Skip to content

VPN

August 7, 2009
What are VPNs?
A virtual private network is the extension of a
private network that encompasses links across shared or public networks like the internet.
Why using VPNs?
ᅡᄋ Fast, secure and reliable connection between separated networks.
ᅡᄋ Full access on resources from everywhere ->building a virtual local connection.
ᅡᄋ Reasonable access: building connection only to local ISP.
VPN technologies:
ᅡᄋ Secure VPNs:
o Networks that are constructed using encryption.
o IPSec, L2TP/IPSec, TLS/SSL.
ᅡᄋ Trusted VPNs:
o VPN customer trusted the VPN provider to maintain integrity of the circuits.
o Layer 2 frames over MPLS.
ᅡᄋ Hybrid VPNs:
o Combined use of secure & trusted VPNs.
o Secure parts controlled by customer or provider providing the trusted part.
Commonly used to:
i). Remote access:
ᅡᄃ User-to-LAN connection.
ᅡᄃ Dial-up to local ISP.
ᅡᄃ Employee needs external access on corporate network.
ii). Connecting networks over internet:
ᅡᄃ Dedicated lines to connect a branch office to corporate LAN.
ᅡᄃ Dial-up line to connect a branch office to corporate LAN.
iii). Connecting computers over intranet:
ᅡᄃ e.g. Departments LAN physically disconnected from intranet
because of very sensitive data.
ᅡᄃ Connection via separated VPN server.
VPN requirements:
ᅡᄃ User Authentication.
ᅡᄃ Address Management.
ᅡᄃ Data Encryption.
ᅡᄃ Key Management.
ᅡᄃ Multiprotocol support.
Tunneling:
Method for transfering data of a private network over a public network.
Tunnel:
Logical path through which encapsulated packets travel.
Layer 2 VPNs ¬タモ PPTP:
Point-to-Point Tunneling Protocol (PPTP):
ᅡᄃ Mainly implemented and used by Microsoft.
ᅡᄃ Extension of PPP.
ᅡᄃ Allows tunneling of PPP datagrams over IP networks.
ᅡᄃ Easy to use and to implement.
Use of 2 connections:
ᅡᄃ Control connection
ᅡᄃ Tunnel connection
Establishing connection:
1. Remote user initiates PPP connection to ISP.
2. ISP undertakes authentication via CHAP or PAP.
3. No tunnel exists: Tunnel will be created.
Tunnel exists:
ᅡᄃ New multiplex ID will be allocated -> notification to home gateway.
ᅡᄃ Home gateway accepts or declines new connection.
PPTP:
i). Data encryption begins after PPP connection is established.
ii). Use Microsoft Point-to-Point Encryption (MPPE) -> stream cipher using RSA RC-4 (40, 56, 128 Bits).
iii). Requires only user-level authentication.
iv). Still implemented in Windows.
L2TP/IPSec:
i). Data encryption begins before connection is established by negotiating an IPSec Security Association(SA).
ii). Use Data Encryption Standard (DES) or 3-DES -> block cipher(56 Bits).
iii). Requires user-level and computer-level authentication.
iv). VPN client software needed.
Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: