Virtual Private Networks
|
|
- Jared Hicks
- 7 years ago
- Views:
Transcription
1 Virtual Private Networks Omar ALGhamdi, MD, MS Medical Informatics
2 2 Table of Contents: 1. Introduction. 2. Definitions. 3. VPN Motivations. 4. Architecture & Implementations. 4.1 Network Layer VPNs Controlled Route Leaking Tunneling Network Layer Encryption. 4.2 Link-Layer VPNs. 5 Types of VPNs. 5.1 LAN Interconnect VPN. 5.2 Dial-up VPN. 5.3 The Extranet VPN. 6 Requirements of well designed VPN. 7 The future of VPN. 1. Introduction: The Internet global presence makes it attractive as a universal communications infrastructure for businesses. With distance-independent rates and flat fees, the costs of corporate Internet communications become predictable and tend to get cheaper. However,
3 3 some Internet design principles discourage the use of the Internet as a universal communication platform. First, all Internet traffic shares the available resources and is forwarded in a best-effort manner. Such resource sharing with all other Internet users makes it impossible for Internet service providers (ISPs) to offer the service guarantees needed. The second problem with internet is lack of built in security support.(braun, Guenter, & Khalil, 2001). According to infonetics Cahners In Stat Group predicts the total market for VPN will explode from a projected $2.67 billion in 1999 to $32 billion by the end of Moreover, the September, 1999 Internet Week survey of 200 IT managers found that 29% were using VPNs, while 71% were six moths to one year or more from deployment(younglove, 2000). This is a clear indication that VPNs are very promising to many organizations, as a potential economical communication solution. Therefore VPNs have been earning the nickname Very Profitable Networks (Yuricik & Doss, 2001). 2. Definitions: A VPN is a communications environment in which access is controlled to permit peer connections only within a defined community of interest, and is constructed through some form of partitioning of a common underlying communications medium, where this underlying communication medium provides services to the network on a non-exclusive basis(ferguson & Huston, 1998). A simpler, more approximate, and much less formal description is:
4 4 A communication environment constructed by controlled segmentation of a shared communication infrastructure to emulate the characteristics of a private network.(venkateswaran, 2001). It should be noted that shared communication infrastructure upon which the VPN is constructed could either be public Internet or a private network.(yuricik & Doss, 2001). 3. Motivations for VPNs: A virtual private network can resolve many of the issues associated with today s private networks. a) Cost: Traditional private networks facilitate connectivity among various network entities through a set of links, comprising of dedicated circuits (T1, T3 etc.). The cost of such links is high especially when they involve international locations.(venkateswaran, 2001). Even when VPNs are implemented on a provider private network, it would still be less expensive, since that private network will provide VPN services to many other subscribers(ferguson & Huston, 1998). b) Mobility of workforce: The percentage of people in the US workforce that depends on remote access to do their jobs is continually growing. Many companies are encouraging telecommunications to reduce their investment in real estate, reduce traffic, and reduce pollution from automobile. To support this, companies have to provide a reliable IT infrastructure like large modem pools and toll free numbers, all of which adds to their overhead cost.(younglove, 2000).
5 5 c) E-commerce applications: such applications are deployed around inventory management, supply chain management, electronic data interchange etc. However, in traditional private networks, this kind of special access provision is difficult to incorporate because it is not easy to install dedicated link to all suppliers and business partners, nor it is flexible because a change in the supplier would require de-installing the link and installing another one to the new vendor. Such inflexible infrastructure makes it difficult to take advantage of cost saving opportunities like quickly replacing a supplier with one who provides more competitive prices. (Venkateswaran, 2001). 4. Architecture & Implementations. Despite the common perception that VPN is not a customizable solution, a broad spectrum of VPN options is available. Network designers do not anticipate any single VPN solution to supplant others. Instead they forecast that a diversity of choices will continue to emerge, increasing an advanced planning framework s value(yuricik & Doss, 2001). There are several different ways of VPN implementations. VPNs can be implemented at Link-layer, Network layer, Transport layer, and application layer.(ferguson & Huston, 1998). There is currently significant interest in the deployment of virtual private networks across IP backbone facilities(gleeson, Lin, Heinanen, Armitage, & Malis, 2000), for this reason this paper will focus on the two most common implementation methods (Network & Link-layer VPNs) Network Layer VPNs: There are two models within this framework, The Peer and Overlay VPN.
