You are on page 1of 32

Comparative Study of

Leased Line and Virtual Private Network

Student Names: Cyprene Paguerao Sunshine Carpio

Student Numbers: 0515-0410-0527 0515-0610-0677

Subject Code: I.T. 409

Subject Name: Networks and the Internet

Center Code: 0515

Country: Philippines

Table of Contents
I. II. Introduction ........................................................................................................ 4 Objectives .......................................................................................................... 5

III. History and Current Technology ......................................................................... 6 A. B. History ............................................................................................................ 6 Current............................................................................................................ 7

IV. Protocols and Network Configuration ................................................................. 8 A. B. Protocols......................................................................................................... 8 Network Topology ......................................................................................... 10

C. Network Architecture..................................................................................... 12 D. Network Algorithm......................................................................................... 13 V. A. B. Technical Content ............................................................................................ 19 Hardware Requirements ............................................................................... 19 Software Requirements ................................................................................ 21

C. Application Area ............................................................................................ 22 D. Security......................................................................................................... 24 VI. Implementation ................................................................................................. 26 A. B. Cost and Benefit Analysis ............................................................................. 26 Strength and Weakness ................................................................................ 27

C. Future Development ..................................................................................... 30 D. Summary/Conclusion .................................................................................... 31 VII. References/Bibliography ............................................................................... 32

I.

Introduction
VPN A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of WAN. The key feature of a VPN, however, is its ability to use public networks like the Internet rather than rely on private leased lines. VPN technologies implement restricted-access networks that utilize the same cabling and routers as a public network, and they do so without sacrificing features or basic security. A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses. Leased Line A leased line connects two locations for private voice and/or data telecommunication service. Not a dedicated cable, a leased line is actually a reserved circuit between two points. Leased lines can span short or long distances. They maintain a single open circuit at all times, as opposed to traditional telephone services that reuse the same lines for many different conversations through a process called "switching."A leased line, a type of dedicated line, is a permanent fiber optic or telephone line connection between two points set up by a telecommunications carrier. It can be used for telephone, data, or Internet services. Often, businesses will use a leased line to connect geographically distant offices because it guarantees bandwidth for network traffic. For example, a bank may use a leased line in order to easily transfer financial information from one branch office to another. Both long and short distances can be spanned by a leased line, and customers generally pay a flat monthly rate for the service. Before broadband Internet access was readily available, a company's cost was charged according to the distance between the two points. More recently, leased line replacement services allow a user to upgrade and improve the lines with fees that are per-end only.

II.

Objectives

To know the difference of the two technologies, the Virtual Private Network and the Leased Line.

To know the advantage and disadvantage of each technology

To know the uses of the technologies

III.

History and Current Technology


A. History
Leased Line

Leased lines services (or private line services) became digital in the 1970s with the conversion of the Bell backbone network from analog to digital circuits. This conversion allowed AT & T to offer Data phone Digital Services (later re-branded digital data services) that started the deployment of ISDN and T1 lines to customer premises to connect. Leased lines were used to connect mainframe computers with terminals and remote sites, via IBM Systems Network Architecture (created in 1974) or DEC net (created in 1975).With the extension of digital services in the 1980s leased lines were used to connect customer premises to Frame Relay or ATM networks. Access data rates increased from the original T1 option up to T3 circuits. In the 1990s with the advances of the Internet, leased lines were also used to connect customer premises to ISP Point of Presence's whilst the following decade saw a convergence of the afore mentioned services (frame relay, ATM, Internet for businesses) with the MPLS integrated offerings. Access data rates also evolved dramatically to speeds of up to 10 GB/s in the early 21st century with the Internet boom and increased offering in long-haul optical networks or Metropolitan Area Networks.

VPN The term VPN has been associated in the past with such remote connectivity services as the public telephone network and Frame Relay PVCs, but has finally settled in as being synonymous with IP-based data networking. Before this concept surfaced, large corporations had expended considerable resources to set up complex private networks, now commonly called Intranets. These networks were installed using costly leased line services, Frame Relay, and ATM to incorporate remote users. For the smaller sites and mobile workers on the remote end, companies supplemented their networks with remote access servers or ISDN. At the same time, the small- to medium-sized enterprises (SMEs), who could not afford dedicated leased lines, were relegated to low-speed switched services. As the Internet became more and more accessible and bandwidth capacities grew, companies began to offload their Intranets to the web and create what are now known as Extranets to link internal and external users. However, as cost-effective and quick-to deploy as the Internet is, there is one fundamental problemsecurity.

