internet/intranet/extranet and virtual private network...
TRANSCRIPT
EN253206Broadband CommunicationInternet/Intranet/Extranet and
Virtual Private Network (VPN)Asst. Prof. Nararat Ruangchaijatupon
Electrical Engineering ProgramFaculty of Engineering, KKU
Office: EN04325A, Email: [email protected]
What is Intranet?• An intranet is a computer network for sharing
information, collaboration tools, operational systems, and other computing services only within an organization, and to the exclusion of access by outsiders to the organization. The term is used in contrast to public networks, such as the Internet, but uses most of the same technology based on the Internet Protocol Suite
• In its simplest form, an intranet is established with the technologies for local area networks (LANs) and wide area networks (WANs)
2
Source: https://en.wikipedia.org/wiki/Intranet
Definition• Watch
– https://www.youtube.com/watch?v=dIA1KweJoRY (3.10 min) (Good!)
– https://www.youtube.com/watch?v=nojwX3_XZBs (4.50 min)
• Some networks allow users within their intranet to access public internet through firewall servers. They have the ability to screen messages coming and going, keeping security intact.
3
Source: https://en.wikipedia.org/wiki/Intranet
Intranet Connectivity Design Example 1
4
Source: https://www.researchgate.net/figure/The-network-topology-of-case-study_fig4_332759301
Intranet Connectivity Design Example 2
5
Source: https://help.sap.com/doc/saphelp_tm90/9.0/de-DE/e7/2f0050d5ac612fe10000000a44176d/content.htm?no_cache=true
Intranet Connectivity Design Example 3
6Source: http://lammengtuck.tripod.com/id15.html
Advantages of Intranet• Work force productivity/Enhance collaboration
• Relevance/Up-to-date publishing (web)
• Communication (chat, email, blog)
• Business operation and management– Workflow
– Training
• Cost-effective
• Cross-platform capability
• Supports a distributed computing architecture
• Promote common corporate culture/Employee engagement
7
Source: https://en.wikipedia.org/wiki/Intranet
What is Extranet?• An intranet is sometimes contrasted to an extranet.
While an intranet is generally restricted to employees of the organization, extranets may also be accessed by customers, suppliers, or other approved parties. Extranets extend a private network onto the Internet with special provisions for authentication, authorization and accounting
• An extranet is a controlled private network that allows access to partners, vendors and suppliers or an authorized set of customers – normally to a subset of the information accessible from an organization's intranet.
8Source: https://en.wikipedia.org/
Advantages of Extranet• Exchange large volumes of data (Electronic Data
Interexchange)
• Share data exclusively with partners
• Collaborate with other partners
• Jointly develop and use training programs with partners
• Provide or access services provided by one company to a group of other companies, such as an online banking application manages by one company on behalf of affiliated banks
• Improved efficiency9
Source: https://en.wikipedia.org/wiki/Extranet
Disadvantages of Extranet
• Extranets can be expensive to implement and maintain within an organization (e.g., hardware, software, employee training costs)– if hosted internally rather than by an application
service provider
• Security of extranets can be a concern when hosting valuable or proprietary information
10
Source: https://en.wikipedia.org/wiki/Extranet
The Internet• The Internet is the global system of interconnected
computer networks that uses the Internet protocol suite (TCP/IP) to link devices worldwide. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and file sharing
11Source: https://en.wikipedia.org/wiki/Internet
Visualization of Internet Routing Paths
12Source: By The Opte Project - https://commons.wikimedia.org/w/index.php?curid=25698718
The Internet Connectivity
13
Source: By Rarelibra - https://commons.wikimedia.org/w/index.php?curid=5542154
2007 map showing submarine fiberoptic telecommunication cables around the world
Service Tiers• Internet service providers (ISPs) establish the
worldwide connectivity at various levels.
14Source: By User:Ludovic.ferre - https://commons.wikimedia.org/w/index.php?curid=10030716
Service Tiers (cont.)
• End-users represent the bottom of the routing hierarchy
• The top are the tier 1 networks, which are large telecommunication companies that exchange traffic directly with each other with very high speed and governed by peering agreements
• List of Tier 1 networks (https://en.wikipedia.org/wiki/Tier_1_network#List_of_Tier_1_networks)
• Tier 2 and lower level networks buy Internet transit from other providers to reach at least some parties on the global Internet, though they may also engage in peering
• List of Tier 1 networks (https://en.wikipedia.org/wiki/Tier_2_network)
• Large organizations, such as academic institutions, large enterprises, and governments, may perform the same function as ISPs, engaging in peering and purchasing transit on behalf of their internal networks
15Source: https://en.wikipedia.org/wiki/Internet
Related Organizations?• IETF – Internet Engineering Task Force
• ICANN - Internet Cooperation for Assign Names and Numbers
16
Virtual Private Network (VPN)• A virtual private network (VPN) is the technology
that allows secure connection to the private network through a public network
• For security, VPN uses tunneling protocol and authentication method
• VPN creates a virtual point-to-point connection(through a tunneling protocol/dedicated circuit)
• https://www.youtube.com/watch?v=xGjGQ24cXAY (13.08 min) (Please Watch!)
