Download 4. Virtual Private Networks ( VPN )

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
Document related concepts

Peering wikipedia , lookup

AppleTalk wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Lag wikipedia , lookup

Computer security wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Net neutrality law wikipedia , lookup

Internet protocol suite wikipedia , lookup

Deep packet inspection wikipedia , lookup

Net bias wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Network tap wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Computer network wikipedia , lookup

Airborne Networking wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
VPN
___________________________________________________
Virtual Private Networks
Raghavendra KN Rao
Introduction
In today's insecure world, there comes a need to
gain ability to transfer information in a network that
won't be seen, or intercepted by unauthorized
people. The traditional way was to use a point to
point lines where the lines were just for you and the
people you need to pass covert information to.
However, these lines were very expensive, and
inflexible. What they needed was to the ability to
communicate safely through a public network. Thus
came the
Virtual Private Network ( VPN )
What is VPN ? ( Definition )
A VPN (virtual private network) is a private data network that
uses public telecommunicating infrastructure (Internet),
maintaining privacy using encryption and, tunneling protocol
and security procedures to connect users securely.
“virtual” implies that there is no physical connection between the two
networks; Instead connections routed through the Internet
“private” implies that the transmitted data is kept confidential (encryption
and secured tunneling)
“network” implies communication medium using private, public,
wired, wireless, Internet or any resource available
Why VPN ?
•
•
•
•
Low-cost
Secured and reliable communication
Dynamic access to private networks
Such access would otherwise only be possible
 Using expensive leased dedicated lines provided
by telephone companies point to point dedicated
digital circuit
 Dialing into the local area network (LAN)
How VPN works ? ( Example )
Typical VPN Network
When I' am sending a mail from my home computer to office computer thru VPN network ;
VPN enabled Firewall / Router will encapsulate / encrypt the mail
Home Comp
Firewall / Router / Gateway
VPN Firewall / Router
VPN Firewall / Router
Mail will go thru Public network ( Internet ) encrypted
Firewall / Router / Gateway
VPN enabled Firewall / Router will decrypt the mail and pass it
Office Computer
Types Of VPNs
Remote Access
This type of VPN is a user-to-LAN connection via a public or shared network. Many large
companies have employees that have a need to connect to the corporate LAN from the
field. These field agents will access the corporate LAN by using their remote computers
and laptops. Their systems use special client-loaded software that enables a secure link
between themselves and the corporate LAN.
Internet
Corporate HQ
User from Home
Continued….
Site-to-site
A Site-to-site VPN connects fixed sites to a corporate LAN, thus extending
it over a public or shared network.
There are two types of Site-to-site VPNs:
Intranet-based - This type of Site-to-site VPN is used to extend a company's existing
LAN to other buildings and sites, so that these remote employees can utilize the same
Extranet-based- With an Extranet-based VPN two or more companies can establish a
network services.
secure network connection in order to enjoy a shared computing environment. A good
example would be companies that work closely with suppliers and partners to achieve
common goals such as supply and demand relationships. Such as, when one company
has a demand for supplies and the supplier fulfills the demand based upon the
company's needs. Working across an Extranet, these two companies can share
information much faster.
Remote Access Network
A remote access VPN is for home or traveling users who need to access their corporate
network from a remote location. They dial their ISP and connect over the Internet to
company’s internal WAN. This is made possible by installing client software program on
the remote user’s laptop or PC that deals with the encryption and decryption of the VPN
traffic between itself and the VPN gateway on the central LAN.
Site- to- Site Connection Network
A Fixed VPN is normally used between two or more sites allowing a central LAN to be
accessed by remote LANs over the Internet of private communication lines using VPN
