SlideShare uma empresa Scribd logo

Virtual Private Network

Transferir como DOCX, PDF
Richa Singh
Richa Singh

A virtual private network gives secure access to LAN resources over a shared network infrastructure such as the internet. It can be conceptualized as creating a tunnel from one location to another, with Encrypted data traveling through the tunnel before being decrypted at its destination.

Tecnologia
1 de 17
1 INTRODUCTION The wide spread migration towards the Internet Protocol creates a golden age for system integrators, network manager who are creating and implementing IP based Internetworking solution. Employees on business trips need to stay current with their electronic mail. Sales represents in the field must be able to access corporate databases. Branch offices must be part of the corporate network. Virtual private networks (VPNs) offer low-cost, secure, dynamic access to private networks. Such access would otherwise only be possible by using an expensive leased line solution or by dialing directly into the local area network (LAN). VPNs allow remote users to access private networks securely over the Internet. A remote user in one part of the UK can establish a secure network connection using a VPN to a school LAN in another part of the UK and only incur the call cost for the local Internet The Need for VPNs VPNs aim to give the remote corporate user the same level of access to corporate computing and data resources as the user would have if she were physically present at the corporate headquarters. By reducing the costs of transporting data traffic and by enabling network connections in locations where they would not be affordable, VPNs reduce the total cost of ownership of a corporate network.
2 CORPORATE NETWORK USING VPN Companies whose facilities are split between two or more location can connect into a single logical network through the use of VPN. Using the Internet as the communication backbone, and by authenticating and encrypting data transmissions through secure tunnels, a new level of integration for physically distinct networks can be created. This new technology dubbed as VPN, is an exciting new function that enables distant workgroups to communicate efficiently and securely across the Internet. Fig:1 corporate network of VPN
3 What is a VPN? A virtual private network gives secure access to LAN resources over a shared network infrastructure such as the internet. It can be conceptualized as creating a tunnel from one location to another, with Encrypted data traveling through the tunnel before being decrypted at its destination. Remote users can connect to their organization’s LAN or any other LAN. They can access resources such as email and documents as if they were connected to the LAN as normal. By using VPN technology it is possible to connect to a school LAN from anywhere in the world via the internet, and to access it securely and privately without incurring the large communication costs associated with other solutions. One user uses a 56 kilobits per second (Kbps) modem to dial their internet service provider (ISP) and connects to the central LAN with VPN software. A remote site uses ADSL (asymmetric digital subscriber line) to connect to its ISP and a VPN router (a hardware solution) to carry out the VPN connection Few changes are made to the PCs at the remote site and the VPN router carries out the encryption and decryption of data. As both connect to their usual ISP, they only incur their normal ISP call tariffs. Fig 2: two methods of connecting to a school's LAN using a VPN
4 In figure 2 two method connected that is one user uses a 56 kilobits per second modem to dial their internet service provider and connects to the central LAN with VPN software. Second is a remote site uses asymmetric digital subscriber line to connect to its ISP and VPN router to carry out the VPN connection. Few changes are made to the PCs at the VPN router carries out the encryption and decryption of data. As both connect to their usual ISP, they only incur their normal ISP call traffic Terms of VPN 1. Virtual: It means that the connection is dynamic. It can change and adapt to different circumstances using the internet's fault tolerant capabilities. When a connection is required it is established and maintained regardless of the network infrastructure between endpoints. When it is no longer required the connection is terminated, reducing costs and the amount of redundant infrastructure. 2. Private: It means that the transmitted data is always kept confidential and can only be accessed by authorized users. This is important because the internet's original protocols –TCP/IP (transmission control protocol/internet protocol) – were not designed to provide such levels of privacy. Therefore, privacy must be provided by other means such as additional VPN hardware or software. 3. Network: It is the entire infrastructure between the endpoints of users, sites or nodes that carries the data. It is created using the private, public, wired, wireless, internet or any other appropriate network resource available.
5 Types of VPN There are many variations of virtual private networks, with the majority based on two main models: Remote access :( Virtual private dial-up network (VPDN) or client-to-site) A remote access VPN is for home or travelling users who need to access their central LAN from a remote location. They dial their ISP and connect over the internet to the LAN. This is made possible by installing a client software program on the remote user’s laptop or PC that deals with the encryption and decryption of the VPN traffic between itself and the VPN gateway on the central LAN. Fixed: (Intranet and extranet or site-to-site) A fixed VPN is normally used between two or more sites allowing a central LAN to be accessed by remote LANs over the internet or private communication lines using VPN gateways. VPN gateways (normally a VPN-enabled router) are placed at each remote site and at the central site to allow all encryption and decryption and tunneling to be carried out transparently.
6 Intranets: They are carrying corporate traffic and creating the need for more meshed traffic patterns.
