Remote VPN Guide Word Doc

8/17/2019 Remote VPN Guide Word Doc

1/16

Virtual Private Network

IS 311

Dr. GrayTuesday 7pm

November 19 !""!

#y$ Germai%e #a&o%

'i((i #eduya

)u% *itsuoka

#etty +ua%,

)uliet Poli%ta%


2/16

Table of Contents

I. I%trodu&tio% ------------------.. 1 !

II. VPN Topolo,y-----------------... ! 3

III. Types o/ VPNs-----------------... 3 0

IV. ompo%e%ts o/ VPNs---------------. 0 7

V. Produ&tivity a%d ost #e%e/it-----------.... 7 9

VI. 2uality o/ Servi&e----------------.. 9

VII. Te 4uture o/ VPN---------------.... 9 11

VIII. o%&lusio%-------------------. 11

I5. #iblio,rapy------------------...1! 13

5. 2uestio%s--------------------16


3/16

Introduction

Virtual . Virtual mea%s %ot real or i% a di//ere%t state o/ bei%,. I% a VPN private&ommu%i&atio% betwee% two or more devi&es is a&ieved trou, a publi& %etwork te

I%ter%et. Tere/ore te &ommu%i&atio% is virtually but %ot pysi&ally tere.

Private. Private mea%s to keep someti%, a se&ret /rom te ,e%eral publi&. ltou,tose two devi&es are &ommu%i&ati%, wit ea& oter i% a publi& e%viro%me%t tere is %o

tird party wo &a% i%terrupt tis &ommu%i&atio% or re&eive a%y data tat is e8&a%,ed

betwee% tem.

Network . %etwork &o%sists o/ two or more devi&es tat &a% /reely a%d ele&tro%i&ally

&ommu%i&ate wit ea& oter via &ables a%d wire. VPN is a %etwork. It &a% tra%smit

i%/ormatio% over lo%, dista%&es e//e&tively a%d e//i&ie%tly.

Te term VPN as bee% asso&iated i% te past wit su& remote &o%%e&tivityservi&es as te PSTN: Publi& Swit&ed Telepo%e Network but VPN %etworks ave

/i%ally started to be li%ked wit IPbased data %etworki%,. #e/ore IP based %etworki%,

&orporatio%s ad e8pe%ded &o%siderable amou%ts o/ time a%d resour&es to set up

&omple8 private %etworks %ow &ommo%ly &alled I%tra%ets. Tese %etworks werei%stalled usi%, &ostly leased li%e servi&es 4rame ;elay a%d T* to i%&orporate remote

users. 4or te smaller sites a%d mobile workers o% te remote e%d &ompa%iessuppleme%ted teir %etworks wit remote a&&ess servers or ISDN.

Small to mediumsi(ed &ompa%ies wo &ould %ot a//ord dedi&ated leased li%es used

lowspeed swit&ed servi&es. s te I%ter%et be&ame more a%d more a&&essible a%d ba%dwidt &apa&ities ,rew &ompa%ies be,a% to put teir I%tra%ets o%to te web a%d

&reate wat are %ow k%ow% as

se&urity. Today?s VPN solutio%s over&ome te se&urity /a&tor usi%, spe&ial tu%%eli%, proto&ols a%d &omple8 e%&ryptio% pro&edures data i%te,rity a%d priva&y is a&ieved a%d

te %ew &o%%e&tio% produ&es wat seems to be a dedi&ated poi%tto poi%t &o%%e&tio%.

%d be&ause tese operatio%s o&&ur over a publi& %etwork VPNs &a% &ost si,%i/i&a%tlyless to impleme%t ta% privately ow%ed or leased servi&es. ltou, early VPNs re=uired

e8te%sive e8pertise to impleme%t te&%olo,y as matured to a level were deployme%t

&a% be a simple a%d a//ordable solutio% /or busi%esses o/ all si(es. Virtual Simply put a VPN Virtual Private Network is de/i%ed as a %etwork tat uses

publi& %etwork pats but mai%tai%s te se&urity a%d prote&tio% o/ private %etworks. 4or

e8ample Delta ompa%y as two lo&atio%s o%e i% 'os %,eles : a%d 'as Ve,as

Nevada #:. I% order /or bot lo&atio%s to &ommu%i&ate e//i&ie%tly Delta ompa%y aste &oi&e to set up private li%es betwee% te two lo&atio%s. ltou, private li%es would

restri&t publi& a&&ess a%d e8te%d te use o/ teir ba%dwidt it will &ost Delta ompa%y a

