Virtual Private Networks Ba 378 Winter 2006
What is a VPN? A VPN is a private network linked to a public network, using the internet as its transfer mechanism. It also attempts to maintain security during transfer of information The most common configuration is to have a single main internal network with remote nodes using VPN to gain full access to the central net. The remote nodes are commonly remote offices or employees working from home. You can also link two small (or large) networks to form an even larger single network.
VPNs as islands VPNs work like islands The ocean can be seen as the internet To get to each island a bridge must be built, even though it may be costly at first hand. It is beneficial in the end. (Leased Lines) Submarines are given to each person who attain a leased line. Each remote member can communicate in a safe and reliable manner.
TYPES OF VPN’S Remote Access VPN Site to Site VPN - Intranet VPN - Extranet VPN 2 Common Types
Remote Access VPN “Virtual Private dial-up network” User to LAN connection Enables employees to connect to private network from remote locations What is it?
Remote Access VPN Company out sources to an enterprise service provider (ESP) ESP sets up a network access server (NAS) Telecommuters receive desktop client software for computer Employees dial toll free number on computer to connect to NAS and use client software to tap into company network How does it work?
Site to Site VPN Intranet-based - One or more remote locations connect to a single private network -Connects LAN to LAN Extranet-based -Close relationship with another company -Connects LAN to LAN -Various companies can work in shared environment What is it and How does it work?
3 VPN TYPES
VPN Security With VPN now expanding not only through businesses but through out the globe and connecting several businesses together through LANs, WANs, and Wireless networks, security is more important than ever
Integrated Security Systems An integrated system provides greater risk reduction than any individual product or combination security devices, regardless of features or performance. Using the network to provide a common security architecture: reduces complexity enables tighter integration closes risk gaps provides greater visibility of end-to-end security
Well designed VPNs incorporate the following characteristics: Integrated: Every element of the network acts as a point of defense including software and hardware Collaborative: Various network components work together to provide a means of protection. Security involves cooperation between endpoints, network elements, and policy enforcement Adaptive: The system can recognize new threats as the arrive. Mutual awareness can exist among and between security services and network intelligence, thus increasing security effectiveness to new threats.
VPN Security Methods A well designed VPN uses several methods for keeping the connection and data secure, these are some of them: Firewalls Encryption IPSec AAA Servers
Firewall “A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.”
Firewall Firewalls are an important part of the security system because they will help stop hackers, viruses, spyware, and other harmful things that are associated with the internet from entering the company’s computer system.
Encryption “Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode.” Most computer systems use one of the following: Symmetric-key encryption Public-key encryption
Symmetric-key encryption Each computer has a secret key that it can use to encrypt information before it is sent over the network to another computer Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message.
Example “You create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet. So "A" becomes "C," and "B" becomes "D". You have already told a trusted friend that the code is "Shift by 2". Your friend gets the message and decodes it. Anyone else who sees the message will see only nonsense.”
Public-key encryption This encryption uses a combination of a private key and a public key The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key
Public-key encryption The most popular public-key encryption is called Pretty Good Privacy (PGP) This program lets you encrypt just about anything. ie , hard drives, media, etc. For more information PGPPGP
IPSec IPSec stands for Internet Protocol Security Protocol It provides enhanced security features such as better encryption algorithms and more comprehensive authentication There are two types of encryption: tunneling and transport
Tunneling and transporting Tunneling encryption encrypts each packet that is sent Transport encryption encrypts the entire package as a whole that is sent
Photo courtesy Cisco Systems, Inc. A remote-access VPN utilizing IPSec Overview of a VPN and its security points
AAA Servers AAA stands for authentication, authorization and accounting These servers are used for a more secure access for remote-access VPN environments
AAA Servers When a AAA server gets a request to establish a session, it asks the following questions: Who you are (authentication)? What you are allowed to do (authorization)? What you actually do (accounting)?
Who uses VPNs? Companies and organizations –Employees work at home or traveling Retail sector –Usually have multiple sites Universities –Allow students and faculty to access information off site
Providers of VPNs Company can build own –Purchase software –Use of a router Can outsource –Mostly internet service providers (ISPs) and interexchange carriers (IXCs) –Less managing and logistics involved 2Fvpn.htm
How much does VPNs cost? Prices vary by each provider Additional options available such as network management, user authentication, firewalls, encryption Savings – Infonetics reports $1,000 average savings per remote worker per year –Cisco’s study states savings of $600 to $1,800 per remote worker per year.
Pros and Cons of VPNs Price Vs. Added-Value Added-Value –Efficiency –Security –Geographic Distance –Satisfaction Poor Maintenance
Components of a good VPN A Good VPN Should… Security It must offer security to the users while accessing their data. Maintenance It should be updated and maintained within the means of the company. Efficiency The VPN needs to add to the productivity and quality of the company. Reliability It should be a network that can be counted-on. Price The benefits must outweigh the costs of the VPN. Breadth It should span far enough to meet the needs of the company. Alignment The VPN must enhance and compliment the goals of the company.