B. Current
Leased Line Leased lines are stated to be more suited for businesses that conduct business online and demand fast and reliable access and zero downtime. Internet leased lines differ from point to point lines in the respect they connect a site to the internet, whereas a point to point leased line will connect 2 sites, without internet access. Businesses can interconnect separate offices and buildings using a leased line which ensures that users are able to connect fast and directly to their host server or the internet anytime they want. Businesses need not have to own or deploy the connections as they can lease them from service providers. Leased lines can transfer data rates at speeds ranging from 1.5 Mbps (E1 connections) to 34.36 Mbps (E3 connections).The high cost of leased lines occurs due to their installation lead-in times, cost of installation and the maintenance and access fees which often make them unaffordable to small businesses. VPN Todays VPN solutions overcome the security factor. Using special tunneling protocols and complex encryption procedures, data integrity and privacy is achieved in what seems, for the most part, like a dedicated point-to-point connection. And, because these operations occur over a public network, VPNs can cost significantly less to implement than privately owned or leased services. Although early VPNs required extensive expertise to implement, the technology has matured already to a level that makes its deployment a simple and affordable solution for businesses of all sizes, including SMEs who were previously being left out of the e-revolution. Using the Internet, companies can connect their remote branch offices, project teams, business partners, and e-customers into the main corporate network. Mobile workers and telecommuters can get secure connectivity by dialing into the POP (Point-of-Presence) of a local ISP (Internet Service Provider). With a VPN, corporations see immediate cost reduction opportunities in their long distance charges (especially important to global companies), leased line fees, equipment inventories (like large banks of modems), and network support requirements.

IV.

Protocols and Network Configuration


Leased Line

A. Protocols
Leased Line Support - All IP Office systems are capable of connecting to leased line services. Six physical types of Leased Line are supported, X.21, V.35 and V.24, via the WAN port, or E1/T1 and Basic Rate via the trunk interfaces on the base unit. The X.21, V35 and V24 are externally clocked and can operate at any speed up to and including 2M. E1/T1 trunks can be configured to operate in a fractional mode for 'point to multi-point' applications i.e. a single 2M interface could be treated as 3 x 512K and 8 x 64K going to 11 different locations. When using T1 as a Leased Line it is possible to use the same circuit for switched circuit services. Not all types of leased line are available in all territories, check for availability. Dial-Up Circuit Support - Where the amount of traffic does not justify the cost of a dedicated leased line, the system can provide data connectivity via ISDN dial-up circuits using its E1/T1 or Basic Rate trunks. Where data speeds greater than a single channel are required (64K/56K), additional channels can be added to the call as and when they are needed. Point-to-Point Protocol (PPP) - PPP is an industry standard Wide Area Networking Protocol, that allows inter-working with a wide range of 3rd party routers. PPP is used over dial-up or leased line circuits where a single channel is used to connect the two locations together Multi-Link Point-to-Point Protocol (ML-PPP) - IP Office supports Multi-Link PPP allowing additional calls to be made where bandwidth greater than a single channel is required. The maximum number of channels available to data can be set on a service-by-service basis. When the available bandwidth reaches a user defined limit additional channels can be automatically added. Similarly, when traffic falls then the number of channels in use can be automatically reduced. If there is no data traffic on any of the channels in use then all lines can be cleared. Since most carriers have a minimum charge for calls, the period that a channel has to be idle before clearing is configurable. Through these mechanisms call costs can be effectively controlled while ensuring that bandwidth is available as and when it is needed. VPN PPTP (Point-to-Point Tunneling Protocol)
8

- Its the most widely supported VPN method among Windows users and it was created by Microsoft in association with other technology companies. The disadvantage of PPTP is that it does not provide encryption and it relies on the PPP (Point-to-Point Protocol) protocol to implement security measures. But compared to other methods, PPTP is faster and it is also available for Linux and Mac users. L2TP (Layer 2 Tunneling Protocol) - Its another tunneling protocol that supports VPNs. Like PPTP, L2TP does not provide encryption and it relies on PPP protocol to do this. The difference between PPTP and L2TP is that the second one provides not only data confidentiality but also data integrity. L2TP was developed by Microsoft and Cisco as a combination between PPTP and L2F (Layer 2 Forwarding). IPsec protocol - Can be used for encryption in correlation with L2TP tunneling protocol. It is used as a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec requires expensive, time consuming client installations and this can be considered an important disadvantage. SSL (Secure Socket Layer) - Is a VPN accessible via https over web browser. The advantage of this SSL VPN is that it doesnt need any software installed because it uses the web browser as the client application. Through SSL VPNs the users access can be restrict to specific applications instead of allowing access to the whole network.