Gateways. VPN Gateways (Normally a VPN- enabled router) are placed at each remote site
and at the central site to allow all encryption and decryption and tunneling to be carried
out transparently.
Design Goals and Features of VPN
Security - Tunneling support between sites with at least 128 bit encryptions of the
data.
Authentication - Ensures the identity of all communicating parties
Confidentiality – Protects Privacy
• Password Authentication
• Digital
- is a file that binds an identity to the associated
PrivateCertificates
key cryptography
public
binding is validated by a trusted third party, the
• Publickey.
key This
cryptography
certification authority (CA)
Integrity - Ensures that the information being transmitted over the Internet is not
Scalabilitybeing
- Extraaltered
users and bandwidth can be added easily to adapt new
requirements.
• One-way hash functions
Services• Message Authentication codes (encryption of hash)
• Digital Signatures (Hash functions + Private Key)
• QoS (Quality of Services)
• Reports on user activity, management of user policies and monitoring of
VPN.
VPN Tunneling
Tunneling is a way of forwarding multiprotocol packets from a remote user to a
corporate network or a third-party Internet Service Provider (ISP) using an ISP
that supports Virtual Private Networking (VPN).
Voluntary Tunneling:
The VPN Client manages connection setup. The client first makes a connection to the
carrier network provider (ISP) and then, the VPN Client application creates the tunnel to a
VPN server over this live connection.
Compulsory Tunneling:
1. The carrier network provider manages VPN connection setup. When the client first
makes an ordinary connection to the carrier, the carrier immediately brokers a VPN
connection between the client and a VPN server. From the client point of view, VPN
connections are setup in just one step compared to the two- step procedure for voluntary
tunnels
2. Compulsory VPN tunneling authenticates clients and associates them with specific
VPN server using logic built into the broker device. It also hides the details of VPN server
connectivity from VPN client.
VPN Protocols
Layer 2 - Data Link Layer:
PPTP - Point-to-Point Tunneling Protocol
L2F - Layer 2 Forwarding Protocol
L2TP - Layer 2 Tunneling Protocol
CHAP - Challenged Handshake Authentication Protocol
PAP - Password Authentication Protocol
MS-CHAP - Microsoft Challenged Handshake Authentication Protocol
Layer 3 – Network Layer (IP):
IPSec - Internet Protocol Security
Transport Layer (TCP/UDP):
SOCKS V5 - Sock-et-S version 5
SSL -Secure Socket Layer
Dell Wireless Routers Specific
Does the Dell TrueMobile 2300 support Virtual Private Networking (VPN)?
Yes, the Dell TrueMobile 2300 supports PPTP, IPSec, L2TP VPN pass-through.
http://training.us.dell.com/training/new_products/Peripherals_Portables/network/ziggy/UG/English/help/index.htm
Does the Dell TrueMobile 1184 support Virtual Private Networking (VPN)?
Yes, the Dell TrueMobile 1184 supports PPTP, IPSec, L2TP VPN pass-through.
http://training.us.dell.com/training/new_products/Peripherals_Portables/network/ozzy/usergde/enu/help/index.htm
IPSec – Internet Protocol Security
Network Layer Protocol – Layer 3 Solution
A set of authentication and encryption – the only protocol with
Standard of IFTF (Internet Engineering task Force)
Data confidentiality, integrity, authentication and key management, in
addition to tunneling
Typically works on the edges of a security domain.
Supports Ipv4 and IPv6
Encapsulates each packet by wrapping another packet around it
and then encrypts the entire packet. This encrypted stream of
traffic forms a secure tunnel across an otherwise unsecured
network.
Majority VPN vendors are implementing IPSec in their solutions
PPTP – Point- to- Point Tunneling Protocol
PPTP is a tunneling protocol provided by Microsoft, which provides remote
users, encrypted, multi protocol access to a corporate network over the Internet.
It encapsulates PPP frames in IP data grams (IP, IPX and NetBEUI are
encapsulated)
PPTP is built in to NT 4.0 and the client is free for the older versions such as
Windows 95.
Microsoft’s implementation of PPTP has been found to have several problems
that make it vulnerable to attacks, and it also lakes the scalability in that it only
supports 255 concurrent connections per server.
Require an IP Network between PPTP Client and PPTP Server ( either LAN or
dial- up)
PPTP can support only one tunnel at a time for each user.
Uses TCP Port 1723
L2TP – Layer 2 Tunneling Protocol
PPTP’s successor L2TP (a hybrid of Microsoft’s PPTP and Cisco Systems’
