Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Networks

Published byDebra Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "Virtual Private Networks"— Presentation transcript:

1 Virtual Private Networks
Alberto Pace

2 What is a VPN ? A technology that allows to send confidential data securely over the internet

3 What is a VPN ? The remote computer can connect to the internet using an arbitrary Internet Service Provider (ISP) and have an IP Address in the intranet. The computer can act as if it was on the intranet

4 Point-to-Point Tunneling Protocol
You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP). Developed as an extension of the Point-to-Point Protocol (PPP), PPTP tunnels or encapsulates, IP, IPX, or NetBEUI protocols inside of PPP datagrams PPTP does not require a dial-up connection. It does, however, require IP connectivity between your computer and the server My understanding is that it uses Microsoft Point-to-Point Encryption (MPPE)

5 Layer Two Tunneling Protocol
L2TP is an industry-standard Internet tunneling protocol with roughly the same functionality as the Point-to-Point Tunneling Protocol (PPTP). Like PPTP, L2TP encapsulates Point-to-Point Protocol (PPP) frames, which in turn encapsulate IP, IPX, or NetBEUI protocols With L2TP, the computer performs all security checks and validations, and enables data encryption, which makes it much safer to send information over nonsecure networks by using the new Internet Protocol security (IPSec) In this case data transfer through a L2TP-enabled VPN is as secure as within a single LAN at a corporate site

6 Internet Protocol security (IPSec)
IPSec provides machine-level authentication, as well as data encryption. IPSec negotiates between your computer and its remote tunnel server before an L2TP connection is established, which secures both passwords and data

7 Authentication Methods
Challenge Handshake Authentication Protocol (CHAP) Uses Message Digest 5 (MD5) / challenge-response MS-CHAP Same as Chap + functionality to which LAN-based users are accustomed MS-CHAP is consistent with standard CHAP (superset of functionalities) You must at least use MS-CHAP to use MPPE (encryption) MS-CHAP v2 both the client and the server prove their identities. Not only the client. V2 ensures that you can configure a your connection can be configured to connect to the expected server Extensible Authentication Protocol (EAP) Allows to use other security devices. EAP provides a standard mechanism for support of additional authentication methods within PPP including token cards, one-time passwords, public key authentication using smart cards, certificates, and others

8 Types of VPNs Router-to-Router

9 Types of VPNs Remote Access VPNs

10 Tests at CERN PCAP7 (computer in my office)

11 From the client The machine we have in on the intranet only. We have to simulate internet/intranet. The page considers intranet the address xxx

12 Connect to the VPN From “My Network Places” – Right-Click – “Properties” – “Create New Connection”

13 Try to connect

14 Conclusions so far If we open the pptp port on address , we have today a working solution with the following limitations Uses PPTP and Microsoft Point-to-Point Encryption Windows computer have all necessary software natively Windows Machines can be identified (as member of the domain or an ad-hoc domain) Security is strengthened by domain logon that can be tightened to anything you want This is the current “industry standard” Used world-wide, secure and proven technology Evolution towards L2TP and IPSec coming, but slowly (requires heavy infrastructure)

15 More conclusion so far Using this technology, we could open rapidly a VPN service for WINDOWS users Time to install and configure the VPN server ~ 8 hours Time to install a windows client that has already TCP/IP connectivity ~ 1 minute Support for Linux users could come for the “community” May be very expensive to formally support Linux clients Not a standard technology – to my knowledge, no companies have “roaming linux users” on the internet to the same extent that we have Deploying the IPsec infrastructure to support L2TP will require an administrative office to distribute, revoke and maintain computer certificates and user certificates. May not be possible within the current resources / May require several years Yet another computer Registration ? Yet another user Registration ? Should try to have LANDB and CCDB moving in this direction. Only if this happens the investment can be justified.

Download ppt "Virtual Private Networks"

Similar presentations

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.

4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Virtual Private Networks Globalizing LANs Timothy Hohman.

Virtual Private Networks Globalizing LANs Timothy Hohman.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Networks

Virtual Private Networks
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Similar presentations

Ads by Google