Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Remote Access VPN

advertisement 
Virtual Private
Networks
Ba 378 Winter 2006
What is a VPN?
• A VPN is a private network linked to a public
network, using the internet as its transfer
mechanism. It also attempts to maintain
security during transfer of information
• The most common configuration is to have a
single main internal network with remote nodes
using VPN to gain full access to the central net.
• The remote nodes are commonly remote
offices or employees working from home. You
can also link two small (or large) networks to
form an even larger single network.
http://www.tldp.org/HOWTO/VPN-HOWTO/x192.html
VPNs as islands
• VPNs work like islands
• The ocean can be seen as the internet
• To get to each island a bridge must be built,
even though it may be costly at first hand. It is
beneficial in the end. (Leased Lines)
• Submarines are given to each person who attain
a leased line.
• Each remote member can communicate in a
safe and reliable manner .
http://www.alliancedatacom.com/how-vpn-works.asp
TYPES OF VPN’S
2 Common Types
 Remote Access VPN
 Site to Site VPN
- Intranet VPN
- Extranet VPN
Remote Access VPN
What is it?
• “Virtual Private dial-up network”
• User to LAN connection
• Enables employees to connect to private
network from remote locations
http://computer.howstuffworks.com/vpn2.htm
Remote Access VPN
How does it work?
• Company out sources to an enterprise service
provider (ESP)
• ESP sets up a network access server (NAS)
• Telecommuters receive desktop client
software for computer
• Employees dial toll free number on computer
to connect to NAS and use client software to
tap into company network
http://computer.howstuffworks.com/vpn2.htm
Site to Site VPN
What is it and How does it work?
 Intranet-based
- One or more remote locations connect to a single private
network
-Connects LAN to LAN
 Extranet-based
-Close relationship with another company
-Connects LAN to LAN
-Various companies can work in shared environment
http://computer.howstuffworks.com/vpn3.htm
3 VPN TYPES
http://computer.howstuffworks.com/vpn2.htm
VPN Security
With VPN now expanding not only
through businesses but through
out the globe and connecting
several businesses together
through LANs, WANs, and
Wireless networks, security is
more important than ever
Integrated Security Systems
•
•
•
•
An integrated system provides greater risk
reduction than any individual product or
combination security devices, regardless of
features or performance. Using the network
to provide a common security architecture:
reduces complexity
enables tighter integration
closes risk gaps
provides greater visibility of end-to-end
security
http://www.cisco.com/en/US/products/hw/vpndevc/products_category_technologies_overview.html
Well designed VPNs incorporate the
following characteristics:
• Integrated: Every element of the network acts as a point
of defense including software and hardware
• Collaborative: Various network components work
together to provide a means of protection. Security
involves cooperation between endpoints, network
elements, and policy enforcement
• Adaptive: The system can recognize new threats as the
arrive. Mutual awareness can exist among and between
security services and network intelligence, thus
increasing security effectiveness to new threats.
http://www.cisco.com/en/US/products/hw/vpndevc/products_category_technologies_overview.html
VPN Security Methods
A well designed VPN uses several methods
for keeping the connection and data secure,
these are some of them:
• Firewalls
• Encryption
• IPSec
• AAA Servers
http://computer.howstuffworks.com/vpn.htm
Firewall
“A firewall is simply a program or
hardware device that filters the
information coming through the
Internet connection into your private
network or computer system. If an
incoming packet of information is
flagged by the filters, it is not allowed
through.”
http://computer.howstuffworks.com/vpn.htm
Firewall
Firewalls are an important part of the
security system because they will help
stop hackers, viruses, spyware, and other
harmful things that are associated with the
internet from entering the company’s
computer system.
http://computer.howstuffworks.com/vpn.htm
Encryption
“Encryption is the process of taking all the
data that one computer is sending to
another and encoding it into a form that
only the other computer will be able to
decode.” Most computer systems use
one of the following:
• Symmetric-key encryption
• Public-key encryption
http://computer.howstuffworks.com/vpn.htm
Symmetric-key encryption
• Each computer has a secret key that it can use to
encrypt information before it is sent over the network to
another computer
• Symmetric-key requires that you know which
computers will be talking to each other so you can
install the key on each one
• Symmetric-key encryption is essentially the same as a
secret code that each of the two computers must know
in order to decode the information. The code provides
the key to decoding the message.
