©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential outline What is a VPN? What is a VPN?  Types of VPN  Why use VPNs?  Disadvantage of VPN  Types of VPN protocols  Encryption

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and encryption to protect data integrity and confidentiality A VPN includes authentication and encryption to protect data integrity and confidentiality VPN Internet

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Types of VPNs Remote Access VPN Remote Access VPN  Provides access to internal corporate network over the Internet.  Reduces long distance, modem bank, and technical support costs. Internet Corporate Site

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Types of VPNs Remote Access VPN Remote Access VPN Site-to-Site VPN Site-to-Site VPN  Connects multiple offices over Internet  Reduces dependencies on frame relay and leased lines Internet Branch Office Corporate Site

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Types of VPNs Remote Access VPN Remote Access VPN Site-to-Site VPN Site-to-Site VPN  Extranet VPN  Provides business partners access to critical information (leads, sales tools, etc)  Reduces transaction and operational costs Corporate Site Internet Partner #1 Partner #2

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Types of VPNs Remote Access VPN Remote Access VPN Site-to-Site VPN Site-to-Site VPN  Extranet VPN  Intranet VPN: Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections. Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections. Internet LAN clients Database Server LAN clients with sensitive data

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Why Use Virtual Private Networks? More flexibility More flexibility  Use multiple connection types (cable, DSL, T1, T3)  Secure and low-cost way to link  Ubiquitous ISP services  Easier E-commerce

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Why Use Virtual Private Networks? More flexibility More flexibility More scalability More scalability  Add new sites, users quickly  Scale bandwidth to meet demand

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Why Use Virtual Private Networks? More flexibility More flexibility More scalability More scalability Lower costs Lower costs  Reduced frame relay/leased line costs  Reduced long distance  Reduced equipment costs (modem banks,CSU/DSUs)  Reduced technical training and support

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential VPN Return on Investment 5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88% Check Point VPN Solution Non-VPN Solution Savings with Check Point Startup Costs (Hardware and Software) $51,965 Existing; sunk costs = $0 Site-to-Site Annual Cost $30,485$71,664 Frame relay $41,180 /yr RAS Annual Cost $48,000$604,800 Dial-in costs $556,800 /yr Combined Annual Cost $78,485$676,464 $597,980 /yr Case History – Professional Services Company

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Disadvantages of VPN Lower bandwidth available compared to dial-in line Lower bandwidth available compared to dial-in line Inconsistent remote access performance due to changes in Internet connectivity Inconsistent remote access performance due to changes in Internet connectivity No entrance into the network if the Internet connection is broken No entrance into the network if the Internet connection is broken

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Point-to-Point Tunneling Protocol (PPTP) Layer 2 remote access VPN distributed with Windows product family Layer 2 remote access VPN distributed with Windows product family  Addition to Point-to-Point Protocol (PPP)  Allows multiple Layer 3 Protocols Uses proprietary authentication and encryption (MPPE Uses proprietary authentication and encryption (MPPE ) Limited user management and scalability Limited user management and scalability  Used MPPE encryption method Internet Remote PPTP Client ISP Remote Access Switch PPTP RAS Server Corporate Network

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Layer 2 Tunneling Protocol (L2TP) Layer 2 remote access VPN protocol Layer 2 remote access VPN protocol  Combines and extends PPTP and L2F (Cisco supported protocol)  Weak authentication and encryption  Addition to Point-to-Point Protocol (PPP)  Must be combined with IPSec for enterprise-level security Internet Remote L2TP Client ISP L2TP Concentrator L2TP Server Corporate Network

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Internet Protocol Security (IPSec) Layer 3 protocol for remote access, intranet, and extranet VPNs Layer 3 protocol for remote access, intranet, and extranet VPNs  Internet standard for VPNs  Provides flexible encryption and message authentication/integrity

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Encryption Used to convert data to a secret code for transmission over an trusted network Used to convert data to a secret code for transmission over an trusted network Encryption Algorithm “The cow jumped over the moon” “4hsd4e3mjvd3sd a1d38esdf2w4d” Clear Text Encrypted Text

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Symmetric Encryption Same key used to encrypt and decrypt message Same key used to encrypt and decrypt message Faster than asymmetric encryption Faster than asymmetric encryption Used by IPSec to encrypt actual message data Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5 Examples: DES, 3DES, RC5 Shared Secret Key Data Encryption Standard Rivest Cipher

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Asymmetric Encryption Different keys used to encrypt and decrypt message (One public, one private) Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or message integrity Provides non-repudiation of message or message integrity Examples include RSA, DSA, SHA-1, MD-5 Examples include RSA, DSA, SHA-1, MD-5 Alice Public Key Encrypt Alice Private Key Decrypt BobAlice RivestRivest, Shamir and Adleman Digital Signature Algorithm Sha Hash Algorithm Message-Digest algorithm 5ShamirAdleman

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Industries That May Use a VPN  : enables the transferring of confidential patient information within the medical facilities & health care provider  Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider  : allow suppliers to view inventory & allow clients to purchase online safely  Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely  : able to securely transfer sales data or customer info between stores & the headquarters  Retail: able to securely transfer sales data or customer info between stores & the headquarters  : enables account information to be transferred safely within departments & branches  Banking/Financial: enables account information to be transferred safely within departments & branches  : communication between remote employees can be securely exchanged  General Business: communication between remote employees can be securely exchanged

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

Thanks for your attention

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential Resource: