The vpn
-
Upload
abhinav-dwivedi -
Category
Technology
-
view
43 -
download
0
Transcript of The vpn
What is the Virtual Private
Network?
VPN is termed as the connectivity, deployed on a Shared
Infrastructure with the same policies and ‘Performance’
as a private Network.
A virtual private network can be contrasted with an
expensive system of owned or leased lines that can
only be used by one organisation.
The goal of a VPN is to provide the organisation with
the same capabilities, but at a much lower cost.
A VPN works by using the shared public
infrastructure while maintaining privacy
through security procedures and tunnelling
protocols.
In effect, the protocols, by encrypting data at the
sending end and decrypting it at the receiving end,
send the data through a “tunnel” that cannot be
“entered” by data that is not properly generated.
An additional level of security involves encrypting not
only the data, but also the originating and receiving
network addresses.
Intranet VPN
Extends the connectionless IP model across a shared
WAN—> Reduces application development time
—> Reduces support costs
—>Reduces line costs
Extranet VPN
Extends connectivity to suppliers, customers, and business partners.
Over a shared infrastructures.
Using dedicated connections
While ensuring proper level of authorised access
Benefits of VPN
Extend geographic connectivity
Improve security
Reduce operational costs versus traditional WAN.
Reduce transit time and transportation cost for remote users.
Improve Productivity
Simplify network
Provides global networking opportunities
Easy to configure
Provide telecommuter support
Used to access BLOCKED websites
A well-designed VPN uses several
methods for keeping your connection
and data secure:
Fire walls
Encryption
Sec
AAA server
VPN uses encryption to provide the data confidentiality.
Once connected, the VPN makes use of the tunnelling
mechanism to encapsulate encrypted data into a secure
tunnel, with openly read headers, which can cross the
public networks.
VPN also provides the data integrity check.This is
typically performed using a message digest to ensure
that the data has not been tampered with during
transmission.
VPN Security
Firewalls
Provides a strong barrier
between your private
network and the internet.
You can set firewalls to
restrict the numbers of
ports, what types of
packets are passed
through and which
protocols are allowed
through.
Encryption
Process of taking all the
data that one computer
is sending to another
and encoding it into a
form that only the other
computer will be able to
decode.
IPSec
Internet Protocol
Security Protocol
(IPSec) provides
enhanced security
features such as better
encryption algorithms
and more
comprehensive
authentication.
Creating Dial up VPN on
windows server 2008R2Conditions:
>IP address should be static
>firewall should be turned off
> computers must be in a network
>domain should be built already
Go to server manager, install the
RRAS role from the Administrative
tools.
Follow the onscreen instructions with
a desired choice of options as
according you want to build the VPN.
Hacking Attacks
VPN Hijacking is the unauthorised take-over of an
established VPN connection from a remote client, and
impersonating that client on the connecting network.
Man-in-Middle attacks affect traffic being sent between
communicating parties , and can include interception,
insertion, deletion, and modification of messages,
reflecting messages back at the sender, repaying old
messages and redirecting messages.
User Authentication
By default, VPN does not provide/enforce strong user
authentication. A VPN connection should only be
established by an authenticated user. If the
authentication is not strong enough to restrict
unauthorised access, an unauthorised party could
access the connected network and its resources. Most
VPN implementations provide limited authentications
methods. For example, PAP, used in PPTP, transports
both username and password in clear text. A third party
could capture this information and use it to gain
subsequent access to the network.
Client-Side risksThe VPN client machines of, say, home users may be
connected to the Internet via a standard broadband
connection while at the same time holding a VPN connection
to a private network, using split tunnelling. This may pose a
risk to the private network being connected to.
A client machine may also be shared with other parties who
are not fully aware of the security implications. In addition, a
laptop used by a mobile user may be connected to the
Internet, a wireless LAN at a hotel, airport or on other foreign
networks. However, the security protection in most of these
public connection points is inadequate for VPN access. If the
VPN client machine is compromised, either before or during
the connection, this poses a risk to the connecting network.
Virus/ Malware Infections
A connecting network can be compromised if the client
side is infected with a virus. If a virus or spyware infects
a client machine, there is chance that the password for
the VPN connection might be leaked to an attacker. In
the case of an intranet or extranet VPN connection, if
one network is infected by a virus or worm, that virus /
worm can be spread quickly to other networks if anti-
virus protection systems are ineffective.
Conclusion
VPN provides a means of accessing a secure, private,
internal network over insecure public networks such as
the Internet. A number of VPN technologies have been
outlined, among which IPsec and SSL VPN are the most
common. Although a secure communication channel
can be opened and tunnelled through an insecure
network via VPN, client side security should not be
overlooked.