12-sep-15 virtual private network. why the need to transmit files securely without disclosing...
TRANSCRIPT
![Page 1: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/1.jpg)
Apr 21, 2023
Virtual Private Network
![Page 2: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/2.jpg)
Why the need
To transmit files securely without disclosing sensitive information to others in the Internet
![Page 3: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/3.jpg)
Each LAN an island
How to communicate with other islands?
![Page 4: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/4.jpg)
LANs in an Internet sea
![Page 5: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/5.jpg)
Communication in the Internet
![Page 6: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/6.jpg)
Using of Lease Line
![Page 7: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/7.jpg)
Using VPN
![Page 8: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/8.jpg)
Using VPN
![Page 9: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/9.jpg)
Secure communication at different levels
Using the TCP/IP model Application: PGP, SSH Transport level: SSL VPN Network level: IPSec Datalink level: PPTP, L2TP
Protection at the lower level is usually more flexible and more simple.
![Page 10: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/10.jpg)
WAN Technology
PPP X.25 Frame Relay ATM
![Page 11: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/11.jpg)
Point to Point Protocol
Data link protocol commonly used to establish a direct connection between two nodes over serial cable or phone line
Most Internet service providers use PPP for customers' dial-up access to the Internet
Other versions PPPoE and PPPoA
![Page 12: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/12.jpg)
Point to Point Protocol
Negotiation of IP address, address of name server
Provide authentication (use of CHAP) Encryption might be used (DES or RC4) Support multiple protocols on the same link
![Page 13: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/13.jpg)
![Page 14: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/14.jpg)
What is a Virtual Private Network
A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet.
A VPN enables you to send data between two computers across a shared or public internetwork in a manner that emulates the properties of a point-to-point private link.
![Page 15: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/15.jpg)
What is a Virtual Private Network
Secure private communications over public internet
Private IP packets encapsulated within public packets (tunnel)
Additional header added Authentication required Packets are usually encrypted
![Page 16: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/16.jpg)
Advantages of using VPN
Cost saving, use of public network instead of private lease line
Flexibility, user can connect anywhere Confidentiality of packets by encryption Integrity of packets by use of IPSec
![Page 17: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/17.jpg)
Elements of VPN
Authentication Tunneling Encryption (including key exchange)
![Page 18: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/18.jpg)
VPN Components
![Page 19: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/19.jpg)
Authentication
User authentication using passwords and certificates
Machine authentication using certificates Authentication Protocols
Password Authentication Protocol Challenge Handshake Authentication Protocol MS-CHAP Version 1 and 2 Extensible Authentication Protocol (EAP)
![Page 20: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/20.jpg)
Tunneling
To emulate a point-to-point link, data is encapsulated, or wrapped, with a header that provides routing information allowing it to traverse the shared or public transit internetwork to reach its endpoint.
The tunnel needs to be created, controlled, and terminated.
![Page 21: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/21.jpg)
Tunnel and VPN
The portion of the connection in which the private data is encapsulated is known as the tunnel.
The portion of the connection in which the private data is encrypted is known as the virtual private network (VPN)
![Page 22: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/22.jpg)
VPN connection
![Page 23: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/23.jpg)
Tunneling
![Page 24: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/24.jpg)
Tunneling Protocol
Point-to-Point Tunneling Protocol (PPTP) Layer Two Tunneling Protocol (L2TP) IPSec tunnel mode
![Page 25: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/25.jpg)
Encryption
The data being sent is encrypted for confidentiality to emulate a private link,
Original IP header information are also hidden Usual encryption protocol:
Microsoft Point to Point Encryption (MPPE) – RC4
Advanced Encryption Standard (AES) Encapsulated Security Payload (ESP) –
choose among many protocols
![Page 26: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/26.jpg)
Types of VPN connection
Gateway to Gateway Connecting network of 2 sites
Host to Gateway Mobile worker to connect company server
Host to Host To administer network remotely
![Page 27: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/27.jpg)
Type of VPN connection
Remote access VPN Mobile worker to access company network Requires VPN client Dial-in connection when necessary
Site-to-Site VPN To connect LAN of 2 sites together Requires router with special function May be persistent for 24 hours a day
![Page 28: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/28.jpg)
Remote Access to Intranet
![Page 29: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/29.jpg)
Site to Site connection
![Page 30: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/30.jpg)
Tunneling Protocol
The encapsulation can be done at layer 2 or layer 3.
