VPN

Virtual Private

Networks









Ba 378 Winter 2006

What is a VPN?

• A VPN is a private network linked to a public

network, using the internet as its transfer

mechanism. It also attempts to maintain

security during transfer of information

• The most common configuration is to have a

single main internal network with remote nodes

using VPN to gain full access to the central net.

• The remote nodes are commonly remote

offices or employees working from home. You

can also link two small (or large) networks to

form an even larger single network.

http://www.tldp.org/HOWTO/VPN-HOWTO/x192.html

VPNs as islands

• VPNs work like islands

• The ocean can be seen as the internet

• To get to each island a bridge must be built,

even though it may be costly at first hand. It is

beneficial in the end. (Leased Lines)

• Submarines are given to each person who attain

a leased line.

• Each remote member can communicate in a

safe and reliable manner .



http://www.alliancedatacom.com/how-vpn-works.asp

TYPES OF VPN’S

2 Common Types



 Remote Access VPN

 Site to Site VPN

- Intranet VPN

- Extranet VPN

Remote Access VPN

What is it?



• “Virtual Private dial-up network”

• User to LAN connection

• Enables employees to connect to private

network from remote locations









http://computer.howstuffworks.com/vpn2.htm

Remote Access VPN

How does it work?

• Company out sources to an enterprise service

provider (ESP)

• ESP sets up a network access server (NAS)

• Telecommuters receive desktop client

software for computer

• Employees dial toll free number on computer

to connect to NAS and use client software to

tap into company network







http://computer.howstuffworks.com/vpn2.htm

Site to Site VPN

What is it and How does it work?

 Intranet-based

- One or more remote locations connect to a single private

network

-Connects LAN to LAN

 Extranet-based

-Close relationship with another company

-Connects LAN to LAN

-Various companies can work in shared environment









http://computer.howstuffworks.com/vpn3.htm

3 VPN TYPES









http://computer.howstuffworks.com/vpn2.htm

VPN Security

With VPN now expanding not only

through businesses but through

out the globe and connecting

several businesses together

through LANs, WANs, and

Wireless networks, security is

more important than ever

Integrated Security Systems

An integrated system provides greater risk

reduction than any individual product or

combination security devices, regardless of

features or performance. Using the network

to provide a common security architecture:

• reduces complexity

• enables tighter integration

• closes risk gaps

• provides greater visibility of end-to-end

security





http://www.cisco.com/en/US/products/hw/vpndevc/products_category_technologies_overview.html

Well designed VPNs incorporate the

following characteristics:

• Integrated: Every element of the network acts as a point

of defense including software and hardware

• Collaborative: Various network components work

together to provide a means of protection. Security

involves cooperation between endpoints, network

elements, and policy enforcement

• Adaptive: The system can recognize new threats as the

arrive. Mutual awareness can exist among and between

security services and network intelligence, thus

increasing security effectiveness to new threats.







http://www.cisco.com/en/US/products/hw/vpndevc/products_category_technologies_overview.html

VPN Security Methods

A well designed VPN uses several methods

for keeping the connection and data secure,

these are some of them:

• Firewalls

• Encryption

• IPSec

• AAA Servers







http://computer.howstuffworks.com/vpn.htm

Firewall

“A firewall is simply a program or

hardware device that filters the

information coming through the

Internet connection into your private

network or computer system. If an

incoming packet of information is

flagged by the filters, it is not allowed

through.”







http://computer.howstuffworks.com/vpn.htm

Firewall

Firewalls are an important part of the

security system because they will help

stop hackers, viruses, spyware, and other

harmful things that are associated with the

internet from entering the company’s

computer system.









http://computer.howstuffworks.com/vpn.htm

Encryption

“Encryption is the process of taking all the

data that one computer is sending to

another and encoding it into a form that

only the other computer will be able to

decode.” Most computer systems use

one of the following:

