Virtual Private Network

(VPN)

Article Title : What Is VPN?

University Name: Elmi & Karbordi Jahad Daneshgahi -Fouman department
Group Staff : Mahmood Rohani
Class Time: Wednesday 3-5 Pm o”clock
Create & Edit By: Mahmood Rohani
 “ If saving money is wrong,
I don’t want to be right…”

- William Shartner

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -2-
 outline
 What is a VPN?
 Types of VPN

Why use VPNs?
 Disadvantage of VPN
 Types of VPN protocols

Encryption

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -3-
 What is a VPN?
 A VPN is A network
that uses Internet or
other network service VPN
to transmit data.
Internet
 A VPN includes
authentication and
encryption to protect VPN
data integrity and
confidentiality
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -4-
 Types of VPNs
 Remote Access VPN Corporate
Site
 Provides access to
internal corporate
network over the
Internet.
 Reduces long
distance, modem Internet

bank, and technical

support costs.

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -5-
 Types of VPNs Corporate
Site
 Remote Access VPN
 Site-to-Site VPN
 Connects multiple
offices over Internet
 Reduces
Internet
dependencies on
frame relay and
leased lines

Branch
Office

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -6-
 Types of VPNs
Corporate
 Remote Access VPN Site
 Site-to-Site VPN

Extranet VPN

Provides business
partners access to
critical information
(leads, sales tools,
Internet
etc)

Reduces transaction
and operational costs
Partner #2
Partner #1

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -7-
 Types of VPNs
 Remote Access VPN
 Site-to-Site VPN Database
Server
 Extranet VPN
 Intranet VPN:
LAN
Links corporate clients Internet
headquarters, remote
offices, and branch
offices over a shared
infrastructure using
dedicated connections. LAN clients with
sensitive data

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -8-
 Why Use Virtual Private
Networks?
 More flexibility

 Use multiple connection types (cable, DSL,

T1, T3)

 Secure and low-cost way to link

 Ubiquitous ISP services

 Easier E-commerce

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -9-
 Why Use Virtual Private
Networks?
 More flexibility
 More scalability
 Add new sites, users quickly
 Scale bandwidth to meet demand

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -10-
10-
 Why Use Virtual Private
Networks?
 More flexibility
 More scalability
 Lower costs
 Reduced frame relay/leased line costs
 Reduced long distance

Reduced equipment costs (modem
banks,CSU/DSUs)
 Reduced technical training and support

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -11-
11-
 VPN Return on Investment
Case History – Professional Services Company

 5 branch offices, 1 large corporate office, 200 remote

access users.
 Payback: 1.04 months. Annual Savings: 88%
Check Point Non-VPN Savings with
VPN Solution Solution Check Point
Startup Costs Existing;
(Hardware $51,965 sunk costs =
and Software) $0
Site-to-Site
Annual Cost
$30,485 $71,664
Frame relay
$41,180 /yr
RAS
Annual Cost
$48,000 $604,800 $556,800 /yr
Dial-in costs

Combined
Annual Cost
$78,485 $676,464 $597,980 /yr

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -12-
12-
 Disadvantages of VPN
 Lower bandwidth available compared
to dial-in line
 Inconsistent remote access
performance due to changes in
Internet connectivity
 No entrance into the network if the
Internet connection is broken

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -13-
13-
 Point-to-Point Tunneling
Protocol (PPTP)
 Layer 2 remote access VPN distributed with Windows product
family
 Addition to Point-to-Point Protocol (PPP)

Allows multiple Layer 3 Protocols
 Uses proprietary authentication and encryption
 Limited user management and scalability
 Used MPPE encryption method

Corporate Network
Remote PPTP Client
PPTP RAS Server

Internet

ISP Remote Access

Switch
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -14-
14-
 Layer 2 Tunneling Protocol
(L2TP)
 Layer 2 remote access VPN protocol

Combines and extends PPTP and L2F (Cisco
supported protocol)

Weak authentication and encryption

Addition to Point-to-Point Protocol (PPP)

Must be combined with IPSec for enterprise-level
security
Corporate Network
Remote L2TP Client

L2TP Server

Internet

ISP L2TP Concentrator

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -15-
15-
 Internet Protocol Security
(IPSec)
 Layer 3 protocol for remote access,
intranet, and extranet VPNs
 Internet standard for VPNs
 Provides flexible encryption and message
authentication/integrity

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -16-
16-
 Encryption
 Used to convert data to a secret code
for transmission over an trusted
network

Clear Text Encrypted Text

“The cow jumped Encryption “4hsd4e3mjvd3sd

over the moon” Algorithm a1d38esdf2w4d”

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -17-
17-
 Symmetric Encryption
 Same key used to encrypt and decrypt
message
 Faster than asymmetric encryption
 Used by IPSec to encrypt actual message
data
 Examples: DES, 3DES, RC5

Shared Secret Key

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -18-
18-
 Asymmetric Encryption
 Differentkeys used to encrypt and decrypt
message (One public, one private)
 Provides non-repudiation of message or
message integrity
 Examples include RSA, DSA, SHA-1, MD-5

Bob Alice

Alice Public Key Alice Private Key

Encrypt Decrypt

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -19-
19-
 Industries That May Use a VPN
 Healthcare: enables the transferring of confidential
patient information within the medical facilities &
health care provider

 Manufacturing: allow suppliers to view inventory &

allow clients to purchase online safely

 Retail: able to securely transfer sales data or

customer info between stores & the headquarters

 Banking/Financial: enables account information to

be transferred safely within departments & branches

 General Business: communication between remote

employees can be securely exchanged
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -20-
20-
 Some Businesses using a VPN
CVS Pharmaceutical Corporation
upgraded their frame relay network to
an IP VPN

Bacardi & Co. Implemented a 21-

country, 44-location VPN

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -21-
21-
 Questions

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -22-
22-
 presented by :

Mahmood Rohani

Thanks for your

attention
Winter 85
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -23-
23-
 Resource:
www.vpnc.org/vpn-technologies.pdf

www.adtran.com/

www.cisco.com/ipsec_wp.htm

www.computerworld.com

www.findvpn.com

www. Shabake_mag.com

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential -24-
24-