VIRTUAL PRIVATE NETWORKS (VPN)

GROUP MEMBERS ERVAND AKOPYAN ORLANDO CANTON JR. JUAN DAVID OROZCO

AGENDA What is a VPN? VPN SOLUTION Advantages/Disadvantage Software VPN Client Hardware VPN Configuration VPN SETUP’s Security Type’s

What is VPN? Maintaining privacy through the use of a tunneling protocol and security procedures Provide remote access to an organization's network via the Internet Point-to-Point Tunneling Protocol, Layer 2 tunneling protocol and IP Security

VPN SOLUTION ADVANTAGE VPN lowers costs is by eliminating the need for expensive long-distance leased lines Data transfers are encrypted Cost is low to implement

VPN SOLUTION DISATVANTAGE OF VPN VPN Connection is slow Performance issues are a major, and legitimate, concern to the VPN user Bad Hardware and low speed connection on the user end

VPN CLIENT SOFTWARE

Questions to Ask To configure and use the VPN Client Hostname or IP address of the secure gateway to which you are connecting. Your IPSec Group Name (for preshared keys). Your IPSec Group Password (for preshared keys). If authenticating with a digital certificate, the name of the certificate. If authenticating through the secure gateway's internal server, your username and password. If authenticating through an NT Domain server, your username and password.

Installation screens

Software GUI

VPN ROUTER Hardware VPN Router

VPN HARDWARE Model: RV042 - Data Transfer Rate: 100 Mbps BASE TX - Fast Ethernet Ideal for use in small business environments Allows multiple computers in an office share an Internet connection. Price Range: $137 to $174 Linksys 10/100 4-Port VPN Router

VPN Information Data Transfer Rate: 54 Mbps GHz – 328 ft Indoor Range 1312 ft Outdoor Range A 4-Port Wireless Ethernet Broadband Router with VPN (Virtual Private Network) capability. Allows users to securely connect multiple computers over the Internet via IPSec, PPTP, or L2TP tunnels. Price Range: $104 to $180 D-Link AirPlus Xtreme G Wi-Fi Router

VPN Information Netgear ProSafe VPN Firewall 8 Port FVS114 Provides business class protection. Perfect for telecommuters and remote offices. 4 10/100 Mbps auto-sensing, Auto Uplink switched LAN ports and Network Address Translation (NAT) routing Up to 253 users can access your broadband connection at the same time.

VPN Information SSL-VPN 2000 Seamless Integration Behind Virtually Any Firewall The SSL-VPN 2000 integrates seamlessly into any network topology and can be easily deployed alongside almost any third-party firewall as a secure remote access solution. When deployed with a SonicWALL Internet security appliance running SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service, the SSL-VPN 2000 enhances network integration and security.

VPN Information Nortel VPN Security Gateway 3050 A remote access security solution that extends the reach of enterprise applications and resources to remote employees, partners, and customers. Offers a convenient alternative for securely provisioning resources for remote users without the need to install and manage client tunneling software on their PCs.

VPN for Large Businesses Cisco VPN 3000 Concentrator scalable encryption processing (SEP) modules, that enable users to easily increase capacity and throughput. The concentrators are offered in models suitable for everything from small businesses with up to 100 remote-access users to large organizations with up to 10,000 simultaneous remote users.

Configuring NetGear FSV318

VPN Hardware Configuration

ENCRYPTION Encryption Schemes Standard (DES) Standard (DES) – 20 Year Old complex symmetric algorithm less scecure then new ones Triple DES and 3DES- Triple DES and 3DES- use multiple passes of the original version to increase the key length, thus strengthening security Encapsulated Security Payload or Outer Cipher Block Chaining, can be used to further scramble the data, and maintain or verify its integrity

VPN SETUP

Site to Site Connection GRE (generic routing encapsulation) is normally the encapsulating protocol that provides the framework for how to package the passenger protocol for transport over the carrier protocol, which is typically IP-based.

Remote Access VPN

IPSEC IP Security- a set of protocols developed by the IETF to support secure exchange of packets at the IP layer. Encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet. For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.

Tunneling Tunneling requires three different protocols: Carrier protocol - The protocol used by the network that the information is traveling over Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data Passenger protocol - The original data (IPX, NetBeui, IP) being carried

PPP Tunneling L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any authentication scheme supported by PPP. PPTP (Point-to-Point Tunneling Protocol) - PPTP supports 40-bit and 128- bit encryption and will use any authentication scheme supported by PPP. L2TP (Layer 2 Tunneling Protocol) - L2TP Combining features of both PPTP and L2F, L2TP also fully supports IPSec. PPP (Point-to-Point Protocol)

References