• https://www.youtube.com/watch?v=IDFa1cGHOm4 (6.14 min) (Please Watch!)
17
Introduction to VPNAfter watching the 1st VDO, answer the questions.
• What is my ip address (.com)
• Where is the dangerous/unsecure location?
• Downside of VPN?
18
Introduction to VPN (cont.1)
19Source: https://www.youtube.com/watch?v=xGjGQ24cXAY
Introduction to VPN (cont.2)
20Source: https://www.youtube.com/watch?v=xGjGQ24cXAY
Introduction to VPN (cont.3)
21Source: https://www.youtube.com/watch?v=xGjGQ24cXAY
Introduction to VPN (cont.4)
22Source: https://www.youtube.com/watch?v=xGjGQ24cXAY
Introduction to VPN (cont.5)
23Source: https://www.youtube.com/watch?v=bfHwbHytzZY
• VPN server can be provided by:
– Your own (private/corporate) network
– VPN service provider
Introduction to VPN (cont.6)
After watching the 2nd VDO, answer the questions.
• Types of VPN are:
• Name 3 Tunneling Protocols
• What is encryption?
24
VPN EncryptionThe VPN security model provides:
• Confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and deep packet inspection), an attacker would see only encrypted data
• Sender authentication to prevent unauthorized users from accessing the VPN
• Message integrity to detect any instances of tampering with transmitted messages
25Source: https://en.wikipedia.org/wiki/Virtual_private_network
VPN Encryption (cont.1)
• Types: Symmetry-key (in VPN)/Public-key
• Handshake Encryption (RSA) used in TLS handshake– More about TLS handshake ->
https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
– https://www.youtube.com/watch?v=sEkw8ZcxtFk (start at 2.35-5.03 min) (Please Watch!)
• Secure Hash Algorithm (SHA) for SSL/TLS connections
26
TLS/SSL Handshake
27
Source: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
VPN Encryption (cont.2)
Remote-access VPN
• Authentication– Password
• Tunneling protocol– SSL/TSL
– Point-to-point Protocol
– L2F – Layer 2 Forwarding
– PPTP - Point-to-point Tunneling Protocol
– L2TP - Layer 2 Tunneling Protocol
Sit-to-site VPN
• Authentication– Certificate
• Tunneling protocol– IPSec – Internet Protocol
Security protocol
– GRE – Generic Routing Encapsulation
28Source: https://computer.howstuffworks.com/vpn7.htm
IPSec• Encrypt data between various devices
– Router to router, firewall to router, desktop to router, desktop to server
• Consists of two sub-protocols
– Encapsulated Security Payload (ESP) encrypts the packet's payload (the data it's transporting) with a symmetric key
– Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender's identity) until it gets to its destination
29Source: https://computer.howstuffworks.com/vpn7.htm
IPSec (cont.)
• Networked devices can use IPSec in one of two encryption modes
– In transport mode, devices encrypt the data traveling between them
– In tunnel mode, the devices build a virtual tunnel between two networks
• VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together
• Good Watch– https://www.youtube.com/watch?v=tuDVWQO
G0C0 (9.43 min) (Please Watch!)30
VPN Encryption Ciphers• Blowfish – blowfish-128
– 64-bit block size
• Twofish – twofish-128,192, or 256
– 128-bit block size
• AES - AES-128,192, or 256
• Camellia - Camellia-128,192, or 256
– No certification
• TripleDES – TripleDES-56,112, 168
– also 64-bit block size
• MPPE – MPPE-40, 56, 128
– Microsoft Point-to-Point Encryption, used in PPTP31
Source: https://www.cactusvpn.com/beginners-guide-to-vpn/vpn-encryption/
OpenVPN
• Open-source commercial software
• Secure point-to-point or site-to-site connections
• It uses a custom security protocol
– Utilizes SSL/TLS for key exchange.
• It is capable of traversing network address translators (NATs) and firewalls
32
SoftEther VPN• Free open-source,
cross-platform, multi-protocol VPN client/server software
• Developed as part of Daiyuu Nobori'smaster's thesis at the University of Tsukuba
• Supports SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol in a single VPN server
• Supports NAT traversal
33
KKU VPN• https://vpn-portal.kku.ac.th/
• VDO instructionhttps://www.youtube.com/watch?v=taxADPPvugw
34
Recommended Resources• Encryption and Security Protocols in a
VPN (Good! Please read!)– https://computer.howstuffworks.com/vpn7.htm
• How to Test VPN Encryption– https://www.cactusvpn.com/beginners-guide-
to-vpn/vpn-encryption/
• Concern and Vulnerability of VPN– https://www.youtube.com/watch?v=q4P4BjjXg
hQ (start at 14.01-22.17 min) Please watch!
35
Question & DiscussionIn-class Quiz
AssignmentLet’s the students familiarize themselves
with all terminologies and how the protocols work