,reat deal o/ mo%ey si%&e tey would ave to pur&ase te &ommu%i&atio% li%es per mile.Te more viable optio% is to impleme%t a VPN. Delta ompa%y &a% ook teir

&ommu%i&atio% li%es wit a lo&al ISP i% bot &ities. Te ISP would a&t as a middlema%

&o%%e&ti%, te two lo&atio%s. Tis would &reate a% a//ordable small area %etwork /orDelta ompa%y.


4/16


5/16

4i,ure 1. De/i%ed VPN

Note$ 4rom Primer /or impleme%ti%, a is&o Virtual Private Network E 1999 is&o systems I%& ll ri,ts ;eserved

Types of VPNs

Tere are &urre%tly tree types o/ VPN i% use$ remote a&&ess VPN i%tra%et VPN

e8tra%et VPN.

Remote access VPNs see /i,ure !:, e%ables mobile users to establis a&o%%e&tio% to a% or,a%i(atio% server by usi%, te i%/rastru&ture provided by a% ISP

I%ter%et Servi&es Provider:. ;emote a&&ess VPN allows users to &o%%e&t to teir

&orporate i%tra%ets or e8tra%ets werever or we%ever is %eeded. Fsers ave a&&ess to allte resour&es o% te or,a%i(atio%?s %etwork as i/ tey are pysi&ally lo&ated i%

or,a%i(atio%. Te user &o%%e&ts to a lo&al ISP tat supports VPN usi%, plai% oldtelepo%e servi&es PTS: i%te,rated servi&es di,ital %etwork ISDN: di,ital subs&riberli%e DS': et&. Te VPN devi&e at te ISP a&&epts te user?s lo,i% te% establises te

tu%%el to te VPN devi&e at te or,a%i(atio%?s o//i&e a%d /i%ally be,i%s /orwardi%,

pa&kets over te I%ter%et. ;emote a&&ess VPN o//ers adva%ta,es su& as$

• ;edu&ed &apital &osts asso&iated wit modem a%d termi%al server e=uipme%t

• Greater s&alability a%d easy to add %ew users

• ;edu&ed lo%,dista%&e tele&ommu%i&atio%s &osts %atio%wide toll/ree ""

%umber is %o lo%,er %eeded to &o%%e&t to te or,a%i(atio%?s modems


6/16

4i,ure !. ;emote &&ess VPNs Primer /or impleme%ti%, a is&o Virtual Private Network E 1999 is&o systems I%& ll ri,ts ;eserved

Intranet VPNs, provides virtual &ir&uits betwee% or,a%i(atio% o//i&es over te

I%ter%et see /i,ure 3:. Tey are built usi%, te I%ter%et servi&e provider IP 4rame

;elay or T* %etworks. % IP BN i%/rastru&ture uses IPSe& or G;< to &reate se&uretra//i& tu%%els a&ross te %etwork. #e%e/its o/ a% i%tra%et VPN i%&lude te /ollowi%,$

• ;edu&ed BN ba%dwidt &osts e//i&ie%t use o/ BN ba%dwidt

• 4le8ible topolo,ies

• o%,estio% avoida%&e wit te use o/ ba%dwidt ma%a,eme%t tra//i& sapi%,

4i,ure 3. I%tra%et VPNs Primer /or impleme%ti%, a is&o Virtual Private Network

E 1999 is&o systems I%& ll ri,ts ;eserved


7/16

Te &o%&ept o/ setti%, up extranet VPNs are te same as i%tra%et VPN. Te o%ly

di//ere%&e is te users. ompa%ies %eed to keep teir VPNs se&ure /rom tamperi%, a%d

u%autori(ed users. Some e8amples o/ te&%olo,ies tat VPN?s use areC IP Se&urityIPSe&: Poi%ttoPoi%t Tu%%eli%, Proto&ol PPTP: 'ayer ! Tu%%eli%, Proto&ol a%d

