August 7, 2009
What are VPNs?
A virtual private network is the extension of a
private network that encompasses links across shared or public networks like the internet.
Why using VPNs?
ￂﾷ Fast, secure and reliable connection between separated networks.
ￂﾷ Full access on resources from everywhere ->building a virtual local connection.
ￂﾷ Reasonable access: building connection only to local ISP.
ￂﾷ Secure VPNs:
o Networks that are constructed using encryption.
o IPSec, L2TP/IPSec, TLS/SSL.
ￂﾷ Trusted VPNs:
o VPN customer trusted the VPN provider to maintain integrity of the circuits.
o Layer 2 frames over MPLS.
ￂﾷ Hybrid VPNs:
o Combined use of secure & trusted VPNs.
o Secure parts controlled by customer or provider providing the trusted part.
Commonly used to:
i). Remote access:
ￂﾧ User-to-LAN connection.
ￂﾧ Dial-up to local ISP.
ￂﾧ Employee needs external access on corporate network.
ii). Connecting networks over internet:
ￂﾧ Dedicated lines to connect a branch office to corporate LAN.
ￂﾧ Dial-up line to connect a branch office to corporate LAN.
iii). Connecting computers over intranet:
ￂﾧ e.g. Departments LAN physically disconnected from intranet
because of very sensitive data.
ￂﾧ Connection via separated VPN server.
ￂﾧ User Authentication.
ￂﾧ Address Management.
ￂﾧ Data Encryption.
ￂﾧ Key Management.
ￂﾧ Multiprotocol support.
Method for transfering data of a private network over a public network.
Logical path through which encapsulated packets travel.
Layer 2 VPNs ￢ﾀﾓ PPTP:
Point-to-Point Tunneling Protocol (PPTP):
ￂﾧ Mainly implemented and used by Microsoft.
ￂﾧ Extension of PPP.
ￂﾧ Allows tunneling of PPP datagrams over IP networks.
ￂﾧ Easy to use and to implement.
Use of 2 connections:
ￂﾧ Control connection
ￂﾧ Tunnel connection
1. Remote user initiates PPP connection to ISP.
2. ISP undertakes authentication via CHAP or PAP.
3. No tunnel exists: Tunnel will be created.
ￂﾧ New multiplex ID will be allocated -> notification to home gateway.
ￂﾧ Home gateway accepts or declines new connection.
i). Data encryption begins after PPP connection is established.
ii). Use Microsoft Point-to-Point Encryption (MPPE) -> stream cipher using RSA RC-4 (40, 56, 128 Bits).
iii). Requires only user-level authentication.
iv). Still implemented in Windows.
i). Data encryption begins before connection is established by negotiating an IPSec Security Association(SA).
ii). Use Data Encryption Standard (DES) or 3-DES -> block cipher(56 Bits).
iii). Requires user-level and computer-level authentication.
iv). VPN client software needed.