Presentation is loading. Please wait.

Presentation is loading. Please wait.

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?"— Presentation transcript:

1

2

3 In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?  It is hence vital for businesses with connections to the internet to ensure that their networks are secure. This is important to minimise the risk of intrusions both from insiders and outsiders. Although a network cannot be 100% safe, a secure network will keep everyone but the most determined hacker out of the network. A network with a good accounting and auditing system will ensure that all activities are logged thereby enabling malicious activity to be detected.  Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world  A basic understanding of computer networks is requisite in order to understand the principles of network security.  Information on the internet can be accessed from anywhere in the world in real time.While this is good for the spread of information, it has also allowed for the proliferation of ‘malicious information’. Hacker tools are now widely available on the internet. Some web sites even provides tutorials on how to hack into a system, giving details of the vulnerabilities of the different kinds of systems. Anyone with malicious intentions can search the internet for programs to break into a system which is not properly secured. HOME

4 Apa itu VPN?  A VPN is a private connection over an open network  A VPN includes authentication and encryption to protect data integrity and confidentiality VPN Internet Campus ITP1 Campus ITP2 HOME

5 VPN: Encapsulation HOME

6  Remote Access VPN Provides access to internal Campus network over the Internet Reduces long distance, modem bank, and technical support costs Internet Campus ITP1 Admin’s House

7  Remote Access VPN  Site-to-Site VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines Internet Branch Office Corporate Site HOME

8 -7-  Remote Access VPN  Site-to-Site VPN  Extranet VPN Provides business partners access to critical information (sales tools) Reduces transaction and operational costs Corporate Site Internet Partner #1 Partner #2 HOME

9  Remote Access VPN  Site-to-Site VPN  Extranet VPN  Client/Server VPN Protects sensitive internal communications Most attacks originate within an organization LAN clients Database Server LAN clients with sensitive data HOME

10  More flexibility Leverage ISP point of presence Use multiple connection types (cable, DSL, T1, T3) Easy to add/remove users Mobility Security HOME

11  More flexibility  More scalability Add new sites, users quickly Scale bandwidth to meet demand HOME

12  More flexibility  More scalability  Lower costs Reduced frame relay/leased line costs Cost Effective Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical support HOME

13  5 branch offices, 1 large corporate office, 200 remote access users.  Payback: 1.04 months. Annual Savings: 88% Check Point VPN-1 Solution Non-VPN Solution Savings with Check Point Startup Costs (Hardware and Software) $51,965 Existing; sunk costs = $0 Site-to-Site Annual Cost $30,485$71,664 Frame relay $41,180 /yr RAS Annual Cost $48,000$604,800 Dial-in costs $556,800 /yr Combined Annual Cost $78,485$676,464 $597,980 /yr Case History – Professional Services Company HOME

14  Encryption  Message authentication  Entity authentication  Key management HOME

15  Layer 2 remote access VPN distributed with Windows product family Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 Protocols  Uses proprietary authentication and ancryption  Limited user management and scalability  Known security vulnerabilities Internet Remote PPTP Client ISP Remote Access Switch PPTP RAS Server Corporate Network HOME

16  Layer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Does not include packet authentication, data integrity, or key management Must be combined with IPSec for enterprise-level security Internet Remote L2TP Client ISP L2TP Concentrator L2TP Server Corporate Network HOME

17  Layer 3 protocol for remote access, intranet, and extranet VPNs Internet standard for VPNs Provides flexible encryption and message authentication/integrity Includes key management HOME

18  Encryption  Message Authentication  Entity Authentication  Key Management  DES, 3DES, and more  HMAC-MD5, HMAC-SHA- 1, or others  Digital Certificates, Shared Secrets,Hybrid Mode IKE  Internet Key Exchange (IKE), Public Key Infrastructure (PKI) All managed by security associations (SAs) HOME

19 -18-  A mechanism for distributing keys either manually or automatically  Includes: Key generation Certification Distribution Revocation HOME

20 -19- VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service VPN Internet Firewall Internet VPN Firewall Internet VPN Firewall Internet HOME

21 VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service VPN Internet Firewall Internet VPN Firewall Internet VPN Firewall Internet Only integrated VPN/firewall solutions can deliver full access control and consistent security policy enforcement HOME

22  The Problem: Remote access VPN clients can be “hijacked”  Allows attackers into internal network  The Solution: Centrally managed personal firewall on VPN clients Internet Attacker Cable or xDSL HOME

23 Click on Start – select Network Connections HOME

24 In Network Connections on the left hand side there is a link to “Create New Connection” – click on this and a wizard will pop up assisting the user HOME

25 Select “Connect to the Network at my Workplace” HOME

26 Select “Virtual Private Network Connection” HOME

27 Make a name for this connection that you are establishing – to distinguish this connection from other VPN connections that might already be established HOME

28 For this demonstration we are trying to connect to my wireless router off campus therefore the IP address that we insert is the IP address for my router which we can find out by running an ipconfig and it is the IP address for your default gateway NOTE: Not all routers will allow users to VPN into it HOME

29 Personal preference as to whether or not you want other users to be able to use this VPN connection on this computer HOME

30

31

32

33 In Start – Run insert the IP address of the computer that you want to access that is connected to the router HOME

34 Using the same username and password already established for the router you can connect to this specific computer HOME

35 These are only the files that are “shared” on this computer HOME

36  Virtual Private Networks have become mission-critical applications  IPSec is the leading protocol for creating enterprise VPNs Provides encryption, authentication, and data integrity  Organizations should look for: Integrated firewalls and VPNs Centralized management of VPN client security A method to provide VPN QoS HOME

Download ppt "In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.

Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Virtual Private Networking Karlene R. Samuels COSC513.

Virtual Private Networking Karlene R. Samuels COSC513.
Internet Security Seminar Class CS591 Presentation Topic: VPN.

Internet Security Seminar Class CS591 Presentation Topic: VPN.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Networks (VPN’s)

Virtual Private Networks (VPN’s)
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.

Similar presentations

Ads by Google