Table of Contents

1. Introduction
1.1 Background of the Study
1.2 Statement of the Problem
1.3 Objectives of the Study
1.4 Significance of the Study
1.5 Scope of the Study
1.6 Limitations of the Study

2. Literature Review
2.1 Introduction
2.2 Remote-Access VPN
2.3 Site-to-Site VPN
2.4 VPN Analogy
2.5 Firewall-based

3 . Designing and Simulating a Secure Virtual Private Network (VPN)

3 .1 Introduction:
3 .2VPN Design
3 .3Simulation Setup
3 .4Simulation Results
3. 5Discussion
Chapter 1:
1.0 Introduction

In today's digital environment, the world has transformed into a global village, where
information is readily available at our fingertips. The internet has revolutionized the way we
live, work, and interact, making it possible to access vast amounts of information,
communicate with others, and conduct business transactions with ease.

The concept of shared infrastructure has become the backbone of modern communication,
enabling us to share resources, exchange ideas, and collaborate on a global scale. The
internet, with its over 100,000 routes and growing, has become the largest public network,
connecting billions of people and devices worldwide.

However, this increased connectivity has also introduced a plethora of security risks, making
it vulnerable to malicious attacks, data breaches, and cyber threats. Hackers can exploit this
access to eavesdrop, disrupt services, gain unauthorized entry, manipulate data, masquerade
as legitimate users, replay sessions, and hijack sessions, compromising sensitive information
and putting organizations at risk.

To address these concerns, Virtual Private Networks (VPNs) have emerged as a secure
solution, enabling organizations to deploy networks on public infrastructure while
maintaining the same security, management, and quality policies as private networks. By
creating a secure tunnel between endpoints, VPNs ensure that data remains encrypted,
protected, and secure, even when transmitted over public networks.

With VPNs, organizations can extend their corporate WANs to remote users, telecommuters,
mobile workers, and external partners, ensuring secure communication, collaboration, and
information sharing. This enables businesses to expand their reach, improve productivity, and
reduce costs, while maintaining the highest levels of security and compliance
1.1 Background of the Study
In the modern digital era, the secure transmission of data over the internet has become critically
important. Businesses and individuals alike need reliable means to protect their data from
unauthorized access and cyber threats.
The internet has revolutionized the way we communicate, access information, and conduct
business. However, this increased reliance on digital communication has also introduced
significant security risks (Kizza, 2017). Cybercriminals can exploit vulnerabilities in public
networks to intercept sensitive information, disrupt services, and compromise data integrity
(Kshetri, 2017).
The importance of information security has become a major concern for organizations and
individuals alike. According to a report by Cybersecurity Ventures, the global cost of cybercrime
is projected to reach $6 trillion by 2021 (Morgan, 2019). Moreover, the consequences of security
breaches can be severe, resulting in financial losses, reputational damage, legal liabilities, and
compromised national security (Brenner, 2007).

Virtual Private Networks (VPNs) have emerged as a secure solution to address these concerns,
thereby creating a secure tunnel between endpoints, encrypting data and protecting it from
unauthorized access over the open network (RFC 4364, 2006). By deploying VPNs,
organizations can ensure secure communication, collaboration, and information sharing over
public networks (Harris & Goodman, 2017).
The widespread adoption of VPNs has led to a significant increase in research and development
in this field. New technologies and protocols have emerged, enhancing VPN security,
performance, and scalability (RFC 8593, 2019).
This study focuses on designing and simulating a secure VPN to address these concerns.

1.2 Statement of the Problem

As we increasingly rely on digital communication, the risk of cyber-attacks and data breaches on
public networks poses a significant threat to our personal and professional lives. Despite the
widespread use of Virtual Private Networks (VPNs) to secure our online interactions, the
alarming rate of security breaches highlights the urgent need for improved VPN security
measures. Our sensitive information, privacy, and trust are at stake.
The primary problem addressed by this study is the vulnerability of data transmitted over open
networks. Without adequate protection, sensitive information can be intercepted, leading to
breaches of privacy and security.
This study aims to design and simulate a VPN that prioritizes the confidentiality, integrity, and
availability, mitigating these risks.

1.2 Objectives of the Study

The main objectives of this study are:
1. To design a secure VPN suitable for use over an open network.
2. To simulate the designed VPN to test its effectiveness in securing data.
3. To evaluate the performance and reliability of the VPN under various conditions.
1.3 Significance of the Study
This project enlightens readers and would serve as bedrock for computer network and
information control in a computer Network environment.
The significance of this study lies in its potential to enhance data security for organizations and
individuals using open networks. By providing a robust VPN solution, this study aims to
contribute to the broader field of cybersecurity, offering practical insights and methodologies for
protecting sensitive information.

1.4 Scope of the Study

This study focuses on the design and simulation of a VPN that can be deployed over open
networks. It covers the technical aspects of VPN setup, including encryption methods, tunneling
protocols, and authentication mechanisms. The simulation will be conducted using appropriate
network simulation tools.

