Scribd Logo
Upload

Welcome to Scribd!

  • Virtual Private Networking (VPN)

    Uploaded by

    Dashrath Inkhia
    11 views41 pages

    Original Title

    5946582 Virtual Private Network

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views41 pages

    Virtual Private Networking (VPN)

    Uploaded by

    Dashrath Inkhia

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 41

    Virtual Private Networking (VPN)

    Roll No.- 45-49 Group VII

    Intro To VPN
    Vi rtual Pr ivat e N etw ork as name suggests, safel an! se"urel transfers information from one network to anot#er s stem. $rgani%ations w#i"# are "onne"te! & a single logi"al network via Routers ' ()N te"#nologies *#e are inter-"onne"te! to !o PRIV)*+ !ata s#aring. ,upports tele"ommuters, &ran"# offi"es, ' off site partners, #en"e most vital part of "orporate I* worl!.

    Need Of VPN
    In t#is worl! internet is t#e most essential t#ing to !o "ommuni"ation ' !ata transfers. -ut for some organi%ations w#i"# are sprea!ing over t#e worl! nee! one t#ing, a wa to maintain fast, relia&le ' se"ure! "ommuni"ation. ()N #as fast spee!, .ig# performan"e &ut less se"urit , relia&ilit ' too e/pensive. 0or t#at Vi rtual Pri vate Network is t#e &est possi&le solution.

    In s#ort, a VPN is a private network t#at uses a pu&li" network 1usuall t#e Internet2 to "onne"t remote sites or users toget#er. Instea! of using a !e!i"ate!, real-worl! "onne"tion su"# as lease! line, a VPN uses 3virtual3 "onne"tions route! t#roug# t#e Internet from t#e "ompan 4s private network to t#e remote site or emplo ee.

    Features OF VPN
    ,e"urit
    Relia&ilit ,"ala&ilit Network management

    Poli" management

    Connections in VPN

    Re mote )""ess-

    -etter known as Virtu al P rivate 5ial-up N etwork 1VP5N2 *#is is Remote user-to-6)N "onne"tion 7ostl $rgani%ations outsour"e +,P 1+nterprise ,ervi"e Provi!er2 w#i"# sets Network )""ess ,erver 1N),2 ' provi!es t#e remote users wit# !esktop "lient software for t#eir "omputers. *#e tele"ommuters "an t#en !ial a toll-free num&er to rea"# t#e N), an! use t#eir VPN "lient software to a""ess t#e "orporate network. 1e.g. 8all 8enter2 Remote-a""ess VPNs permit se"ure, en"r pte! "onne"tions &etween a "ompan 4s private network an! remote users t#roug# a t#ir!-part servi"e provi!er.

    Site to Site- Connection b/w multiple site via Internet It is divided in two parts
    Intranet -ase! ,ingle Private network &etween 8ompan 9s remote lo"ations. +/tranet -ase!

    Network &etween two "ompanies 1ie Partner, 8ustomer et"2 so t#at working is in s#are! environment 8onne"tion "an &e 6)N - 6)N

    8onne"tion "an &e 6)N - 6)N

    Requirements of VPN
    :s er ) ut# enti"atio n- VPN a""esse!
    s#oul! &e restri"te! to aut#ori%e! users onl

    )!!ress 7anageme nt- +nsuring t#at


    t#e private a!!ress are kept private.

    5ata e n"r ptio n- 5ata "arrie! must &e


    unrea!a&le to unaut#ori%e! users.

    7u lti p roto"ol ,upport ; *#e

    solution must &e a&le to #an!le "ommon proto"ols use! in t#e pu&li" network. *#ese in"lu!e Internet Proto"ol 1IP2, internet pa"ket e/"#ange 1IP<2 an! so on.

    ow does VPN work!!


    ) VPN works & using s#are! pu&li" infrastru"ture w#ile maintaining priva" t#roug# se"urit pro"e!ures an! tunneling proto"ols. In effe"t, & en"o!ing !ata at t#e sen!ing en! an! !e"o!ing it at t#e re"eiving en!, t#e proto"ols sen! t#e !ata t#roug# a 4tunnel4 t#at "annot &e 4entere!4 & !ata t#at is not properl en"r pte!. )n a!!itional level of se"urit involves en"o!ing not onl t#e !ata, &ut also t#e originating an! re"eiving network a!!resses.

