Virtual Private NetworksEd WagnerCS 7493

Overview

• Introduction• Types of VPNs• Encrypting and Tunneling• Pro/Cons the VPNs• Conclusion

Introduction

• Virtual Private Network o a secure network that uses primarily public

telecommunication infrastructures, such as the internet, to provide remote offices or traveling users an access to a centralized organizational network.

Types of VPNs

• PPTP• IPSEC• L2TP• OpenVPN (SSL)• Hybrid VPN• MPLS VPN

PPTP

• Point to Point Tunneling Protocolo The most common and widely used VPN.o Defined in RFC 2637, in 1999o Developed by Microsof and 3com.o PPTP uses a control channel over TCP and a GRE

tunnel operating to encapsulate PPP packets.o PPTP does not specified encryption or

authentication. Security and authentication provided by the

Microsoft PPTP software stack.o Authentication and Encryption

Authentication - MS-CHAPv2 Encryption - Microsoft Point to Point Encryption

(MPPE) - RC4 stream cipher

PPTP

• Pros/Cons of PPTP+ Cheap to setup - not as

secure+ pre-existing technology - security not

native

IPSEC

• Internet Protocol Security Protocolo a protocol suite for securing IP communications by

authenticating and encrypting each IP packet.o Developed at the Naval Research Lab.o Operates in the OSI layer 3, much lower than other

VPN protocols.o 2 modes of transmission:

Tunnel - entire packet is encrypted , then encapsulated in a new ip packet.• used in network to network vpns, and host to network vpn• NAT transversal

Transport - Only the payload of the IP packet is encrypted

o When the authentication header effects routing, use NAT-T

IPSEC

Pros/Cons of IPSEC+ Highest security+ when used with l2tp, data is encapsulated

twice.- harder to setup- possible routing issues- requires more processing power

L2TP

• Layer 2 Tunneling Protocolo a tunneling protocol used to support vpns.o does not provide any encryption or authentication

usually used encrypted with IPsec.o Proposed in 1999, RFC 2661o Entire packet, both header and payload are sent as

a UDP packet on port 1701.

L2TP

• Pros/Cons of L2TP+ native windows support+ feature rich backend allows use of other

protocols- No native security- slower than other vpn sources

OpenVPN

• An open source software applications that implements VPN techniques for creating secure point to point or site to site connections in routed/bridged networks

• Created in 2002, by James Yonan• Uses SSL for encryption• Authentication is done with pre-shared keys

OpenVPN

Pros/Cons of OpenVPN+ great community support+ free+ easy to setup- SSL can require more processing power.

Hybrid VPNs

• Hybrid VPN servers are able to accept connections from multiple types of VPN clients.

• For example, combining the features of SSL and IPSEC

Hybrid VPNS

Pros/Cons of Hybrid+ Ability to use different protocols to provide

greater usage.- expensive to implement.

MPLS VPN

• Multi-Protocol Label Switchingo a family of methods for harnessing the power of

multiprotocol label switching to create VPNs. o MPLS VPNs give network engineers the flexibility to

transport and route several types of network traffic using the technologies of a MPLS backbone Related to telecommunication standards

MPLS

Pros/Cons of MPLS+ use of different network technologies to

provide a VPN network.- Not easy to setup.

Encrypting and Tunneling

• Encryptingo Encoding a packet of information using a known and

tested algorithm.o Ex: IPsec, MPPE

• Tunnelingo Creating a path where all packets are routed to the

next path in the circuit, whether encrypted or not.o Ex: L2TP, PPTP (not with MPPE)

Conclusion

There are various options for VPNs. The major factors for an SA setting up a VPN network would be the Needs for Mobility, the complexity of security, and the expense that will be used to implement the VPN

Questions?

Works cited• http://en.wikipedia.org/wiki/Virtual_private_network

• http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol

• http://techpp.com/2010/07/16/different-types-of-vpn-protocols/

• http://www.alliancedatacom.com/how-vpn-works.asp

• http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol

• http://en.wikipedia.org/wiki/OpenVPN