Scribd
Upload
31 views

VPN Lecture

The document discusses VPNs, including what they are, their features, types, protocols, and provides an example of how a VPN tunnel works. VPNs establish secure connections over insecure networks like the internet and enable organizations to securely connect remote offices, users, and partners using public internet connections.

Uploaded by

mashhur.saultcollege
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
31 views

VPN Lecture

The document discusses VPNs, including what they are, their features, types, protocols, and provides an example of how a VPN tunnel works. VPNs establish secure connections over insecure networks like the internet and enable organizations to securely connect remote offices, users, and partners using public internet connections.

Uploaded by

mashhur.saultcollege
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Virtual Private Network

CYB306
What is VPN?

Establishes a secure connection over an insecure network, such as
the Internet.

Enables an organization to use Public Networks such as the
Internet, to provide a Secure connection among the organization’s
wide area network

Great alternative to private WAN connections since Internet access
is usually cheaper and it’s widely available.

Using the Internet as a backbone, a VPN can securely connect all of
a companies offices, telecommuters, mobile workers, customers,
partners and suppliers.
VPN Features

Confidentiality: preventing anyone from reading your data. This is
implemented with encryption.

Authentication: verifying that the router/firewall or remote user
that is sending VPN traffic is a legitimate device or router.

Access Control: restricting unauthorized users form the network.

Integrity: verifying that the VPN packet wasn’t changed somehow
during transit.

Anti-replay: preventing someone from capturing traffic and re-
sending it, trying to appear as a legitimate device/user.
VPN Types

Site-to-site VPN: Network devices at each site, between these two
network devices can build a VPN tunnel. Each end of the VPN
tunnel will encrypt the original IP packet, adds a VPN header, a new
IP header and then forwards the encrypted packet to the other end
of the tunnel.

Client-to-site VPN: Also called remote user VPN. The user installs a
VPN client on his/her computer, laptop, smartphone or tablet. The
VPN tunnel is established between the user’s device and the remote
network device.
VPN Gateway and Tunnels

A VPN gateway is a network device that provides encryption and
authentication service to a multitude of hosts that connect to it.


From the outside (Internet), all
communications addressed to
inside hosts flow through the
gateway.
VPN Protocols - IPsec

The IP protocol itself doesn’t have any security features at all, which is
why IPSec was created. IPSec is not a protocol but it’s a framework and
offers VPN features on layer three of the OSI model (Network Layer).

It uses a variety of protocols such as encryption algorithms like DES,
3DES or AES but if a new algorithm is created, IPSec could use it in the
future.

You can use IPSec for:

 Creating a site-to-site VPN tunnel.


 Creating a client-to-site (remote user) VPN tunnel.
 Between two servers to authenticate and/or encrypt traffic.
VPN Protocols - PPTP

PPTP (Point to Point Tunneling Protocol) is one of the older VPN
protocols (1995). It uses a GRE (Generic Routing Encapsulation)
tunnel for tunneling and PPP for authentication (using MS-CHAP or
MS-CHAP v2). Encryption is done with the MPPE (Microsoft PTP
Encryption) protocol.

PPTP is supported on many clients and operating systems,
however, it is not the most secure protocol and newer, more secure
protocols should be leveraged in its place to protect your data when
possible.
VPN Protocols - L2TP

L2TP (Layer Two Tunneling Protocol) is an extension of PPTP, which
allows us to tunnel layer two traffic (Data Link Layer) over layer
three (Network Layer) connections.

L2TP can be used if you need to “bridge” two remote LANs together
and you want to use a single subnet on both sites.

L2TP itself does not offer any encryption, which is why L2TP is
frequently used together with IPSec, often referred to as
L2TP/IPsec.
VPN Tunnel Example

Remote host (IP address 1.2.3.4) wishes to connect to a server
inside a company network

Server has internal address 192.168.1.10 and is not reachable
publicly

Before the client can reach this server, it needs to go through a VPN
server device that has public IP address 5.6.7.8 and an internal
address of 192.168.1.1

All data between the client and the server will need to be kept
confidential
VPN Tunnel Example
VPN Tunnel Example

The VPN client connects to a VPN server via an external network interface

The VPN server assigns an IP address to the VPN client from the VPN server's
subnet
 – Client gets internal IP address 192.168.1.50,
 – Client creates a virtual network interface through which it will send
encrypted packets to the other tunnel endpoint
 – This interface also gets the address 192.168.1.50


When the VPN client wishes to communicate with company server, it prepares
a packet addressed to 192.168.1.10, encrypts it and encapsulates it in an IPSec
packet
VPN Tunnel Example
VPN Tunnel Example

This packet is then sent to the VPN server at IP address 5.6.7.8 over the
public Internet

The inner packet is encrypted so that even if someone intercepts the
packet over the Internet, they cannot get any information from it

 They can see that the remote host is communicating with a VPN
server, but none of the contents of the communication.
 The inner encrypted packet has source address 192.168.1.50 and
destination address 192.168.1.10.
 The outer packet has source address 1.2.3.4 and destination address
5.6.7.8
VPN Tunnel Example

When the packet reaches the VPN server from the Internet, the VPN
server:

 Decapsulates the inner packet


 Decrypts it
 Finds the destination address to be 192.168.1.10
 Forwards it to the intended server at 192.168.1.10

You might also like