    Tunneling
    *unnelin g is t#e pro"ess of pla"ing an entire pa"ket wit#in anot#er pa"ket an! sen!ing it over a network, its noting &ut point-point topolog )t *u nnel i nterfa "es , t#e pa"ket enters an! e/its t#e network It Re=uires t#ree proto"ols>. 8arrier proto"ol ?. +n"apsulating proto"ol @. Passenger proto"ol

    8arrier pro to "ol - *#e proto"ol use! & t#e network t#at t#e information is traveling over. +n"apsu lati ng p roto "ol - *#e proto"ol t#at is wrappe! aroun! t#e original !ata. Passenger p ro to"ol - *#e original !ata &eing "arrie!.

    *u nneli ng; R emote ) ""ess

    The truck is the carrier protocol, the box is the encapsulating protocol and the computer is the passenger protocol.

    *unnelin g; ,ite - ,ite


    GR+ 1g eneri" rou ting en"apsula tion2; Normall en"apsulating proto"ol t#at provi!es t#e framework for #ow to pa"kage t#e passenger proto"ol for transport over t#e "arrier proto"ol, IP &ase!. information on w#at t pe of pa"ket ou are en"apsulating an! information a&out t#e "onne"tion &etween t#e "lient an! server. IP,e " 1IP , e"urit 2; ,ometimes instea! of GR+ IP,e" is use!. It is t#e en"apsulating proto"ol, IP,e" works well on &ot# remote-a""ess an! site-to-site VPN.

    *unnel in g; ,i te- ,i te

    *unnel in g; Remote )""ess

    *unneling normall takes pla"e using PPP 1"arrier for ot#er IP proto"ols w#en "ommuni"ating over t#e network &etween t#e #ost an! a remote s stem2 6?0 16a er ? 0orwar!ing2; 6?0 will use an aut#enti"ation s"#eme supporte! & PPP. PP*P 1Point-to-Point *unneling Proto"ol2; supports 4A-&it an! >?B-&it en"o!ing an! will use an aut#enti"ation s"#eme supporte!. 6?* P 16a er ? *unneling Proto"ol2; 8om&ining features of &ot# PP*P an! 6?0, 6?*P also full supports IP,e".

    T"#es Of VPN $ervices


    6> ,erv i" es ; 6? ,erv i" es;
    >. VP(,

    6@ ,erv i" es;

    >. VP6, ?. Pseu!o (ire 1P(2 @. IP6, >. -GPC7P6, VPN ?. Virtual Router VPN

    6a er > ,ervi" e;

    6a e r ? ,e rvi"es;

    VP( , ; *#e provi!er !oes not offer a full route! or &ri!ge! network, &ut "omponents from w#i"# t#e "ustomer "an &uil! "ustomera!ministere! networks. VP(, are point-topoint. *#e "an &e 6a er > emulate! "ir"uits wit# no !ata link stru"ture.

    P( 1Pseu!o (i ring2 ; P( is similar to VP(,, &ut it "an provi!e !ifferent 6? proto"ols at &ot# en!s.

    Vi rtual Pr ivat e 6) N , ervi "es 1VP6,2 ; )llow multiple tagge! 6)Ns to s#are "ommon 5ata. Not useful for "ustomerowne! fa"ilities. emulates t#e full fun"tionalit of a tra!itional 6)N. *#e remote 6)N segments &e#ave as one single 6)N.

    6@ ,ervi"es;
    -G PC 7P6, VPN ; P+ !isam&iguates !upli"ate a!!resses in a single routing instan"e. +/tensions are use! to a!vertise routes. w#i"# are of t#e form of >?-& te strings, &eginning wit# an B-& te an! en!ing wit# a 4-& te IPv4 a!!ress. Vir tual 6)N ; *#e P+ "ontains a virtual router instan"e per VPN. $ppose! to -GPC7P6, te"#ni=ues as multiple virtual routers &elong to one an! onl one VPN.

    VPN $ecurit"

    ) well-!esigne! VPN uses several met#o!s for keeping t#e "onne"tion an! !ata se"ure; >. 0irewalls ?. +n"r ption @. IP,e" 4. ))) servers

    0ire wa ll s ;

    ) firewall provi!es a strong &arrier &etween t#e private network an! t#e Internet. (e "an set firewalls to restri"t t#e num&er of open ports, w#at t pe of pa"kets is passe! t#roug# an! w#i"# proto"ols are allowe! t#roug#.

