DOC PREVIEW
SJSU CS 265 - Virtual Private Networks (VPN)

This preview shows page 1-2 out of 7 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

VPN ProtocolsIPSecConclusionReferencesCryptography and Network Security By William StallingsCS 265Virtual Private Networks (VPN)Submitted ByAparna ChilukuriINTRODUCTION What is a Virtual Private Network?A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employeeFigure 1.What Makes A VPN?There are two common VPN types: - Remote-access - Also called a virtual private dial-up network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider. - Site-to-site - Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs can be either:  Intranet-based - If a company has one or more remote locations that they wish tojoin in a single private network, they can create an intranet VPN to connect LANto LAN. An intranet VPN connects fixed locations, branch, and home offices, within an enterprise WAN Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranetVPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment. An extranet extends limited access of enterprise computing resources to business partners, such as suppliers or customers, enabling access to shared information.Figure 2.Trusted VPN - A VPN type used in an environment where the customers trust the technology to maintain the integrity of the circuit and use the best available security to avoid network traffic sniffing. Secure VPN - All data transferred in this VPN is encrypted and authenticated so that no one from outside can affect its security properties.Hybrid VPN - In this VPN, a secure VPN is run as part of a trusted VPN.Provider-Provisioned VPN - VPN where the trusted VPN and trusted part of the hybrid VPN are usually administered by the ISP or some authority other than the user.Security of VPN:VPNs need to provide the following four critical functions to ensure security for data: - authentication—ensuring that the data originates at the source that it claims - access control—restricting unauthorized users from gaining admission to the network - confidentiality—preventing anyone from reading or copying data as it travels across the Internet - data integrity—ensuring that no one tampers with data as it travels across the InternetVarious password-based systems, and challenge-response systems—such as challenge handshakeauthentication protocol (CHAP) and remote authentication dial-in user service (RADIUS)—as well as hardware-based tokens and digital certificates can be used to authenticate users on a VPNand control access to network resources. The privacy of corporate information as it travels through the VPN is guarded by encrypting the data.What is Tunneling?Most VPNs rely on tunneling to create a private network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network. Tunneling allows senders to encapsulate their data in IP packets that hide the underlying routing and switching infrastructure of the Internet from both senders and receivers. At the same time, these encapsulated packets can be protected against snooping by outsiders using encryption techniques.Tunnels can consist of two types of end points, either an individual computer or a LAN with a security gateway, which might be a router or firewall. Only two combinations of these end points, however, are usually considered in designing VPNs. In the first case, LAN-to-LAN tunneling, a security gateway at each end point serves as the interface between the tunnel and theprivate LAN. In such cases, users on either LAN can use the tunnel transparently to communicate with each other. The second case, that of client-to-LAN tunnels, is the type usually set up for a mobile user who wants to connect to the corporate LAN. The client, i.e., the mobile user, initiates the creation of the tunnel on his end in order to exchange traffic with the corporate network. To do so, he runs special client software on his computer to communicate with the gateway protecting the destination LAN.Tunneling requires three different protocols: - Carrier protocol - The protocol used by the network that the information is traveling over - Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data - Passenger protocol - The original data (IPX, NetBeui, IP) being carried In a site-to-site VPN, GRE (generic routing encapsulation) is normally the encapsulating protocol that provides the framework for how to package the passenger protocol for transport over the carrier protocol, which is typically IP-based. VPN ProtocolsFour different protocols have been suggested for creating VPNs over the Internet: point-to-point tunneling protocol (PPTP), layer-2 forwarding (L2F), layer-2 tunneling protocol (L2TP), and IP security protocol (IPSec). PPTP, L2F, and L2TP are largely aimed at dial-up VPNs(remote-access VPNs ) while IPSec's main focus has been LAN–to–LAN solutions.PPTP (Point-to-Point Tunneling Protocol) - PPTP is a layer 2 protocol that encapsulates PPP frames in IP datagram. It uses a TCP connection for tunnel maintenance and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted and/or compressed. Figure 3. shows the structure of PPTP packetsFigure 3.PPTP supports 40-bit and 128-bit encryption and will use any


View Full Document

SJSU CS 265 - Virtual Private Networks (VPN)

Documents in this Course
Stem

Stem

9 pages

WinZip

WinZip

6 pages

Rsync

Rsync

7 pages

Hunter

Hunter

11 pages

SSH

SSH

16 pages

RSA

RSA

7 pages

Akenti

Akenti

17 pages

Blunders

Blunders

51 pages

Captcha

Captcha

6 pages

Radius

Radius

8 pages

Firewall

Firewall

10 pages

SAP

SAP

6 pages

SECURITY

SECURITY

19 pages

Rsync

Rsync

18 pages

MDSD

MDSD

9 pages

honeypots

honeypots

15 pages

VPN

VPN

6 pages

Wang

Wang

18 pages

TKIP

TKIP

6 pages

ESP

ESP

6 pages

Dai

Dai

5 pages

Load more
Download Virtual Private Networks (VPN)
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Virtual Private Networks (VPN) and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Virtual Private Networks (VPN) 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?