Shobha Ravikumar - Virtual Private Networks (November 2, 2005)
-
Upload
networkingcentral -
Category
Documents
-
view
315 -
download
0
Transcript of Shobha Ravikumar - Virtual Private Networks (November 2, 2005)
Virtual Private Network
Presented By:
Shobha Ravikumar
Contents
• What is VPN?
• What Makes VPN?
• Types of VPN
• VPN Security
• Make VPN Connection
• Conclusion
What is VPN?
• Data transference on a shared network such as public data networks, on which data is delivered securely by applying some security measures on the data packets and the machines on the path, for example hosts (source computer and destination computer), routers (such as gateway routers and peer routers), and bridges.
• VPN is a private network which uses public network (Internet) to connect remote sites or users.
Virtual Private Network
A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs at remote offices or facilities and individual users connecting from out in the field.
What Makes VPN?Benefits of having VPN:• Extend geographic connectivity • Improve security • Reduce operational costs versus traditional WAN • Reduce transit time and transportation costs for remote users • Improve productivity • Simplify network topology • Provide global networking opportunities • Provide telecommuter support • Provide broadband networking compatibility • Provide faster ROI (return on investment) than traditional WAN
Types of VPN
Remote Access VPN:
• Virtual private dial up Network (VPDN): is a user to LAN connection used by a company who needs to connect to private network from remote places.
• a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network
Types of VPN
Site-to-Site VPN
Site-to-site VPNs can be one of two types:
• Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN
• Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.
Type of VPN
VPN: Security
A well-designed VPN uses several methods for keeping your connection and
data secure: » Firewalls » Encryption » IPSec » AAA Server
VPN Security: FireWall• A firewall provides a strong barrier between the private network and the
Internet.
• We can set firewalls to restrict the number of open ports, what type of packets are passed through and which protocols are allowed through.
• Some VPN products, such as Cisco’s 1700 routers, can be upgraded to include firewall capabilities by running the appropriate Cisco IOS on them.
Note: You should already have a good firewall in place before you implement a VPN, but a firewall can also be used to terminate the VPN sessions.
VPN Security: Encryption
• taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most computer encryption system belong in one of two categories:
– Symmetric-key encryption
– Public-key encryption
VPN Security: IPSec
• Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication.
VPN Security: IPSec
Two encryption modes: tunnel and transport.
• Tunnel: encrypts the header and the payload of each packet
• Transport: only encrypts the payload.
• Only systems that are IPSec compliant can take advantage of this protocol. Also, all devices must use a common key and the firewalls of each network must have very similar security policies set up.
VPN Security: AAA Servers
• AAA (authentication, authorization and accounting) servers: When a request to establish a session comes in from a dial-up client, the request is proxied to the AAA server. AAA then checks the following:
» Who you are (authentication) » What you are allowed to do (authorization) » What you actually do (accounting)
VPN Technologies
Depending on the type of VPN (remote-access or site-to-site), certain components are needed to build VPN. They are:
• Desktop software client for each remote user • Dedicated hardware such as a VPN concentrator or secure PIX firewall • Dedicated VPN server for dial-up services • NAS (network access server) used by service provider for remote-user VPN
access • VPN network and policy-management center
Make VPN Connection
To make a VPN connection we must be connected to internet.
Step 1:
Open Network Connections. (Click Start, click Control Panel, click Network and
Internet Connections, and then click Network Connections.)
Step 2:
Under Network Tasks, click Create a new connection, and then click Next.
Step 3:
On the Welcome to the New Connection Wizard page of the New Connection
Wizard, click Next.
Make VPN Connection
Step 4:
On the Network Connection Type page, click
Connect to the network at my workplace, and
then click Next as shown below.
Make VPN Connection
Step 5:
On the Network Connection page, click
Virtual Private Network connection, and
then click Next as shown below:
Make VPN Connection
Step 6:
On the Connection Name page, type the
name of the connection or your company
name, and then click Next. An example is
shown below.
Make VPN Connection
Step 7:
If you are using a dial-up connection to an
ISP to connect to the Internet, the
Public Network page is displayed. In
Automatically dial this initial connection,
select the name of the connection used to
dial your ISP, and then click Next.
Make VPN Connection
Step 8:
On the VPN Server Selection page, type
the Domain Name System (DNS)
name or Internet Protocol (IP) address of
your company's VPN server on the
Internet, and then click Next. An example
is shown below
Make VPN Connection
Step 9:
On the Completing the New Connection
Wizard page, click Finish.
Step 10:
A Connect dialog box is displayed. Type
the user name and password to
access your company's private network
and then click Connect. An example is
shown below.
Make VPN ConnectionNotes:
• You can create multiple VPN connections by copying them in the Network Connections folder. You can then rename the connections and modify connection settings. By doing so, you can easily create different connections to accommodate multiple hosts, security options, and so on.
• If you have an active Winsock Proxy client, you cannot create a VPN connection. A Winsock Proxy client immediately redirects data to a configured proxy server before the data can be processed in the fashion required by a VPN connection. To establish a VPN connection, you should disable the Winsock Proxy client.
Conclusion
Let’s summarize the most important points.
• Intranet VPNs provide an interesting and affordable way for internal company communications, because they operate on a portion of the public or shared communication infrastructure.
• They use encryption and tunneling to protect confidential information, and provide the same level of reliability and performance as traditional Wide Area Networks.
• Intranet VPNs enable businesses to refocus their energy on core business objectives instead of networking needs, and reduce operations and bandwidth costs.
Questions?
References
[1] How Virtual Private Networks Work
http://computer.howstuffworks.com/vpn.htm
[2] Securing Virtual Private Networks (VPN)
http://www.developer.com/java/other/article.php/10936_3373431_1
[3] Use Virtual Private Networks for Secure Internet Data Transfer
http://www.microsoft.com/windowsxp/using/mobility/expert/vpns.mspx