Transcript VPN
VPN
Alex Carr
Overview
Introduction
3 Main Purposes of a VPN
Equipment
Remote-Access VPN
Site-to-Site VPN
Extranet Based
Intranet Based
Differences
VPN Components
VPN Client
VPN Concentrator
VPN-Enabled Firewall
VPN Protocols
Questions
Introduction
A virtual private network (VPN) extends a
private network across a public network
This is done by establishing a virtual point to
point connection through the use of
dedicated connections, encryption, or a
combination of the two
VPN technology is also used by ordinary
Internet users to connect to proxy servers for
the purpose of protecting one's identity
3 Main Purposes of a VPN
1. Security - the VPN should be able to
protect the data that is being sent over an
open network. If there is a potential hacker
they should not be able to read the data
that is retrieved
3 Main Purposes of a VPN
2. Reliability - Everyone should be able to
access the network all the time unless it is
only open during certain hours. The network
should also work properly even when there is
a large number of users
3 Main Purposes of a VPN
3. Scalability - The VPN should be able to
expand when a business becomes larger
without replacing any technology.
Equipment
1.
2.
3.
Network Access Server - is responsible for
setting up and maintaining each tunnel in a
remote-access VPN.
AAA server - For each VPN connection, the
AAA server confirms who you are, identifies
what you're allowed to access over the
connection and tracks what you do while
you're logged in.
Firewall - maintaining that the information on
the private network is secure
Remote-access VPN
Allows
a user to have a secure
connection with a remote computer
network
The two major components of a remoteaccess VPN are a network access server
(NAS) and client software
Site-to-Site VPN
allows
offices in multiple fixed locations to
establish secure connections with each
other over a public network such as the
internet
extends the company’s network, making
their resources at their main location
available to branch locations
Extranet-based
.
Extranet-based is when a company has
a close relationship with another
company, it can build an extranet VPN
that connects those companies' LANs. This
extranet VPN allows the companies to
work together in a secure, shared network
environment while preventing access to
their separate intranets
Intranet Based
Intranet-based
is when a company has
one or more remote locations that they
wish to join in a single private network,
they can create an intranet VPN to
connect each separate LAN to a single
WAN
Differences
Even
though the purpose of a site-to-site
VPN is different from that of a remoteaccess VPN, it could use some of the
same software and equipment
Ideally, though, a site-to-site VPN should
eliminate the need for each computer to
run VPN client software as if it were on a
remote-access VPN
VPN Components
VPN
components can run alongside other
software on a shared server, but this is not
typical, and could put the security and
reliability of the VPN at risk. However as a
business's VPN needs increase, so does its
need for equipment that's optimized for
the VPN.
VPN Client
VPN
Client is when software is running on
a device that acts as the interface for
multiple connections
VPN Concentrator
VPN
concentrator replaces an AAA server
installed on a generic server. The
hardware and software work together to
establish VPN tunnels and handle large
numbers of simultaneous connections
VPN-Enabled Firewall
VPN-enabled
Firewall is a conventional
firewall protecting information being sent
between networks
VPN Protocols
1.
2.
3.
4.
IPsec - is a standard-based security protocol and
is widely used with IPv4 and the layer 2 tunneling
protocol
Transport Layer Security (SSL/TLS) - can tunnel an
entire network's traffic or secure an individual
connection
Secure Shell VPN - offers VPN tunneling to secure
remote connections to a network or to internetwork links
Microsoft Point-to-Point Encryption - works with
the point-to-point protocol and in several
compatible implementations on other platforms
Questions?