Layer 2 Forwarding - L2F protocol) can support multiple, simultaneous tunnels
for each user. It encapsulates PPP frames in IP data grams
Extends from the remote host to all the way back to corporate gateway. In
effect, the remote host appears to be on the same subnet as the corporate
gateway
It Uses UDP and supports any routed protocol, including IP, IPX and
AppleTalk, including frame relay, ATM, X. 25
Because of L2TP’s use of PPTP, it is included as part of the remote access
features of most Windows Products
It does not provide cryptographically key security features
It can support IPSec for data encryption and integrity
Compulsory tunneling Model
UDP Port 1701
VPN Advantages
Authenticate all packets of data received, ensuring that they are from a trusted
source and encryption ensures the data remains confidential
Most VPNs connect over the Internet so call costs are minimal, even if the
remote user is a great distance from the central LAN.
A reduction in the overall telecommunication infrastructure – as the ISP
Provides the bulk of the network.
Reduced cost of management, maintenance of equipment and technical
support. Simplifies network topology by eliminating modem pools and a private
network infrastructure.
VPN functionality is already present in some IT equipments.
VPNs are easily extended by increasing the available bandwidth
and by licensing extra client software.
VPN Disadvantages
If the ISP or Internet connection is down, so it’s VPN.
The central site must have a permanent Internet connection so that the remote clients
and other sites can connect at anytime.
May provide less bandwidth than a dedicated line solution.
Different VPN manufacturers may comply with different standards.
All traffic over the VPN is encrypted, regardless of need. This can be potentially cause
bottleneck since encrypting and decrypting causes network overhead.
Provides no internal protection on the corporate network. – The VPN endpoint is
typically at the edge of the network.
Once employees are on the internal corporate network, data is no
longer encrypted. (SSH provides point-to-point secure communication.)
Most VPN technologies today do not address performance and availability issues as
important as they are.
Why? Because the majority of VPN solutions exist on client
machines and gateway servers at the extreme ends of the
communication path. They simply cannot consistently affect the
performance of the network components in the middle. Unfortunately,
this middle is exactly the Internet.
Troubleshooting Dell Wireless Routers
- VPN Connections
1. Remember, Dell Wireless routers only supports PPTP, IPSec, L2TP VPN pass-through
2. Make sure the VPN connection is not using any Static IP on the VPN Client
3. If your computer is running a software firewall (such as Norton Firewall, ZoneAlarm, or
Windows XP Firewall) the VPN Client may not be able to initiate a tunnel. Disable the
software firewall and try again.
4. Even the connection depends on the VPN Client Application; In general, most VPN
applications will automatically function properly through the router. In some cases, you
may need to specifically open ports in the router through the Port Forwarding section.
If connection is using IP Sec, need to open port 500.
If connection is using PPTP, need to open port 1723.
If connection is using L2TP, need to open port 1701.
5. If VPN client application is like SafeNet, Checkpoint, Cisco, SecureRemote, AT&T Client
VPN etc. Try reinstalling the software or need to open specific ports depending on
application.
Continue for the Port Forwarding screens…..
Port Forwarding screens…..
TM 2300
Goto Router page by 192.168.2.1 – Click
tab – Click
tab
Click ADD button under Custom Port Forwarding Settings – Opens the Ports and SUBMIT
Continue….
Port Forwarding screens…..
TM 1184
Goto Router page by 192.168.2.1 – Click
tab – Click
Under Custom Port Forwarding – Put the Port information and SUBMIT
tab
The END
Related documents
Mullvad Barnprogram
Mullvad Barnprogram
BUS 352 Week 4 Discussion 2 (Security components)
BUS 352 Week 4 Discussion 2 (Security components)
Virtual Private Network(VPN)
Virtual Private Network(VPN)
Networking in Linux
Networking in Linux
What is a VPN? A VPN (Virtual Private Network) is a private
What is a VPN? A VPN (Virtual Private Network) is a private
XP Road Warrior Connection
XP Road Warrior Connection
Mikrotik VPN Technology
Mikrotik VPN Technology
What is a VPN
What is a VPN
level 3sm secure access - Level 3 Communications
level 3sm secure access - Level 3 Communications