1 / 82

Virtual Private Network (VPN)

Virtual Private Network (VPN). © N. Ganesan, Ph.D. Chapter Objectives. Chapter Modules. Primary Reference. VPN Overview by Microsoft . VPN. A virtual private network that is established over, in general, the Internet

wilma
Télécharger la présentation

Virtual Private Network (VPN)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Virtual Private Network (VPN) © N. Ganesan, Ph.D.

  2. Chapter Objectives

  3. Chapter Modules

  4. Primary Reference • VPN Overview by Microsoft

  5. VPN • A virtual private network that is established over, in general, the Internet • It is virtual because it exists as a virtual entity within a public network • It is private because it is confined to a set of private users

  6. Why is it a Virtual Private Network? • From the user’s perspective, it appears as a network consisting of dedicated network links • These links appear as if they are reserved for the VPN clientele • Because of encryption, the network appears to be private

  7. Example of a VPN

  8. VPN Major Characteristics • Must emulate a point-to-point link • Done by encapsulating the data that would facilitate allow it to travel the Internet to reach the end point • Must emulate a private link • Done by encrypting the data in the data packets

  9. Typical VPN Connection

  10. Tunnel and Connections • Tunnel • The portion of the network where the data is encapsulated • Connection • The portion of the network where the data is encrypted

  11. Application Areas • In general, provide users with connection to the corporate network regardless of their location • The alternative of using truly dedicated lines for a private network are expensive propositions

  12. Some Common Uses of VPN • Provide users with secured remote access over the Internet to corporate resources • Connect two computer networks securely over the Internet • Example: Connect a branch office network to the network in the head office • Secure part of a corporate network for security and confidentiality purpose

  13. Remote Access Over the Internet

  14. Connecting Two Computer Networks Securely

  15. Securing a Part of the Corporate Network

  16. Basic VPN Requirements • User Authentication • Address Management • Data Encryption • Key Management • Multi-protocol Support

  17. User Authentication • VPN must be able to verify user authentication and allow only authorized users to access the network

  18. Address Management • Assign addresses to clients and ensure that private addresses are kept private on the VPN

  19. Data Encryption • Encrypt and decrypt the data to ensure that others on the not have access to the data

  20. Key Management • Keys must be generated and refreshed for encryption at the server and the client • Note that keys are required for encryption

  21. Multi-protocol Support • The VPN technology must support commons protocols on the Internet such as IP, IPX etc.

  22. VPN Implementation Protocols • Point-to-Point Tunneling Protocol (PPTP) of Layer 2 Tunneling Protocol (L2TP) • IPSec

  23. More on Tunneling • Tunneling involves the encapsulation, transmission and decapsulation of data packets • The data is encapsulated with additional headers • The additional headers provide routing information for encapsulated data to be routed between the end points of a tunnel

  24. Tunneling

  25. Point-to-Point Tunneling Protocol (PPTP) • Encapsulate and encrypt the data to be sent over a corporate or public IP network

  26. Level 2 Tunneling Protocol • Encrypted and encapsulated to be sent over a communication links that support user datagram mode of transmission • Examples of links include X.25, Frame Relay and ATM

  27. IPSec Tunnel Mode • Encapsulate and encrypt in an IP header for transmission over an IP network

  28. Layer 2 Tunneling Protocols • PPTP • L2TP • Both encapsulate the payload in a PPP frame

  29. Layer 3 Tunneling Protocol • IPSec Tunneling Mode • Encapsulates the payload in an additional IP header

  30. PPP Format

  31. PPTP Format

  32. L2TP Format

  33. Windows Implementation of VPN • L2TP for tunneling • IPSec for encryption • Known as L2TP/IPSec

  34. Windows Implementation

  35. IPSec Tunnel Mode • Supports only IP networks

  36. Tunnel Types • Voluntary • VPN request is initiated by the client • The client remains the end point • Compulsory • VPN access server creates a compulsory tunnel for the client • In this case, the dial-up access server between the user’s computer and the tunnel server is the tunnel end point that acts as a client

  37. The Choice • Voluntary tunneling is used in most applications

  38. Other Important Protocols in VPN • Microsoft Point-to-Point Encryption (MPPE) • Extensible Authentication Protocol (EAP) • Remote Authentication Dial-in User Service (RADIUS)

  39. A Note on RADIUS

  40. Keys • Symmetric Keys • Asymmetric Keys

  41. Summary

  42. End of Module

  43. VPN Scenarios © N. Ganesan, Ph.D.

  44. Chapter Objectives

  45. Chapter Modules

  46. Reference

  47. Some Example Scenarios • VPN remote access for employees. • On-demand branch office access. • Persistent branch office access. • Extranet for business partners. • Dial-up and VPNs with RADIUS authentication

  48. VPN Remote Access for Employees

  49. VPN Remote Access for Employees

More Related