Presentation on theme: "Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014."— Presentation transcript:
Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014
Definitions of Virtual Private Network (VPN) Three types of VPN Intranet VPNs Remote access VPNs Extranet VPNs Advantages and Disadvantages of VPNs Outline
Virtual Private Network (VPN) A network that uses the Internet or other network service as its Wide Area Network (WAN) backbone. Dial-up connections to remote users and leased lines Frame Relay connections to remote sites Local connections to ISP or other service provider’s point of presence (POP) Some more common definitions IP tunnels between a remote user and a corporate firewall IP tunnels between an ISP and a corporate firewall IP tunnels between sites over the public Internet, or over a service provider’s IP network ISDN, Frame Relay or ATM connections between sites with ISDN B channels, PVCs or SVCs used to separate traffic from other users
Encapsulate a data packet within a normal IP packet for forwarding over an IP-based network. IPX, AppleTalk, etc. Encryption (privacy) Authentication (integrity) VPNs Based on IP Tunnels
VPNs Based on ISDN, Frame Relay or ATM public switched data network services and ISDN B channels, PVCs, or SVCs to separate traffic from other users. Single or multiple B channels, PVCs, or SVCs may be used between sites with additional features such as backup and bandwidth on demand.
VPN Types 1.Intranet VPNs (site-to-site or LAN-to-LAN VPNs) private networks extended across the Internet or other public network service in a secure way 2.Remote access VPNs (dial VPNs) individual dial-up users to connect to a central site across the Internet or other public network service in a secure way. 3.Extranet VPNs secure connections with business partners, suppliers and customers extension of intranet VPNs with the addition of firewalls to protect the internal network.
VPN Benefits long-distance connections are replaced with local connections to an ISP's point of presence (POP), or local connections to a service provider or carrier network. Reduced Costs: reduce the overall operational cost of WAN through reduced telecom costs. as the ISP or service provider manages the WAN equipment, allowing fewer networking staff to manage the security aspects of the VPN. more use is made of an existing dedicated Internet connection. Flexibility: For VPNs based on IP tunnels, particularly Internet-based VPNs, greater flexibility when deploying mobile computing, telecommuting and branch office networking considering corporation explosive growth
VPN Issues Security: shared-access, routed network, security is the main area of concern. use of encryption, secure key exchange/re-keying, session and per-packet authentication, security negotiation, private address space confidentiality, complex filtering, and a host of other precautions. Performance and Quality of Service (QoS): IP datagrams sent across the VPN carrier service may experience packet loss (silent discards) and packet reordering. Packet loss tends to be greatly increased by stateful algorithms designed for point-to-point reliable links, for example, PPP compression and encryption algorithms. Throughput may also vary from POP to POP, country to country, and even hour to hour. Reordering will cause problems for some LAN protocols, for example, when running bridging over a VPN.
References: http://www.networkcomputing.com/905/905colmoskowitz.html http://www.securecomputing.com/pdf/wp_vpn.pdf http://www.internetwk.com/VPN/paper2.htm http://msdn.microsoft.com/workshop/server/feature/vpnovw.asp Thanks for your attention