370 likes | 452 Vues
outline. What is a VPN? Types of VPN Why use VPNs? Disadvantage of VPN Types of VPN protocols Encryption. What is a VPN?. A VPN is A network that uses Internet or other network service to transmit data.
E N D
outline What is a VPN? Types of VPN Why use VPNs? Disadvantage of VPN Types of VPN protocols Encryption
What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and encryption to protect data integrity and confidentiality VPN VPN Internet
Types of VPNs Remote Access VPN Provides access to internal corporate network over the Internet. Reduces long distance, modem bank, and technical support costs. Corporate Site Internet
Types of VPNs Remote Access VPN Site-to-Site VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines Corporate Site Internet Branch Office
Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs Corporate Site Internet Partner #2 Partner #1
Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Intranet VPN: Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections. Database Server LAN clients Internet LAN clients with sensitive data
Why Use Virtual Private Networks? More flexibility Use multiple connection types (cable, DSL, T1, T3) Secure and low-cost way to link Ubiquitous ISP services Easier E-commerce
Why Use Virtual Private Networks? More flexibility More scalability Add new sites, users quickly Scale bandwidth to meet demand
Why Use Virtual Private Networks? More flexibility More scalability Lower costs Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical training and support
VPN Return on Investment 5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88% Check Point Non-VPN Savings with VPN Solution Solution Check Point Startup Costs Existing; (Hardware $51,965 sunk costs = and Software) $0 Site-to-Site $41,180 /yr $30,485 $71,664 Frame relay Annual Cost RAS $556,800 /yr $48,000 $604,800 Dial-in costs Annual Cost Combined $597,980 /yr $78,485 $676,464 Annual Cost Case History – Professional Services Company
Disadvantages of VPN Lower bandwidth available compared to dial-in line Inconsistent remote access performance due to changes in Internet connectivity No entrance into the network if the Internet connection is broken
Point-to-Point Tunneling Protocol (PPTP) Layer 2 remote access VPN distributed with Windows product family Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 Protocols Uses proprietary authentication and encryption (MPPE ) Limited user management and scalability Used MPPE encryption method Internet Corporate Network Remote PPTP Client PPTP RAS Server ISP Remote Access Switch
Layer 2 Tunneling Protocol (L2TP) Layer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Addition to Point-to-Point Protocol (PPP) Must be combined with IPSec for enterprise-level security Internet Corporate Network Remote L2TP Client L2TP Server ISP L2TP Concentrator
Internet Protocol Security (IPSec) Layer 3 protocol for remote access, intranet, and extranet VPNs Internet standard for VPNs Provides flexible encryption and message authentication/integrity
Encryption Used to convert data to a secret code for transmission over an trusted network Encrypted Text Clear Text Encryption Algorithm “The cow jumped over the moon” “4hsd4e3mjvd3sd a1d38esdf2w4d”
Symmetric Encryption Same key used to encrypt and decrypt message Faster than asymmetric encryption Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5 Shared Secret Key Data Encryption Standard Rivest Cipher
Asymmetric Encryption Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or message integrity Examples include RSA, DSA, SHA-1, MD-5 Bob Alice Alice Private Key Decrypt Alice Public Key Encrypt Rivest, Shamir and Adleman Digital Signature Algorithm Sha Hash Algorithm Message-Digest algorithm 5
Industries That May Use a VPN Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely Retail: able to securely transfer sales data or customer info between stores & the headquarters Banking/Financial: enables account information to be transferred safely within departments & branches GeneralBusiness: communication between remote employees can be securely exchanged
Resource: www.vpnc.org/vpn-technologies.pdf www.adtran.com/ www.cisco.com/ipsec_wp.htm www.computerworld.com www.findvpn.com www.wikipedia.org