1 Intel / Shiva VPN Solutions Stephen Wong System Engineer

2 Agenda VPN Concept VPN Benefit Shiva VPN Suite Case Study - Open University Conclusion VPN Concept VPN Benefit Shiva VPN Suite Case Study - Open University Conclusion

3 A VPN (Virtual Private Network) Is a Technology That Connects Individuals and Systems Securely Over the Internet. Internet ISPModemsISPModems VPNGatewayVPNGateway VPN GatewayVPN Corporate LAN Corporate LAN Remote LAN Remote LAN Headquarters Branch Office Traveling Employee or Telecommuter VPN Client VPN Client VPN Provides a New Option

4 Secure VPN Tunnel Internet ISPModemsISPModems CorporateModemsCorporateModems LAN Local Long Distance VPN Gateway VPN Gateway Telephone Network VPN Client VPN Client Router/FirewallRouter/Firewall Remote Access: Dial and VPN

5 San Francisco New York Dallas Chicago Fully Meshed Leased Line or Frame Relay Network San Francisco New York Dallas Chicago Internet Fully meshed VPN network LAN-to-LAN: Leased Line and VPN

6 VPN Benefits Save Money (Reduce NW Costs by 30-60%) –Eliminate long distance charges –Reduce private leased line charges Increase Business Speed and Flexibility –Internet can be accessed everywhere through many technologies –Internet capacity is available on demand Save Money (Reduce NW Costs by 30-60%) –Eliminate long distance charges –Reduce private leased line charges Increase Business Speed and Flexibility –Internet can be accessed everywhere through many technologies –Internet capacity is available on demand

7 VPN Technology Basic VPN Concepts –Tunneling –Encryption –Authentication Associated VPN Concepts –Routing –Firewalling –Load Balancing Basic VPN Concepts –Tunneling –Encryption –Authentication Associated VPN Concepts –Routing –Firewalling –Load Balancing

8 Definition Tunnels are a method of transmitting private data over public networks Tunnels employ a technique called “encapsulation” Secure Tunnels are tunnels that guarantee the privacy and integrity of the transmitted data and the authenticity of the parties communicating Standards Alternatives PPTP, L2F, L2TP (Layer 2, Remote Access Only, Not Secure) IPSec (Layer 3, Remote Access AND LAN-to-LAN, Strong Security) Tunneling Benefits hides network topology and application information connect “un-routed” networks across the Internet Definition Tunnels are a method of transmitting private data over public networks Tunnels employ a technique called “encapsulation” Secure Tunnels are tunnels that guarantee the privacy and integrity of the transmitted data and the authenticity of the parties communicating Standards Alternatives PPTP, L2F, L2TP (Layer 2, Remote Access Only, Not Secure) IPSec (Layer 3, Remote Access AND LAN-to-LAN, Strong Security) Tunneling Benefits hides network topology and application information connect “un-routed” networks across the Internet Internet Basics: Tunneling

9 Basics: Encryption Encryption Ensures the Privacy and Integrity of Transmitted Data Encryption Terms –DES - encryption standard (also known as 56-bit) –3DES bit encryption standard; most secure –Public and Private keys –IKE - Internet Key Exchange Level of Security Is Dependent On: –Strength of the underlying algorithm –Key length (512, 1024, or 2048-bit) –Frequency of key change Encryption Ensures the Privacy and Integrity of Transmitted Data Encryption Terms –DES - encryption standard (also known as 56-bit) –3DES bit encryption standard; most secure –Public and Private keys –IKE - Internet Key Exchange Level of Security Is Dependent On: –Strength of the underlying algorithm –Key length (512, 1024, or 2048-bit) –Frequency of key change

10 Basics: Authentication Authentication Guarantees the Identity and Authority of the VPN Participants Choices Include: –Technologies: passwords, challenge phrase, tokens with one- time passwords, and X.509 digital certificates –Products: NT Domains, NDS, RADIUS, SDI, Entrust, Shiva CA A VPN Solution Should Allow You to Choose the Authentication Method That Matches Your Needs Authentication Guarantees the Identity and Authority of the VPN Participants Choices Include: –Technologies: passwords, challenge phrase, tokens with one- time passwords, and X.509 digital certificates –Products: NT Domains, NDS, RADIUS, SDI, Entrust, Shiva CA A VPN Solution Should Allow You to Choose the Authentication Method That Matches Your Needs