*ultiproto&ol 'abel Swit&i%, *P'S: alo%, wit Data


8/16

o%ly establised we% te i%dividual user re=uest to lo,o% to te server. PPTP

tu%%els are tra%spare%t to te servi&e provider a%d tere is %o adva%&e &o%/i,uratio%

re=uired by te Network &&ess Server tis allows PPTP to use multiple servi&e providers witout a%y e8pli&it &o%/i,uratio%. 4or e8ample te &lie%t dials up to te

ISP a%d makes a PPP sessio%. Te% te &lie%t dials a,ai% to te same PPP sessio% to

&o%ta&t wit te desti%atio% remote a&&ess server ;S:. /ter &o%ta&t is made witte ;S pa&kets are te% tu%%eled trou, te %ew &o%%e&tio% a%d te &lie%t is %ow

&o%%e&ted to te &orporate server virtually.

'ayer Two Tu%%eli%, Proto&ol '!TP: e8ists at te data li%k layer o/ te SImodel. '!TP is a &ombi%atio% o/ te PPTP a%d 'ayer two 4orwardi%, '!4:. 'ayer

two /orwardi%, was also desi,%ed /or tra//i& tu%%eli%, /rom mobile users to teir

&orporate server. '!4 is able to work wit media su& as /rame relay or

asy%&ro%ous tra%s/er mode T*: be&ause it does %ot depe%de%t o% IP. '!4 alsouses PPP aute%ti&atio% metods /or dial up users a%d it also allows a tu%%el to

support more ta% o%e &o%%e&tio%.: '!TP uses a &ompulsory tu%%eli%, metod

were a tu%%el is &reated witout a%y a&tio% /rom te user a%d witout allowi%, te

user to &oose a tu%%el. '!TP tu%%el is dy%ami&ally establised to a predetermi%ed e%dpoi%t based o% te Network &&ess Server NS: %e,otiatio% wit

a poli&y server a%d te &o%/i,ured pro/ile. '!TP also uses IPSe& /or &omputerlevele%&ryptio% a%d data aute%ti&atio%.

IPSe& uses data e%&ryptio% sta%dard D


9/16

determi%es te %e8t i%ter/a&e a%d %e8t op label. Te *P'S uses a look up table to

&reate e%dtoe%d tra%smissio% patway trou, te %etwork /or ea& pa&ket.

Pa&ket aute%ti&atio% preve%ts data /rom bei%, viewed i%ter&epted or modi/ied by u%autori(ed users. Pa&ket aute%ti&atio% applies eader to te IP pa&ket to e%sure

its i%te,rity. Be% te re&eivi%, e%d ,ets te pa&ket it %eeds to &e&k /or te eader

/or mat&i%, pa&ket a%d to see i/ te pa&ket as a%y error.Fser aute%ti&atio% is used to determi%e autori(ed users a%d u%autori(ed users.

It is %e&essary to veri/y te ide%tity o/ users tat are tryi%, to a&&ess resour&es /rom

te e%terprise %etwork be/ore tey are ,ive% te a&&ess. Fser aute%ti&atio% alsodetermi%es te a&&ess levelsC data retrieved or viewed by te users a%d ,ra%t

permissio% to &ertai% areas o/ te resour&es /rom te e%terprise.

!. pplia%&es > i%trusio% dete&tio% /irewalls

4irewalls mo%itors tra//i& &rossi%, %etwork parameter a%d prote&t e%terprises/rom u%autori(ed a&&ess. Te or,a%i(atio% sould desi,% a %etwork tat as a

/irewall i% pla&e o% every %etwork &o%%e&tio% betwee% te or,a%i(atio% a%d te

I%ter%et. Two &ommo%ly used types o/ /irewalls are pa&ketlevel /irewalls a%d

appli&atio%level /irewalls.Pa&ketlevel /irewall &e&ks te sour&e a%d desti%atio% address o/ every

pa&ket tat is tryi%, to passes trou, te %etwork. Pa&ketlevel /irewall o%ly lets teuser i% a%d out o/ te or,a%i(atio%?s %etwork o%ly i/ te users ave a% a&&eptable

pa&ket wit te &orrespo%de%t sour&e a%d desti%atio% address. Te pa&ket is &e&ked

i%dividually trou, teir TP port ID a%d IP address so tat it k%ows were te pa&ket is eadi%,. Disadva%ta,e o/ pa&ketlevel /irewall is tat it does %ot &e&k te

pa&ket &o%te%ts or wy tey are bei%, tra%smitted a%d resour&es tat are %ot disabled

are available to all users.

