virtual private networks (vpn). group members ervand akopyan orlando canton jr. juan david orozco
Post on 19-Dec-2015
215 views
TRANSCRIPT
VIRTUAL PRIVATE NETWORKS (VPN)
GROUP MEMBERS
ERVAND AKOPYANORLANDO CANTON JR.JUAN DAVID OROZCO
AGENDA
What is a VPN?VPN SOLUTION
Advantages/DisadvantageSoftware VPN ClientHardware VPN
ConfigurationVPN SETUP’sSecurity Type’s
What is VPN?
Maintaining privacy through the use of a tunneling protocol and security procedures
Provide remote access to an organization's network via the Internet
Point-to-Point Tunneling Protocol, Layer 2 tunneling protocol and IP Security
VPN SOLUTION
ADVANTAGEVPN lowers costs is by eliminating the
need for expensive long-distance leased lines
Data transfers are encryptedCost is low to implement
VPN SOLUTION
DISATVANTAGE OF VPN
• VPN Connection is slow
• Performance issues are a major, and legitimate, concern to the VPN user
• Bad Hardware and low speed connection on the user end
VPN CLIENT SOFTWARE
Questions to Ask
To configure and use the VPN Client
•Hostname or IP address of the secure gateway to which you are connecting. •Your IPSec Group Name (for preshared keys). •Your IPSec Group Password (for preshared keys). •If authenticating with a digital certificate, the name of the certificate. •If authenticating through the secure gateway's internal server, your username and password. •If authenticating through an NT Domain server, your username and password.
Installation screens
Installation screens
Installation screens
Installation screens
Software GUI
Software GUI
Software GUI
Software GUI
Software GUI
Software GUI
Software GUI
VPN ROUTER
Hardware VPN Router
VPN HARDWARE
Model: RV042 - Data Transfer Rate: 100 Mbps - 100 BASE TX - Fast Ethernet
Ideal for use in small business environments
Allows multiple computers in an office share an Internet connection.
Price Range: $137 to $174
Linksys 10/100 4-Port VPN Router
VPN Information
Data Transfer Rate: 54 Mbps - 2.4 GHz –
328 ft Indoor Range 1312 ft Outdoor Range A 4-Port Wireless Ethernet
Broadband Router with VPN (Virtual Private Network) capability.
Allows users to securely connect multiple computers over the Internet via IPSec, PPTP, or L2TP tunnels.
Price Range: $104 to $180
D-Link AirPlus Xtreme G Wi-Fi Router
VPN Information
Netgear ProSafe VPN Firewall 8 Port FVS114
Provides business class protection.
Perfect for telecommuters and remote offices.
4 10/100 Mbps auto-sensing, Auto Uplink switched LAN ports and Network Address Translation (NAT) routing
Up to 253 users can access your broadband connection at the same time.
VPN Information
SSL-VPN 2000
• Seamless Integration Behind Virtually Any Firewall
• The SSL-VPN 2000 integrates seamlessly into any network topology and can be easily deployed alongside almost any third-party firewall as a secure remote access solution.
• When deployed with a SonicWALL Internet security appliance running SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service, the SSL-VPN 2000 enhances network integration and security.
VPN Information
Nortel VPN Security Gateway 3050
Nortel VPN Security Gateway 3050
• A remote access security solution that extends the reach of enterprise applications and resources to remote employees, partners, and customers. • Offers a convenient alternative for securely provisioning resources for remote users without the need to install and manage client tunneling software on their PCs.
VPN for Large Businesses
Cisco VPN 3000 Concentrator
scalable encryption processing (SEP) modules, that enable users to easily increase capacity and throughput. The concentrators are offered in models suitable for everything from small businesses with up to 100 remote-access users to large organizations with up to 10,000 simultaneous remote users.
Configuring NetGear FSV318
VPN Hardware Configuration
VPN Hardware Configuration
VPN Hardware Configuration
ENCRYPTION
Encryption Schemes• Standard (DES)Standard (DES) – 20 Year Old complex symmetric algorithm less scecure then new ones
• Triple DES and 3DES-Triple DES and 3DES- use multiple passes of the original version to increase the key length, thus strengthening security
• Encapsulated Security Payload or Outer Cipher Block Chaining, can be used to further scramble the data, and maintain or verify its integrity
VPN SETUP
Site to Site Connection
GRE (generic routing encapsulation) is normally the encapsulating protocol that provides the framework for how to package the passenger protocol for transport over the carrier protocol, which is typically IP-based.
Remote Access VPN
IPSEC
IP Security- a set of protocols developed by the IETF to support secure exchange of packets at the IP layer.
Encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet. For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.
Tunneling
Tunneling requires three different protocols:
Carrier protocol - The protocol used by the network that the information is traveling over Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data Passenger protocol - The original data (IPX, NetBeui, IP) being carried
PPP Tunneling
L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any authentication scheme supported by PPP.
PPTP (Point-to-Point Tunneling Protocol) - PPTP supports 40-bit and 128-bit encryption and will use any authentication scheme supported by PPP. L2TP (Layer 2 Tunneling Protocol) - L2TP Combining features of both PPTP and L2F, L2TP also fully supports IPSec.
PPP (Point-to-Point Protocol)
References
www.cisco.comhttp://www.howstuffworks.com/www.netgear.comwww.linksys.comwww.wikipedia.org