6 6 The peer VPN model is one in which paths are computed on hop-by-hop basis, where each node in the path is a peer with a next-hop node. The overlay VPN model is one in which the network layer forwarding path uses the intermediate link layer as a cut - through to another edge node on the other side of a public network (Yuricik & Doss, 2001). There are three common ways of implementing Network layer VPNs Controlled Route Leaking: Is a method which could also be called privacy through obscurity, it is a peer VPN model. It consist simply of controlling route propagation to the point that only certain networks receives routes from other networks which are within their own community of interest, the most common and efficient way to accomplish this is by using BGP communities, which is a method that enable the VPN provider to mark the Network Layer Reachability Information with community attributes that identifies different networks. Figure 1. Figure 1 Courtesy of (Ferguson & Huston, 1998)
7 Tunneling: Tunneling is an Overlay VPN model, it is a method of sending packets securely over a shared public infrastructure(younglove, 2000). In the tunnel mode, the end points of the tunnel are common nodes of the VPN and the shared public infrastructure (Venkateswaran, 2001). Generally, there are two approaches for establishing tunnels: Customer Premise Equipment (CPE) based approach and the network based approach. In the CPE-based approach, tunnels are established only between CPE devises (mainly border router). In the network based approach, tunnels are established between the routers of the core (shared) network. The CPE-based approach is more simple, however, for scalability and economic reasons, network-based solutions for VPNs are preferred (Cohen & Kaempfer, 2000). There are numerous tunneling mechanisms, including, Generic Routing Encapsulation (GRE), Layer 2 Tunneling Protocol (L2TP), Point to Point Tunneling protocol(pptp), IPSec, and Multiprotocol Label Switching(MPLS) (Ferguson & Huston, 1998). The most common tunneling mechanism is GRE routing from source to destination router, router to router, or host to host. Tunnels between source (ingress) and destination (egress) routers encapsulate source packets with a new GRE header and forward them into a tunnel with tunnel s endpoint as a destination address. When the packet reaches the tunnel endpoint, the last router strips the outer GRE header away, unencapsulating the inner packet. The router then forwards this original packet to its original destination, which appears in the inner packet header.(braun et al., 2001). GRE tunnels are generally point-to-point, that is, there is a single source address and single destination tunnel
8 8 endpoint address. However, there are some vendor implementations that allow the configuration of point-to-multipoint tunnels(ferguson & Huston, 1998). Layer 2 tunneling protocol (L2TP) is a network protocol which was developed by IETF(Internet Engineering Task Force), it encapsulate PPP frames to be sent over IP, X.25, frame relay, or ATM networks(younglove, 2000). L2TP is a compulsory Tunneling model, this means that a dial up client dials into Network Access Server (NAS), which after successful authentication dynamically establish L2TP tunnel to a predetermined end point in the network.(gleeson et al., 2000). Point to Point tunneling protocol (PPTP), is similar to L2TP, but is considered Voluntary tunneling model, where the client dials into NAS, and establish a PPTP tunnel directly from the client side to the end point of the server to be accessed, depending on the privileges granted to that client.(ferguson & Huston, 1998). Tunneling has two main advantages, first it helps to route multiple protocols across the shared network infrastructure i.e. the original packet could be based on any layer 3 protocol ( like IP, Apple Talk, or Novel IPX). Second, the VPN and the shared network infrastructure may use different routing protocols and addressing mechanism without hindering the routing process typically the network-layer protocol within the shared infrastructure is IP. The are some disadvantages of tunneling. It is difficult to manage a large number of tunnels. Therefore, it doesn t scale well to a large number of VPN nodes. Further, the packets on the unencrypted tunnels can be eavesdropped by others attached to the shared network infrastructure. This tunnel is especially vulnerable at tunnel end-point where the