7 Extranets: They are an integral part of communications with your customers and partners. What does a VPN consist of ? As VPN topologies can vary greatly there is no standard for a definitive VPN. However, it is possible to specify what each main component of a VPN does: 1. VPN gateways: create the virtual tunnels that the data passes through, carrying out the encryption before transmission and decryption at the other end. Gateways can be software, or built into a firewall, or a server or router or a dedicated appliance. 2. Security servers: maintain the access control list (ACL) and other user-related information that the security gateway uses to determine which traffic has authorised access. 3. Keys: used for the encryption and decryption of data. Sites can choose to maintain their own database of digital certificates (keys) for users by setting up a certificate server, or they can use an external certificate authority. 4. Network: there must be an internet infrastructure at both ends to provide the actual transmission medium. Some of these components may be built into a single device or spread over many devices over several sites.
8 How does a VPN work? A remote access solution works by the remote user first establishing an internet connection to an ISP in the normal way. The user activates the VPN client software to create a tunnel over the internet and to connect to the central LAN’s VPN gateway. The VPN client software then passes its authorization to the VPN gateway. The VPN gateway checks that the user is authorised to connect and then ensures the encryption key from the remote client is valid. All VPN data is encrypted using the key before being transmitted over the internet using a tunneling protocol. It is decrypted at the other end by the VPN gateway, which has an identical set of keys to decrypt the data. Data sent from the central LAN to the remote user is encrypted by the VPN gateway before transmission and decrypted by the remote user’s VPN client software. Fig 2:remote access VPN solution A fixed solution works by first establishing a VPN gateway at each site. Each VPN gateway has the same key to encrypt/decrypt data and knows the IP addresses of the other sites, so they know where to transmit the data to, and where to expect secure VPN transmissions from. This flow of data is transparent to the users and requires little actual configuration on the PCs. Figure 3:a fixed VPN solution
9 The choice of ISP is very important when implementing a VPN solution as it can have a major impact on VPN performance. It may be advisable for all VPN users and sites, including the central LAN, to use the same ISP for their internet connections. This will lessen the amount of data that needs to cross into the networks of other ISPs, which could degrade performance. Most ISPs will offer a service level agreement (SLA) that agrees network uptime, latency, security and other functions. It is important to read the SLAs carefully before deciding which ISP will give the fastest and most reliable service. Advantages and Disadvantages of a VPN Virtual private networks have a number of advantages and disadvantages over direct dial or leased line solutions. Advantages: 1. VPNs authenticate all packets of data received, ensuring that they are from a trusted source. 2. Encryption ensures that the data remains confidential. 3. Most VPNs connect over the internet so call costs are minimal, even if the remote user is a great distance from the central LAN. 4. Multiple telephone lines and banks of modems at the central site are not required. 5. A reduction in the overall telecommunication infrastructure – as the ISP provides the bulk of the network. 6. Reduced cost of management, maintenance of equipment and technical support. 7. Simplifies network topology by eliminating modem pools and a private network infrastructure. 8. VPN functionality is already present in some IT equipment. 9. VPNs are easily extended by increasing the available bandwidth and by licensing extra client software. 10. If a LAN uses NetBeui or IPX/SPX (both incompatible with the internet) instead of TCP/IP to transmit data to its clients, the VPN gateway can encapsulate these languages into an IP packet and transmit it over the web to another VPN gateway.
10 Disadvantages: 1. If the ISP or Internet connection is down, so is the VPN. 2. The central site must have a permanent internet connection so that remote clients and other sites can connect at anytime. 3. VPNs may provide each user with less bandwidth than a dedicated line solution. 4. Existing firewalls, proxies, routers and hubs may not support VPN transmissions. 5. The internet connection of the central site must have sufficient bandwidth to cope with VPN traffic, the internet connections originating from the central site and any other traffic such as email and FTP (file transfer protocol). 6. VPN equipment from different manufacturers may comply with different standards. 7. Any institution that has users who connect to a LAN from a remote location, or which requires its users to connect to a central LAN, should consider implementing a VPN solution. It is considered to be a superior alternative to long-distance dial-in and leased lines; VPNs can be used securely to carry information at a fraction of the cost of other solutions. An institution can reduce its connection and maintenance costs by replacing banks of modems and multiple leased lines with a single link that carries remote access and fixed VPN traffic along with existing internet traffic.
11 TUNNELING IN VPN A. PPTP Point to Point Tunnelling Protocol RFC2637 1. PPTP was originally used for remote access via an ISP (PPTP = remote access solution). PPTP was devised by Microsoft as a RAS (Remote Access Service) protocol. 2. PPTP is the most widely used VPN tunnelling protocol but will be supplanted by L2TP / IPSec in the long run. 3. PPTP is based on and uses the services of PPP (Point to Point Protocol). By using PPP various authentication (PAP, CHAP, MSCHAP, EAP) and encryption (ECP with preshared keys, RC4, DES) standards compined with compression (CCP) are possible with PPTP. 4. PPTP provides multiprotocol encapsulation through usage of GRE for data packets; this means that the tunnel between client and server is transparent for applications client is virtually within enterprise LAN. 5. GRE, as its name implies, is basically an encapsulation protocol that allows transport of layer 2 (e.g. PPP) and 3 (IP) protocols. In PPTP GRE is used for the transport of data frames while PPTP control frames are used for setting up the GRE connection. 6. PPTP uses a PPTP control connection (TCP) to establish a PPTP data tunnel (GRE) with the following control connection messages: PPTP_START_SESSION_REQUEST / _REPLY PPTP_ECHO_REQUEST / _REPLY PPTP_WAN_ERROR_NOTIFY PPTP_SET_LINK_INFO PPTP_STOP_SESSION_REQUEST / _REPLY 7. The PPTP control connection is neither authenticated nor integrity-checked; 8. Eavesdropping is possible. Connection hijacking is possible (GRE not encrypted). 9. PPTP can usually be made to pass through NAPT / NPAT since it uses GRE as encapsulation protocol. But the NAPT must have an ALG for GRE.
