Network Admin

Virtual Private Networks

Colm Bennett

VPN- Contents

What is a VPN?

Key Advantages

Key Features

Example

What is a VPN?

Real world definition

a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together

As opposed to constructing a WAN using private lines (leased lines, microwave connection etc.)

Key Advantages

Cost

Main Reason!

Old style private networks with leased lines were exponentially more expensive

Remote access via dial up modem pools was also very costly for international users

Scalability

Much easier to scale than old style private networks where lead time on leased lines might be in months

Evolution

Large Companies/Leased Lines

3rd Party VPN providers (large telecoms providers mainly, e.g. BT/Concert in 90's)

Move to in house VPNs

Reduced cost of equipment

Increased confidence in security

Currently there is emergence of 3rd Party involvement again as VPN management is outsourced

VPN Key Features

Tunneling

Encryption

Enhanced Authentication

Standardised client security features

VPN - Tunneling

Tunneling means encapsulating private network traffic before sending it via public network

Three protocols involved

Carrier protocol the public network protocol, usually IP

Encapsulating protocol protocol used to encapsulate the data, e.g. GRE, IPSec

Passenger Protocol protocol used on private network, e.g. IP (private address space possible)

VPN - Encryption

Data confidentiality and integrity are vital in a VPN solution

Encapsulated packet is encrypted so that packet sniffing on public network cannot unravel private communication

Various schemes to ensure integrity of data including tamper proofing and checking origin of source

VPN - IPSec

IPSec is a suite of protocols that covers a number of aspects relevant to VPNs

Tunnel Mode encrypts both header and data, i.e. IPSec can be the encapsulating protocol

Also provides integrity and authentication and non-repudiation

Default protocol used for most Cisco VPN solutions

VPN - SSL

Standard Cisco IPSec VPN remote access requires local software installation

User pressure for no-install, use anywhere remote access

SSL VPN allows remote access via an SSL secuted web site

Usually paired with two factor device for added security

Authentication

As well as normal network authentication for users, VPN connection has special authentication

Site to site may use Digital Signature

Remote users may be asked to use a two factor token device like RSA SecurID (demo)

Standardised Security

Move to a VPN within a company will also usually invovle standardising security across all connecting LANs

Small sub offices joining main network much greater potential impact of a virus outbreak in small office

Remote access users may be forced to run standard firewall/anti virus

Example

Discussion of current live project (European VPN)

Click to edit the title text format