B. Network Topology
Leased Line a) Hub-and-spoke Topology The most commonly encountered topology is a hub-and-spoke topology, where a number of remote offices (spokes) are connected to a central site (hub). The remote offices usually can exchange data (there are no explicit security restrictions on inter-office traffic), but the amount of data exchanged between them is negligible. The hub-and-spoke topology is used typically in organizations with strict hierarchical structures, for example, banks, governments, retail stores, international organizations with small in-country offices, and so on. b) Wide Area Network Topology Wide area network (WAN) topologies are network configurations that are designed to carry data over a great distance. Unlike LANs, which are designed to deliver data between many systems, WAN topologies are usually point to point. Point to point means that the technology was developed to support only two nodes sending and receiving data. If multiple nodes need access to the WAN, a LAN will be placed behind it to accommodate this functionality. c) Private Circuit Topology Leased lines are dedicated analog or digital circuits that are paid for on a flat-rate basis. This means that whether you use the circuit or not, you are paying a fixed monthly fee. Leased lines are point-to-point connectionsthey are used to connect one geographical location to another. The maximum throughput on a leased line is 56Kbps.

VPN a) Hub-and-spoke Topology The most commonly encountered topology is a hub-and-spoke topology, where a number of remote offices (spokes) are connected to a central site (hub). The remote offices usually can exchange data (there are no explicit security restrictions on inter-office traffic), but the amount of data exchanged between them is negligible. The hub-and-spoke topology is used typically in organizations with strict hierarchical structures, for example, banks, governments, retail stores, international organizations with small in-country offices, and so on. b) Partial- or Full-mesh Topology Not all customers can implement their networks with the huband-spoke topology discussed in the previous section for a variety of reasons, for example: The organization might be less hierarchical in structure, requiring data exchange between various points in the organization. The applications used in the organization need peer-to-peer communication (for example, messaging or collaboration systems).
10

For some multinational corporations, the cost of hub-and-spoke topology might be excessive due to the high cost of international links. In these cases, the overlay VPN model best suited to the organization's needs would be a partial-mesh model, where the sites in the VPN are connected by VCs dictated by traffic requirements (which eventually are dictated by business needs). If not all sites have direct connectivity to all other sites the topology is called partial mesh; if every site has a direct connection to every other site, the topology is called a full mesh. c) Hybrid Topology Large VPN networks built with an overlay VPN model tend to combine hub-and-spoke topology with the partial-mesh topology. For example, a large multinational organization might have access networks in each country implemented with a hub-and-spoke topology, whereas the international core network would be implemented with a partial-mesh topology. d) Simple Extranet Topology The Intranet topologies discussed so far are concerned mostly with the physical and logical topology of the VPN network, as dictated by the VC technology by which the overlay VPN model is implemented. In the extranet topologies, we focus more on the security requirements of the VPN network, which then can be implemented with a number of different topologies, either with the overlay or peer-to-peer VPN model. e) VPDN Topology The Virtual Private Dial-up Network (VPDN) service usually is implemented by tunneling PPP frames exchanged between the dial-up user and his home gateway in IP packets exchanged between the network access servers. f) Managed Network VPN Topology The last VPN topology discussed in this chapter is the topology used by service providers to manage the customer-premises routers in a managed network service. In a typical setup, the service provider provisions a number of routers at customer sites, connecting them through VCs implemented with Frame Relay or ATM and builds a separate huband-spoke topology connecting every customer router with the Network Management Center (NMC).