http://computer.howstuffworks.com/vpn.htm
Example
• “You create a coded message to send to a friend in
which each letter is substituted with the letter that is two
down from it in the alphabet. So "A" becomes "C," and
"B" becomes "D". You have already told a trusted friend
that the code is "Shift by 2". Your friend gets the
message and decodes it. Anyone else who sees the
message will see only nonsense.”
http://computer.howstuffworks.com/vpn.htm
Public-key encryption
• This encryption uses a combination of a private key and a
public key
• The private key is known only to your computer, while the
public key is given by your computer to any computer that
wants to communicate securely with it
• To decode an encrypted message, a computer must use the
public key, provided by the originating computer, and its own
private key
http://computer.howstuffworks.com/vpn.htm
Public-key encryption
• The most popular public-key encryption is
called Pretty Good Privacy (PGP)
• This program lets you encrypt just about
anything. ie email, hard drives, media,
etc.
• For more information PGP
http://computer.howstuffworks.com/vpn.htm
IPSec
• IPSec stands for Internet Protocol Security
Protocol
• It provides enhanced security features such
as better encryption algorithms and more
comprehensive authentication
• There are two types of encryption: tunneling
and transport
http://computer.howstuffworks.com/vpn.htm
Tunneling and transporting
•
Tunneling encryption encrypts each
packet that is sent
• Transport encryption encrypts the entire
package as a whole that is sent
http://computer.howstuffworks.com/vpn.htm
Overview of a VPN and its security points
Photo courtesy Cisco Systems, Inc.
A remote-access VPN utilizing IPSec
http://computer.howstuffworks.com/vpn.htm
AAA Servers
• AAA stands for authentication, authorization
and accounting
• These servers are used for a more secure
access for remote-access VPN
environments
http://computer.howstuffworks.com/vpn.htm
AAA Servers
• When a AAA server gets a request to
establish a session, it asks the following
questions:
• Who you are (authentication)?
• What you are allowed to do (authorization)?
• What you actually do (accounting)?
http://computer.howstuffworks.com/vpn.htm
Who uses VPNs?
• Companies and organizations
– Employees work at home or traveling
• Retail sector
– Usually have multiple sites
• Universities
– Allow students and faculty to access
information off site
Providers of VPNs
• Company can build own
– Purchase software
– Use of a router
• Can outsource
– Mostly internet service providers (ISPs) and
interexchange carriers (IXCs)
– Less managing and logistics involved
http://compnetworking.about.com/gi/dynamic/offsite.htm?site=http%3A%2F%2Fwww.informationweek.com%2F780%
2Fvpn.htm
http://www.techsoup.org/howto/articles/networks/page1352.cfm?cg=searchterms&sg=Virtual%20Private%20Network
How much does VPNs cost?
• Prices vary by each provider
• Additional options available such as network
management, user authentication, firewalls,
encryption
• Savings
– Infonetics reports $1,000 average savings per
remote worker per year
– Cisco’s study states savings of $600 to $1,800 per
remote worker per year.
http://www.bcr.com/architecture/remote_access/do-it-yourself_vpns_20020519302.htm
Pros and Cons of VPNs
Price Vs. Added-Value
• Added-Value
–
–
–
–
•
Efficiency
Security
Geographic Distance
Satisfaction
Poor Maintenance
Added-Value
35
30
25
20
VPN
15
No VPN
10
5
0
1
2
3
4
5
6
Components of a good VPN
A Good VPN Should…
Security
It must offer security to the users while accessing their data.
Maintenance
It should be updated and maintained within the means of the company.
Efficiency
The VPN needs to add to the productivity and quality of the company.
Reliability
It should be a network that can be counted-on.
Price
Breadth
The benefits must outweigh the costs of the VPN.
Alignment
The VPN must enhance and compliment the goals of the company.
It should span far enough to meet the needs of the company.
Related documents
Peplink SpeedFusion
Peplink SpeedFusion
remote_access_applications
remote_access_applications
Establishment of the VPN connection with the
Establishment of the VPN connection with the
CSUN CECS Information Systems JD1112 x3919 Page 2
CSUN CECS Information Systems JD1112 x3919 Page 2
VPN_Request - ANS Group Plc
VPN_Request - ANS Group Plc
End of Chapter Solutions Template
End of Chapter Solutions Template
EncryptionPAK Signup Form
EncryptionPAK Signup Form
Download
advertisement