Virtual Private Network (VPN

)
Article Title : University Name: Group Staff : Class Time: Create & Edit By: What Is VPN? Elmi & Karbordi Jahad Daneshgahi -Fouman department Mahmood Rohani Wednesday 3-5 Pm o”clock Mahmood Rohani

“

If saving money is wrong, I don’t want to be right…” - William Shartner

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2-

outline
 What
    

is a VPN?

Types of VPN Why use VPNs? Disadvantage of VPN Types of VPN protocols Encryption

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-3-

What is a VPN?
 A VPN

is A network that uses Internet or other network service to transmit data. includes authentication and encryption to protect data integrity and confidentiality
-4-

VPN

 A VPN

Internet

VPN

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

Types of VPNs
 Remote Access

VPN Provides access to internal corporate network over the Internet. Reduces long distance, modem bank, and technical support costs.

Corporate Site

Internet

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-5-

Types of VPNs

Corporate Site

Remote Access VPN

 Site-to-Site

VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines
Branch Office
-6-

Internet

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

Types of VPNs
 

Remote Access VPN Site-to-Site VPN  Extranet VPN

Corporate Site

Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs

Internet

Partner #2 Partner #1

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-7-

Types of VPNs
 

Remote Access VPN Site-to-Site VPN
 

Database Server

Extranet VPN Intranet VPN:

Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections.

LAN clients

Internet

LAN clients with sensitive data

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-8-

Why Use Virtual Private Networks?
 More

flexibility

Use multiple connection types (cable, DSL, T1, T3) Secure and low-cost way to link Ubiquitous ISP services Easier E-commerce

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-9-

Why Use Virtual Private Networks?
 More
 

flexibility  More scalability
Add new sites, users quickly Scale bandwidth to meet demand

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1010-

Why Use Virtual Private Networks?
 More

flexibility  More scalability  Lower costs
  

Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical training and support

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1111-

VPN Return on Investment
Case History – Professional Services Company
 

5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88%
Check Point VPN Solution Startup Costs (Hardware and Software) Site-to-Site Annual Cost RAS Annual Cost Combined Annual Cost $51,965 $30,485 $48,000 $78,485 Non-VPN Solution Existing; sunk costs = $0 $71,664
Frame relay

Savings with Check Point

$41,180 /yr $556,800 /yr $597,980 /yr

$604,800
Dial-in costs

$676,464

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1212-

Disadvantages of VPN
 Lower

bandwidth available compared to dial-in line  Inconsistent remote access performance due to changes in Internet connectivity  No entrance into the network if the Internet connection is broken

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1313-

Point-to-Point Tunneling Protocol (PPTP)

Layer 2 remote access VPN distributed with Windows product family
 

Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 Protocols

 

Uses proprietary authentication and encryption Limited user management and scalability

Used MPPE encryption method
Corporate Network PPTP RAS Server

Remote PPTP Client

Internet

ISP Remote Access Switch
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1414-

Layer 2 Tunneling Protocol (L2TP)
 Layer
   

Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Addition to Point-to-Point Protocol (PPP) Must be combined with IPSec for enterprise-level security
Corporate Network L2TP Server

2 remote access VPN protocol

Remote L2TP Client

Internet

ISP L2TP Concentrator
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1515-

Internet Protocol Security (IPSec)
 Layer
 

3 protocol for remote access, intranet, and extranet VPNs
Internet standard for VPNs Provides flexible encryption and message authentication/integrity

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1616-

Encryption
 Used

to convert data to a secret code for transmission over an trusted network
Encrypted Text Encryption Algorithm “4hsd4e3mjvd3sd a1d38esdf2w4d”

Clear Text “The cow jumped over the moon”

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1717-

Symmetric Encryption
 Same

key used to encrypt and decrypt message  Faster than asymmetric encryption  Used by IPSec to encrypt actual message data  Examples: DES, 3DES, RC5

Shared Secret Key
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1818-

Asymmetric Encryption
 Different

keys used to encrypt and decrypt message (One public, one private)  Provides non-repudiation of message or message integrity  Examples include RSA, DSA, SHA-1, MD-5
Bob Alice

Alice Public Key Encrypt
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

Alice Private Key Decrypt
-1919-

Industries That May Use a VPN

Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely Retail: able to securely transfer sales data or customer info between stores & the headquarters Banking/Financial: enables account information to be transferred safely within departments & branches General Business: communication between remote employees can be securely exchanged
-2020-

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

Some Businesses using a VPN
CVS Pharmaceutical Corporation upgraded their frame relay network to an IP VPN Bacardi & Co. Implemented a 21country, 44-location VPN

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2121-

Questions

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2222-

presented by :

Mahmood Rohani

Thanks for your attention
Winter 85
©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2323-

Resource:
www.vpnc.org/vpn-technologies.pdf www.adtran.com/ www.cisco.com/ipsec_wp.htm www.computerworld.com www.findvpn.com www. Shabake_mag.com

©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2424-