11 Shiva’s VPN Suite

12 VPN Components LanRover VPN Gateway –Dedicated Hardware Platform –Dedicated Triple-DES acceleration hardware –Integrated ICSA-certified firewall & routing –Scalability (load balancing & redundancy) Shiva VPN Client for Windows 95, 98 and NT –Transparent to end user –Works with existing client and server applications Shiva Certificate Authority –Best security available Shiva VPN Manager –Centralized management of distributed gateways LanRover VPN Gateway –Dedicated Hardware Platform –Dedicated Triple-DES acceleration hardware –Integrated ICSA-certified firewall & routing –Scalability (load balancing & redundancy) Shiva VPN Client for Windows 95, 98 and NT –Transparent to end user –Works with existing client and server applications Shiva Certificate Authority –Best security available Shiva VPN Manager –Centralized management of distributed gateways

13 Shiva VPN Client Client Software for Windows 95, 98, and NT Platforms Establishes an Encrypted Tunnel From the Client to the LanRover VPN Gateway –Supports the same tunneling, encryption and authentication protocols as LanRover VPN Gateway Interoperates Transparently With Existing Business Applications Such As and Databases Supports Dial-up, Cable Modem, DSL and LAN Connections Supports Compression for Improved Performance Client Software for Windows 95, 98, and NT Platforms Establishes an Encrypted Tunnel From the Client to the LanRover VPN Gateway –Supports the same tunneling, encryption and authentication protocols as LanRover VPN Gateway Interoperates Transparently With Existing Business Applications Such As and Databases Supports Dial-up, Cable Modem, DSL and LAN Connections Supports Compression for Improved Performance

14 Case Studies - Open University (Intel / Shiva VPN Solution) Remote Access

15 ISSUES –Security for remote users (encryption, tunneling, authentication) –Sensitive information (Course material, etc) –Long distance charges for oversea students –Protect internal network with Firewall –Same username and password in different applications(e.g. RAS, VPN, Mail, etc) ISSUES –Security for remote users (encryption, tunneling, authentication) –Sensitive information (Course material, etc) –Long distance charges for oversea students –Protect internal network with Firewall –Same username and password in different applications(e.g. RAS, VPN, Mail, etc) Case Study - Open University

16 Case Study - Open University Open University: –An University base in Hong Kong SOLUTION –Shiva VPN Client provides access through VPN tunnels –Security with encryption, tunneling and digital certificates –No long distance charges –ICSA-Certified firewall in Shiva VPN Gateway –In process of replacing frame relay with office to office VPN across the Internet –Shiva Access Manager provide Integrated VPN and RAS solution and provide proxy services to UNIX, KEBEROS Open University: –An University base in Hong Kong SOLUTION –Shiva VPN Client provides access through VPN tunnels –Security with encryption, tunneling and digital certificates –No long distance charges –ICSA-Certified firewall in Shiva VPN Gateway –In process of replacing frame relay with office to office VPN across the Internet –Shiva Access Manager provide Integrated VPN and RAS solution and provide proxy services to UNIX, KEBEROS

17 Case Study: Education Internet Router Management Consultant dialing any local ISP Benefits: Extend the campus network to remote students Eliminate long distance toll charges Supplement direct- dial capacity Single Login for UNIX, RAS, VPN Open University Library System File Servers Shiva Access Manager Shiva VPN Client ISP POP LanRover VPN Gateway

18 Conclusion Save Money (Reduce NW Costs by 30-60%) Increase Business Speed and Flexibility Improve Security Use Existing Applications, Infrastructure and User Environments Build a secured, easy to use, scalable and standard base Business Network Increase your Business competitiveness thru Intel / Shiva VPN Save Money (Reduce NW Costs by 30-60%) Increase Business Speed and Flexibility Improve Security Use Existing Applications, Infrastructure and User Environments Build a secured, easy to use, scalable and standard base Business Network Increase your Business competitiveness thru Intel / Shiva VPN

19 Thank You