ppli&atio%level /irewall a&ts as a ost &omputer betwee% te or,a%i(atio%?s%etwork a%d te I%ter%et. Fsers wo wa%t to a&&ess te or,a%i(atio%?s %etwork must

/irst lo, i% to te appli&atio%level /irewall a%d o%ly allow te i%/ormatio% tey are

autori(ed /or. dva%ta,es /or usi%, appli&atio%level /irewall are$ users a&&ess level&o%trol a%d resour&es autori(atio% level. %ly resour&es tat are autori(ed are

a&&essible. I% &o%trast te user will ave to remember e8tra set o/ passwords we%

tey try to lo,i% trou, te I%ter%et.

3. *a%a,eme%t > ma%a,i%, se&urity poli&ies a&&ess allowa%&es a%d tra//i&

ma%a,eme%t

VPN?s %eed to be /le8ible to a &ompa%ies ma%a,eme%t some &ompa%ies &ooses toma%a,e all deployme%t a%d daily operatio% o/ teir VPN wile oters mi,t &oose

to outsour&e it to servi&e providers. I% our %e8t se&tio% we will dis&uss ow

busi%esses mi,t be%e/it /rom a produ&tive VPN a%d te &ost be%e/its o/impleme%ti%, a VPN.

Productivity and Cost Benefit

I% terms o/ produ&tivity VPN?s ave &ome a lo%, way. I% te past &o%&er%s over se&urity

a%d ma%a,eability oversadowed te be%e/its o/ mobility. Smaller or,a%i(atio%s ad to

&o%sider te additio%al time a%d &ost asso&iated wit providi%, IT support to employees


10/16

o% te move. 'ar,er &ompa%ies worried wit ,ood &ause about te possibility tat

providi%, mobile workers wit remote %etwork a&&ess would i%adverte%tly provide

a&kers wit a @ba&k doorA e%try to &orporate i%/ormatio% resour&es. #ut as e%duserte&%olo,ies like perso%al di,ital assista%ts PDs: a%d &ell po%es ave made mobility

more &ompelli%, /or employees te&%olo,y adva%&es o% te %etworki%, side ave

elped address IT &o%&er%s as we saw i% te previous se&tio%. Bit tese adva%&eme%tsi% te&%olo,y &omes better produ&tivity. VPN?s ave be&ome i%&reasi%,ly importa%t

be&ause tey e%able &ompa%ies to &reate e&o%omi&al temporary se&ure &ommu%i&atio%s

&a%%els a&ross te publi& I%ter%et so tat mobile workers &a% &o%%e&t to te &orporate'N.

VPN?s #e%e/it a &ompa%y i% te /ollowi%, ways

•


11/16

tu%%el tra//i&. Tis type o/ impleme%tatio% is a &ompromise betwee% a &ompa%y

a%d te servi&e provider.

/ter Impleme%tatio% te &ompa%y must make sure tat it as ade=uate support/or its e%d users. Tat?s were =uality o/ servi&e &omes i%.

%uality of &ervice '%"&(

Fsers o/ a widely s&attered VPN do %ot usually &are about te %etwork topolo,y

or te i, level o/ se&urityHe%&ryptio% or /irewalls tat a%dle teir tra//i&. Tey do%?t&are i/ te %etwork impleme%ters ave i%&orporated IPSe& tu%%els or G;< tu%%els. Bat

tey &are about is someti%, more /u%dame%tal su& as$

“Do I get acceptable response times when I access my mission criticalapplications from a remote office?”

