’s.Who uses VPN’s.
VPN’s can e +oun, in homes' work0laces' orVPN’s can e +oun, in homes' work0laces' or
anywhere else as long as an !"P (!nternet "erviceanywhere else as long as an !"P (!nternet "ervice
Provi,er) is availale5Provi,er) is availale5
VPN’s allow com0any em0loyees who travel o+tenVPN’s allow com0any em0loyees who travel o+ten
or who are outsi,e their com0any hea,6uarters toor who are outsi,e their com0any hea,6uarters to
sa+ely an, securely connect to their com0any’ssa+ely an, securely connect to their com0any’s
!ntranet!ntranet
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 7/33
/ y0es o+ VPN/ y0es o+ VPN
7emote8Access VPN7emote8Access VPN
"ite8to8"ite VPN ("ite8to8"ite VPN (Intranet-basedIntranet-based))
"ite8to8"ite VPN ("ite8to8"ite VPN (Extranet-basedExtranet-based))
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 8/33
7emote8Access VPN7emote8Access VPN
Remote-accessRemote-access ' also calle, a' also calle, a virtual private dial-upvirtual private dial-upnetwork network ((VPDNVPDN)' is a user8to89AN connection use,)' is a user8to89AN connection use, y a com0any that has em0loyees who nee, to connect y a com0any that has em0loyees who nee, to connectto the 0rivate network +rom various remote locations5to the 0rivate network +rom various remote locations5
A goo, eam0le o+ a com0any that nee,s a remote8A goo, eam0le o+ a com0any that nee,s a remote8access VPN woul, e a large +irm with hun,re,s o+access VPN woul, e a large +irm with hun,re,s o+sales 0eo0le in the +iel,5sales 0eo0le in the +iel,5
7emote8access VPNs 0ermit secure' encry0te,7emote8access VPNs 0ermit secure' encry0te,connections etween a com0any;s 0rivate network an,connections etween a com0any;s 0rivate network an,remote users through a thir,80arty service 0rovi,er5remote users through a thir,80arty service 0rovi,er5
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 9/33
"ite8to8"ite VPN"ite8to8"ite VPN
Intranet-basedIntranet-based 8 !+ a com0any has one or more8 !+ a com0any has one or more
remote locations that they wish to <oin in a singleremote locations that they wish to <oin in a single
0rivate network' they can create an intranet VPN 0rivate network' they can create an intranet VPN
to connect 9AN to 9AN5to connect 9AN to 9AN5 Extranet-basedExtranet-based 8 When a com0any has a close8 When a com0any has a close
relationshi0 with another com0any (+or eam0le' arelationshi0 with another com0any (+or eam0le' a
0artner' su00lier or customer)' they can uil, an 0artner' su00lier or customer)' they can uil, an
etranet VPN that connects 9AN to 9AN' an, thatetranet VPN that connects 9AN to 9AN' an, that
allows all o+ the various com0anies to work in aallows all o+ the various com0anies to work in a
share, environment5share, environment5
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 10/33
All / ty0es o+ VPNAll / ty0es o+ VPN
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 11/33
VPN ProtocolsVPN Protocols
here are three mainhere are three main 0rotocols that 0ower the 0rotocols that 0ower thevast ma<ority o+ VPN’s:vast ma<ority o+ VPN’s:
- PPPPPP
- 9%P9%P
- !Psec!Psec All three 0rotocolsAll three 0rotocols
em0hasi=e encry0tion an,em0hasi=e encry0tion an,authentication> 0reservingauthentication> 0reserving,ata integrity that may e,ata integrity that may esensitive an, allowingsensitive an, allowingclients3servers to estalishclients3servers to estalish
an i,entity on the network an i,entity on the network
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 12/33
VPN Protocols (!n ,e0th)VPN Protocols (!n ,e0th)
Point8to80oint tunneling 0rotocol (PPP)Point8to80oint tunneling 0rotocol (PPP) - PPP is wi,ely su00orte, y Microso+t as it is uiltPPP is wi,ely su00orte, y Microso+t as it is uilt
into the various +lavors o+ the Win,ows *"into the various +lavors o+ the Win,ows *"
- PPP initially ha, weak security +eatures' however'PPP initially ha, weak security +eatures' however'
Microso+t continues to im0rove its su00ortMicroso+t continues to im0rove its su00ort 9ayer wo tunneling 0rotocol (9%P)9ayer wo tunneling 0rotocol (9%P)
- 9%P was the original com0etitor to PPP an, was9%P was the original com0etitor to PPP an, wasim0lemente, 0rimarily in isco 0ro,uctsim0lemente, 0rimarily in isco 0ro,ucts
- 9%P is a comination o+ the est +eatures o+ an ol,er9%P is a comination o+ the est +eatures o+ an ol,er 0rotocol 9%1 an, PPP 0rotocol 9%1 an, PPP
- 9%P eists at the ,atalink layer (9ayer %) o+ the *"!9%P eists at the ,atalink layer (9ayer %) o+ the *"!mo,elmo,el