    ?. +n"r pti on ;

    +n"r ption is t#e pro"ess of taking all t#e !ata t#at one "omputer is sen!ing to anot#er an! en"o!ing it into a form t#at onl t#e ot#er "omputer will &e a&le to !e"o!e. 7ost "omputer en"r ption s stems &elong in one of two "ategories; D D , mmetri"-ke en"r ption Pu&li"-ke en"r ption

    In s mmetri"-ke en"r ption, ea"# "omputer #as a se"ret ke 1"o!e2 t#at it "an use to en"r pt a pa"ket of information &efore it is sent over t#e network to anot#er "omputer. , mmetri"-ke re=uires t#at ou know w#i"# "omputers will &e talking to ea"# ot#er so ou "an install t#e ke on ea"# one.

    , mmetr i"-ke en"r ption is essentiall t#e same as a se"ret "o!e t#at ea"# of t#e two "omputers must know in or!er to !e"o!e t#e information. *#e "o!e provi!es t#e ke to !e"o!ing t#e message. *#e sen!ing "omputer en"r pts t#e !o"ument wit# a s mmetri" ke , t#en en"r pts t#e s mmetri" ke wit# t#e pu&li" ke of t#e re"eiving "omputer. *#e re"eiving "omputer uses its private ke to !e"o!e t#e s mmetri" ke . It t#en uses t#e s mmetri" ke to !e"o!e t#e !o"ument.

    Pu&li"-ke en"r ption uses a "om&ination of a private ke an! a pu&li" ke . *#e private ke is known onl to our "omputer, w#ile t#e pu&li" ke is given & our "omputer to an "omputer t#at wants to "ommuni"ate se"urel wit# it. *o !e"o!e an en"r pte! message, a "omputer must use t#e pu&li" ke , provi!e! & t#e originating "omputer, an! its own private ke . ) ver popular pu&li"-ke en"r ption utilit is "alle! Prett Goo! Priva" 1PGP2, w#i"# allows ou to en"r pt almost an t#ing.

    @. Internet Prot o"ol ,e"ur it Prot o"ol 1 IP, e"2 ;

    IP,e" provi!es en#an"e! se"urit features su"# as &etter en"r ption algorit#ms an! more "ompre#ensive aut#enti"ation. IP,e" #as two en"r ption mo!es; tunnel an! tr ansport . *unnel en"r pts t#e #ea!er an! t#e pa loa! of ea"# pa"ket w#ile transport onl en"r pts t#e pa loa!. $nl s stems t#at are IP,e" "ompliant "an take a!vantage of t#is proto"ol. )lso, all !evi"es must use a "ommon ke an! t#e firewalls of ea"# network must #ave ver similar se"urit poli"ies set up. IP,e" "an en"r pt !ata &etween various !evi"es, su"# as; Router to router 0irewall to router P8 to router P8 to server

    %enefits of VPN

    ) well-!esigne! VPN "an greatl &enefit a "ompan . 0or e/ample, it "an;


    +/ten! geograp#i" "onne"tivit

    Improve se"urit Re!u"e operational "osts versus tra!itional ()N Re!u"e transit time an! transportation "osts for remote users Improve pro!u"tivit ,implif network topolog Provi!e glo&al networking opportunities Provi!e tele"ommuter support Provi!e &roa!&an! networking "ompati&ilit Provi!e faster R$I 1return on investment2 t#an tra!itional ()N

    ow VPN differ from ordinar" networks


    Virtual Private Networks allow an vali! remote user to &e"ome part of a "orporate "entral network, using t#e same network s"#eme an! a!!ressing as users on t#is "entral network. +a"# 8orporate "entral network "an also &e responsi&le for vali!ating t#eir own users, !espite t#e fa"t t#at t#e are a"tuall !ialing into a pu&li" network.

    *#e Internet ,ervi"e Provi!er "an give ea"# of t#eir "ustomer4s a uni=ue !ial-up telep#one num&er, w#i"# will !istinguis# t#eir servi"e from an ot#er. -ut t#is is !epen!s on t#e software t#at will &e use! & t#e remote user.

    Ot&er Features
    7o&ile VPNs are !esigne! for mo&ile an! wireless users. *#e integrate stan!ar!s-&ase! aut#enti"ation an! en"r ption te"#nologies to se"ure !ata transmissions to an! from !evi"es an! to prote"t networks from unaut#ori%e! users. 5esigne! for wireless environments, 7o&ile VPNs are !esigne! as an a""ess solution for users t#at are on t#e move an! re=uire se"ure a""ess to information an! appli"ations over a variet of wire! an! wireless networks. 7o&ile VPNs allow users to roam seamlessl a"ross IP-&ase! networks an! in an! out of wireless "overage areas wit#out losing appli"ation sessions or !ropping t#e se"ure VPN session.