12 B. Layer 2 Forwarding Protocols  1. L2F allows the tunnelling of layer2 protocol such as PPP. 2. L2F was designed for NAS initiated compulsory tunnel. 3. Once the L2F tunnel is established, the NAS acts as a PPP forwarder. 4. L2F, or Layer 2 Forwarding, is a tunneling protocol developed by Cisco Systems, Inc. to establish virtual private network connections over the Internet. L2F does not provide encryption or confidentiality by itself; It relies on the protocol being tunneled to provide privacy. L2F was specifically designed to tunnel Point-to-Point Protocol (PPP) traffic.
13 C. Layer 2 Tunneling Protocol 1. L2TP is: A. A control protocol to dynamically setup and teardown connections (tunnels); this control protocol uses a reliable transport (that uses the Ns and Nr sequence numbers for reliability). B. Data encapsulation for tunnelling user data frames (PPP); the data packet transport is unreliable, that is makes not use of Ns and Nr sequence numbers. 2. L2TP is the „merger“of PPTP (Microsoft) and L2F (Cisco) and thus is the best of the two whilst incorporating additional features. 3. L2TP is multiprotocol (PPTP was bound to IP as transport protocol). L2TP allows to tunnel PPP over any packet switched network. 4. L2TP allows end-to-end tunnels (along with the client initiated voluntary VPN mode); L2F supports only the NAS initiated VPN model. 5. L2TP only uses one single format (L2TP header over UDP) for data and tunnel maintenance. PPTP had a data (IP over PPP over GRE) and a control (TCP) channel. 6. L2TP allows user and tunnel authentication (tunnel auth. with L2TP, user authentication with PPP authentication). PPTP only allowed user authentication. 7. L2TP allows an arbitrary number of tunnels (useful for enabling QoS). L2F and PPTP only allowed to open 1 tunnel between 2 endpoints. 8. L2TP is run over UDP/IP to make it pass through firewalls. L2TP affords sequencing and flow control (required since transported over unreliable UDP).
14 SECURITY 1. VPN keep the data secure TCP/IP is not designed for security, so VPNs use a mix of IP protocols and systems to provide the best security solution for each type of connection. Some protocols encrypt the packets of data while other protocols protect the packet whilst it is being transmitted. Some of the more popular protocols and systems that a VPN uses to keep the data secure are: PPTP (point-to-point tunneling protocol) Creates a virtual tunnel for connections which, along with L2TP (layer two tunneling protocol) and L2F (layer two forwarding), is used mainly for remote access VPNs. IPSec (internet protocol security) Is becoming the most commonly used security option for fixed VPN solutions. Each packet of data is encrypted and has an authenticating stamp verifying its origin. This makes IPSec a very secure option. IPSec works in one of two ways: TRANSPORT MODE In this mode only the payload portion of the packet is encrypted. (The payload consists of the actual data that is being transmitted.)
15 TUNNEL MODE The entire packet, including the header is encrypted. (The header contains the source and destination IP addresses.) ENCRYPTION STANDARDS DES (data encryption standard) and 3DES (triple DES) secure the data to different levels ranging from 56- to 168-bit encryption AUHENTICATION SYSTEMS Prove that the sender of the packets is genuine and not a hacker attempting to deceive the receiver by intercepting and altering the packets before they arrive at their destination. PKE (public key encryption) PKE can be used with VPNs. Instead of manually entering encryption codes, internet key exchange (IKE) allows keys to be automatically exchanged which are useful on larger networks. There are many ways to protect the data during transmission. Most VPN solutions use either encryption or authentication for data security. As the security level increases so does the time required to process and assembles each packet. The typical overhead for VPN encryption during web browsing is 20 per cent; other user applications that run over VPNs may increase the overhead significantly more. To alleviate this problem some VPN systems compress data before sending to improve network performance. 2. VPN be used to secure a wireless network As a VPN encrypts data from one point to another it is ideal for use over a wireless local area network (WLAN). However, it is worth noting that the biggest cause of WLAN security problems is the network not being made secure at time of installation, either by bad installation practices or lack of knowledge of the product. Further information about installing and configuring WLANs can be found in Becta’s WLAN technical document
16 CONCLUSION As we have gone through all possible details we conclude that VPN is the best option for the corporate networking. As many companies need to have access to Internet and hence security is also the main concern. VPN provides best possible combination of security and private network capabilities with adequate cost –saving to the companies who are presently working with leased lines Many tools are available today to help you manage WAN links. These range from Quality of Service tools for traffic classification, Policing/Shaping, Bandwidth Allocation, and Congestion Avoidance.
17 REFRENCES [1] http://www.ictadivice.org.uk, June 2003. Technical paper “Virtual Private Network” [2] www.vpnc.org/vpn-technologies.pdf [3] L. Keng Lim and Prastant Chandra “Customization Virtual Private Network Service with Quality of Service” Carnegie Mellon University Pittsburgh, August 2000

