Presentation is loading. Please wait.

Presentation is loading. Please wait.

The University of Oklahoma Virtual Private Network How it works.

Published byArleen Dorsey Modified over 8 years ago

Similar presentations

Presentation on theme: "The University of Oklahoma Virtual Private Network How it works."— Presentation transcript:

1 The University of Oklahoma Virtual Private Network How it works

2 What is VPN? VPN stands for “Virtual Private Networking” It enables users to connect remotely to a network securely using the internet. VPN uses the concept of “tunneling” to achieve this connection into a network. There are troubleshooting hints located in the Notes section, so be sure to read the notes. Some of this information will be reviewed on the VPN quiz.

3 Tunneling Most VPN’s rely on tunneling to create a private network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network. The protocol of the outer layer is understood by the network and both points, called tunnel interfaces, where the packet enters and exits the network. Tunneling requires three different protocols: – Carrier protocol - The protocol used by the network that the information is traveling over – Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data – Passenger protocol - The original data (IPX, NetBeui, IP) being carried Tunneling has amazing implications for VPNs. For example, you can place a packet that uses a protocol not supported on the Internet (such as NetBeui) inside an IP packet and send it safely over the Internet. Or you could put a packet that uses a private (non-routable) IP address inside a packet that uses a globally unique IP address to extend a private network over the Internet. This material taken from www.howstuffworks.com

4 OU VPN Service Network Diagram

5 OU VPN Client The OU VPN Client is the software used to connect to the VPN Service at OU.

6 The Options Menu Clicking on the options button brings up the menu as shown. The Stateful Firewall (Always On) option can be either checked or not checked based on what kind of firewall the computer is behind (if the machine is behind a firewall)

7 Stateful Firewall (Always On) A normal Firewall is "stateless" because it has no memory of context for connection states. Each connection through it is a new connection. Now a "stateful" firewall remembers the context of connections and continuously updates this state information in dynamic connection tables. This can be a very good thing because a hacker trying to gain access through a firewall has less chance of forging entry as part of a valid series of connections because the context shows that the additional connection does not make sense in the context of the legitimate user.

8 Stateful Firewall (cont’d) Basically if a file with malicious content were broken up into multiple packets in a way that did not make immediate sense to the firewall and these parts were sent in randomly, a STATELESS Firewall would allow it through, and the machine to which this content is delivered, will reassemble these packets and possibly do a lot of damage to its own data. In the case of a STATEFUL Firewall, the firewall would keep the context or overall picture in view while letting packets through. Therefore, it would check the packets in the context in which it is being sent. If the firewall then “makes sense” of the overall file being malicious, it would block the file.

9 The Properties Option The ‘Properties’ option is under the ‘Options’ menu. A user can administer the connection properties for the connection chosen in the ‘Connection Entry’ dropdown menu. Ex. Cox to OU-Norman Campus.

10 The General Tab

11 Transparent Tunneling Transparent tunneling is simply a method of tunneling used that allows the VPN client to pass IPsec through both firewalls and the network address translation methods discussed later.

12 IPSec IPSec - Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication. IPSec has two encryption modes: tunnel and transport. – Tunnel encrypts the header and the payload of each packet. – Transport only encrypts the payload. – IPSec can encrypt data between various devices, such as: Router to router Firewall to router PC to router PC to server This material taken from www.howstuffworks.com

13 NAT Short for Network Address Translation, an Internet standard that enables a Local Area Network (LAN) to use one set of IP Addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations. NAT serves three main purposes: – Provides type of firewall by hiding internal IP addresses. – Enables a company to use more internal IP addresses. Since they're used internally only, there's no possibility of conflict with IP addresses used by other companies and organizations. – Allows a company to combine multiple ISDN connections into a single Internet connection.

14 PAT PAT - Short for port address translation. It is a type of network address translation. During PAT, each computer on LAN is translated to the same IP address, but with a different port number assignment. PAT is also referred to as overloading, port mapping, port-level multiplexed NAT or single address NAT.

15 UDP UDP stands for “User Datagram Protocol” UDP - A connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network. A machine sends out information without confirming whether the recipient successfully received the message or not.

16 TCP Transmission Control Protocol Abbreviation of Transmission Control Protocol, and TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. A machine sends out data and continues to send the same data till it receives a confirmation that the recipient has received the data successfully. OU VPN uses port TCP 10000 only.

17 Allow local LAN access Lets you connect to the computers that are physically connected to the same network. Ex. All computers connected up to the same Hub/Router.

18 Authentication Tab Group Access Information usernames and passwords can be entered here.

19 Group Access Information All users currently connecting to OU-VPN are under the ‘users’ group. Hence the username for the group is ‘users’. The password for this group is ‘ou-vpn’. This information is normally saved in the ‘Cox to OU-Norman’ connection profile and should be there unless deleted.

20 Connections Tab This Tab enables you to use a dial-up connection to use VPN. Enabling ‘Connect to the Internet via dial-up’ will first dial in to your non-OU ISP and then attempt to connect to VPN.

21 Useful Websites http://computer.howstuffworks.com/vpn.htm http://www.cisco.com/

Download ppt "The University of Oklahoma Virtual Private Network How it works."

Similar presentations

CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap 16-20 Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
TCP/IP Protocol Suite 1 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference between.

TCP/IP Protocol Suite 1 Upon completion you will be able to: Virtual Private Networks and Network Address Translation Understand the difference between.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)
VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Network Security Philadelphia UniversitylAhmad Al-Ghoul 2010-20111 Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Networks (VPN’s)

Virtual Private Networks (VPN’s)
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.

Similar presentations

Ads by Google