11

C. Network Architecture
Leased Line

VPN

12

D. Network Algorithm
Leased Line These are the major tasks when configuring the router: Configuring Global Parameters Configuring Security Configuring the Fast Ethernet Interface Configuring the Serial Interface Configuring Dynamic Routing Parameters Configuring Command-Line Access to the Router Configuring Global Parameters Follow these steps to configure the router for global parameters. Command Step 1 configure terminal Step 2 service timestamps debug date time msec Task Enter configuration mode. Configure the router to show the date and time of all debugs messages. This command is optional, but it is recommended if you use debug commands to troubleshoot your configuration. Step 3 service timestamps log date time msec Configure the router to show the date and time of all log messages. This command is optional, but it is recommended if you use the verification steps described in this guide. This feature is enabled for all the command output examples shown in this guide. Step 4 ip subnet-zero Configure the router to use subnet zero for interface addresses and routing updates. Disable the IP Domain Name System (DNS)-based host name-to-address translation on the router. Enable IPX routing, and configure the router with an IPX address.

Step 5 no ip domain-lookup

Step 6 ipx routing0000.0caa.1111 Configuring Security

Follow these steps to configure the router with security measures.

13

Command Step 1 enable password<user> Step 2 hostname Router

Task Specify a password to prevent unauthorized access to the router. Configure the router with a host name, which is used in prompts and default configuration filenames. For PPP authentication, the host name entered with this command must match the username of the central-site router.

Configuring the Fast Ethernet Interface Follow these steps to configure the Fast Ethernet interface, which connects your router to the local network. Command Step 1 interface fastethernet0 Task Enter configuration mode for the Fast Ethernet interface. Configure this interface with an IP address and a subnet mask. This interface must have an IP address assigned in order for the serial interface to be configured for IP unnumbered routing. Enable IPX routing on this interface, assign the IPX network number, and configure the interface for IPX SAP encapsulation. Configure a secondary IPX network that uses the default NetWare encapsulation. Enable the interface and the configuration changes you have just made on the interface. Exit configuration mode for this interface.

Step 2 ip address 10.1.1.1 255.0.0.0

Step 3 ipx network 100encapsulation sap

Step 4 ipx network 100encapsulation novell-ether secondary Step 5 no shutdown

Step 6 exit

Configuring the Serial Interface Follow these steps to configure the serial interface, which connects your router to the central-site router.
14

Command Step 1 interface serial0

Task Enter configuration mode for the serial interface.

Step 2 description leased line to Add a description of this interface to headquarters help you remember what is attached to it. Step 3 ip unnumbered FastEth0 Enable IP routing on this interface without assigning an IP address. Step 4 ipx network AAAA Step 5 encapsulation PPP Step 6 no shutdown Enable IPX routing on this interface, and assign an IPX network number. Configure this interface for PPP encapsulation. Enable this interface and the configuration changes you have just made on the interface. Exit configuration mode for this interface.

Step 7 exit

Configuring Dynamic Routing Parameters Follow these steps to configure some dynamic routing parameters. Command Step 1 router rip Step 2 version 2 Task Enable RIP routing on the router, and enter router configuration mode. Specify the router to use RIP version 2.

Step 3 network10.0.0.0 Enable Enhanced Interior Gateway Routing Protocol (EIGRP) for this network. Step 4 no autosummary Step 5 ip classless Disable automatic summarization of subnet routes into network-level routes. Configure the router to forward packets addressed to a subnet of a network with no network default route. Exit router configuration mode.

Step 6 exit

Configuring Command-Line Access to the Router Follow these steps to configure parameters that control access to the router.
15

Command Step 1 line console 0 Step 2 exec-timeout 5 Step 3 line vty 0 4

Task Specify the console terminal line, and enter line configuration mode. Set the interval that the EXEC command interpreter waits until user input is detected. Specify a virtual terminal for remote console access.

Step 4 password <lineaccess> Specify a password on the line. Step 5 login Step 6 end Enable password checking at terminal session login. Exit configuration mode.

VPN
Configuring VPN in Windows XP Professional For configuring the VPN connection, you need to have a static IP address of the remote computer of your company and the host name. You can configure the VPN connection in Windows XP Professional by the following method. 1. Click Start > Control Panel > Click Network and Internet connection > Click Network Connections. 2. Here you need to create new connection and click next 3. Here click Connect to network at my work place click next. 4. Click Virtual Private Network and click next. 5. Here type the meaningful name for your company or any other network connection and click next. 6. Here click Do not dial the initial connection and click next. 7. Here type the hostname and the IP address of the computer to which you want to connect. 8. Press next and then press finish.