Recomendados

Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)sonalikasingh15
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2Swarup Kumar Mall
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Rajendra Dangwal
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationKuldeep Padhiyar
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSowmia Sathyan
 

Recomendados

Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)sonalikasingh15
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2Swarup Kumar Mall
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Rajendra Dangwal
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationKuldeep Padhiyar
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSowmia Sathyan
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPNFarah M. Altufaili
 
Virtual private network
Virtual private network Virtual private network
Virtual private network Parth Akbari
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
VPN
VPNVPN
VPNShiraz316
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajendra Dangwal
 
Virtual Private Network (VPN).
Virtual Private Network (VPN).Virtual Private Network (VPN).
Virtual Private Network (VPN).Debasis Chowdhury
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing pptshibamughal
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationRam Bharosh Raut
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)Abrish06
 
fog computing ppt
fog computing ppt fog computing ppt
fog computing ppt sravya raju
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN securityRajan Kumar
 
Advanced computer network lab manual (practicals in Cisco Packet tracer)
Advanced computer network lab manual (practicals in Cisco Packet tracer)Advanced computer network lab manual (practicals in Cisco Packet tracer)
Advanced computer network lab manual (practicals in Cisco Packet tracer)VrundaBhavsar
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentationAmjad Bhutto
 
Grid protocol architecture
Grid protocol architectureGrid protocol architecture
Grid protocol architecturePooja Dixit
 
Manet
ManetManet
ManetRajan Kumar
 
COMPUTER NETWORKING
COMPUTER NETWORKINGCOMPUTER NETWORKING
COMPUTER NETWORKINGKiran Buriro
 
Pervasive Computing
Pervasive ComputingPervasive Computing
Pervasive ComputingSangeetha Sg
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security Akhila Param
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Vpn
VpnVpn
VpnKajal Thakkar
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfHirazNor
 

Mais conteúdo relacionado

Mais procurados

Virtual private network
Virtual private network Virtual private network
Virtual private network Parth Akbari
 
Virtual Private Network (VPN).
Virtual Private Network (VPN).Virtual Private Network (VPN).
Virtual Private Network (VPN).Debasis Chowdhury
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing pptshibamughal
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)Abrish06
 
fog computing ppt
fog computing ppt fog computing ppt
fog computing ppt sravya raju
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN securityRajan Kumar
 
Advanced computer network lab manual (practicals in Cisco Packet tracer)
Advanced computer network lab manual (practicals in Cisco Packet tracer)Advanced computer network lab manual (practicals in Cisco Packet tracer)
Advanced computer network lab manual (practicals in Cisco Packet tracer)VrundaBhavsar
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentationAmjad Bhutto
 
Grid protocol architecture
Grid protocol architectureGrid protocol architecture
Grid protocol architecturePooja Dixit
 
COMPUTER NETWORKING
COMPUTER NETWORKINGCOMPUTER NETWORKING
COMPUTER NETWORKINGKiran Buriro
 
Pervasive Computing
Pervasive ComputingPervasive Computing
Pervasive ComputingSangeetha Sg
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security Akhila Param
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 

Mais procurados (20)

Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
 
Virtual private network
Virtual private network Virtual private network
Virtual private network
 
Vpn ppt
Vpn pptVpn ppt
Vpn ppt
 
VPN
VPNVPN
VPN
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Virtual Private Network (VPN).
Virtual Private Network (VPN).Virtual Private Network (VPN).
Virtual Private Network (VPN).
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)
 
fog computing ppt
fog computing ppt fog computing ppt
fog computing ppt
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
 
Advanced computer network lab manual (practicals in Cisco Packet tracer)
Advanced computer network lab manual (practicals in Cisco Packet tracer)Advanced computer network lab manual (practicals in Cisco Packet tracer)
Advanced computer network lab manual (practicals in Cisco Packet tracer)
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentation
 
Grid protocol architecture
Grid protocol architectureGrid protocol architecture
Grid protocol architecture
 
