820 likes | 1.15k Vues
Virtual Private Network (VPN). © N. Ganesan, Ph.D. Chapter Objectives. Chapter Modules. Primary Reference. VPN Overview by Microsoft . VPN. A virtual private network that is established over, in general, the Internet
E N D
Virtual Private Network (VPN) © N. Ganesan, Ph.D.
Primary Reference • VPN Overview by Microsoft
VPN • A virtual private network that is established over, in general, the Internet • It is virtual because it exists as a virtual entity within a public network • It is private because it is confined to a set of private users
Why is it a Virtual Private Network? • From the user’s perspective, it appears as a network consisting of dedicated network links • These links appear as if they are reserved for the VPN clientele • Because of encryption, the network appears to be private
VPN Major Characteristics • Must emulate a point-to-point link • Done by encapsulating the data that would facilitate allow it to travel the Internet to reach the end point • Must emulate a private link • Done by encrypting the data in the data packets
Tunnel and Connections • Tunnel • The portion of the network where the data is encapsulated • Connection • The portion of the network where the data is encrypted
Application Areas • In general, provide users with connection to the corporate network regardless of their location • The alternative of using truly dedicated lines for a private network are expensive propositions
Some Common Uses of VPN • Provide users with secured remote access over the Internet to corporate resources • Connect two computer networks securely over the Internet • Example: Connect a branch office network to the network in the head office • Secure part of a corporate network for security and confidentiality purpose
Basic VPN Requirements • User Authentication • Address Management • Data Encryption • Key Management • Multi-protocol Support
User Authentication • VPN must be able to verify user authentication and allow only authorized users to access the network
Address Management • Assign addresses to clients and ensure that private addresses are kept private on the VPN
Data Encryption • Encrypt and decrypt the data to ensure that others on the not have access to the data
Key Management • Keys must be generated and refreshed for encryption at the server and the client • Note that keys are required for encryption
Multi-protocol Support • The VPN technology must support commons protocols on the Internet such as IP, IPX etc.
VPN Implementation Protocols • Point-to-Point Tunneling Protocol (PPTP) of Layer 2 Tunneling Protocol (L2TP) • IPSec
More on Tunneling • Tunneling involves the encapsulation, transmission and decapsulation of data packets • The data is encapsulated with additional headers • The additional headers provide routing information for encapsulated data to be routed between the end points of a tunnel
Point-to-Point Tunneling Protocol (PPTP) • Encapsulate and encrypt the data to be sent over a corporate or public IP network
Level 2 Tunneling Protocol • Encrypted and encapsulated to be sent over a communication links that support user datagram mode of transmission • Examples of links include X.25, Frame Relay and ATM
IPSec Tunnel Mode • Encapsulate and encrypt in an IP header for transmission over an IP network
Layer 2 Tunneling Protocols • PPTP • L2TP • Both encapsulate the payload in a PPP frame
Layer 3 Tunneling Protocol • IPSec Tunneling Mode • Encapsulates the payload in an additional IP header
Windows Implementation of VPN • L2TP for tunneling • IPSec for encryption • Known as L2TP/IPSec
IPSec Tunnel Mode • Supports only IP networks
Tunnel Types • Voluntary • VPN request is initiated by the client • The client remains the end point • Compulsory • VPN access server creates a compulsory tunnel for the client • In this case, the dial-up access server between the user’s computer and the tunnel server is the tunnel end point that acts as a client
The Choice • Voluntary tunneling is used in most applications
Other Important Protocols in VPN • Microsoft Point-to-Point Encryption (MPPE) • Extensible Authentication Protocol (EAP) • Remote Authentication Dial-in User Service (RADIUS)
Keys • Symmetric Keys • Asymmetric Keys
VPN Scenarios © N. Ganesan, Ph.D.
Some Example Scenarios • VPN remote access for employees. • On-demand branch office access. • Persistent branch office access. • Extranet for business partners. • Dial-up and VPNs with RADIUS authentication