1 / 9

Virtual Private Networks

Virtual Private Networks. What is a Virtual Private Network (VPN)? How do VPNs work? How is security achieved? How secure is a VPN? What sort of VPN is right for your application?. VPN: What is it.

finn
Download Presentation

Virtual Private Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Private Networks • What is a Virtual Private Network (VPN)? • How do VPNs work? • How is security achieved? • How secure is a VPN? • What sort of VPN is right for your application? Jeff Rupp CS691

  2. VPN: What is it • VPNs provide a means to have access to an internal network from a remote location via the Internet • They are called ‘Virtual’ since the data is still traveling through the public network, but both the data and the header can be encrypted Jeff Rupp CS691

  3. How do VPNs work • VPNs consist of a gateway to the internal network and any number of remote clients • The gateway is the machine to which the clients connect • The gateway provides the server side encryption/decryption and user authentication Jeff Rupp CS691

  4. How VPNs Work • The most common standard in use today is IPSec as established by the Internet Engineering Task Force (IETF) • IPSec allows for 2 modes of operation: • Transport: only the packet data is encrypted, the header is in the clear • Tunnel: both header and data are encrypted Jeff Rupp CS691

  5. Security • The first step in a VPN session is authentication, where the user and host authenticate each other via X.509, LDAP • The next step is to establish a key typically using the Diffie/Hellman protocol (public/private keys) • Packets are encrypted with this shared secret key, as public/private key cryptography is slower than secret key • The secret key may be changed may times during a single VPN session. Jeff Rupp CS691

  6. Security • IPSec does not dictate the encryption algorithm that is used • Most common is Triple DES • apply DES 3 times with unique keys each time • Some vendors have their own proprietary algorithm • These vendors would be worth avoiding, since if their algorithm is ever broken, then your system may be compromised Jeff Rupp CS691

  7. Speed • The limiting factor in the speed of a VPN system is the complexity of the encryption/decryption. • A software only solution provides acceptable bandwidth for 1-2 clients • Speed is dependent on the platform, and other loads on the VPN gateway • Large scale VPNs require a hardware solution, called a VPN Appliance • These appliances range in speed from 20Mbit - 200Mbit Jeff Rupp CS691

  8. Choosing a VPN • All VPNs provide a software solution for the client, so the only hardware piece needs to be the gateway • If your system will support more than 2 simultaneous clients then a VPN appliance is the best choice • If you restrict the VPN gateway’s duties to VPN (not firewall, etc) then a software server side solution is acceptable for 1-2 simultaneous clients Jeff Rupp CS691

  9. References • G2 Firewall Solutions Brief • http://www.securecomputing.com • Mar 05, 2003 • Virtual Private Network Consortium • http://www.vpnc.org/vpn-standards.html • Mar 05, 2003 • Windows 2000 Step-by-Step Guid to Internet Protocol Security (IPSec) • http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp • Mar 05, 2003 • Scott, Charlie; Wolfe, Paul; Erwin, Mike Virtual Private Networks, Second Edition • O’Reilly & Associates, Inc 1999 • Network World, Inc., 2002 • Product database from 10/28/2002 Jeff Rupp CS691

More Related