Presentation is loading. Please wait.

Presentation is loading. Please wait.

SCSC 455 Computer Security Virtual Private Network (VPN)

Published byAlberta Leonard Modified over 9 years ago

Similar presentations

Presentation on theme: "SCSC 455 Computer Security Virtual Private Network (VPN)"— Presentation transcript:

1 SCSC 455 Computer Security Virtual Private Network (VPN)

2 How to connect LANs There’re common demands of joining two or multiple LANs to facilitate corporate communications secure point-to-point communications The connection can only used by authenticated LANs / hosts One solution (traditional one) is to use private leased lines Problems: don’t scale well, cost is high, and the complexity of maintaining the leased lines Another solution – virtual private networks

3 VPNs Goal of VPNs Provide a cost-effective and secure way to connect businesses to one another and remote workers to office networks Functionalities of VPNs Encapsulate and encrypt data being transmitted Use authentication to ensure that only approved users can access the VPN Provide a means of secure point-to-point communications over the public Internet

4 Index VPN components and operations Types of VPNs VPN setups Tunneling protocols used with VPNs Enabling secure remote access connections within VPNs VPNs best practices

5 Components within VPNS VPNs consist of two different types of components Hardware devices two endpoints (terminators) Encryption, authentication, and encapsulation a (virtual) tunnel A series of connections between two endpoints than makes use of Internet-based hosts/servers Software that performs security-related activities

6

7

8

9 Essential Activities of VPNs Three essential activities of VPNs IP encapsulation Data payload encryption Encrypted authentication

10 IP Encapsulation VPN encapsulates actual data packets within packets that use source and destination addresses of VPN gateway The benefits of encapsulating IP packets Source and destination information of actual data packets are completely hidden source and destination IP addresses of actual data packets can be in private reserved blocks not usually routable over the Internet

11 Data Payload Encryption VPNs do NOT encrypt the header within packets, only the data payload that the packets carry. The encryption can be performed in one of two ways: Transport method  The host encrypts traffic when it’s generated Tunnel method  The traffic is encrypted and decrypted in transit, somewhere between the source host and destination.

12 Encrypted Authentication Authentication is essential Hosts in the network that receive VPN communication need to know that the host originating the communications is an approved user of the VPN Hosts are authenticated by exchanging long blocks of code - keys Types of keys that can be exchanged in an encrypted transaction:  Symmetric keys  Asymmetric keys

13 Index VPN components and operations Types of VPNs VPN setups Tunneling protocols used with VPNs Enabling secure remote access connections within VPNs VPNs best practices

14 Types of VPNs Two types of VPNs Site-to-site VPN  Links two or more networks Client-to-site VPN  Makes a network accessible to remote users who need dial-in access These two types VPNs are NOT mutually exclusive e.g., a large corporations’ network support both site-to-site VPN and client-to-site VPN

15 Advantage of Using Hardware Systems

16 Software VPN Systems Software VPN are generally less expensive than hardware systems Tend to scale better for fast-growing networks Examples F-Secure VPN+ Novell BorderManager VPN services Check Point FireWall-1

17 Index VPN components and operations Types of VPNs VPN setups Tunneling protocols used with VPNs Enabling secure remote access connections within VPNs VPNs best practices

18 Index VPN components and operations Types of VPNs VPN setups Tunneling protocols used with VPNs Enabling secure remote access connections within VPNs VPNs best practices

19 Tunneling Protocols Used with VPNs In the past, firewalls support VPNs used proprietary protocols Both endpoints must use the same brand of firewall Today the proprietary protocols are used less often. Most VPNs use standard tunneling protocols IPSec/IKE PPTP (Point-to-Point Tunneling Protocol) L2TP (Layer 2 Tunneling Protocol) PPP over SSL (Point-to-Point Protocol over Secure Sockets Layer) PPP over SSH (Point-to-Point Protocol over Secure Shell)

20 IPSec/IKE IPSec provides: Encryption of the data part of packets Authentication Encapsulation between two VPN hosts Two security methods (AH and ESP)  Authenticated header is used to authenticate packets  Encapsulating Security Payload encrypts the data portions of the packet IPSec is commonly combined with IKE as means of using public key cryptography to encrypt data IKE provides: Exchange of public keys Ability to determine which encryption protocols should be used to encrypt data that flows through VPN tunnel

21 Other tunneling protocols: PPTP PPTP is developed by Microsoft for granting VPN access to remote users over dial-up connections Uses Microsoft Point-to-Point Encryption (MPPE) to encrypt data Useful if support for older clients is needed Compatible with Network Address Translation (NAT) Replaced by L2TP

22 Other tunneling protocols: L2TP L2TP is an extension of Point-to-point Protocol (PPP) that enables dial-up users to establish a VPN connection to a remote access server Uses IPSec rather than MPPE to encrypt data provides a higher level of encryption and authentication Incompatible with NAT

23 Other tunneling protocols: PPP Over SSL and PPP Over SSH PPP over SSL and PPP over SSH are two UNIX based methods for creating VPNs Both combine existing tunnel system (PPP) with a way of encrypting data in transport (SSL or SSH) SSL  Public key encryption system used to provide secure communications over the Web SSH  UNIX secure shell that perform secure authenticated logons and encrypted communications between a client and a server.

24 When to Use Different tunneling Protocols (important!)

Download ppt "SCSC 455 Computer Security Virtual Private Network (VPN)"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
11 Setting Up a Virtual Private Network

11 Setting Up a Virtual Private Network
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Remote Networking Architectures

Remote Networking Architectures
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.

Similar presentations

Ads by Google