Manet
ManetManet
Manet
 
COMPUTER NETWORKING
COMPUTER NETWORKINGCOMPUTER NETWORKING
COMPUTER NETWORKING
 
Pervasive Computing
Pervasive ComputingPervasive Computing
Pervasive Computing
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 

Semelhante a Virtual Private Network

csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfHirazNor
 
Virtual Private Network- VPN
Virtual Private Network- VPNVirtual Private Network- VPN
Virtual Private Network- VPNNikhil Kumar
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network) Netwax Lab
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajan Kumar
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private NetworkAbhinav Dwivedi
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkAyano Midakso
 
my presentation on vpn
my presentation on vpnmy presentation on vpn
my presentation on vpnjadeja dhanraj
 

Semelhante a Virtual Private Network (20)

Vpn
VpnVpn
Vpn
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdf
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
Virtual Private Network- VPN
Virtual Private Network- VPNVirtual Private Network- VPN
Virtual Private Network- VPN
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private Network
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
 
Buildvpn1.pdf
Buildvpn1.pdfBuildvpn1.pdf
Buildvpn1.pdf
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
 
Vpn
VpnVpn
Vpn
 
VPN_ppt.ppt
VPN_ppt.pptVPN_ppt.ppt
VPN_ppt.ppt
 
All About VPN
All About VPNAll About VPN
All About VPN
 
my presentation on vpn
my presentation on vpnmy presentation on vpn
my presentation on vpn
 
Allaboutvpn
AllaboutvpnAllaboutvpn
Allaboutvpn
 
The vpn
The vpnThe vpn
The vpn
 
VPN
VPN VPN
VPN
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
 

Mais de Richa Singh

Fluid Simulation In Computer Graphics
Fluid Simulation In Computer GraphicsFluid Simulation In Computer Graphics
Fluid Simulation In Computer GraphicsRicha Singh
 
Load balancing in Distributed Systems
Load balancing in Distributed SystemsLoad balancing in Distributed Systems
Load balancing in Distributed SystemsRicha Singh
 
Nested classes in java
Nested classes in javaNested classes in java
Nested classes in javaRicha Singh
 
Google LOON Project
Google LOON ProjectGoogle LOON Project
Google LOON ProjectRicha Singh
 
Load Balancing In Distributed Computing
Load Balancing In Distributed ComputingLoad Balancing In Distributed Computing
Load Balancing In Distributed ComputingRicha Singh
 
DLNA- DIGITAL LIVING NETWORK ALLIANCE
DLNA- DIGITAL LIVING NETWORK ALLIANCEDLNA- DIGITAL LIVING NETWORK ALLIANCE
DLNA- DIGITAL LIVING NETWORK ALLIANCERicha Singh
 
Google's LOON Project
Google's LOON ProjectGoogle's LOON Project
Google's LOON ProjectRicha Singh
 

Mais de Richa Singh (8)

Fluid Simulation In Computer Graphics
Fluid Simulation In Computer GraphicsFluid Simulation In Computer Graphics
Fluid Simulation In Computer Graphics
 
Load balancing in Distributed Systems
Load balancing in Distributed SystemsLoad balancing in Distributed Systems
Load balancing in Distributed Systems
 
Nested classes in java
Nested classes in javaNested classes in java
Nested classes in java
 
Google LOON Project
Google LOON ProjectGoogle LOON Project
Google LOON Project
 
Load Balancing In Distributed Computing
Load Balancing In Distributed ComputingLoad Balancing In Distributed Computing
Load Balancing In Distributed Computing
 
DLNA- DIGITAL LIVING NETWORK ALLIANCE
DLNA- DIGITAL LIVING NETWORK ALLIANCEDLNA- DIGITAL LIVING NETWORK ALLIANCE
DLNA- DIGITAL LIVING NETWORK ALLIANCE
 
Html Basic Tags
Html Basic TagsHtml Basic Tags
Html Basic Tags
 
Google's LOON Project
Google's LOON ProjectGoogle's LOON Project
Google's LOON Project
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Virtual Private Network

