The Virtual Private Network

A quick

overviewCreated By : Abhinav Dwivedi

What is the Virtual Private

Network?

VPN is termed as the connectivity, deployed on a Shared

Infrastructure with the same policies and ‘Performance’

as a private Network.

A virtual private network can be contrasted with an

expensive system of owned or leased lines that can

only be used by one organisation.

The goal of a VPN is to provide the organisation with

the same capabilities, but at a much lower cost.

A VPN works by using the shared public

infrastructure while maintaining privacy

through security procedures and tunnelling

protocols.

In effect, the protocols, by encrypting data at the

sending end and decrypting it at the receiving end,

send the data through a “tunnel” that cannot be

“entered” by data that is not properly generated.

An additional level of security involves encrypting not

only the data, but also the originating and receiving

network addresses.

How does the VPN works?

Types of VPN

Intranet VPN

Extends the connectionless IP model across a shared

WAN—> Reduces application development time

—> Reduces support costs

—>Reduces line costs

Extranet VPN

Extends connectivity to suppliers, customers, and business partners.

Over a shared infrastructures.

Using dedicated connections

While ensuring proper level of authorised access

Router/Firewall initiated

VPN

For site to site connectivity - internets and extranets.

Benefits of VPN

Extend geographic connectivity

Improve security

Reduce operational costs versus traditional WAN.

Reduce transit time and transportation cost for remote users.

Improve Productivity

Simplify network

Provides global networking opportunities

Easy to configure

Provide telecommuter support

Used to access BLOCKED websites

VPN Security

A well-designed VPN uses several

methods for keeping your connection

and data secure:

Fire walls

Encryption

Sec

AAA server

VPN uses encryption to provide the data confidentiality.

Once connected, the VPN makes use of the tunnelling

mechanism to encapsulate encrypted data into a secure

tunnel, with openly read headers, which can cross the

public networks.

VPN also provides the data integrity check.This is

typically performed using a message digest to ensure

that the data has not been tampered with during

transmission.

VPN Security

Firewalls

Provides a strong barrier

between your private

network and the internet.

You can set firewalls to

restrict the numbers of

ports, what types of

packets are passed

through and which

protocols are allowed

through.

Encryption

Process of taking all the

data that one computer

is sending to another

and encoding it into a

form that only the other

computer will be able to

decode.

IPSec

Internet Protocol

Security Protocol

(IPSec) provides

enhanced security

features such as better

encryption algorithms

and more

comprehensive

authentication.

Creating Dial up VPN on

windows server 2008R2Conditions:

>IP address should be static

>firewall should be turned off

> computers must be in a network

>domain should be built already

Go to server manager, install the

RRAS role from the Administrative

tools.

Follow the onscreen instructions with

a desired choice of options as

according you want to build the VPN.

Risks and Limitations

Hacking Attacks

VPN Hijacking is the unauthorised take-over of an

established VPN connection from a remote client, and

impersonating that client on the connecting network.

Man-in-Middle attacks affect traffic being sent between

communicating parties , and can include interception,

insertion, deletion, and modification of messages,

reflecting messages back at the sender, repaying old

messages and redirecting messages.

User Authentication

By default, VPN does not provide/enforce strong user

authentication. A VPN connection should only be

established by an authenticated user. If the

authentication is not strong enough to restrict

unauthorised access, an unauthorised party could

access the connected network and its resources. Most

VPN implementations provide limited authentications

methods. For example, PAP, used in PPTP, transports

both username and password in clear text. A third party

could capture this information and use it to gain

subsequent access to the network.

Client-Side risksThe VPN client machines of, say, home users may be

connected to the Internet via a standard broadband

connection while at the same time holding a VPN connection

to a private network, using split tunnelling. This may pose a

risk to the private network being connected to.

A client machine may also be shared with other parties who

are not fully aware of the security implications. In addition, a

laptop used by a mobile user may be connected to the

Internet, a wireless LAN at a hotel, airport or on other foreign

networks. However, the security protection in most of these

public connection points is inadequate for VPN access. If the

VPN client machine is compromised, either before or during

the connection, this poses a risk to the connecting network.

Virus/ Malware Infections

A connecting network can be compromised if the client

side is infected with a virus. If a virus or spyware infects

a client machine, there is chance that the password for

the VPN connection might be leaked to an attacker. In

the case of an intranet or extranet VPN connection, if

one network is infected by a virus or worm, that virus /

worm can be spread quickly to other networks if anti-

virus protection systems are ineffective.

Conclusion

VPN provides a means of accessing a secure, private,

internal network over insecure public networks such as

the Internet. A number of VPN technologies have been

outlined, among which IPsec and SSL VPN are the most

common. Although a secure communication channel

can be opened and tunnelled through an insecure

network via VPN, client side security should not be

overlooked.

–Abhinav Dwivedi

“Thank You”

Made by Apple Keynote