Virtual Private Network (VPN)

outline What is a VPN? Types of VPN Why use VPNs? Disadvantage of VPN Types of VPN protocols Encryption

What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and encryption to protect data integrity and confidentiality VPN Internet A Virtual Private Network is a private connection over an open network. This could mean encrypting traffic as it passes over a frame relay circuit, but the term is most commonly used to describe a method of sending information privately between two points across the Internet or other IP-based network. It enables organizations to quickly set up confidential communications to branch sites, remote workers, or to business partners in a cost effective way. To accomplish this, a VPN needs to have a standard way of encrypting data and ensuring the the identities of all parties. There are four basic types of deployment that VPNs are use for: Remote Access, Site-to-Site, Extranet, and Client/Server. We’ll look at each in more detail. VPN

Types of VPNs Remote Access VPN Provides access to internal corporate network over the Internet. Reduces long distance, modem bank, and technical support costs. Corporate Site Internet

Types of VPNs Site-to-Site VPN Connects multiple offices over Internet Corporate Site Remote Access VPN Site-to-Site VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines Internet Branch Office

Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs Corporate Site Internet Partner #2 Partner #1

LAN clients with sensitive data Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Intranet VPN: Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections. Database Server LAN clients Internet LAN clients with sensitive data

Why Use Virtual Private Networks? More flexibility Use multiple connection types (cable, DSL, T1, T3) Secure and low-cost way to link Ubiquitous ISP services Easier E-commerce As VPNs become more common, the question is, “Why move from these other technologies?” There are three main reasons: Flexibility, Scalability, and Cost. The first benefit we’ll look at is the flexibility offered by VPNs. Because they use the existing connections to the Internet, rather than specialized connections between points or phone lines, they provide organizations with geographical flexibility. Major ISPs have points of presence in most large metropolitan areas, and can support connections for branch offices. Also, because

Why Use Virtual Private Networks? More flexibility More scalability Add new sites, users quickly Scale bandwidth to meet demand

Why Use Virtual Private Networks? More flexibility More scalability Lower costs Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical training and support

VPN Return on Investment Case History – Professional Services Company 5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88% Check Point VPN Solution Non-VPN Solution Savings with Startup Costs (Hardware and Software) $51,965 Existing; sunk costs = $0 Site-to-Site Annual Cost $30,485 $71,664 Frame relay $41,180 /yr RAS $48,000 $604,800 Dial-in costs $556,800 /yr Combined $78,485 $676,464 $597,980 /yr ROI Calculations: Configurations used to calculate the ROI are described below, and are conservative: they are biased towards the frame relay solution. ROI and pricing are based on Q2 promotional bundled pricing for the End-to-End Security Package. Site-to-site: VPN-1 solution has 5 sites have DSL-to-Internet connections, with a T1 Internet connection at HQ. Traditional solution has 5 sites connected to HQ with 64K CIR / 128 port speed connections, with a T1 Internet connection at HQ. The traditional configuration provides for a conservative comparison as it does not provide for link redundancy. Remote Access: VPN-1 solution has 200 remote access users with unlimited access consumer dial-up @ $20/month. The Traditional solution has 200 remote access users who average 2 hours/per day, 56K/64K dial-up @ .10/minute Support: For VPN-1, pricing includes a Software Subscription but not Platinum, Gold or Silver Support. The traditional pricing does not include support. Scenario Validation is provided within a 2001 Datamonitor Report: Secure Remote Access Solutions: Profiting from the VPN opportunity. Site-to-site: Secure Intranets allow companies to link branch offices to their central IT resource…SMEs, however, would not be measuring VPNs against leased lines, which would not be economically viable. To the SME, VPN technology offers the first affordable and secure broadband, when coupled with DSL or cable access. Remote access: Remote access applications…connect home workers and traveling executives or sales staff with their central IT resource. The cost savings are particularly clear when comparing the cost of dialing in to a local ISP and making long-distance calls to a central office in another part of the country. Although remote access penetration rates are high…70% of remote users are traveling executives or members of the sales force. Currently, 60% of all remote access services are accessed by simple dial-up modems compared to only 3% by DSL. A great opportunity for remote access solution vendors will come when the number of home workers using remote access solutions increases…Currently, the simple 56k modem remains the most popular option by far, as it presents the cheapest alternative.

Disadvantages of VPN Lower bandwidth available compared to dial-in line Inconsistent remote access performance due to changes in Internet connectivity No entrance into the network if the Internet connection is broken

Point-to-Point Tunneling Protocol (PPTP) Layer 2 remote access VPN distributed with Windows product family Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 Protocols Uses proprietary authentication and encryption Limited user management and scalability Used MPPE encryption method Corporate Network Remote PPTP Client PPTP RAS Server Internet ISP Remote Access Switch

Layer 2 Tunneling Protocol (L2TP) Layer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Addition to Point-to-Point Protocol (PPP) Must be combined with IPSec for enterprise-level security Corporate Network Remote L2TP Client L2TP Server Internet ISP L2TP Concentrator

Internet Protocol Security (IPSec) Layer 3 protocol for remote access, intranet, and extranet VPNs Internet standard for VPNs Provides flexible encryption and message authentication/integrity

Encryption Used to convert data to a secret code for transmission over an trusted network Encrypted Text Clear Text Encryption Algorithm “The cow jumped over the moon” “4hsd4e3mjvd3sd a1d38esdf2w4d”

Symmetric Encryption Same key used to encrypt and decrypt message Faster than asymmetric encryption Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5 Shared Secret Key

Asymmetric Encryption Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or message integrity Examples include RSA, DSA, SHA-1, MD-5 Bob Alice Alice Public Key Encrypt Alice Private Key Decrypt

Industries That May Use a VPN Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely Retail: able to securely transfer sales data or customer info between stores & the headquarters Banking/Financial: enables account information to be transferred safely within departments & branches General Business: communication between remote employees can be securely exchanged

Some Businesses using a VPN CVS Pharmaceutical Corporation upgraded their frame relay network to an IP VPN Bacardi & Co. Implemented a 21-country, 44-location VPN

Questions

Thanks for your attention presented by : Iman Abooee Thanks for your attention Winter 85

Resource: www.vpnc.org/vpn-technologies.pdf www.adtran.com/ www.cisco.com/ipsec_wp.htm www.computerworld.com www.findvpn.com www. Shabake_mag.com