Installing VPN in Windows 2000 Professional

16

Make sure that you are connected to the internet and you are also connected to the LAN. 1. Start > Administrative Tools > Routing and Remote Access 2. Click the server name in the tree and on the action menu click Configure and Enable Routing and Remote Access and click next. 3. Click Virtual Private Network (VPN Server) in the common configurations and click next. 4. In the remote client protocols, make sure that the TCP/IP is included in the list. Click yes to all available protocols and click next. 5. Select the Internet connection that will connect to the internet in the internet connection box and click next. 6. In the IP address management box select automatically to assign the IP addresses through the DHCP server. 7. In the Managing Multiple Remote Access Server select this option No, I dont want to setup this server to use Radius Server Now. Click Next > Click Finish. 8. Now right click on the Ports node and click properties now click WAN mini port (PPTP) and then click configure. 9. Type the maximum number of the allowed simultaneous PPTP VPN connections to this server.

Configuring VPN Server in Windows 2000

You can configure the VPN server further by the following methods.

1. Start > Admin Tools > Routing and Remote Access. 2. Right click the server name and then properties. 3. Select Enable this computer as a router on the general tab. 4. Here you have the choice to select Local Area Routing or LAN or Demand Dial Routing click ok and close all the dialog boxes.

Configuring VPN Connection in the Client Computer

17

1. Start > Settings > Network and dialup connection 2. Make new connection 3. Click next and then click connect to a private network through Internet a. Click Automatically Dial this initial connection and select your dial up internet connection from the list. b. If you use cable modem then select Do not dial this initial connection. 4. Click next 5. Here type the host name and the IP address of the remote computer to which you want to connect. 6. Type the descriptive name of the connection and click next.

18

V.

Technical Content
Leased Line

A. Hardware Requirements

The customer has to provide V.32 bits modem on both sides. He has to also arrange a router which will integrate the LAN with Internet. However UNIX machines can also be specially configured to act as IP routers.

VPN Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Use the following guidelines when determining network hardware requirements for your VPN design:

For interfaces on the public network, use network adapters capable of IPSec hardware offload. Assuming that you have a 10/100 Ethernet infrastructure, set all devices to 100 Mbps Full Duplex. Connect interfaces on the private network directly to a high-capacity switch that also connects the data servers and routers that remote access clients will access frequently.

CPU Requirements Use the following guidelines when determining CPU requirements for your VPN design:

Processing inbound and outbound packets requires CPU cycles. By increasing the available processing power, you can increase throughput. Doubling the speed of a single processor is more effective than doubling the number of processors. In the case of multiprocessor platforms, binding one CPU to each network adapter can increase the efficiency of interrupt handling, freeing cycles and shrinking the performance gap between the use of a large number of less powerful CPUs and a few faster, more expensive CPUs.

RAM Requirements Use the following guidelines when determining the RAM needed for VPN servers:
19

Each active connection consumes a small block of non page able memory (approximately 40 KB). If you do not need to handle more than 1,000 concurrent calls from remote access users, 512 MB of RAM is adequate. If you require the capacity to handle more than 1,000 concurrent calls, for every 1,000 concurrent calls provide an extra 128 MB of RAM over recommended RAM capacity for the server, plus a base of 128 MB more for remote access and related services.

20

B. Software Requirements
Leased Line The software requirement for this type of environment depends on what type of application the user is looking for.

VPN System requirements OS/400 Version 5 Release 2 (5722-SS1) or later Digital Certificate Manager (5722-SS1 Option 34) iSeries Access for Windows (5722-XE1) iSeries Navigator Network component of iSeries Navigator Set the retain server security data (QRETSVRSEC *SEC) system value to 1 TCP/IP must be configured, including IP interfaces, routes, local host name, and local domain name

Client requirements A workstation with a Windows 32-bit operating system properly connected to your system, and configured for TCP/IP A 233 Mhz processing unit 32 MB RAM for Windows 95 clients 64 MB RAM for Windows NT 4.0 and Windows 2000 clients iSeries Access for Windows and iSeries Navigator installed on the client PC Software that supports the IP Security (IPSec) protocol Software that supports L2TP, if remote users will use L2TP to establish a connection with your system

