(virtual private network (vpn
Post on 17-May-2015
1.442 Views
Preview:
TRANSCRIPT
Virtual Private Network
(VPN)
Virtual Private Network
(VPN)
--22--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
“ “ If saving money is wrong, If saving money is wrong, I don’t want to be right…” I don’t want to be right…”
- - William ShartnerWilliam Shartner
--33--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
outlineoutlineWhat is a VPN?What is a VPN?
Types of VPNTypes of VPN Why use VPNs?Why use VPNs? Disadvantage of VPNDisadvantage of VPN Types of VPN protocolsTypes of VPN protocols EncryptionEncryption
--44--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
What is a VPN?What is a VPN? A VPN is A network A VPN is A network
that uses Internet or that uses Internet or other network service other network service to transmit data.to transmit data.
A VPN includes A VPN includes authentication and authentication and encryption to protect encryption to protect data integrity and data integrity and confidentialityconfidentiality
VPN
VPN
InternetInternet
--55--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN
Provides access to Provides access to internal corporate internal corporate network over the network over the Internet.Internet.
Reduces long Reduces long distance, modem distance, modem bank, and technical bank, and technical support costs.support costs.
InternetInternet
CorporateSite
--66--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN
Site-to-Site VPNSite-to-Site VPN Connects multiple Connects multiple
offices over Internetoffices over Internet Reduces Reduces
dependencies on dependencies on frame relay and frame relay and leased linesleased lines
InternetInternet
BranchOffice
CorporateSite
--77--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN Site-to-Site VPNSite-to-Site VPN
Extranet VPNExtranet VPN Provides business Provides business
partners access to partners access to critical information critical information (leads, sales tools, (leads, sales tools, etc)etc)
Reduces transaction Reduces transaction and operational costsand operational costs
CorporateSite
InternetInternet
Partner #1
Partner #2
--88--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN Site-to-Site VPNSite-to-Site VPN
Extranet VPNExtranet VPN Intranet VPN:Intranet VPN:
Links corporate Links corporate headquarters, remote headquarters, remote offices, and branch offices, and branch offices over a shared offices over a shared infrastructure using infrastructure using dedicated connections.dedicated connections.
InternetInternet
LAN clients
Database Server
LAN clients with sensitive data
--99--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Why Use Virtual Private Networks?
Why Use Virtual Private Networks?
More flexibilityMore flexibility
Use multiple connection types (cable, DSL, Use multiple connection types (cable, DSL, T1, T3)T1, T3)
Secure and low-cost way to link Secure and low-cost way to link
Ubiquitous ISP servicesUbiquitous ISP services
Easier E-commerceEasier E-commerce
--1010--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Why Use Virtual Private Networks?
Why Use Virtual Private Networks?
More flexibilityMore flexibilityMore scalabilityMore scalability
Add new sites, users quicklyAdd new sites, users quickly Scale bandwidth to meet demandScale bandwidth to meet demand
--1111--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Why Use Virtual Private Networks?
Why Use Virtual Private Networks?
More flexibilityMore flexibilityMore scalabilityMore scalabilityLower costsLower costs
Reduced frame relay/leased line costsReduced frame relay/leased line costs Reduced long distanceReduced long distance Reduced equipment costs (modem Reduced equipment costs (modem
banks,CSU/DSUs)banks,CSU/DSUs) Reduced technical training and supportReduced technical training and support
--1212--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
VPN Return on InvestmentVPN Return on Investment
5 branch offices, 1 large corporate office, 200 remote access users.