  • 1. 1 INTRODUCTION The wide spread migration towards the Internet Protocol creates a golden age for system integrators, network manager who are creating and implementing IP based Internetworking solution. Employees on business trips need to stay current with their electronic mail. Sales represents in the field must be able to access corporate databases. Branch offices must be part of the corporate network. Virtual private networks (VPNs) offer low-cost, secure, dynamic access to private networks. Such access would otherwise only be possible by using an expensive leased line solution or by dialing directly into the local area network (LAN). VPNs allow remote users to access private networks securely over the Internet. A remote user in one part of the UK can establish a secure network connection using a VPN to a school LAN in another part of the UK and only incur the call cost for the local Internet The Need for VPNs VPNs aim to give the remote corporate user the same level of access to corporate computing and data resources as the user would have if she were physically present at the corporate headquarters. By reducing the costs of transporting data traffic and by enabling network connections in locations where they would not be affordable, VPNs reduce the total cost of ownership of a corporate network.
  • 2. 2 CORPORATE NETWORK USING VPN Companies whose facilities are split between two or more location can connect into a single logical network through the use of VPN. Using the Internet as the communication backbone, and by authenticating and encrypting data transmissions through secure tunnels, a new level of integration for physically distinct networks can be created. This new technology dubbed as VPN, is an exciting new function that enables distant workgroups to communicate efficiently and securely across the Internet. Fig:1 corporate network of VPN
  • 3. 3 What is a VPN? A virtual private network gives secure access to LAN resources over a shared network infrastructure such as the internet. It can be conceptualized as creating a tunnel from one location to another, with Encrypted data traveling through the tunnel before being decrypted at its destination. Remote users can connect to their organization’s LAN or any other LAN. They can access resources such as email and documents as if they were connected to the LAN as normal. By using VPN technology it is possible to connect to a school LAN from anywhere in the world via the internet, and to access it securely and privately without incurring the large communication costs associated with other solutions. One user uses a 56 kilobits per second (Kbps) modem to dial their internet service provider (ISP) and connects to the central LAN with VPN software. A remote site uses ADSL (asymmetric digital subscriber line) to connect to its ISP and a VPN router (a hardware solution) to carry out the VPN connection Few changes are made to the PCs at the remote site and the VPN router carries out the encryption and decryption of data. As both connect to their usual ISP, they only incur their normal ISP call tariffs. Fig 2: two methods of connecting to a school's LAN using a VPN
  • 4. 4 In figure 2 two method connected that is one user uses a 56 kilobits per second modem to dial their internet service provider and connects to the central LAN with VPN software. Second is a remote site uses asymmetric digital subscriber line to connect to its ISP and VPN router to carry out the VPN connection. Few changes are made to the PCs at the VPN router carries out the encryption and decryption of data. As both connect to their usual ISP, they only incur their normal ISP call traffic Terms of VPN 1. Virtual: It means that the connection is dynamic. It can change and adapt to different circumstances using the internet's fault tolerant capabilities. When a connection is required it is established and maintained regardless of the network infrastructure between endpoints. When it is no longer required the connection is terminated, reducing costs and the amount of redundant infrastructure. 2. Private: It means that the transmitted data is always kept confidential and can only be accessed by authorized users. This is important because the internet's original protocols –TCP/IP (transmission control protocol/internet protocol) – were not designed to provide such levels of privacy. Therefore, privacy must be provided by other means such as additional VPN hardware or software. 3. Network: It is the entire infrastructure between the endpoints of users, sites or nodes that carries the data. It is created using the private, public, wired, wireless, internet or any other appropriate network resource available.
  • 5. 5 Types of VPN There are many variations of virtual private networks, with the majority based on two main models: Remote access :( Virtual private dial-up network (VPDN) or client-to-site) A remote access VPN is for home or travelling users who need to access their central LAN from a remote location. They dial their ISP and connect over the internet to the LAN. This is made possible by installing a client software program on the remote user’s laptop or PC that deals with the encryption and decryption of the VPN traffic between itself and the VPN gateway on the central LAN. Fixed: (Intranet and extranet or site-to-site) A fixed VPN is normally used between two or more sites allowing a central LAN to be accessed by remote LANs over the internet or private communication lines using VPN gateways. VPN gateways (normally a VPN-enabled router) are placed at each remote site and at the central site to allow all encryption and decryption and tunneling to be carried out transparently.
  • 6. 6 Intranets: They are carrying corporate traffic and creating the need for more meshed traffic patterns.