9 9 extra headers are stripped away and packets are visible in their original forms (Venkateswaran, 2001) Network Layer Encryption: As tunneling doesn t ensure privacy, this is clearly a problem for organizations who wants to use public networks, especially the internet to transmit important information (Yuricik & Doss, 2001). The evolving standard for network layer encryption is IP Security ( IP Sec) which was developed by the IETF. It is a layer 3 protocol standard designed to insure data security in IP based communications. IPSec allows IP payloads to be encrypted and encapsulated in an IP header for secure transfer.(younglove, 2000). IPSec supports two types of encapsulation which are used in combination: authentication header (AH) and encapsulating security payload (ESP). AH provides secure source identification and data integrity verification using a header field. ESP supports payload encryption for confidentiality and has two modes: tunnel mode for WAN traffic (the entire packet, including source and destination addresses is encrypted to prevent traffic analysis) and the transport mode (only the payload is encrypted ) for LAN traffic(yuricik & Doss, 2001). IPSec has become the de facto industry standard for IP-based VPN infrastructure. The future version of IP (IPv6), has IP sec built in it, and when fully deployed, it will render IPSec obsolete (Younglove, 2000). Generally speaking and independent of IPSec, there are two basic methods in which network layer encryption is implemented. The most secure is end-to-end between
10 10 participating hosts. This allows for the highest level of security. The alternative is tunnel mode, where encryption is only performed between intermediate devices (routers), and traffic between the end system and the router is in plain text. The latter is obviously less secure (Gleeson et al., 2000) Link-Layer VPNs: The basic concept of this kind of implementation is to use a shared network infrastructure that is based on switched link layer technology like Frame Relay or Asynchronous Transfer Mode (ATM). Thus, a collection of VPNs may share the same infrastructure for connectivity, and share the same switching elements without being visible to each other. By this, link-layer VPNs attempts to maintain the critical elements of being self contained and economical (Gleeson et al., 2000). There are several protocols that are used in link-layer VPN implementations, the most common is Multiprotocol over ATM (MPOA), and Multiprotocol Label Swiching ( MPLS) (Venkateswaran, 2001). The connection is established as a virtual circuit at the link layer. The essential difference here between this architecture of virtual circuit and that of dedicated circuits is that there is no synchronized data clock shared by the sender and the receiver, nor is there a dedicated transmission path assigned from the common shared infrastructure.(ferguson & Huston, 1998). The advantage of virtual circuits is that they are cheaper than dedicated links and they are very flexible. Link-layer VPNs are appropriate for LAN interconnect VPN services. Link-layer VPNs are not ideally suited for dial-up services because most ISPs provide connectivity through
11 11 IP. Since dial-up VPN services offer more cost reductions, IP-based network layer VPNs are more attractive to IT managers (Venkateswaran, 2001). There are no industry standards, per se, for link layer encryption, thus all link layer encryption solutions are generally vendor specific and require special encryption hardware (Ferguson & Huston, 1998). 5. Types of VPNs. There are primarily three types of VPNs. Local Area Network Interconnect VPN, Dial- Up VPN, and Extranet VPN (Venkateswaran, 2001) LAN Interconnect VPN: Helps to interconnect different LANs located at different geographical areas over shared network infrastructure. Typically it is used to connect small offices with their regional main office. The advantages of this type, is that it is very flexible, i.e, both the capacity of a link and the number of necessary link can be changed whenever needed Dial-up VPN: Supports mobile and telecommuting employees in accessing the company s Intranet from remote locations. This type of VPN may use either L2TP, or PPTP protocols as described earlier in the tunneling section. The dial-up VPN has two main advantages. It eliminates the need to manage and maintain a RAS, as this is usually done by the service provider. It also provides considerable cost saving as it result in a significant reduction in long distance and Toll Free calls Extranet VPN: Combines the architecture of both LAN interconnect and dial-up VPNs.