&&epta%&e levels /or delays vary. Bile a user would be willi%, to put up wit a

/ew additio%al se&o%ds /or a /ile tra%s/er to &omplete te same user would ave lesstolera%&e /or similar delays we% a&&essi%, a database or we% ru%%i%, voi&e over a% IP

data %etwork.2oS 2uality o/ Servi&e: aims to e%sure tat your missio% &riti&al tra//i& as

a&&eptable per/orma%&e. I% te real world were ba%dwidt is limited a%d diverse

appli&atio%s /rom video&o%/ere%&i%, to


12/16


13/16

to teir dema%ds most produ&es are sta%di%, o% di//i&ult situatio% /or improvi%, VIP

VPN be&ause te voi&e is a ki%d o/ spe&ial re=uireme%t o/ low late%&y a%d Litter. *ost o/

people will &o%ti%ue to use voi&e &ommu%i&atio% by telepo%e tat is su&&ess/ullyimprovi%, wit low &osts.

Te !1st &e%tury i%vites %ew ways o/ viewi%, te &ommu%i&atio% %etworks.

ompa%ies tat previously ma%a,ed teir ow% &ommu%i&atio%s re=uireme%ts are u%iti%,wit servi&e providers tat &a% elp build up improve a%d ma%a,e teir %etworks o% a

,lobal s&ale. Tis ope%s up opportu%ities /or &o%ti%ued ,rowt i%&reased pro/itability

a%d te ,reatest a&ieveme%t /or bot servi&e providers a%d subs&ribers. I% te pastservi&e providers drew atte%tio% to lowerlevel tra%sport su& as leased li%es a%d /rame

relay. Nowadays servi&e providers team wit busi%ess &ustomers to meet teir

%etworki%, re=uireme%ts trou, virtual private %etworks VPNs:.

VPNs are te sour&e o/ /uture servi&es. Be% properly impleme%ted tey &a%simpli/y %etwork operatio%s wile redu&i%, &apital e8pe%ses. 4or most &ompa%ies te

starti%, poi%t is to &o%%e&t widely separated work,roups i% a% e//i&ie%t mo%eymaki%,

ma%%er. 4rom tere servi&e providers &a% i%/lue%&e te mai% te&%olo,y as a /ou%datio%

/or o//eri%, additio%al servi&es su& as appli&atio% osti%, video&o%/ere%&i%, a%d pa&ket telepo%y.

VPN elp servi&e providers build &ustomer loyalties wile deliveri%, %etworkservi&es tat are valuable to teir &ustomersM busi%ess operatio%s. Tis i%di&ates a%

opportu%ity to &apture %ew &ustomers as &ompa%ies swit& /rom yesterdayMs data

&ommu%i&atio%s strate,ies to todayMs more &ompree%sive at a%d solutio%s.

Conclusion

VPN is a% emer,i%, te&%olo,y tat as &ome a lo%, way. 4rom a% i%se&ure break o// o/ Publi& Telepo%e %etworks to a power/ul busi%ess aid tat uses te I%ter%et

as its ,ateway. VPN?s te&%olo,y is still developi%, a%d tis is a ,reat adva%ta,e to

busi%esses wi& %eed to ave te&%olo,y tat is able to s&ale a%d ,row alo%, wittem. Bit VPN busi%esses %ow ave alter%ative be%e/its to o//er to teir employees

employees &a% work /rom ome take &are o/ &ildre% wile still doi%, produ&tive a%d

ave a&&ess work related i%/ormatio% at a%ytime. VPN will also elp to make te possibility o/ a busi%ess e8pa%di%, its servi&es over lo%, dista%&es a%d ,lobally more o/

a reality.


14/16

Bibliography

primer /or Impleme%ti%, a is&o Virtual Private Network. 1999:. is&o Systems.;etrieved &tober 0 !""! /rom

ttp$HHwww.&is&o.&omHwarpHpubli&H&&HsoH%esoHvp%Hvp%eHvp%!1r,.tm

Te&%olo,y Guide /rom DT;N. !""1 September:. F%dersta%di%, Virtual Private

Networki%,. DT;N. ;etrieved &tober !0 !""! /rom

ttp$HHwww.adtra%.&omHallHDo&H"HDTG3+


15/16


16/16

%uestions

1. Bat is VPN

!. Bat is tu%%eli%,

3. Bat is te di//ere%&e betwee% outsour&i%, a%d i%ouse developme%t a%d

middle,rou%d impleme%tatio%6. Bat are te di//ere%&e betwee% remote a&&ess VPNs I%tra%et VPNs a%d

Remote VPN Guide Word Doc

Documents

Transcript of Remote VPN Guide Word Doc