[attachment=15273]
NETWORKING PORTABILITY THROUGH VPN
What is VPN?
Virtual Private Network is a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorize users can access the network and that the data cannot be intercepted.
Became popular as more employees worked in remote locations.
Gives users a secure page link to access corporate network over the Internet
Types of VPN
Remote-access
Also called a Virtual Private Dial-up Network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations.
With just a local phone call to an Internet service provider, a user can have access to the company’s private network.
Site-to-site
Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet.
Types of VPN
Site-to-site VPNs can be either:
Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN.
Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.
Private Networks vs. Virtual Private Networks
Employees can access the network (Intranet) from remote locations.
Secured networks.
The Internet is used as the backbone for VPNs
Saves cost tremendously from reduction of equipment and maintenance costs.
Scalability
Remote Access Virtual Private Network
Brief Overview of How it Works
Two connections – one is made to the Internet and the second is made to the VPN.
Datagram's – contains data, destination and source information.
Firewalls – VPNs allow authorized users to pass through the firewalls.
Protocols – protocols create the VPN tunnels
Four Critical Functions
Authentication – validates that the data was sent from the sender.
Access control – limiting unauthorized users from accessing the network.
Confidentiality – preventing the data to be read or copied as the data is being transported.
Data Integrity – ensuring that the data has not been altered
Encryption
Encryption -- is a method of “scrambling” data before transmitting it onto the Internet.
Public Key Encryption Technique.
Digital signature – for authentication
Tunneling
A virtual point-to-point connection
made through a public network. It transports
encapsulated datagram's.
Tunnel Vs Transport
Transport
Implemented by the end point systems
Real address to real address
Cannot ‘go through’ other networks
Tunnel
Encapsulation of the original IP packet in another packet
Can ‘go through’ other networks
End systems need not support this
VPN Encapsulation of Packets
Types of Implementations
VPN ‘s Basic Architecture
VPN Connectivity at SPML
VPN Connectivity at SPML
VPN Components
Employees can access the network (Intranet) from remote locations.
Protocols
Security
Appliances
VPN Components: Protocols
IP Security (IPSec)
Transport mode
Tunnel mode
Point-to-Point Tunneling Protocol (PPTP)
Voluntary tunneling method
Uses PPP (Point-to-Point Protocol)
VPN Components: Protocols
Layer 2 Tunneling Protocol (L2TP)
Exists at the data page link layer of OSI
Composed from PPTP and L2F (Layer 2 Forwarding)
Compulsory tunneling method
VPN Components: Security
Encryption
Technique for scrambling and unscrambling information
Unscramble – called clear-text
Scrambled information – cipher-text
Authentication
Determine if the sender is the authorized person and if the data has been redirect or corrupted
User/System Authentication
Data Authentication
VPN Components: Appliances
Intrusion detection firewalls
Monitors traffic crossing network parameters and protects enterprises from unauthorized access
Packet-level firewall checks source and destination
Application-level firewall acts as a host computer between the organization’s network and the Internet
VPN Topology: What is needed?
Existing hardware (Servers, workstations,…)
Internet connection
VPN - Router/Switch
Software to create and manage tunnels
Security Device such as firewall
Applications: Site-to-Site VPNs
Large-scale encryption between multiple fixed sites such as remote offices and central offices
Network traffic is sent over the branch office Internet connection
This saves the company hardware and management expenses
Site-to-Site VPNs
Applications: Remote Access
Encrypted connections between mobile or remote users and their corporate networks
Ideal for a telecommuter or mobile sales people.
VPN allows mobile workers & telecommuters to take advantage of broadband connectivity.  i.e. DSL, Cable
Advantages VS.Disadvantages
Advantages: Cost Savings
Eliminating the need for expensive long-distance leased lines
Reducing the long-distance telephone charges for remote access.
Transferring the support burden to the service providers
Operational costs
Advantages: Scalability and security
Flexibility of growth
Efficiency with broadband technology
security
Disadvantages
VPNs require an in-depth understanding of public network security issues and proper deployment of precautions
Availability and performance depends on factors largely outside of their control
Immature standards
VPNs need to accommodate protocols other than IP and existing internal network technology
Industries That May Use a VPN
Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider
Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely
Retail: able to securely transfer sales data or customer info between stores & the headquarters
Banking/Financial: enables account information to be transferred safely within departments & branches
General Business: communication between remote employees can be securely exchanged
Where Do We See VPNs Going in the Future?
VPNs are continually being enhanced.
Example: Equant NV
As the VPN market becomes larger, more applications will be created along with more VPN providers and new VPN types.
Networks are expected to converge to create an integrated VPN
Improved protocols are expected, which will also improve VPNs.