12 12 This kind of VPNs enables vendors, suppliers, and customers to access specific areas of the company s Intranet. The allowed specific area is denoted as Demilitarized Zone (DMZ). The main advantage of Extranet VPNs is that it helps in several e-commerce areas including efficient inventory management and electronic data interchange. 6. Requirements of a Well Designed VPN. Scalability: allows a solution to grow as the business grows and eliminate forklift upgrades. Performance: VPN should be able to process close to the input line speed or to the line speed of the slowest link. Reliability: VPN should be available at all the time, reliability must include redundancy features to allow automatic recovery of failed devices with limited interruption of service. Usability: VPN needs to be very easy to use and understand by the end-users. Ease of Management: the management platform must have a simple way to design security policy, an easy way to distribute that policy, and an easy way to simultaneously manage a large number of devises. Interoperability: the VPN equipment must be interoperable according to industry standards and protocols. Protocol Support: at least the following protocols must be supported. IPSec, PPTP, L2TP, and RADIUS. Service Level Agreement (SLA): It is necessary to negotiate with service provider a SLA to provide a consistent throughput and service to the connected locations.
13 13 Seamless Integration: VPN solution must fit into an organization network system as a complementary service.(gentry, 2001) 7. The Future of VPN. VPN technology is still in its infancy. But the general believe that in a couple of years VPNs will evolve and demonstrate all the promised advantages. VPN will be a global technology linking geographical regions around the world (Venkateswaran, 2001). Future VPN researches are directed toward Quality of Service (QoS), especially as a capability of the MPLS (Yuricik & Doss, 2001). Internet QoS VPNs have become a feasible and economically interesting solution for deploying wide area corporate networks. However, the Qos and VPN enabling technologies increases network management complexity significantly (Braun et al., 2001). In their paper, (Jingsha He, Blight, & Chujo, 2000), studied the VPN requirements, especially the Qos and security requirements, and analyzed the different implantations that can support the requirements in different network environments. They proposed a unified Policy Server-based architecture which supports both LAN and Dial-Up modules. The policy server stores the company s QoS Policy, security policy and the rules to establish the VPN connections. Each and every network element that is involved in the VPN needs to consult the PS at the time of establishing a VPN connection. With the support of the PS and dynamic policy rules it enforces, different VPN connections can be established depending on where the user initiates the connections. Another advantage of
14 14 this approach is the centralized administration and management of policies that resides on the PS. 8. References: Braun, T., Guenter, M., & Khalil, I. (2001). Managment of quality of service enabled VPNs. IEEE Communication Magazine, 39(5), Cohen, R., & Kaempfer, G. (2000). On the cost of virtual private networks. IEEE/ACM Transactions on Networking, 8(6), Ferguson, P., & Huston, G. (1998). What is a VPN, from Gentry, P. B. (2001). What is a VPN. Information Security Technical Report, 6(1), Gleeson, B., Lin, A., Heinanen, J., Armitage, G., & Malis, A. (2000). A Framework for IP Based Virtual Private Networks, from Jingsha He, Blight, D., & Chujo, T. (2000). A unified architecture for virtual private networking. Paper presented at the International Communication Technology. Venkateswaran, R. (2001). Virtual private networks. IEEE potentials, 20(1), Younglove, R. (2000). Virtual private networks - how they work. Computing & Control Engineering Journal, 11(6), Yuricik, W., & Doss, D. (2001). A Planning framework for implementing virtual private networks. IT Professional, 3(3), Braun, T., Guenter, M., & Khalil, I. (2001). Managment of quality of service enabled VPNs. IEEE Communication Magazine, 39(5), Cohen, R., & Kaempfer, G. (2000). On the cost of virtual private networks. IEEE/ACM Transactions on Networking, 8(6), Ferguson, P., & Huston, G. (1998). What is a VPN. Retrieved, from the World Wide Web: Gentry, P. B. (2001). What is a VPN. Information Security Technical Report, 6(1), Gleeson, B., Lin, A., Heinanen, J., Armitage, G., & Malis, A. (2000). A Framework for IP Based Virtual Private Networks. Retrieved, from the World Wide Web: Jingsha He, Blight, D., & Chujo, T. (2000). A unified architecture for virtual private networking. Paper presented at the International Communication Technology. Venkateswaran, R. (2001). Virtual private networks. IEEE potentials, 20(1), Younglove, R. (2000). Virtual private networks - how they work. Computing & Control Engineering Journal, 11(6),
15 Yuricik, W., & Doss, D. (2001). A Planning framework for implementing virtual private networks. IT Professional, 3(3),
VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationSecure Network Design: Designing a DMZ & VPN
Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network
More informationMPLS L2VPN (VLL) Technology White Paper
MPLS L2VPN (VLL) Technology White Paper Issue 1.0 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationVPN Technologies: Definitions and Requirements
VPN Technologies: Definitions and Requirements 1. Introduction VPN Consortium, January 2003 This white paper describes the major technologies for virtual private networks (VPNs) used today on the Internet.