1.5 Limitations of the Study

The study is limited to the design and simulation phase and does not include the physical
deployment of the VPN. Additionally, the simulation environment may not fully capture the
complexities of real-world network conditions, which could affect the results.
In this project most of these facilities are not present rather simulator is used to achieve relevant
features. This research ought to cover a wide area but unable to do so due to the following
limitations
Finance: The cost of acquiring network equipment is high, and as a student, I was unable to
afford all the financial requirements of the research study.

Time: The period of time allowed for this project was small. A project of this nature needs more
time for complete investigation and research to be conducted. More so, studies and examinations
are being combined which does not allow complete dedication to the project. Therefore, the
following may not be achieved in this academic project.

 Scalability
 Network management
 Policy management
 Remote Access VPN
 CHAPTER TWO (2)
LITERATURE REVIEW
2.1 Introduction:
In this section we address three types of VPNs: remote access, site-to-site, and firewall-
based (a site-to-site variation). The variation between remote access and site-to-site VPNs will
become more open-ended as new devices such as hardware VPN clients, become more prevalent.
These appear as a single device accessing the network, albeit there may be a network with
several devices behind it. In all cases, the VPN comprises two endpoints that may be represented
by routers, firewalls, client workstations, or servers

2.2 Remote-Access VPN

Remote-access VPN, also called a virtual private dial-up network (VPDN), is a user-
to-LAN connection used by a company that has employees who need to connect to the private
network from various remote locations. Typically, a corporation that wishes to set up a large
remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a
network access server (NAS) and provides the remote users with desktop client software for
their computers. The telecommuters can then dial a toll-free number to reach the NAS and use
their VPN client software to access the corporate network.

A good example of a company that needs a remote-access VPN would be a large firm with
hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections
between a company's private network and remote users through a third-party service provider.

2.3 Site-to-Site VPN

Through the use of dedicated equipment and large-scale encryption, a company can connect
multiple fixed sites over a public network such as the Internet. Site-to-site VPNs can be one of
two types:

 Intranet-based - If a company has one or more remote locations that they wish to join in
a single private network, they can create an intranet VPN to connect LAN to LAN.
  Extranet-based - When a company has a close relationship with another company (for
example, a partner, supplier or customer), they can build an extranet VPN that connects
LAN to LAN, and that allows all of the various companies to work in a shared
environment

2.4 VPN Analogy: Each LAN is an Island

Imagine that you live on an island in a huge ocean. There are thousands of other islands
all around you, some very close and others farther away. The normal way to travel is to take a
ferry from your island to whichever island you wish to visit. Of course, traveling on a ferry
means that you have almost no privacy. Anything you do can be seen by someone else.

Let's say that each island represents a private LAN and the ocean is the Internet.
Traveling by ferry is like connecting to a Web server or other device through the Internet. You
have no control over the wires and routers that make up the Internet, just like you have no
control over the other people on the ferry. This leaves you susceptible to security issues if you
are trying to connect between two private networks using a public resource.

Continuing with our analogy, your island decides to build a bridge to another island so
that there is easier, more secure and direct way for people to travel between the two. It is
expensive to build and maintain the bridge, even though the island you are connecting with is
very close. But the need for a reliable, secure path is so great that you do it anyway. Your island
would like to connect to a second island that is much farther away but decides that the cost are
simply too much to bear.

This is very much like having a leased line. The bridges (leased lines) are separate from
the ocean (Internet), yet are able to connect the islands (LANs). Many companies have chosen
this route because of the need for security and reliability in connecting their remote offices.
However, if the offices are very far apart, the cost can be prohibitively high -- just like trying to
build a bridge that spans a great distance.
In our analogy, each person having a submarine is like a remote user having access to the
company's private network.

So how does VPN fit in? Using our analogy, we could give each inhabitant of our islands a small
submarine. Let's assume that your submarine has some amazing properties:

 It's fast.
 It's easy to take with you wherever you go.
 It's able to completely hide you from any other boats or submarines.
 It's dependable.
 It costs little to add additional submarines to your fleet once the first is purchased.

Although they are traveling in the ocean along with other traffic, the inhabitants of our two
islands could travel back and forth whenever they wanted to with privacy and security. That's
essentially how a VPN works. Each remote member of your network can communicate in a
secure and reliable manner using the Internet as the medium to connect to the private LAN. A
VPN can grow to accommodate more users and different locations much easier than a leased
line. In fact, scalability is a major advantage that VPNs have over typical leased lines. Unlike
with leased lines, where the cost increases in proportion to the distances involved, the geographic
locations of each office matter little in the creation of a VPN.

2.5 Firewall-based

A firewall-based VPN is intrinsically a site-to-site implementation. Firewall-based VPN

solutions are not a technical but a security issue. They are deployed when a corporation requires
more advanced perimeter security measures for its VPNs. Corporations can enhance their
existing firewalls to support firewall-based VPNs

2.6 Conceptual Framework

Virtual Private Network (VPN) security is a critical aspect of secure communication over the
internet. The conceptual framework of VPN security consists of three main components:
encryption, authentication, and tunneling protocols. Encryption protocols like Advanced
Encryption Standard (AES) and Blowfish protect data confidentiality, while authentication
protocols like username/password and biometric authentication ensure data integrity. Tunneling
protocols like Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP)
create a secure connection between the user and the VPN server.