21

C. Application Area
Leased Line a. Site to site data connectivity Terminating a leased line with two routers can extend network capabilities across sites. Leased lines were first used in the 1970s by enterprise with proprietary protocols such as IBM System Network Architecture and Digital Equipment DECnet, and with TCP/IP in University and Research networks before the Internet became widely available. Note that other Layer 3 protocols were used such as Novell IPX on enterprise networks until TCP/IP became ubiquitous in the 2000s. Today, point to point data circuits are typically provisioned as either TDM, Ethernet, or Layer 3 MPLS. b. Site to site PBX connectivity Terminating a leased line with two PBX allowed customers to bypass PSTN for inter-site telephony. This allowed the customers to manage their own dial (and to use short extensions for internal telephone number) as well as to make significant savings if enough voice traffic was carried across the line (especially when the savings on the telephone bill exceeded the fixed cost of the leased line). c. Site to network connectivity As demand grew on data network telcos started to build more advanced network using packet switching on top of their infrastructure. Thus number of telecommunication companies added ATM, Frame-relay or ISDN offerings to their services portfolio. Leased lines were used to connect the customer site to the telco network access point. d. International Private Lease Circuit An International Private Leased Circuit (IPLC) functions as a pointto-point private line. IPLCs are usually Time-division multiplexing (TDM) circuits that utilize the same circuit amongst many customers. The nature of TDM requires the use of a CSU/DSU and a router. Usually the router will include the CSU/DSU. Then came the Internet (in the mid-1990s) and since the most common application for leased line is to connect a customer to its ISP Point of presence. With the changes that Internet brought in the networking world other technologies were developed to propose alternative to Frame-relay or ATM networks such as VPN's (hardware and software) and MPLS networks (that are in effect an upgrade to TCP/IP of existing ATM/Frame-relay infrastructures).

22

VPN a. System updates Update packages to perform security updates or install applications from software repositories on the internet. b. Browse the web Use a web browser to view web pages. c. Using E-mail There are three ways to access your e-mail, web mail from a web browser, accessing the exchange server from an e-mail client and using the POP/IMAP/SMTP servers from an e-mail client. d. Using instant messaging There are many different instant messaging networks each using their own network protocols that do not talk with each other. You need to select a client that works with your chosen network or a client that works on many different networks. e. Access remote shells A remote shell is command line access to a remote machine. There are many different ways to get a remote shell but only Secure Shell (SSH) and the less secure telnet are available. f. Streaming video

23

D. Security
Leased Line A leased line is also referred to as a dedicated line, because it is dedicated to the two locations it is connecting. Data and information are transmitted without the use of the Internet. This makes the connection secure, and files sent over the connection are safe from hackers.

VPN Secure VPNs use cryptographic tunneling protocols to provide confidentiality by blocking intercepts and packet sniffing, allowing sender authentication to block identity spoofing, and provide message integrity by preventing message alteration. Secure VPN protocols include the following:

IPsec (Internet Protocol Security) was developed by the Internet Engineering Task Force (IETF), and was initially developed for IPv6, which requires it. This standards-based security protocol is also widely used with IPv4. Layer 2 Tunneling Protocol frequently runs over IPsec. Its design meets the most security goals: authentication, integrity, and confidentiality. IPsec functions by summarizing an IP packet in conjunction with a surrounding packet, and encrypting the outcome. Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic, as it does in the OpenVPN project, or secure an individual connection. A number of vendors provide remote access VPN capabilities through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network Address Translation and firewall rules. Datagram Transport Layer Security (DTLS) is used in Cisco's nextgeneration VPN product, Cisco AnyConnect VPN, to solve the issues SSL/TLS has with tunneling over UDP. Microsoft Point-to-Point Encryption (MPPE) works with their Point-toPoint Tunneling Protocol and in several compatible implementations on other platforms. Microsoft introduced Secure Socket Tunneling Protocol (SSTP) in Windows Server 2008 and Windows Vista Service Pack 1. SSTP tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL 3.0 channel. MPVPN (Multi Path Virtual Private Network). Ragula Systems Development Company owns the registered trademark "MPVPN". Secure Shell (SSH) VPN -- OpenSSH offers VPN tunneling to secure remote connections to a network or inter-network links. This should not be confused with port forwarding. OpenSSH server provides a limited number of concurrent tunnels and the VPN feature itself does not support personal authentication
24

25

VI.

