170 likes | 381 Views
Virtual Private Networks. By: Jacob Anderson. What is a Virtual Private network?. A secure network connection on top of a wider network Hence virtual Uses a larger network, like the internet, to connect a remote site and users together Taking advantage of availability
E N D
Virtual Private Networks By: Jacob Anderson
What is a Virtual Private network? • A secure network connection on top of a wider network • Hence virtual • Uses a larger network, like the internet, to connect a remote site and users together • Taking advantage of availability • Mimics a physical network • Convenient accessibility • Better alternative to a leased line
leased lines • Pay a provider for a “symmetric telecommunications” line • Monthly price • Each side of the cable is permanently connected • No telephone number • Advantage in speed • Normally fiber optic • Dedicated • Most of the time infeasible
VPN vs. SSH • SSH works at the application layer • Port specific • SSH establishes connections on a one-to-one basis • A single client to a server or another single entity • A VPN can connect a user to a whole network • Great for business off-site extension • A VPN is not limited to single-port connections • Network layer connectivity
VPN with SSH • In some cases, security may be necessary within the local network as well • Confidential data that only some employees are eligible to view • VPN handles the security over the internet • Encapsulates SSH protocol packet • SSH, then, provides application to application security within • Only sending and receiving employees will be able to view
How a VPN works • An IP packet is wrapped in an extra layer • Which provides security • The extra layer is processed by a router • Not at a higher level in the OSI protocol stack
VPN Router • VPN is accomplished using a specific type of router and/or VPN software • Designed to handle the IP layer security protocol • Cost for a small business VPN router is between 150 to 400 dollars • This one is $150
VPN Protocols • PPTP • L2TP • L2F • IPSEC • Most commonly used
IPSEC • Consists of two main protocol sets: • Authentication Header (AH) • Encapsulating Security Payload (ESP)
Authentication Header • Known as “Tunnel Mode” • Replay bit • Triggered when viewed (Know whether compromised) • Process: • 1) IP header and data payload is hashed • 2) Hash is used to build a new header, which is appended • 3) New packet is transmitted to the VPN router • 4) The receiving router hashes the IP header and data payload as well, and the result must match the previously appended hash (the authentication header)
Encapsulating Security Payload (ESP) • Known as “Transport Mode” • Provides source authentication, integrity, an anti-replay service, and limited traffic flow confidentiality • Encryption of the IP Packet Layer is performed • Standard is 56-bit DES • But others can be used
When to use each mode Between IPSec Gateways End station to IPSec Gateway IPSec router to server End station to end station
Advantages of VPN • Cost • Security • Scalability • Increase infrastructure without physical addition • Compatibility with broadband • Multi-point communication • Business communication links • LAN to LAN • Mobile workers access to LAN • Off-site remote work more possible
References • http://en.wikipedia.org/wiki/Virtual_private_network • http://computer.howstuffworks.com/vpn7.htm • http://www.schumi.ch/partner/SSHvsVPN.htm • http://www.ciscopress.com/articles/article.asp?p=24833&seqNum=3 • http://cba.unomaha.edu/faculty/garfathr/web/vpn_pros_cons.html