Virtual Private Network

Presented By:

Shobha Ravikumar

Contents

• What is VPN?

• What Makes VPN?

• Types of VPN

• VPN Security

• Make VPN Connection

• Conclusion

What is VPN?

• Data transference on a shared network such as public data networks, on which data is delivered securely by applying some security measures on the data packets and the machines on the path, for example hosts (source computer and destination computer), routers (such as gateway routers and peer routers), and bridges.

• VPN is a private network which uses public network (Internet) to connect remote sites or users.

Virtual Private Network

A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs at remote offices or facilities and individual users connecting from out in the field.

What Makes VPN?Benefits of having VPN:• Extend geographic connectivity • Improve security • Reduce operational costs versus traditional WAN • Reduce transit time and transportation costs for remote users • Improve productivity • Simplify network topology • Provide global networking opportunities • Provide telecommuter support • Provide broadband networking compatibility • Provide faster ROI (return on investment) than traditional WAN

Types of VPN

Remote Access VPN:

• Virtual private dial up Network (VPDN): is a user to LAN connection used by a company who needs to connect to private network from remote places.

• a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network

Types of VPN

Site-to-Site VPN

Site-to-site VPNs can be one of two types:

• Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN

• Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.

Type of VPN

VPN: Security

A well-designed VPN uses several methods for keeping your connection and

data secure: » Firewalls » Encryption » IPSec » AAA Server

VPN Security: FireWall• A firewall provides a strong barrier between the private network and the

Internet.

• We can set firewalls to restrict the number of open ports, what type of packets are passed through and which protocols are allowed through.

• Some VPN products, such as Cisco’s 1700 routers, can be upgraded to include firewall capabilities by running the appropriate Cisco IOS on them.

Note: You should already have a good firewall in place before you implement a VPN, but a firewall can also be used to terminate the VPN sessions.

VPN Security: Encryption

• taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most computer encryption system belong in one of two categories:

– Symmetric-key encryption

– Public-key encryption

VPN Security: IPSec

• Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication.

VPN Security: IPSec

Two encryption modes: tunnel and transport.

• Tunnel: encrypts the header and the payload of each packet

• Transport: only encrypts the payload.

• Only systems that are IPSec compliant can take advantage of this protocol. Also, all devices must use a common key and the firewalls of each network must have very similar security policies set up.

VPN Security: AAA Servers

• AAA (authentication, authorization and accounting) servers: When a request to establish a session comes in from a dial-up client, the request is proxied to the AAA server. AAA then checks the following:

» Who you are (authentication) » What you are allowed to do (authorization) » What you actually do (accounting)

VPN Technologies

Depending on the type of VPN (remote-access or site-to-site), certain components are needed to build VPN. They are:

• Desktop software client for each remote user • Dedicated hardware such as a VPN concentrator or secure PIX firewall • Dedicated VPN server for dial-up services • NAS (network access server) used by service provider for remote-user VPN

access • VPN network and policy-management center

Make VPN Connection

To make a VPN connection we must be connected to internet.

Step 1:

Open Network Connections. (Click Start, click Control Panel, click Network and

Internet Connections, and then click Network Connections.)

Step 2:

Under Network Tasks, click Create a new connection, and then click Next.

Step 3:

On the Welcome to the New Connection Wizard page of the New Connection

Wizard, click Next.

Make VPN Connection

Step 4:

On the Network Connection Type page, click

Connect to the network at my workplace, and

then click Next as shown below.

Make VPN Connection

Step 5:

On the Network Connection page, click

Virtual Private Network connection, and

then click Next as shown below:

Make VPN Connection

Step 6:

On the Connection Name page, type the

name of the connection or your company

name, and then click Next. An example is

shown below.

Make VPN Connection

Step 7:

If you are using a dial-up connection to an

ISP to connect to the Internet, the

Public Network page is displayed. In

Automatically dial this initial connection,

select the name of the connection used to

dial your ISP, and then click Next.

Make VPN Connection

Step 8:

On the VPN Server Selection page, type

the Domain Name System (DNS)

name or Internet Protocol (IP) address of

your company's VPN server on the

Internet, and then click Next. An example

is shown below

Make VPN Connection

Step 9:

On the Completing the New Connection

Wizard page, click Finish.

Step 10:

A Connect dialog box is displayed. Type

the user name and password to

access your company's private network

and then click Connect. An example is

shown below.

Make VPN ConnectionNotes:

• You can create multiple VPN connections by copying them in the Network Connections folder. You can then rename the connections and modify connection settings. By doing so, you can easily create different connections to accommodate multiple hosts, security options, and so on.  

• If you have an active Winsock Proxy client, you cannot create a VPN connection. A Winsock Proxy client immediately redirects data to a configured proxy server before the data can be processed in the fashion required by a VPN connection. To establish a VPN connection, you should disable the Winsock Proxy client.

Conclusion

Let’s summarize the most important points.

• Intranet VPNs provide an interesting and affordable way for internal company communications, because they operate on a portion of the public or shared communication infrastructure.

• They use encryption and tunneling to protect confidential information, and provide the same level of reliability and performance as traditional Wide Area Networks.

• Intranet VPNs enable businesses to refocus their energy on core business objectives instead of networking needs, and reduce operations and bandwidth costs.

Questions?

References

[1] How Virtual Private Networks Work

http://computer.howstuffworks.com/vpn.htm

[2] Securing Virtual Private Networks (VPN)

http://www.developer.com/java/other/article.php/10936_3373431_1

[3] Use Virtual Private Networks for Secure Internet Data Transfer

http://www.microsoft.com/windowsxp/using/mobility/expert/vpns.mspx