Related Works

Several studies have investigated various aspects of VPN security. Kizza (2017) reviewed VPN
security architecture and identified vulnerabilities in encryption, authentication, and tunneling
protocols. Harris and Goodman (2017) evaluated the security of mobile VPNs and highlighted
the need for improved mobility management. RFC 4364 (2006) introduced the concept of VPN
Forwarding and Encapsulation, which has since become a standard in VPN technology.

Li et al. (2019) proposed a secure VPN architecture based on Software-Defined Networking

(SDN) and Network Function Virtualization (NFV). The authors argued that SDN and NFV can
improve VPN security by providing a flexible and scalable architecture for deploying security
services. Zhang et al. (2020) developed a machine learning-based approach for detecting VPN-
related malware. The authors used a dataset of VPN traffic to train a machine learning model to
detect malware attacks on VPNs.

Alshahrani et al. (2019) investigated the security of VPN protocols and identified weaknesses in
PPTP and L2TP/IPSec. The authors recommended using OpenVPN or WireGuard as alternative
protocols. Hussain et al. (2020) analyzed the performance and security of OpenVPN and
WireGuard. The authors found that both protocols provided good security, but OpenVPN had
better performance.

Singh et al. (2019) compared the security features of various VPN protocols, including
OpenVPN, L2TP/IPSec, and PPTP. The authors found that OpenVPN had the best security
features, followed by L2TP/IPSec and PPTP. Wang et al. (2020) evaluated the security of VPNs
in cloud computing environments. The authors found that VPNs can improve security in cloud
environments, but also introduce new security risks.

Summary of Related Works

The literature suggests that VPN security is a complex and multifaceted concept that requires
careful consideration of encryption, authentication, and tunneling protocols. While VPNs offer
several security benefits, they are vulnerable to various security threats, including man-in-the-
middle attacks, eavesdropping, and malware attacks. Mobile VPNs introduce additional security
challenges, such as packet loss and disconnections. Several solutions have been proposed to
address these challenges, including improved encryption protocols, authentication mechanisms,
and mobility management techniques.

Research Gaps

Despite the significant research in VPN security, several research gaps remain. Firstly, there is a
need for more efficient encryption protocols that can provide better security without
compromising performance. Secondly, authentication mechanisms need to be improved to
prevent unauthorized access. Thirdly, mobility management in mobile VPNs requires further
research to address packet loss and disconnections. Finally, there is a need for more
comprehensive studies that evaluate the overall security of VPNs in various scenarios.

Conclusion

VPN security is a critical aspect of secure communication over the internet. The conceptual
framework of VPN security consists of encryption, authentication, and tunneling protocols.
Several studies have investigated various aspects of VPN security, including security
architecture, mobility management, and malware detection. However, research gaps remain, and
further research is needed to improve VPN security.
3.1 Introduction

Imagine you're working remotely and need to access your company's network securely. That's
where a VPN comes in. A VPN creates a secure, encrypted connection between your device and
the company network, allowing you to access resources as if you were directly connected to the
network. But how do we design and test such a system? That's what we'll explore in this chapter.

3.2 VPN Design

A VPN consists of several components:

- VPN Server: This is the machine that runs the VPN software and acts as the entry point to the
network.

- VPN Client: This is the machine that connects to the VPN server and accesses the network.

- Encryption: We'll use AES-256 to scramble the data, making it unreadable to anyone snooping
on the connection.

- Authentication: We'll use a username and password, plus a radius server for added security.

- Firewall: We'll configure the firewall to only allow VPN traffic and block any other incoming
connections.

We'll use OpenVPN software for our simulation, as it's widely used and respected in the
industry.

3.3 Simulation Setup

To simulate our VPN, we'll use GNS3, a powerful network simulator. We'll set up:
- Virtual machines for the VPN server and client

- Network devices and links to simulate the internet connection

- OpenVPN software on both the server and client

- Firewall rules on the VPN server

We'll configure the VPN server to use a public IP address and a private IP address range for the
VPN clients. The VPN client will connect to the VPN server using the public IP address.

3.4 Simulation Results

After setting up the simulation, we ran several tests to verify the VPN's security and
performance. The results showed:

- Successful establishment of a VPN connection between the client and server

- Secure data transmission over the internet, with encryption and authentication working as
expected

- Firewall rules effectively blocking unauthorized access

- VPN performance metrics, such as throughput and latency, within acceptable ranges

We also tested various scenarios, like disconnecting and reconnecting the VPN client, to ensure
the system was robust and reliable.

3.5 Discussion

Our simulation demonstrates that a well-designed VPN can provide secure access to a network
over the internet. By using encryption, authentication, and firewall rules, we can protect data
transmission and prevent unauthorized access. The results validate our design, showing that the
VPN performs well and meets our security requirements.

In conclusion, designing and simulating a secure VPN on an open network requires careful
planning and testing. By using tools like GNS3 and following best practices, we can create a
robust and reliable VPN system that meets our needs. Thanks for joining me on this journey!