VPN Alex Carr
Overview Introduction 3 Main Purposes of a VPN Equipment Remote-Access VPN Site-to-Site VPN Extranet Based Intranet Based Differences VPN Components VPN Client VPN Concentrator VPN-Enabled Firewall VPN Protocols Questions
Introduction A virtual private network (VPN) extends a private network across a public network This is done by establishing a virtual point to point connection through the use of dedicated connections, encryption, or a combination of the two VPN technology is also used by ordinary Internet users to connect to proxy servers for the purpose of protecting one's identity
3 Main Purposes of a VPN 1. Security - the VPN should be able to protect the data that is being sent over an open network. If there is a potential hacker they should not be able to read the data that is retrieved
3 Main Purposes of a VPN 2. Reliability - Everyone should be able to access the network all the time unless it is only open during certain hours. The network should also work properly even when there is a large number of users
3 Main Purposes of a VPN 3. Scalability - The VPN should be able to expand when a business becomes larger without replacing any technology.
Equipment 1. Network Access Server - is responsible for setting up and maintaining each tunnel in a remote-access VPN. 2. AAA server - For each VPN connection, the AAA server confirms who you are, identifies what you're allowed to access over the connection and tracks what you do while you're logged in. 3. Firewall - maintaining that the information on the private network is secure
Remote-access VPN Allows a user to have a secure connection with a remote computer network The two major components of a remote- access VPN are a network access server (NAS) and client software
Site-to-Site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the internet extends the company’s network, making their resources at their main location available to branch locations
Extranet-based . Extranet-based is when a company has a close relationship with another company, it can build an extranet VPN that connects those companies' LANs. This extranet VPN allows the companies to work together in a secure, shared network environment while preventing access to their separate intranets
Intranet Based Intranet-based is when a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect each separate LAN to a single WAN
Differences Even though the purpose of a site-to-site VPN is different from that of a remote- access VPN, it could use some of the same software and equipment Ideally, though, a site-to-site VPN should eliminate the need for each computer to run VPN client software as if it were on a remote-access VPN
VPN Components VPN components can run alongside other software on a shared server, but this is not typical, and could put the security and reliability of the VPN at risk. However as a business's VPN needs increase, so does its need for equipment that's optimized for the VPN.
VPN Client VPN Client is when software is running on a device that acts as the interface for multiple connections
VPN Concentrator VPN concentrator replaces an AAA server installed on a generic server. The hardware and software work together to establish VPN tunnels and handle large numbers of simultaneous connections
VPN-Enabled Firewall VPN-enabled Firewall is a conventional firewall protecting information being sent between networks
VPN Protocols 1. IPsec - is a standard-based security protocol and is widely used with IPv4 and the layer 2 tunneling protocol 2. Transport Layer Security (SSL/TLS) - can tunnel an entire network's traffic or secure an individual connection 3. Secure Shell VPN - offers VPN tunneling to secure remote connections to a network or to inter- network links 4. Microsoft Point-to-Point Encryption - works with the point-to-point protocol and in several compatible implementations on other platforms
Questions?