Layer 2: Point to Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP)
Layer 3: IP Security
![Page 31: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/31.jpg)
PPTP
![Page 32: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/32.jpg)
PPTP
PPTP establishes the tunnel but does not provide encryption.
It is used in conjunction with the Microsoft Point-to-Point Encryption (MPPE) protocol to create a secure VPN.
PPTP has relatively low overhead, making it faster than some other VPN methods.
![Page 33: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/33.jpg)
L2TP
![Page 34: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/34.jpg)
L2TP
The Layer 2 Tunneling Protocol (L2TP) was developed in cooperation between Cisco and Microsoft, combining features of PPTP with those of Cisco’s proprietary Layer 2 Forwarding (L2F) protocol.
![Page 35: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/35.jpg)
L2TP/IP Sec
The Encapsulation Security Payload (ESP) header and trailer of IP Sec encapsulate the L2TP payload for authentication and encryption and provides better security
Authentication Header (AH) provides authentication and data security without encryption
![Page 36: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/36.jpg)
PPTP VS L2TP
L2TP/IPSec connections provide stronger authentication by requiring both computer-level authentication through certificates and user-level authentication through a PPP authentication protocol
With PPTP, data encryption begins after the PPP connection process. With L2TP/IPSec, data encryption begins before the PPP connection process by negotiating an IPSec security association
![Page 37: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/37.jpg)
PPTP VS L2TP
Both PPTP and L2TP can be used with IP, IPX/SPX, and NETBUI,
L2TP can be used on non-IP networks such as ATM, frame relay and X.25.
Performance of PPTP is better than L2TP because of less overhead.
L2TP is more secure and is the preferred method.
![Page 38: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/38.jpg)
PPTP VS L2TP
PPTP L2TP/IP Sec
Tunnel Authentication
Yes
Encryption method
MPPE IP Sec
(more secure)
Transit media support
IP IP, X.25, ATM, Frame Relay
Datagram supported
IP, IPX, NETBUI IP, IPX, NETBUI
![Page 39: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/39.jpg)
PPTP VS L2TP
PPTP L2TP/IP Sec
Support older client
Yes No
Pass thro’ NAT Yes Might
Requires PKI Yes
Computer Authentication
Yes
Speed Faster Slower
![Page 40: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/40.jpg)
RADIUS
The Remote Authentication Dial-in User Service (RADIUS) protocol is a popular method for managing remote user authentication and authorization
It is a lightweight, UDP-based protocol. RADIUS servers can be located anywhere on the Internet and provide authentication
![Page 41: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/41.jpg)
Secure Network Technologies
![Page 42: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/42.jpg)
PPTP: Free from Microsoft
![Page 43: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/43.jpg)
PPTP: Security
![Page 44: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/44.jpg)
Link Layer: L2TP
![Page 45: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/45.jpg)
Network Layer: IPSEC VPNs3 parts
![Page 46: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/46.jpg)
IPSec Authentication
![Page 47: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/47.jpg)
IPSec Encryption
![Page 48: 12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet](https://reader036.vdocuments.site/reader036/viewer/2022070407/56649e3f5503460f94b2f6ef/html5/thumbnails/48.jpg)
Terminology
MPPE: Microsoft Point-to-Point Encryption MPLS: Multi-Protocol Label Switching AH: Authentication Header ESP: Encapsulation Security Payload GRE: Generic Routing Encapsulation