Transcript VPN Solution - Security Audit Systems

Lucent NetCare Knowledge Seminars
Virtual Private
Networks:
Trends and
Strategies
Presented by:
Rick Blum
Victor Danevich
Brian Schulz
January 19, 2000
([email protected])
([email protected])
([email protected])
Sharing the Knowledge Behind the Network
Background

Lucent NetCare Professional Services is a
provider of communications consulting,
intelligent maintenance, and management
solutions for next generation networks.

Seminar Objectives
• Provide insight into current efforts and future plans
for virtual private networks (VPNs).
• Help organizations assess their progress developing
VPN solutions.
• Identify barriers and challenges to achieving goals.
4/8/2017
2
VPN Definition
A computer network designed to use a
shared WAN infrastructure to securely
transport data communications using IP.
Internal implementation: all VPN
functionality resides outside the service
provider network (WAN).
Managed solutions: provided by carrier
VPN capabilities via carrier POP, or
Carrier managed premises equipment
4/8/2017
3
Secure Internet/IP VPNs
Secure IP VPN emulates a private network over a
shared IP network, often the public Internet.
Remote
Workers
Branch
Offices
Shared
IP
Network
Corporate
Headquarters
Internet
Customers,
Suppliers
4/8/2017
4
Market Trends

Improve remote access for
• Mobile workers
• Branch offices
• Partners and customers (extranet)

Promise of substantial reductions
in WAN costs

Quickly evolving technology

Market has moved from curiosity
to deployment
4/8/2017
5
Importance to IT Strategy of
Implementing or Improving VPN
4/8/2017
6
Most Important Networking
Objective Driving VPN Strategy
4/8/2017
7
Case Study: Cost Reduction
Situation: Large Accounting/Consulting Firm
 75,000 potential remote access users
 7 million minutes connect time/mo.
 Dial-up cost $0.07/minute over “800” line
 Total monthly connection cost = $490,000
VPN Solution:
 4,500 users created 90% of traffic
 Connect to VPN via ISP @ $20/mo.
 VPN implementation cost minimal using existing technologies
 Ongoing savings = $350,000/mo.
4/8/2017
8
Multiple VPN Stakeholders/Types
IT Network
Organization
IT Security
Group
Finance
Firewall-based
?
Decision
Router-based
Server-based
Dedicated device
4/8/2017
9
Internal Firewall-Based VPN
Server
Firewallbased
VPN
Gateway
Internet
or shared
network
Wkstn
Wkstn
Firewallbased
VPN
Gateway
Email
Server
VPN Mgmt.
Domain
VPN Mgmt.
Domain
VPN
Tunnel
4/8/2017
10
File
Server
Wkstn
Internal Router-Based VPN
Server
Routerbased
VPN
Gateway
Internet
or shared
network
Wkstn
Wkstn
Routerbased
VPN
Gateway
Email
Server
VPN Mgmt.
Domain
VPN Mgmt.
Domain
VPN
Tunnel
4/8/2017
11
File
Server
Wkstn
Internal Server-Based VPN
Server
Serverbased
VPN
Gateway
Internet
or shared
network
Wkstn
Wkstn
Serverbased
VPN
Gateway
Email
Server
VPN Mgmt.
Domain
VPN Mgmt.
Domain
VPN
Tunnel
4/8/2017
12
File
Server
Wkstn
Internal Dedicated VPN Device
File
Server
Server
Dedicated
VPN
Gateway
Internet
or shared
network
Wkstn
Wkstn
Dedicated
VPN
Gateway
Email
Server
VPN Mgmt.
Domain
VPN Mgmt.
Domain
VPN
Tunnel
4/8/2017
13
Wkstn
One Client, Multiple
VPN Implementations
Situation: Large Bank with 800 Clients

Firewall-based: Remote access

Router-based: WAN connectivity

Software-based: Disaster recovery

Dedicated device: Multiple clients
4/8/2017
14
VPN Types Implemented
or Being Considered
4/8/2017
15
Managed VPN Solution
Server
VPN Management Domain
SP
VPN
Gateway
Wkstn
File
Server
SP
VPN
Gateway
Internet
or shared
network
Wkstn
Email
Server
Wkstn
VPN
Tunnel
4/8/2017
16
Managed VPN Solution
Company A
Site 1
Global VPN NOC

Network
Monitoring
VPN
Config.
Enterprise B
Site 3
Enterprise B
Remote User
Company A
Remote User
Enterprise B
Site 1


Encrypted
Traffic
Company A
Site 3
Company A
Site 2
Enterprise B
Site 2
4/8/2017
17

Encrypted IPSec tunnels
secure data traversing the
shared IP infrastructure.
Global VPN NOC
configures, monitors and
manages all customers’
VPNs.
VPN Routers (managed
CPE) shape traffic, collect
performance statistics and
route customer traffic.
Remote access users
employ PC client software
to securely access data at
corporate sites.
VPN Tunneling Protocols Implemented
or Planned to be Implemented
4/8/2017
18
Authentication Technologies Implemented
or Planned to be Implemented
4/8/2017
19
VPN Gap
4/8/2017
20
Area That is Biggest Challenge
to Resolving VPN Issues
4/8/2017
21
Organizational Considerations
Policies
 Staffing
Procedures
Support
4/8/2017
22
Areas in Which Help is Needed to Evaluate,
Implement, or Enhance VPN Capabilities
4/8/2017
23
The Bottom Line
 A shortage of experienced network
professionals skilled in VPN
technologies will remain for some
time.
 Evaluations of the advantages of an
internal implementation versus a
managed VPN service should give
due consideration to the cost of
acquiring and/or retaining VPN
expertise while ultimate technological
directions are still uncertain.
4/8/2017
24
The Bottom Line (cont.)
 VPN protocols and technologies for
access and authentication are still
evolving, as are the various options
for implementing a VPN in software or
hardware.
 Balance short-term needs for specific
capabilities against long-term
advantages of compatibility and
interoperability. The goal is to find a
solution that will follow these tenets,
and also provide scalability as VPN
products mature.
4/8/2017
25
The Bottom Line (cont.)
 Technology will be only the starting
point for a successful VPN strategy.
In the earliest stages of planning,
consider the organizational impact of
the VPN.
 Build into the overall plan the specific
processes, procedures, and end-user
training that will be required to
smoothly transition to a VPN
computing model.
4/8/2017
26
Lucent Knows VPNs

Lucent NetCare Professional Services
• Network consulting services
• Network security practice

Lucent VPN Product Set
• VPN Routers
• VPN Gateway

VPN Policy Manager
Integral VPN Client
Lucent VPNWorX End-to-End
Solution
• Enterprises
• Service Providers
4/8/2017
27
Question and Answer
Q&A
4/8/2017
28
Thank You

VPN Whitepaper
• Available after Web Seminar at
netcare.com/seminars/thanks.asp

Feedback Survey
• Tell us what you think about this seminar
www.lucent-netcare.com/seminars/thanks.asp

For More Information
• E-mail [email protected]
• Call 1-800-4-NetCare
4/8/2017
29
www.lucent-