Implementation
Leased Line

A. Cost and Benefit Analysis


Item Leased line modem (TD-36 485) Description The TD-36 485 is designed to function reliably within industrial environments and in areas of high level interference. The modem has an RS232 and RS-422/485 interface supporting terminal data rates up to 115 Kbit/s. The TD-36 485 is a V.34 modem meaning that it can support bidirectional data rates of up to 33.6 Kbit/s on the PSTN or leased line side. Fast connect ensures that leased lines can reestablish connections in the range of 5 seconds. V.35 circuits interface with everything from RS232 to T1, so we also provide any cables needed to make the transition. And since we make them to any length, the end user never has a mess of surplus cable to choke his raceways, cable trays or under floor space. Price 27 914 Php

Cisco Cable V.35

1,500 Php

VPN Description The NetDefend family of Firewall/VPN Security DFL-210 Appliances is D-Links answer for hardwareNetwork Security Firewall based network security. The new D-Link Network Security Firewall (DFL-210) is an easy-to-deploy VPN and firewall solution designed specifically for the Small Office / Home Office (SOHO) market that demands superior performance and security. D-Link's VPN Client Software Allows users to communicate with company headquarters quickly and securely. Item Price $439.99 / 19,408 Php

$49.99 / 2,166 Php

26

B. Strengths and Weaknesses


Leased Line Strengths It provides permanent, reliable, high-speed connectivity as compared to the temporary connectivity of dial up access. The quality of the connection is far superior to what is normally available through dialup, because of the digital signaling, less noise, fewer exchanges etc. Weakness Leased bandwidth prices are quite high, compared to dialup bandwidth of comparable size. Entry level annual port prices are also high at present, so that this access method is only feasible beyond a fairly high threshold level. Permanent connectivity to the Net exposes the organization to a variety of threats including hacking, malicious code including active vandals, viruses, Trojan Horses, macros, denial of service attacks etc.

VPN Strengths a) Cost Savings - By leveraging third party networks, with VPN, organizations no longer have to use expensive leased or frame relay lines and are able to connect remote users to their corporate networks via a local Internet service provider (ISP) instead of via expensive 800numberor long distance calls to resource-consuming modem banks. Eliminating the need for expensive long-distance leased lines Reducing long-distance telephone charges Offloading support costs b) Security - VPNs provide the highest level of security using advanced encryption and authentication protocols that protect data from unauthorized access. c) Scalability - VPNs allow corporations to utilize remote access infrastructure within ISPs. Therefore, corporations are able to add a virtually unlimited amount of capacity without adding significant infrastructure. d) Compatibility with Broadband Technology - VPNs allow mobile workers, telecommuters and day extenders to take advantage of highspeed, broadband connectivity, such as DSL and Cable, when gaining access to their corporate networks, providing workers significant flexibility and efficiency. e) VPNs enable you to create secure, business-critical communication links over the Internet. f) Give telecommuters and mobile workers secure access to your LAN g) Share resources with partners
27

Weaknesses

a) Quality of Service. Unlike circuit-switched or leased line data services, VPN links (or tunnels) over public routed networks do not typically offer any end-to-end throughput guarantees. In addition, packet loss is variable and can be very high, and packets can be delivered out-oforder and fragmented b) Security. VPN connections are made by first connecting to a POP of the public network, and then using that network to reach a remote peer to form a private tunnel. Once the connection has been made to the POP, unsolicited data from other users of the public network can be received, and the exposure to "attacks" requires comprehensive and complex security measures. c) Bandwidth reservation or Quality of Service (QoS) at the enterprise or central site. Bandwidth reservation refers to the ability to "reserve" transmission bandwidth on a network connection for particular classes or types of traffic. It is much harder to achieve with VPNs than traditional networks. Some reservation can be done on out-bound traffic, but for inbound reservation to be achieved, the VPN carrier would need to help d) Two-way calling. Small office/home office sites that use ISDN to access a central site directly enjoy the capabilities of two-way calling, e.g. if the link is idle (the inactivity timer has fired and disconnected the call) and traffic needs to flow from the central site to the remote site, the central site can initiate the call. In a VPN network, this is a capability missing from common ISP offerings today. Call-back is a related topic; offering to pick up the dial-in costs incurred by partners and customers is also difficult. e) Overhead. VPN tunnels impose overhead for dial-in users: encryption algorithms may impact the performance of the user's system, there will be an increased protocol header overhead, authentication latency will increase, PPP and IP compression will perform poorly (compared to a direct link), and modem compression won't work at all. f) Support issues. Replacing direct-dial links with VPN tunnels may produce some very painful fault-finding missions. Due to the complexity of VPN carrier networks, the opportunities for "hand-washing" are enormous. g) Reconnection time. Using tunneling may increase the reconnection time for dial users. With the VPN carrier L2TP model, the client has to go through two authentication phases: one on contacting the VPN carrier POP, and another on contact with the enterprise Security Gateway. h) Multimedia. Applications such as video conferencing only work acceptably over low latency links that can offer the required minimum throughput. Currently on the Internet, latency and throughput can vary alarmingly. Multi-channel data services, such as ISDN and xDSL solve this problem in the short term, allowing the "data" channel to be used
28