    VPN Challenges
    ,ett in g u p t# e in fr astr u"tu re &efo re ! eplo in g V PN ; 7an of t#e &ran"# offi"es operate! on !ial-up "onne"tions, w#i"# were slow an! often unrelia&le. ,o t#e first step was to get ?4/E "onne"tivit using 5,6 or similar te"#nolog .

    Pau"i t of I * staf f at rem ote lo"ati ons ; ,in"e man of t#e &ran"# offi"es were small an!Cor re"entl set up, t#ere was no !e!i"ate! I* staff at remote lo"ations. *#e "#allenge was to &uil! a solution t#at was literall 4plug-an!-pla 4 -t#at "oul! &e easil setup, !eplo e! an! manage! ,wit# an option for remote managea&ilit as well in "ase a!van"e! trou&les#ooting was re=uire!.

    Rel ia&i lit of t#e I,P "onne"ti on an! suppor t for !i al- up &a"kup ; In man lo"ations, if t#e main I,P "onne"tion was !own, t#e "onne"tivit to t#e #ea! offi"e was maintaine! via !ialup. It was a prere=uisite t#at t#e VPN solution work not Fust on t#e regular I,5N or 5,6 "onne"tion, &ut also on t#e !ial-up, so t#at appli"ation uptime "oul! &e maintaine!.

    Response t im e ;

    ,in"e t#is was a real-time appli"ation, t#e en! users woul! #ave to get a reasona&le response time, or else t#e mig#t a&an!on t#e use of t#e appli"ation. *#e response time !epen!s on several fa"tors &esi!es t#e VPN solution, su"# as t#e "o!ing in t#e software appli"ation, t#e =ualit of t#e I,P "onne"tion, t#e volume of !ata &eing transferre! & t#e appli"ation an! t#e general level of "ongestion on t#e Internet pipe itself. Geeping all t#ese fa"tors in min! an! et provi!ing an interfa"e, w#i"# woul! not "ause t#e user to lose patien"e wit# it, was one of t#e foremost issues t#at nee!e! to &e a!!resse!.

    No provi si on for a separat e f irewal l sol ut ion;

    ,in"e t#e implementation of t#e VPN involve! opening up t#e I* infrastru"ture of t#e &ran"#es to t#e Internet, a firewall solution to prote"t t#e &ran"# network was also re=uire!. -ut as t#ere was no &u!getar provision for a separate firewall, t#e VPN applian"e was re=uire! to provi!e firewall fun"tionalit as well. *#e firewall #a! to &e simple to "onfigure an! manage, t#at is, meet all t#e re=uirements of t#e VPN solution.

    :s er a""eptan"e ;

    ) maFor "#allenge fa"e! !uring t#e implementation of t#is I* an! se"urit proFe"t was to gain t#e a""eptan"e of remote users t#roug#out t#e "ountr to swit"# from a !e"entrali%e!, &at"# pro"ess-oriente! manual s stem to a "entrall a!ministere! an! manage! realtime s stem. *#is was a"#ieve! & e!u"ating en! users a&out t#e use an! &enefits of VPN an! training.

    Conclusion
    *#us VPN is an outgrowt# of t#e Internet te"#nolog , w#i"# will transform t#e !ail met#o! of !oing &usiness faster t#an an ot#er te"#nolog . ) Virtual Private Network, or VPN, t pi"all uses t#e Internet as t#e transport &a"k&one to esta&lis# se"ure links wit# &usiness partners, e/ten! "ommuni"ations to regional an! isolate! offi"es, an! signifi"antl !e"rease t#e "ost of "ommuni"ations for an in"reasingl mo&ile workfor"e. VPNs serve as private network overla s on pu&li" IP network infrastru"tures su"# as t#e Internet.

    *o!a , VPNs are e=uall appealing to "ompanies of all si%es. +ven small &usinesses are fin!ing "ompelling reasons to implement VPNs. *#e pr ima r purposes of t#e V PN8 are ; Promote t#e pro!u"ts of its mem&ers to t#e press an! to potential "ustomers In"rease interopera&ilit &etween mem&ers & s#owing w#ere t#e pro!u"ts interoperate ,erve as t#e forum for t#e VPN manufa"turers t#roug#out t#e worl! .elp t#e press an! potential "ustomers un!erstan! VPN te"#nologies an! stan!ar!s

    BIBLIOGRAGHY
    ' www.scribd.com ' www.wi i!edia.org ' www.hows"u##wor s.com ' www.google.com

    You might also like