VIRTUAL PRIVATE NETWORKS (VPN)

GROUP MEMBERS

ERVAND AKOPYANORLANDO CANTON JR.JUAN DAVID OROZCO

AGENDA

What is a VPN?VPN SOLUTION

Advantages/DisadvantageSoftware VPN ClientHardware VPN

ConfigurationVPN SETUP’sSecurity Type’s

What is VPN?

Maintaining privacy through the use of a tunneling protocol and security procedures

Provide remote access to an organization's network via the Internet

Point-to-Point Tunneling Protocol, Layer 2 tunneling protocol and IP Security

VPN SOLUTION

ADVANTAGEVPN lowers costs is by eliminating the

need for expensive long-distance leased lines

Data transfers are encryptedCost is low to implement

VPN SOLUTION

DISATVANTAGE OF VPN

• VPN Connection is slow

• Performance issues are a major, and legitimate, concern to the VPN user

• Bad Hardware and low speed connection on the user end

VPN CLIENT SOFTWARE

Questions to Ask

To configure and use the VPN Client

•Hostname or IP address of the secure gateway to which you are connecting. •Your IPSec Group Name (for preshared keys). •Your IPSec Group Password (for preshared keys). •If authenticating with a digital certificate, the name of the certificate. •If authenticating through the secure gateway's internal server, your username and password. •If authenticating through an NT Domain server, your username and password.

Installation screens

Installation screens

Installation screens

Installation screens

Software GUI

Software GUI

Software GUI

Software GUI

Software GUI

Software GUI

Software GUI

VPN ROUTER

Hardware VPN Router

VPN HARDWARE

Model: RV042 - Data Transfer Rate: 100 Mbps - 100 BASE TX - Fast Ethernet

Ideal for use in small business environments

Allows multiple computers in an office share an Internet connection.

Price Range: $137 to $174

Linksys 10/100 4-Port VPN Router

VPN Information

Data Transfer Rate: 54 Mbps - 2.4 GHz –

328 ft Indoor Range 1312 ft Outdoor Range A 4-Port Wireless Ethernet

Broadband Router with VPN (Virtual Private Network) capability.

Allows users to securely connect multiple computers over the Internet via IPSec, PPTP, or L2TP tunnels.

Price Range: $104 to $180

D-Link AirPlus Xtreme G Wi-Fi Router

VPN Information

Netgear ProSafe VPN Firewall 8 Port FVS114

Provides business class protection.

Perfect for telecommuters and remote offices.

4 10/100 Mbps auto-sensing, Auto Uplink switched LAN ports and Network Address Translation (NAT) routing

Up to 253 users can access your broadband connection at the same time.

VPN Information

SSL-VPN 2000

• Seamless Integration Behind Virtually Any Firewall

• The SSL-VPN 2000 integrates seamlessly into any network topology and can be easily deployed alongside almost any third-party firewall as a secure remote access solution.

• When deployed with a SonicWALL Internet security appliance running SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service, the SSL-VPN 2000 enhances network integration and security.

VPN Information

Nortel VPN Security Gateway 3050

Nortel VPN Security Gateway 3050

• A remote access security solution that extends the reach of enterprise applications and resources to remote employees, partners, and customers. • Offers a convenient alternative for securely provisioning resources for remote users without the need to install and manage client tunneling software on their PCs.

VPN for Large Businesses

Cisco VPN 3000 Concentrator

scalable encryption processing (SEP) modules, that enable users to easily increase capacity and throughput. The concentrators are offered in models suitable for everything from small businesses with up to 100 remote-access users to large organizations with up to 10,000 simultaneous remote users.

Configuring NetGear FSV318

VPN Hardware Configuration

VPN Hardware Configuration

VPN Hardware Configuration

ENCRYPTION

Encryption Schemes• Standard (DES)Standard (DES) – 20 Year Old complex symmetric algorithm less scecure then new ones

• Triple DES and 3DES-Triple DES and 3DES- use multiple passes of the original version to increase the key length, thus strengthening security

• Encapsulated Security Payload or Outer Cipher Block Chaining, can be used to further scramble the data, and maintain or verify its integrity

VPN SETUP

Site to Site Connection

GRE (generic routing encapsulation) is normally the encapsulating protocol that provides the framework for how to package the passenger protocol for transport over the carrier protocol, which is typically IP-based.

Remote Access VPN

IPSEC

IP Security- a set of protocols developed by the IETF to support secure exchange of packets at the IP layer.

Encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet. For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.

Tunneling

Tunneling requires three different protocols:

Carrier protocol - The protocol used by the network that the information is traveling over Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data Passenger protocol - The original data (IPX, NetBeui, IP) being carried

PPP Tunneling

L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any authentication scheme supported by PPP.

PPTP (Point-to-Point Tunneling Protocol) - PPTP supports 40-bit and 128-bit encryption and will use any authentication scheme supported by PPP. L2TP (Layer 2 Tunneling Protocol) - L2TP Combining features of both PPTP and L2F, L2TP also fully supports IPSec.

PPP (Point-to-Point Protocol)

References

www.cisco.comhttp://www.howstuffworks.com/www.netgear.comwww.linksys.comwww.wikipedia.org