Virtual Private NetworksWhat is a VPN?VPNs as islandsSlide 4Remote Access VPNSlide 6Site to Site VPNSlide 8VPN SecurityIntegrated Security SystemsSlide 11VPN Security MethodsFirewallSlide 14EncryptionSymmetric-key encryptionExamplePublic-key encryptionSlide 19IPSecTunneling and transportingSlide 22AAA ServersSlide 24Who uses VPNs?Providers of VPNsHow much does VPNs cost?Pros and Cons of VPNsComponents of a good VPNVirtual Private Virtual Private NetworksNetworksBa 378 Winter 2006What is a VPN?•A VPN is a private network linked to a public network, using the internet as its transfer mechanism. It also attempts to maintain security during transfer of information•The most common configuration is to have a single main internal network with remote nodes using VPN to gain full access to the central net.•The remote nodes are commonly remote offices or employees working from home. You can also link two small (or large) networks to form an even larger single network. http://www.tldp.org/HOWTO/VPN-HOWTO/x192.htmlVPNs as islands•VPNs work like islands•The ocean can be seen as the internet•To get to each island a bridge must be built, even though it may be costly at first hand. It is beneficial in the end. (Leased Lines)•Submarines are given to each person who attain a leased line.•Each remote member can communicate in a safe and reliable manner .http://www.alliancedatacom.com/how-vpn-works.aspTYPES OF VPN’S Remote Access VPN Site to Site VPN- Intranet VPN- Extranet VPN2 Common TypesRemote Access VPN•“Virtual Private dial-up network”•User to LAN connection•Enables employees to connect to private network from remote locationsWhat is it?http://computer.howstuffworks.com/vpn2.htmRemote Access VPN•Company out sources to an enterprise service provider (ESP)•ESP sets up a network access server (NAS)• Telecommuters receive desktop client software for computer •Employees dial toll free number on computer to connect to NAS and use client software to tap into company networkHow does it work?http://computer.howstuffworks.com/vpn2.htmSite to Site VPNIntranet-based- One or more remote locations connect to a single private network-Connects LAN to LANExtranet-based-Close relationship with another company-Connects LAN to LAN-Various companies can work in shared environmentWhat is it and How does it work?http://computer.howstuffworks.com/vpn3.htm3 VPN TYPEShttp://computer.howstuffworks.com/vpn2.htmVPN SecurityWith VPN now expanding not only through businesses but through out the globe and connecting several businesses together through LANs, WANs, and Wireless networks, security is more important than everIntegrated Security SystemsAn integrated system provides greater risk reduction than any individual product or combination security devices, regardless of features or performance. Using the network to provide a common security architecture: •reduces complexity•enables tighter integration •closes risk gaps •provides greater visibility of end-to-end securityhttp://www.cisco.com/en/US/products/hw/vpndevc/products_category_technologies_overview.htmlWell designed VPNs incorporate the following characteristics:•Integrated: Every element of the network acts as a point of defense including software and hardware•Collaborative: Various network components work together to provide a means of protection. Security involves cooperation between endpoints, network elements, and policy enforcement•Adaptive: The system can recognize new threats as the arrive. Mutual awareness can exist among and between security services and network intelligence, thus increasing security effectiveness to new threats. http://www.cisco.com/en/US/products/hw/vpndevc/products_category_technologies_overview.htmlVPN Security MethodsA well designed VPN uses several methods for keeping the connection and data secure, these are some of them:•Firewalls•Encryption•IPSec•AAA Servershttp://computer.howstuffworks.com/vpn.htmFirewall“A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.” http://computer.howstuffworks.com/vpn.htmFirewallFirewalls are an important part of the security system because they will help stop hackers, viruses, spyware, and other harmful things that are associated with the internet from entering the company’s computer system.http://computer.howstuffworks.com/vpn.htmEncryption“Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode.” Most computer systems use one of the following:•Symmetric-key encryption•Public-key encryptionhttp://computer.howstuffworks.com/vpn.htmSymmetric-key encryption•Each computer has a secret key that it can use to encrypt information before it is sent over the network to another computer•Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one•Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message. http://computer.howstuffworks.com/vpn.htmExample•“You create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet. So "A" becomes "C," and "B" becomes "D". You have already told a trusted friend that the code is "Shift by 2". Your friend gets the message and decodes it. Anyone else who sees the message will see only nonsense.” http://computer.howstuffworks.com/vpn.htmPublic-key encryption•This encryption uses a combination of a private key and a public key •The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it •To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key http://computer.howstuffworks.com/vpn.htmPublic-key encryption•The most popular public-key encryption is called Pretty Good Privacy (PGP)•This program lets you encrypt just about anything. ie email, hard drives, media, etc.•For more information