for VPN tunneling, and a separate "voice" channel to be used for business telephone calls or video conferencing. i) Encryption. When using encryption to protect a tunnel, data compression is no longer achievable as encrypted data is not compressible. This means that hardware compression over a modem connection is not possible. j) Packet loss. A VPN tunnel can sometimes suffer high packet loss and can reorder packets. Reordering can cause problems for some bridged protocols, and high packet loss may have an impact on the optimal configuration of higher-layer protocols.

29

C. Future Development
Leased Line LEASED-LINE REPLACEMENT Bridge Wave utilizes wireless gigabit links to provide a high performance fiber optic replacement at significant savings compared to leased lines for metropolitan area networks. Advantages of Bridge Waves Gigabit Wireless Links: High Capacity full-rate, full-duplex GigE capacity Reliability carrier-class 99.999% availability Security inherent and advanced security options Privacy dedicated connectivity between buildings Scalability bandwidth on demand, easily upgradeable Cost eliminate recurring leased line costs Installation Easy installation within days Distance up to 6 miles (9 km)

o o o o o o o o

VPN Virtual private networks have grown in popularity as businesses to save money on remote network access for employees. Many corporations have also adopted VPNs as a security solution for private Wi-Fi wireless networks. Expect a continued gradual expansion in use of VPN technology to continue in the coming years.

30

D. Summary/Conclusion
Leased Line A leased line is a private high-performance circuit leased by a common carrier between a customer and a service providers network. It is rented on an annual basis and usually carries voice and data or both. Leased lines are mostly used for either internet access (Internet Leased Line) or used privately between two customer sites (Point to Point Leased Line). Unlike a dial-up connection, a leased line is always active. Similarly unlike broadband, a leased line is not contended or shared and delivers dedicated guaranteed bandwidth straight to the internet backbone. Customers pay a premium for a leased line and it is supported by a comprehensive Service-Level Agreement (SLA) with a guaranteed fix time and a compensation clause. Otherwise referred to as a point to point, private circuit, private line or dedicated access.

VPN A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network. A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). VPNs are often used to extend intranets worldwide to disseminate information and news to a wide user base. Educational institutions use VPNs to connect campuses that can be distributed across the country or around the world. In order to gain access to the private network, a user must be authenticated using a unique identification and a password. An authentication token is often used to gain access to a private network through a personal identification number (PIN) that a user must enter. The PIN is a unique authentication code that changes according to a specific frequency, usually every 30 seconds or so. Mobile users today often access their company networks through a virtual private network. When a mobile user connects to a main office using a standard Internet connection, a virtual private network (VPN) provides the mobile user with a secure connection to the company network server, as if the user has a private line. VPNs help ensure that data is safe from being intercepted by unauthorized people by encrypting data as it transmits from a notebook computer, smart phone, or other mobile device.

31

VII.

References/Bibliography
Leased Line

http://technet.microsoft.com/en-us/library/cc700841.aspx http://sg.pacnet.com/internet/leased-line/ http://www.bridgewave.com/solutions/leased-line-replacement.cfm http://www.hso.co.uk/leased-lines/leased-line-networking/leased-line-networking-how-touse-leased-lines-to-create-a-wide-area-network/

VPN http://cba.unomaha.edu/faculty/garfathr/web/vpn_pros_cons.html http://whatismyipaddress.com/vpn http://compnetworking.about.com/od/vpn/a/vpn_tutorial.htm http://etutorials.org/Networking/MPLS+VPN+Architectures/Part+2+MPLSbased+Virtual+Private+Networks/Chapter+7.+Virtual+Private+Network+VPN+Implem entation+Options/Typical+VPN+Network+Topologies/ http://www.emory.edu/BUSINESS/et/P98/vpn/ http://www.ncl.ac.uk/iss/netcomms/network/services/vpn/dock.html#task2 http://www.dlink.com/products/?pid=512

32