  • 7. 7 Extranets: They are an integral part of communications with your customers and partners. What does a VPN consist of ? As VPN topologies can vary greatly there is no standard for a definitive VPN. However, it is possible to specify what each main component of a VPN does: 1. VPN gateways: create the virtual tunnels that the data passes through, carrying out the encryption before transmission and decryption at the other end. Gateways can be software, or built into a firewall, or a server or router or a dedicated appliance. 2. Security servers: maintain the access control list (ACL) and other user-related information that the security gateway uses to determine which traffic has authorised access. 3. Keys: used for the encryption and decryption of data. Sites can choose to maintain their own database of digital certificates (keys) for users by setting up a certificate server, or they can use an external certificate authority. 4. Network: there must be an internet infrastructure at both ends to provide the actual transmission medium. Some of these components may be built into a single device or spread over many devices over several sites.
  • 8. 8 How does a VPN work? A remote access solution works by the remote user first establishing an internet connection to an ISP in the normal way. The user activates the VPN client software to create a tunnel over the internet and to connect to the central LAN’s VPN gateway. The VPN client software then passes its authorization to the VPN gateway. The VPN gateway checks that the user is authorised to connect and then ensures the encryption key from the remote client is valid. All VPN data is encrypted using the key before being transmitted over the internet using a tunneling protocol. It is decrypted at the other end by the VPN gateway, which has an identical set of keys to decrypt the data. Data sent from the central LAN to the remote user is encrypted by the VPN gateway before transmission and decrypted by the remote user’s VPN client software. Fig 2:remote access VPN solution A fixed solution works by first establishing a VPN gateway at each site. Each VPN gateway has the same key to encrypt/decrypt data and knows the IP addresses of the other sites, so they know where to transmit the data to, and where to expect secure VPN transmissions from. This flow of data is transparent to the users and requires little actual configuration on the PCs. Figure 3:a fixed VPN solution
  • 9. 9 The choice of ISP is very important when implementing a VPN solution as it can have a major impact on VPN performance. It may be advisable for all VPN users and sites, including the central LAN, to use the same ISP for their internet connections. This will lessen the amount of data that needs to cross into the networks of other ISPs, which could degrade performance. Most ISPs will offer a service level agreement (SLA) that agrees network uptime, latency, security and other functions. It is important to read the SLAs carefully before deciding which ISP will give the fastest and most reliable service. Advantages and Disadvantages of a VPN Virtual private networks have a number of advantages and disadvantages over direct dial or leased line solutions. Advantages: 1. VPNs authenticate all packets of data received, ensuring that they are from a trusted source. 2. Encryption ensures that the data remains confidential. 3. Most VPNs connect over the internet so call costs are minimal, even if the remote user is a great distance from the central LAN. 4. Multiple telephone lines and banks of modems at the central site are not required. 5. A reduction in the overall telecommunication infrastructure – as the ISP provides the bulk of the network. 6. Reduced cost of management, maintenance of equipment and technical support. 7. Simplifies network topology by eliminating modem pools and a private network infrastructure. 8. VPN functionality is already present in some IT equipment. 9. VPNs are easily extended by increasing the available bandwidth and by licensing extra client software. 10. If a LAN uses NetBeui or IPX/SPX (both incompatible with the internet) instead of TCP/IP to transmit data to its clients, the VPN gateway can encapsulate these languages into an IP packet and transmit it over the web to another VPN gateway.
  • 10. 10 Disadvantages: 1. If the ISP or Internet connection is down, so is the VPN. 2. The central site must have a permanent internet connection so that remote clients and other sites can connect at anytime. 3. VPNs may provide each user with less bandwidth than a dedicated line solution. 4. Existing firewalls, proxies, routers and hubs may not support VPN transmissions. 5. The internet connection of the central site must have sufficient bandwidth to cope with VPN traffic, the internet connections originating from the central site and any other traffic such as email and FTP (file transfer protocol). 6. VPN equipment from different manufacturers may comply with different standards. 7. Any institution that has users who connect to a LAN from a remote location, or which requires its users to connect to a central LAN, should consider implementing a VPN solution. It is considered to be a superior alternative to long-distance dial-in and leased lines; VPNs can be used securely to carry information at a fraction of the cost of other solutions. An institution can reduce its connection and maintenance costs by replacing banks of modems and multiple leased lines with a single link that carries remote access and fixed VPN traffic along with existing internet traffic.
  • 11. 11 TUNNELING IN VPN A. PPTP Point to Point Tunnelling Protocol RFC2637 1. PPTP was originally used for remote access via an ISP (PPTP = remote access solution). PPTP was devised by Microsoft as a RAS (Remote Access Service) protocol. 2. PPTP is the most widely used VPN tunnelling protocol but will be supplanted by L2TP / IPSec in the long run. 3. PPTP is based on and uses the services of PPP (Point to Point Protocol). By using PPP various authentication (PAP, CHAP, MSCHAP, EAP) and encryption (ECP with preshared keys, RC4, DES) standards compined with compression (CCP) are possible with PPTP. 4. PPTP provides multiprotocol encapsulation through usage of GRE for data packets; this means that the tunnel between client and server is transparent for applications client is virtually within enterprise LAN. 5. GRE, as its name implies, is basically an encapsulation protocol that allows transport of layer 2 (e.g. PPP) and 3 (IP) protocols. In PPTP GRE is used for the transport of data frames while PPTP control frames are used for setting up the GRE connection. 6. PPTP uses a PPTP control connection (TCP) to establish a PPTP data tunnel (GRE) with the following control connection messages: PPTP_START_SESSION_REQUEST / _REPLY PPTP_ECHO_REQUEST / _REPLY PPTP_WAN_ERROR_NOTIFY PPTP_SET_LINK_INFO PPTP_STOP_SESSION_REQUEST / _REPLY 7. The PPTP control connection is neither authenticated nor integrity-checked; 8. Eavesdropping is possible. Connection hijacking is possible (GRE not encrypted). 9. PPTP can usually be made to pass through NAPT / NPAT since it uses GRE as encapsulation protocol. But the NAPT must have an ALG for GRE.