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 13/33
!nternet Protocol "ecurity Protocol (!P"ec) 0rovi,es!nternet Protocol "ecurity Protocol (!P"ec) 0rovi,esenhance, security +eatures such as etter encry0tionenhance, security +eatures such as etter encry0tionalgorithms an, more com0rehensive authentication5algorithms an, more com0rehensive authentication5
!P"ec has two encry0tion mo,es:!P"ec has two encry0tion mo,es: tunneltunnel an,an, transporttransport55unnel encry0ts the hea,er an, the 0ayloa, o+ eachunnel encry0ts the hea,er an, the 0ayloa, o+ each
0acket while trans0ort only encry0ts the 0ayloa,5 *nly 0acket while trans0ort only encry0ts the 0ayloa,5 *nlysystems that are !P"ec com0liant can take a,vantage o+systems that are !P"ec com0liant can take a,vantage o+this 0rotocol5this 0rotocol5
!P"ec can encry0t ,ata etween various ,evices' such as:!P"ec can encry0t ,ata etween various ,evices' such as:
- 7outer to router7outer to router - 1irewall to router1irewall to router
- P to routerP to router
- P to server P to server
VPN Protocols (continue,)VPN Protocols (continue,)
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 14/33
VPN unnelingVPN unneling
VPN unneling su00orts two ty0es: voluntary tunneling an, com0ulsoryVPN unneling su00orts two ty0es: voluntary tunneling an, com0ulsory
tunnelingtunneling
Voluntary tunneling is where the VPN client manages the connectionVoluntary tunneling is where the VPN client manages the connection
setu05setu05
om0ulsory tunneling is where the carrier network 0rovi,er managesom0ulsory tunneling is where the carrier network 0rovi,er managesthe VPN connection setu05the VPN connection setu05
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 15/33
unnelingunneling
Most VPNs rely onMost VPNs rely on tunnelingtunneling to create a 0rivateto create a 0rivatenetwork that reaches across the !nternet5 ?ssentially'network that reaches across the !nternet5 ?ssentially'tunneling is the 0rocess o+ 0lacing an entire 0ackettunneling is the 0rocess o+ 0lacing an entire 0acketwithin another 0acket an, sen,ing it over a network5within another 0acket an, sen,ing it over a network5
unneling re6uires three ,i++erent 0rotocols:unneling re6uires three ,i++erent 0rotocols: Passenger protocolPassenger protocol 8 he original ,ata (!P4' !P)8 he original ,ata (!P4' !P)
eing carrie, eing carrie,
Encapsulating protocolEncapsulating protocol
8 he 0rotocol (@7?' !P"ec'8 he 0rotocol (@7?' !P"ec'
9%1' PPP' 9%P) that is wra00e, aroun, the original9%1' PPP' 9%P) that is wra00e, aroun, the original,ata,ata
Carrier protocolCarrier protocol 8 he 0rotocol use, y the network8 he 0rotocol use, y the networkthat the in+ormation is traveling overthat the in+ormation is traveling over
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 16/33
VPN Packet ransmissionVPN Packet ransmission
Packets are +irst encry0te, e+ore sent out +orPackets are +irst encry0te, e+ore sent out +or
transmission over the !nternet5 he encry0te,transmission over the !nternet5 he encry0te,
0acket is 0lace, insi,e an unencry0te, 0acket5 he 0acket is 0lace, insi,e an unencry0te, 0acket5 he
unencry0te, outer 0acket is rea, y the routingunencry0te, outer 0acket is rea, y the routinge6ui0ment so that it may e 0ro0erly route, to itse6ui0ment so that it may e 0ro0erly route, to its
,estination,estination
*nce the 0acket reaches its ,estination' the outer*nce the 0acket reaches its ,estination' the outer
0acket is stri00e, o++ an, the inner 0acket is 0acket is stri00e, o++ an, the inner 0acket is
,ecry0te,,ecry0te,
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 17/33
VPN "ecurity: 1irewallsVPN "ecurity: 1irewalls
A well8,esigne, VPN uses several metho,s +orA well8,esigne, VPN uses several metho,s +orkee0ing your connection an, ,ata secure:kee0ing your connection an, ,ata secure:
FirewallsFirewalls EncrptionEncrption
IP!ecIP!ec """ !erver""" !erver
ou can set +irewalls to restrict the numer o+ o0enou can set +irewalls to restrict the numer o+ o0en
0orts' what ty0e o+ 0ackets are 0asse, through an, 0orts' what ty0e o+ 0ackets are 0asse, through an,which 0rotocols are allowe, through5which 0rotocols are allowe, through5
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 18/33
Some VPN products,Some VPN products,
such as Cisco 1700such as Cisco 1700
routers, can berouters, can beupgraded to includeupgraded to include
firewall capabilities byfirewall capabilities by
running the appropriaterunning the appropriate
Cisco IS on them!Cisco IS on them!
