v p n
TRANSCRIPT
Network Admin
Virtual Private Networks
Colm Bennett
VPN- Contents
What is a VPN?
Key Advantages
Key Features
Example
What is a VPN?
Real world definition
a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together
As opposed to constructing a WAN using private lines (leased lines, microwave connection etc.)
Key Advantages
Cost
Main Reason!
Old style private networks with leased lines were exponentially more expensive
Remote access via dial up modem pools was also very costly for international users
Scalability
Much easier to scale than old style private networks where lead time on leased lines might be in months
Evolution
Large Companies/Leased Lines
3rd Party VPN providers (large telecoms providers mainly, e.g. BT/Concert in 90's)
Move to in house VPNs
Reduced cost of equipment
Increased confidence in security
Currently there is emergence of 3rd Party involvement again as VPN management is outsourced
VPN Key Features
Tunneling
Encryption
Enhanced Authentication
Standardised client security features
VPN - Tunneling
Tunneling means encapsulating private network traffic before sending it via public network
Three protocols involved
Carrier protocol the public network protocol, usually IP
Encapsulating protocol protocol used to encapsulate the data, e.g. GRE, IPSec
Passenger Protocol protocol used on private network, e.g. IP (private address space possible)
VPN - Encryption
Data confidentiality and integrity are vital in a VPN solution
Encapsulated packet is encrypted so that packet sniffing on public network cannot unravel private communication
Various schemes to ensure integrity of data including tamper proofing and checking origin of source
VPN - IPSec
IPSec is a suite of protocols that covers a number of aspects relevant to VPNs
Tunnel Mode encrypts both header and data, i.e. IPSec can be the encapsulating protocol
Also provides integrity and authentication and non-repudiation
Default protocol used for most Cisco VPN solutions
VPN - SSL
Standard Cisco IPSec VPN remote access requires local software installation
User pressure for no-install, use anywhere remote access
SSL VPN allows remote access via an SSL secuted web site
Usually paired with two factor device for added security
Authentication
As well as normal network authentication for users, VPN connection has special authentication
Site to site may use Digital Signature
Remote users may be asked to use a two factor token device like RSA SecurID (demo)
Standardised Security
Move to a VPN within a company will also usually invovle standardising security across all connecting LANs
Small sub offices joining main network much greater potential impact of a virus outbreak in small office
Remote access users may be forced to run standard firewall/anti virus
Example
Discussion of current live project (European VPN)
Click to edit the title text format