Payback: 1.04 months. Annual Savings: 88%
Check Point VPN Solution
Non-VPN Solution
Savings with Check Point
Startup Costs (Hardware
and Software)$51,965
Existing; sunk costs =
$0
Site-to-Site Annual Cost
$30,485 $71,664 Frame relay
$41,180 /yr
RAS Annual Cost
$48,000 $604,800Dial-in costs
$556,800 /yr
Combined Annual Cost
$78,485 $676,464 $597,980 /yr
Case History – Professional Services Company
--1313--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Disadvantages of VPNDisadvantages of VPNLower bandwidth available compared Lower bandwidth available compared
to dial-in lineto dial-in line Inconsistent remote access Inconsistent remote access
performance due to changes in performance due to changes in Internet connectivity Internet connectivity
No entrance into the network if the No entrance into the network if the Internet connection is broken Internet connection is broken
--1414--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Point-to-Point Tunneling Protocol (PPTP)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 remote access VPN distributed with Windows product Layer 2 remote access VPN distributed with Windows product familyfamily
Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 ProtocolsAllows multiple Layer 3 Protocols
Uses proprietary authentication and encryptionUses proprietary authentication and encryption Limited user management and scalabilityLimited user management and scalability
Used MPPE encryption methodUsed MPPE encryption method
Internet
Remote PPTP Client
ISP Remote AccessSwitch
PPTP RAS Server
Corporate Network
--1515--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Layer 2 Tunneling Protocol (L2TP)
Layer 2 Tunneling Protocol (L2TP)
Layer 2 remote access VPN protocolLayer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco Combines and extends PPTP and L2F (Cisco
supported protocol)supported protocol) Weak authentication and encryptionWeak authentication and encryption Addition to Point-to-Point Protocol (PPP)Addition to Point-to-Point Protocol (PPP) Must be combined with IPSec for enterprise-level Must be combined with IPSec for enterprise-level
securitysecurity
Internet
Remote L2TP Client
ISP L2TP Concentrator
L2TP Server
Corporate Network
--1616--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Internet Protocol Security (IPSec)
Internet Protocol Security (IPSec)
Layer 3 protocol for remote access, Layer 3 protocol for remote access, intranet, and extranet VPNsintranet, and extranet VPNs Internet standard for VPNsInternet standard for VPNs Provides flexible encryption and message Provides flexible encryption and message
authentication/integrityauthentication/integrity
--1717--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
EncryptionEncryptionUsed to convert data to a secret code Used to convert data to a secret code
for transmission over an trusted networkfor transmission over an trusted network
EncryptionAlgorithm
“The cow jumped over the moon”
“4hsd4e3mjvd3sda1d38esdf2w4d”
Clear TextClear Text Encrypted TextEncrypted Text
--1818--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Symmetric EncryptionSymmetric Encryption Same key used to encrypt and decrypt messageSame key used to encrypt and decrypt message Faster than asymmetric encryptionFaster than asymmetric encryption Used by IPSec to encrypt actual message dataUsed by IPSec to encrypt actual message data Examples: DES, 3DES, RC5Examples: DES, 3DES, RC5
Shared Secret KeyShared Secret Key
--1919--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Asymmetric EncryptionAsymmetric Encryption Different keys used to encrypt and decrypt Different keys used to encrypt and decrypt
message (One public, one private)message (One public, one private) Provides non-repudiation of message or Provides non-repudiation of message or
message integritymessage integrity Examples include RSA, DSA, SHA-1, MD-5Examples include RSA, DSA, SHA-1, MD-5
Alice Public KeyAlice Public KeyEncryptEncrypt
Alice Private KeyAlice Private KeyDecryptDecrypt
BobBob AliceAlice
--2020--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Industries That May Use a VPNIndustries That May Use a VPN Healthcare: : enables the transferring of confidential enables the transferring of confidential
patient information within the medical facilities & patient information within the medical facilities & health care providerhealth care provider
Manufacturing:: allow suppliers to view inventory & allow suppliers to view inventory & allow clients to purchase online safelyallow clients to purchase online safely
Retail:: able to securely transfer sales data or able to securely transfer sales data or customer info between stores & the headquarterscustomer info between stores & the headquarters
Banking/Financial:: enables account information to enables account information to be transferred safely within departments & branchesbe transferred safely within departments & branches
General Business:: communication between remote communication between remote employees can be securely exchangedemployees can be securely exchanged
--2121--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Some Businesses using a VPNSome Businesses using a VPN
CVS Pharmaceutical Corporation CVS Pharmaceutical Corporation upgraded their frame relay network to upgraded their frame relay network to an IP VPNan IP VPN
Bacardi & Co. Implemented a 21-Bacardi & Co. Implemented a 21-country, 44-location VPNcountry, 44-location VPN
--2222--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Questions Questions
--2323--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
presented by : presented by :
Iman AbooeeIman Abooee
Thanks for your Thanks for your attentionattention
Winter 85Winter 85
--2424--©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
Resource:Resource:www.vpnc.org/vpn-technologies.pdfwww.vpnc.org/vpn-technologies.pdf
www.adtran.com/www.adtran.com/
www.cisco.com/ipsec_wp.htmwww.cisco.com/ipsec_wp.htm
www.computerworld.comwww.computerworld.com
www.findvpn.comwww.findvpn.com
www. Shabake_mag.comwww. Shabake_mag.com
top related