Virtual%20Private%20Networking

1
Virtual Private Networking

• Karlene R. Samuels
• COSC513

2
What is a VPN

• A VPN provides end users with a way to
  privately access information on their corporate
  network (eg. an Intranet) over a public network
  infrastructure such as the Internet. The
  virtual in VPN is software used to create a
  special link between network devices. These
  systems use security devices to ensure that only
  authorized users access the network and that
  unintended recipients cant intercept the data.

3
Why use a VPN

• Cost Savings
• Security
• Scalability
• Compatibility with Broadband Technology

4
Cost

• Lower line access charges compared to WATS or
  long-distance
• Reduced capital costs - ISP maintains dial-up
  infrastructure
• Reduced corporate hardware support costs

5
Security

• VPNs allow a corporation to ensure that all
  network traffic is private. If a VPN is set up
  between site A and site B, all traffic between
  those sites will be encrypted. VPNs uses several
  security methods to protect information. These
  methods must authenticate users attempting to
  access sensitive resources and ensure integrity
  of the data.

6
Security Methods

• Cryptography PKI
• Secure protocols SSL and TLS
• Tunneling protocols PPTP and IPSec

7
Implementing a VPN

• Tunneling
• Encryption-Based VPNs
• Frame-Relay PVC Networking

8
Tunneling

• VPNs use tunneling technology, also known as
  encapsulation, which allows a network to send
  data via connections from another network such as
  the Internet. This allows geographically
  separated computers to connect. Tunnel is a way
  of packaging network communication packets inside
  another network. Tunneling works by enclosing a
  network protocol within packets carried by the
  second network, allowing one type of network, or
  protocol, to be wrapped in another type of
  network.

9
Encryption-Based VPNs

• Encryption-based VPNs create a VPN using the
  public Internet infrastructure. A corporation
  can connects to the Internet from a office
  location. Encryption-based VPNs are the easiest
  type of ISP-based private network to create.
  Each branch office connects to any ISP user must
  have access to Internet. An encryption device
  (typically a router or firewall) is placed at
  each location. The encryption devices receive
  encrypted data from the other locations and
  perform the appropriate decryption.

10
Encryption-Based VPNs
11
Frame-Relay PVC Networking

• Frame-Relay PVC is technology available to
  homogeneous frame-relay networks
• The ISP must be able to implement the frame relay
  networking protocol across its entire network
• A VPN can be implemented using this technology
• Each PVC acts logically as a private circuit and
  carries data for one customer.
• Frame-relay offers high security because
  sensitive corporate data is not transmitted to
  public Internet

12
Subinterface Model
13
Frame-Relay PVC Networking
14
Challenges to Implementation

• Selecting a VPN protocol (PPTP, IPSec, L2TP)
• Departmental Budgets
• Selecting an Authentication Scheme
• Support Staff and End-User Training
• End-user Resistance to Change

15
Summary

• Cost-effective way to extend the enterprise
  network
• Selection of encryption/authentication methods is
  critical
• ISP maintains the dial-up infrastructure
• Performance may be slower than current modem
  access due to encryption overhead
• User resistance to change is a major factor

16
References

• http//www.avol10.com/fwvpns.html
• http//www.networkcomputing.com
• http//www.iec.org/tutorials/int_vpn/.html