Virtual Private Networking Karlene R. Samuels COSC513.
Published byModified over 4 years ago
Presentation on theme: "Virtual Private Networking Karlene R. Samuels COSC513."— Presentation transcript:
Virtual Private Networking Karlene R. Samuels COSC513
What is a VPN A VPN provides end users with a way to privately access information on their corporate network (eg. an Intranet) over a public network infrastructure such as the Internet. The “virtual” in VPN is software used to create a special link between network devices. These systems use security devices to ensure that only authorized users access the network and that unintended recipients can’t intercept the data.
Why use a VPN Cost Savings Security Scalability Compatibility with Broadband Technology
Cost Lower line access charges compared to WATS or long-distance Reduced capital costs - ISP maintains dial- up infrastructure Reduced corporate hardware support costs
Security VPNs allow a corporation to ensure that all network traffic is private. If a VPN is set up between site A and site B, all traffic between those sites will be encrypted. VPNs uses several security methods to protect information. These methods must authenticate users attempting to access sensitive resources and ensure integrity of the data.
Security Methods Cryptography: PKI Secure protocols: SSL and TLS Tunneling protocols: PPTP and IPSec
Implementing a VPN Tunneling Encryption-Based VPNs Frame-Relay PVC Networking
Tunneling VPNs use tunneling technology, also known as encapsulation, which allows a network to send data via connections from another network such as the Internet. This allows geographically separated computers to connect. Tunnel is a way of packaging network communication packets inside another network. Tunneling works by enclosing a network protocol within packets carried by the second network, allowing one type of network, or protocol, to be wrapped in another type of network.
Encryption-Based VPNs Encryption-based VPNs create a VPN using the public Internet infrastructure. A corporation can connects to the Internet from a office location. Encryption-based VPNs are the easiest type of ISP-based private network to create. Each branch office connects to any ISP; user must have access to Internet. An encryption device (typically a router or firewall) is placed at each location. The encryption devices receive encrypted data from the other locations and perform the appropriate decryption.
Frame-Relay PVC Networking Frame-Relay PVC is technology available to homogeneous frame-relay networks The ISP must be able to implement the frame relay networking protocol across its entire network A VPN can be implemented using this technology Each PVC acts logically as a private circuit and carries data for one customer. Frame-relay offers high security because sensitive corporate data is not transmitted to public Internet
Challenges to Implementation Selecting a VPN protocol (PPTP, IPSec, L2TP) Departmental Budgets Selecting an Authentication Scheme Support Staff and End-User Training End-user Resistance to Change
Summary Cost-effective way to extend the enterprise network Selection of encryption/authentication methods is critical ISP maintains the dial-up infrastructure Performance may be slower than current modem access due to encryption overhead User resistance to change is a major factor