VPN allows organizations to connect remote sites and users over a shared public network while maintaining privacy and security. It uses encryption, authentication, and tunneling protocols to create a secure connection between devices. VPNs can extend an organization's intranet to remote offices, partners, suppliers and customers. They reduce costs compared to dedicated private networks. However, VPNs still face security risks from hacking attacks, weak authentication, client-side vulnerabilities, and malware infections that could compromise the private network. Proper firewalls, encryption, authentication and other security measures are needed to ensure VPN safety.
3. A virtual private network can be contrasted with an
expensive system of owned or leased lines that can
only be used by one organisation.
The goal of a VPN is to provide the organisation with
the same capabilities, but at a much lower cost.
4. A VPN works by using the shared public
infrastructure while maintaining privacy through
security procedures and tunnelling protocols.
In effect, the protocols, by encrypting data at the
sending end and decrypting it at the receiving end,
send the data through a “tunnel” that cannot be
“entered” by data that is not properly generated.
An additional level of security involves encrypting not
only the data, but also the originating and receiving
network addresses.
10. Router/Firewall initiated VPN
For site to site connectivity - internets and extranets.
POP
Internet
Remote Router or Firewall Initiated
POP
IPSec
Encrypted
Tunnel
Router/Firewall-Initiated VPNRouter/Firewall-Initiated VPN
11.
12. Benefits of VPN
Extend geographic connectivity
Improve security
Reduce operational costs versus traditional WAN.
Reduce transit time and transportation cost for remote users.
Improve Productivity
Simplify network
Provides global networking opportunities
Easy to configure
Provide telecommuter support
Used to access BLOCKED websites
15. A well-designed VPN uses several
methods for keeping your connection
and data secure:
Fire walls
Encryption
Sec
AAA server
16. VPN uses encryption to provide the data confidentiality.
Once connected, the VPN makes use of the tunnelling
mechanism to encapsulate encrypted data into a secure
tunnel, with openly read headers, which can cross the
public networks.
VPN also provides the data integrity check.This is typically
performed using a message digest to ensure that the data
has not been tampered with during transmission.
VPN Security
17. Firewalls
Provides a strong barrier
between your private
network and the internet.
You can set firewalls to
restrict the numbers of
ports, what types of
packets are passed
through and which
protocols are allowed
through.
18. Encryption
Process of taking all the
data that one computer
is sending to another
and encoding it into a
form that only the other
computer will be able to
decode.
20. Creating Dial up VPN on
windows server 2008R2
Conditions:
>IP address should be static
>firewall should be turned off
> computers must be in a network
>domain should be built already
Go to server manager, install the RRAS
role from the Administrative tools.
Follow the onscreen instructions with a
desired choice of options as according
you want to build the VPN.
22. Hacking Attacks
VPN Hijacking is the unauthorised take-over of an
established VPN connection from a remote client, and
impersonating that client on the connecting network.
Man-in-Middle attacks affect traffic being sent between
communicating parties , and can include interception,
insertion, deletion, and modification of messages,
reflecting messages back at the sender, repaying old
messages and redirecting messages.
23. User Authentication
By default, VPN does not provide/enforce strong user
authentication. A VPN connection should only be
established by an authenticated user. If the
authentication is not strong enough to restrict
unauthorised access, an unauthorised party could
access the connected network and its resources. Most
VPN implementations provide limited authentications
methods. For example, PAP, used in PPTP, transports
both username and password in clear text. A third party
could capture this information and use it to gain
subsequent access to the network.
24. Client-Side risks
The VPN client machines of, say, home users may be
connected to the Internet via a standard broadband
connection while at the same time holding a VPN connection
to a private network, using split tunnelling. This may pose a
risk to the private network being connected to.
A client machine may also be shared with other parties who
are not fully aware of the security implications. In addition, a
laptop used by a mobile user may be connected to the
Internet, a wireless LAN at a hotel, airport or on other foreign
networks. However, the security protection in most of these
public connection points is inadequate for VPN access. If the
VPN client machine is compromised, either before or during
the connection, this poses a risk to the connecting network.
25. Virus/ Malware Infections
A connecting network can be compromised if the client
side is infected with a virus. If a virus or spyware
infects a client machine, there is chance that the
password for the VPN connection might be leaked to
an attacker. In the case of an intranet or extranet VPN
connection, if one network is infected by a virus or
worm, that virus / worm can be spread quickly to other
networks if anti-virus protection systems are ineffective.
26. Conclusion
VPN provides a means of accessing a secure, private,
internal network over insecure public networks such as
the Internet. A number of VPN technologies have been
outlined, among which IPsec and SSL VPN are the
most common. Although a secure communication
channel can be opened and tunnelled through an
insecure network via VPN, client side security should
not be overlooked.