  • 12. 12 B. Layer 2 Forwarding Protocols  1. L2F allows the tunnelling of layer2 protocol such as PPP. 2. L2F was designed for NAS initiated compulsory tunnel. 3. Once the L2F tunnel is established, the NAS acts as a PPP forwarder. 4. L2F, or Layer 2 Forwarding, is a tunneling protocol developed by Cisco Systems, Inc. to establish virtual private network connections over the Internet. L2F does not provide encryption or confidentiality by itself; It relies on the protocol being tunneled to provide privacy. L2F was specifically designed to tunnel Point-to-Point Protocol (PPP) traffic.
  • 13. 13 C. Layer 2 Tunneling Protocol 1. L2TP is: A. A control protocol to dynamically setup and teardown connections (tunnels); this control protocol uses a reliable transport (that uses the Ns and Nr sequence numbers for reliability). B. Data encapsulation for tunnelling user data frames (PPP); the data packet transport is unreliable, that is makes not use of Ns and Nr sequence numbers. 2. L2TP is the „merger“of PPTP (Microsoft) and L2F (Cisco) and thus is the best of the two whilst incorporating additional features. 3. L2TP is multiprotocol (PPTP was bound to IP as transport protocol). L2TP allows to tunnel PPP over any packet switched network. 4. L2TP allows end-to-end tunnels (along with the client initiated voluntary VPN mode); L2F supports only the NAS initiated VPN model. 5. L2TP only uses one single format (L2TP header over UDP) for data and tunnel maintenance. PPTP had a data (IP over PPP over GRE) and a control (TCP) channel. 6. L2TP allows user and tunnel authentication (tunnel auth. with L2TP, user authentication with PPP authentication). PPTP only allowed user authentication. 7. L2TP allows an arbitrary number of tunnels (useful for enabling QoS). L2F and PPTP only allowed to open 1 tunnel between 2 endpoints. 8. L2TP is run over UDP/IP to make it pass through firewalls. L2TP affords sequencing and flow control (required since transported over unreliable UDP).
  • 14. 14 SECURITY 1. VPN keep the data secure TCP/IP is not designed for security, so VPNs use a mix of IP protocols and systems to provide the best security solution for each type of connection. Some protocols encrypt the packets of data while other protocols protect the packet whilst it is being transmitted. Some of the more popular protocols and systems that a VPN uses to keep the data secure are: PPTP (point-to-point tunneling protocol) Creates a virtual tunnel for connections which, along with L2TP (layer two tunneling protocol) and L2F (layer two forwarding), is used mainly for remote access VPNs. IPSec (internet protocol security) Is becoming the most commonly used security option for fixed VPN solutions. Each packet of data is encrypted and has an authenticating stamp verifying its origin. This makes IPSec a very secure option. IPSec works in one of two ways: TRANSPORT MODE In this mode only the payload portion of the packet is encrypted. (The payload consists of the actual data that is being transmitted.)
  • 15. 15 TUNNEL MODE The entire packet, including the header is encrypted. (The header contains the source and destination IP addresses.) ENCRYPTION STANDARDS DES (data encryption standard) and 3DES (triple DES) secure the data to different levels ranging from 56- to 168-bit encryption AUHENTICATION SYSTEMS Prove that the sender of the packets is genuine and not a hacker attempting to deceive the receiver by intercepting and altering the packets before they arrive at their destination. PKE (public key encryption) PKE can be used with VPNs. Instead of manually entering encryption codes, internet key exchange (IKE) allows keys to be automatically exchanged which are useful on larger networks. There are many ways to protect the data during transmission. Most VPN solutions use either encryption or authentication for data security. As the security level increases so does the time required to process and assembles each packet. The typical overhead for VPN encryption during web browsing is 20 per cent; other user applications that run over VPNs may increase the overhead significantly more. To alleviate this problem some VPN systems compress data before sending to improve network performance. 2. VPN be used to secure a wireless network As a VPN encrypts data from one point to another it is ideal for use over a wireless local area network (WLAN). However, it is worth noting that the biggest cause of WLAN security problems is the network not being made secure at time of installation, either by bad installation practices or lack of knowledge of the product. Further information about installing and configuring WLANs can be found in Becta’s WLAN technical document
  • 16. 16 CONCLUSION As we have gone through all possible details we conclude that VPN is the best option for the corporate networking. As many companies need to have access to Internet and hence security is also the main concern. VPN provides best possible combination of security and private network capabilities with adequate cost –saving to the companies who are presently working with leased lines Many tools are available today to help you manage WAN links. These range from Quality of Service tools for traffic classification, Policing/Shaping, Bandwidth Allocation, and Congestion Avoidance.
  • 17. 17 REFRENCES [1] http://www.ictadivice.org.uk, June 2003. Technical paper “Virtual Private Network” [2] www.vpnc.org/vpn-technologies.pdf [3] L. Keng Lim and Prastant Chandra “Customization Virtual Private Network Service with Quality of Service” Carnegie Mellon University Pittsburgh, August 2000