240 likes | 411 Vues
Virtual Private Network (VPN). SCSC 455. VPN. A virtual private network that is established over, in general, the Internet It is virtual because it exists as a virtual entity within a public network It is private because it is confined to a set of private users.
E N D
Virtual Private Network (VPN) SCSC 455
VPN • A virtual private network that is established over, in general, the Internet • It is virtual because it exists as a virtual entity within a public network • It is private because it is confined to a set of private users
Private Networks vs. Virtual Private Networks • Employees can access the network (Intranet) from remote locations. • Secured networks. • The Internet is used as the backbone for VPNs • Saves cost tremendously from reduction of equipment and maintenance costs. • Scalability
Why is it a Virtual Private Network? • From the user’s perspective, it appears as a network consisting of dedicated network links • These links appear as if they are reserved for the VPN client • Because of encryption, the network appears to be private
Tunnel and Connections • Tunnel • The portion of the network where the data is encapsulated • Connection • The portion of the network where the data is encrypted
Application Areas • In general, provide users with connection to the corporate network regardless of their location • The alternative of using truly dedicated lines for a private network are expensive propositions
Some Common Uses of VPN • Provide users with secured remote access over the Internet to corporate resources • Connect two computer networks securely over the Internet • Example: Connect a branch office network to the network in the head office • Secure part of a corporate network for security and confidentiality purpose
Basic VPN Requirements • User Authentication • VPN must be able to verify user authentication and allow only authorized users to access the network • Address Management • Assign addresses to clients and ensure that private addresses are kept private on the VPN • Data Encryption • Encrypt and decrypt the data to ensure that others on the not have access to the data • Key Management • Keys must be generated and refreshed for encryption at the server and the client • Multi-protocol Support • The VPN technology must support commons protocols on the Internet such as IP, IPX etc.
VPN Implementation Protocols • Point-to-Point Tunneling Protocol (PPTP) of Layer 2 Tunneling Protocol (L2TP) • IPSec
More on Tunneling • Tunneling involves the encapsulation, transmission and decapsulation of data packets • The data is encapsulated with additional headers • The additional headers provide routing information for encapsulated data to be routed between the end points of a tunnel
Point-to-Point Tunneling Protocol (PPTP) • Encapsulate and encrypt the data to be sent over a corporate or public IP network
Level 2 Tunneling Protocol • Encrypted and encapsulated to be sent over a communication links that support user datagram mode of transmission • Examples of links include X.25, Frame Relay and ATM
IPSec Tunnel Mode • Encapsulate and encrypt in an IP header for transmission over an IP network
Layer 2 Tunneling Protocols • PPTP • L2TP • Both encapsulate the payload in a PPP frame
Layer 3 Tunneling Protocol • IPSec Tunneling Mode • Encapsulates the payload in an additional IP header
Other Important Protocols in VPN • Microsoft Point-to-Point Encryption (MPPE) • Extensible Authentication Protocol (EAP) • Remote Authentication Dial-in User Service (RADIUS)
Some Example Scenarios • VPN remote access for employees. • On-demand branch office access. • Persistent branch office access. • Extranet for business partners. • Dial-up and VPNs with RADIUS authentication