isco C&& "eries 7outersisco C&& "eries 7outers
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 19/33
VPN oncentrator VPN oncentrator
!ncor0orating the most!ncor0orating the mosta,vance, encry0tion an,a,vance, encry0tion an,authentication techni6uesauthentication techni6uesavailale' isco VPNavailale' isco VPN
concentrators are uiltconcentrators are uilts0eci+ically +or creating as0eci+ically +or creating aremote8access VPN5remote8access VPN5
he concentrators are o++ere, inhe concentrators are o++ere, inmo,els suitale +or everythingmo,els suitale +or everything
+rom small usinesses with u0+rom small usinesses with u0to && remote8access users toto && remote8access users tolarge organi=ations with u0 tolarge organi=ations with u0 to&'&&& simultaneous remote&'&&& simultaneous remoteusers5users5
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 20/33
A,vantages o+ VPN’sA,vantages o+ VPN’s
here are two main a,vantageshere are two main a,vantages
o+ VPN’s' namely cost savingso+ VPN’s' namely cost savings
an, scalailityan, scalaility
VPN’s lower costs y eliminatingVPN’s lower costs y eliminatingthe nee, +or e0ensive long8the nee, +or e0ensive long8
,istance lease, lines5 A local,istance lease, lines5 A local
lease, line or even a roa,an,lease, line or even a roa,an,
connection is all that’s nee,e, toconnection is all that’s nee,e, to
connect to the !nternet an, utili=econnect to the !nternet an, utili=e
the 0ulic network to securelythe 0ulic network to securely
tunnel a 0rivate connectiontunnel a 0rivate connection
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 21/33
A,vantages o+ VPN’s (continue,)A,vantages o+ VPN’s (continue,)
As the numer o+ com0any ranches grows'As the numer o+ com0any ranches grows'
0urchasing a,,itional lease,8lines increases 0urchasing a,,itional lease,8lines increases
cost e0onentially' which is why VPN’scost e0onentially' which is why VPN’s
o++er even greater cost savings wheno++er even greater cost savings when
scalaility is an issuescalaility is an issue
VPN’s may also e use, to s0an gloally'VPN’s may also e use, to s0an gloally'
which lowers cost even more whenwhich lowers cost even more when
com0are, to tra,itional lease, linescom0are, to tra,itional lease, lines
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 22/33
2isa,vantages o+ VPN’s2isa,vantages o+ VPN’s
Because the connection travels over 0ulicBecause the connection travels over 0uliclines' a strong un,erstan,ing o+ networklines' a strong un,erstan,ing o+ networksecurity issues an, 0ro0er 0recautionssecurity issues an, 0ro0er 0recautions
e+ore VPN ,e0loyment are necessary e+ore VPN ,e0loyment are necessary VPN connection staility is mainly inVPN connection staility is mainly in
control o+ the !nternet staility' +actorscontrol o+ the !nternet staility' +actors
outsi,e an organi=ations controloutsi,e an organi=ations control 2i++ering VPN technologies may not work2i++ering VPN technologies may not work
together ,ue to immature stan,ar,stogether ,ue to immature stan,ar,s
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 23/33
VPN onnection in 4PVPN onnection in 4P
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 24/33
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 25/33
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 26/33
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 27/33
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 28/33
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 29/33
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 30/33
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 31/33
"ummary"ummary
A virtual 0rivate network (VPN) is a network thatA virtual 0rivate network (VPN) is a network thatuses 0ulic means o+ transmission (!nternet) as itsuses 0ulic means o+ transmission (!nternet) as itsWAN link' connecting clients who areWAN link' connecting clients who aregeogra0hically se0arate, through secure tunnelinggeogra0hically se0arate, through secure tunnelingmetho,smetho,s
Main VPN 0rotocols inclu,e PPP' 9%P' an,Main VPN 0rotocols inclu,e PPP' 9%P' an,!Psec!Psec
VPN unneling su00orts two ty0es: voluntaryVPN unneling su00orts two ty0es: voluntarytunneling an, com0ulsory tunnelingtunneling an, com0ulsory tunneling
ost an, "calaility are the main a,vantages o+ aost an, "calaility are the main a,vantages o+ aVPNVPN
Network security an, !nternet staility are the main Network security an, !nternet staility are the main
concerns +or VPN’sconcerns +or VPN’s
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 32/33
7esources Dse,7esources Dse,
htt0:33v0n5shmoo5com3htt0:33v0n5shmoo5com3
htt0:33www5uws05e,u3it3v0n3htt0:33www5uws05e,u3it3v0n3
htt0:33in+o5li5uh5e,u3services3v0n5htmlhtt0:33in+o5li5uh5e,u3services3v0n5html htt0:33www5cites5uiuc5e,u3v0n3htt0:33www5cites5uiuc5e,u3v0n3
htt0:33www50ositivenetworks5net3images3clhtt0:33www50ositivenetworks5net3images3cl
ient8u0loa,s3<um00age%5htmient8u0loa,s3<um00age%5htm
7/23/2019 Virtual Private Networks Updatedppt4398
http://slidepdf.com/reader/full/virtual-private-networks-updatedppt4398 33/33
he ?n,he ?n,
hank you all +or your time5 We ho0e youhank you all +or your time5 We ho0e you
+oun, this 0resentation in+ormative5+oun, this 0resentation in+ormative5