• Symmetric-key encryption

• Public-key encryption





http://computer.howstuffworks.com/vpn.htm

Symmetric-key encryption

• Each computer has a secret key that it can use to

encrypt information before it is sent over the network to

another computer

• Symmetric-key requires that you know which

computers will be talking to each other so you can

install the key on each one

• Symmetric-key encryption is essentially the same as a

secret code that each of the two computers must know

in order to decode the information. The code provides

the key to decoding the message.









http://computer.howstuffworks.com/vpn.htm

Example

• “You create a coded message to send to a friend in

which each letter is substituted with the letter that is two

down from it in the alphabet. So "A" becomes "C," and

"B" becomes "D". You have already told a trusted friend

that the code is "Shift by 2". Your friend gets the

message and decodes it. Anyone else who sees the

message will see only nonsense.”









http://computer.howstuffworks.com/vpn.htm

Public-key encryption

• This encryption uses a combination of a private key and a

public key

• The private key is known only to your computer, while the

public key is given by your computer to any computer that

wants to communicate securely with it

• To decode an encrypted message, a computer must use the

public key, provided by the originating computer, and its

own private key









http://computer.howstuffworks.com/vpn.htm

Public-key encryption

• The most popular public-key encryption is

called Pretty Good Privacy (PGP)

• This program lets you encrypt just about

anything. ie email, hard drives, media,

etc.

• For more information PGP









http://computer.howstuffworks.com/vpn.htm

IPSec

• IPSec stands for Internet Protocol Security

Protocol

• It provides enhanced security features such

as better encryption algorithms and more

comprehensive authentication

• There are two types of encryption: tunneling

and transport









http://computer.howstuffworks.com/vpn.htm

Tunneling and transporting

• Tunneling encryption encrypts each

packet that is sent

• Transport encryption encrypts the entire

package as a whole that is sent









http://computer.howstuffworks.com/vpn.htm

Overview of a VPN and its security points









Photo courtesy Cisco Systems, Inc.

A remote-access VPN utilizing IPSec



http://computer.howstuffworks.com/vpn.htm

AAA Servers

• AAA stands for authentication, authorization

and accounting

• These servers are used for a more secure

access for remote-access VPN

environments









http://computer.howstuffworks.com/vpn.htm

AAA Servers

• When a AAA server gets a request to

establish a session, it asks the following

questions:

• Who you are (authentication)?

• What you are allowed to do (authorization)?

• What you actually do (accounting)?









http://computer.howstuffworks.com/vpn.htm

Who uses VPNs?

• Companies and organizations

– Employees work at home or traveling

• Retail sector

– Usually have multiple sites

• Universities

– Allow students and faculty to access

information off site

Providers of VPNs

• Company can build own

– Purchase software

– Use of a router

• Can outsource

– Mostly internet service providers (ISPs) and

interexchange carriers (IXCs)

– Less managing and logistics involved









http://compnetworking.about.com/gi/dynamic/offsite.htm?site=http%3A%2F%2Fwww.informationweek.com%2F780%

2Fvpn.htm

http://www.techsoup.org/howto/articles/networks/page1352.cfm?cg=searchterms&sg=Virtual%20Private%20Network

How much does VPNs cost?

• Prices vary by each provider

• Additional options available such as network

management, user authentication, firewalls,

encryption

• Savings

– Infonetics reports $1,000 average savings per

remote worker per year

– Cisco’s study states savings of $600 to $1,800 per

remote worker per year.





http://www.bcr.com/architecture/remote_access/do-it-yourself_vpns_20020519302.htm

Pros and Cons of VPNs

Price Vs. Added-Value



• Added-Value

Added-Value

– Efficiency

35



– Security 30

25



– Geographic Distance 20

15

VPN

No VPN



– Satisfaction 10

5



• Poor Maintenance 0

1 2 3 4 5 6

Components of a good VPN

A Good VPN Should…

It must offer security to the users while accessing their data.

Security

It should be updated and maintained within the means of the company.

Maintenance

The VPN needs to add to the productivity and quality of the company.

Efficiency

It should be a network that can be counted-on.

Reliability

The benefits must outweigh the costs of the VPN.

Price

It should span far enough to meet the needs of the company.

Breadth

The VPN must enhance and compliment the goals of the company.

Alignment