Transcript VPN
VPN Alex Carr Overview Introduction 3 Main Purposes of a VPN Equipment Remote-Access VPN Site-to-Site VPN Extranet Based Intranet Based Differences VPN Components VPN Client VPN Concentrator VPN-Enabled Firewall VPN Protocols Questions Introduction A virtual private network (VPN) extends a private network across a public network This is done by establishing a virtual point to point connection through the use of dedicated connections, encryption, or a combination of the two VPN technology is also used by ordinary Internet users to connect to proxy servers for the purpose of protecting one's identity 3 Main Purposes of a VPN 1. Security - the VPN should be able to protect the data that is being sent over an open network. If there is a potential hacker they should not be able to read the data that is retrieved 3 Main Purposes of a VPN 2. Reliability - Everyone should be able to access the network all the time unless it is only open during certain hours. The network should also work properly even when there is a large number of users 3 Main Purposes of a VPN 3. Scalability - The VPN should be able to expand when a business becomes larger without replacing any technology. Equipment 1. 2. 3. Network Access Server - is responsible for setting up and maintaining each tunnel in a remote-access VPN. AAA server - For each VPN connection, the AAA server confirms who you are, identifies what you're allowed to access over the connection and tracks what you do while you're logged in. Firewall - maintaining that the information on the private network is secure Remote-access VPN Allows a user to have a secure connection with a remote computer network The two major components of a remoteaccess VPN are a network access server (NAS) and client software Site-to-Site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the internet extends the company’s network, making their resources at their main location available to branch locations Extranet-based . Extranet-based is when a company has a close relationship with another company, it can build an extranet VPN that connects those companies' LANs. This extranet VPN allows the companies to work together in a secure, shared network environment while preventing access to their separate intranets Intranet Based Intranet-based is when a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect each separate LAN to a single WAN Differences Even though the purpose of a site-to-site VPN is different from that of a remoteaccess VPN, it could use some of the same software and equipment Ideally, though, a site-to-site VPN should eliminate the need for each computer to run VPN client software as if it were on a remote-access VPN VPN Components VPN components can run alongside other software on a shared server, but this is not typical, and could put the security and reliability of the VPN at risk. However as a business's VPN needs increase, so does its need for equipment that's optimized for the VPN. VPN Client VPN Client is when software is running on a device that acts as the interface for multiple connections VPN Concentrator VPN concentrator replaces an AAA server installed on a generic server. The hardware and software work together to establish VPN tunnels and handle large numbers of simultaneous connections VPN-Enabled Firewall VPN-enabled Firewall is a conventional firewall protecting information being sent between networks VPN Protocols 1. 2. 3. 4. IPsec - is a standard-based security protocol and is widely used with IPv4 and the layer 2 tunneling protocol Transport Layer Security (SSL/TLS) - can tunnel an entire network's traffic or secure an individual connection Secure Shell VPN - offers VPN tunneling to secure remote connections to a network or to internetwork links Microsoft Point-to-Point Encryption - works with the point-to-point protocol and in several compatible implementations on other platforms Questions?