More informationFirewalls and Virtual Private Networks
CHAPTER 9 Firewalls and Virtual Private Networks Introduction In Chapter 8, we discussed the issue of security in remote access networks. In this chapter we will consider how security is applied in remote
More informationIP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract
Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private
More informationAT&T. ip vpn portfolio. integrated. IP VPN solutions. for the enterprise. Communication Systems International Incorporated
AT&T ip vpn portfolio integrated IP VPN solutions for the enterprise Communication Systems International Incorporated Applications of IP VPN Technology Applications of IP VPN Technology Sales Force Automation
More informationVirtual Private Networks
Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security
More informationWAN Data Link Protocols
WAN Data Link Protocols In addition to Physical layer devices, WANs require Data Link layer protocols to establish the link across the communication line from the sending to the receiving device. 1 Data
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationBuilding Remote Access VPNs
Building Remote Access VPNs 124 Grove Street, Suite 309 Franklin, MA 02038 877-4-ALTIGA www.altiga.com Building Remote Access VPNs: Harnessing the Power of the Internet to Reduce Costs and Boost Performance
More informationCS419: Computer Networks. Lecture 9: Mar 30, 2005 VPNs
: Computer Networks Lecture 9: Mar 30, 2005 VPNs VPN Taxonomy VPN Client Network Provider-based Customer-based Provider-based Customer-based Compulsory Voluntary L2 L3 Secure Non-secure ATM Frame Relay
More informationMPLS/IP VPN Services Market Update, 2014. United States
MPLS/IP VPN Services Market Update, 2014 United States August 2014 Contents Section Slide Numbers Executive Summary 4 Market Overview & Definitions 8 Drivers & Restraints 14 Market Trends & Revenue Forecasts
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationHow Virtual Private Networks Work
How Virtual Private Networks Work by Jeff Tyson This article has been reprinted from http://computer.howstuffworks.com/ Please note that the web site includes two animated diagrams which explain in greater
More informationMPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service
Nowdays, most network engineers/specialists consider MPLS (MultiProtocol Label Switching) one of the most promising transport technologies. Then, what is MPLS? Multi Protocol Label Switching (MPLS) is
More informationNovember 2013. Defining the Value of MPLS VPNs
November 2013 S P E C I A L R E P O R T Defining the Value of MPLS VPNs Table of Contents Introduction... 3 What Are VPNs?... 4 What Are MPLS VPNs?... 5 What Are the Benefits of MPLS VPNs?... 8 How Do
More informationWelcome to Today s Seminar!
Welcome to Today s Seminar! Welcome to this exciting, informative session on Internet VPNs and the QoS Difference Keynote speakers Eric Zines, Sr Market Analyst, TeleChoice Ashley Stephenson, Chairman,
More informationIntranet Security Solution
Intranet Security Solution 1. Introduction With the increase in information and economic exchange, there are more and more enterprises need to communicate with their partners, suppliers, customers or their
More informationCreating a VPN Using Windows 2003 Server and XP Professional
Creating a VPN Using Windows 2003 Server and XP Professional Recommended Instructor Preparation for Learning Activity Instructor Notes: There are two main types of VPNs: User-to-Network This type of VPN
More informationVPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationMP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb
MP PLS VPN MPLS VPN Prepared by Eng. Hussein M. Harb Agenda MP PLS VPN Why VPN VPN Definition VPN Categories VPN Implementations VPN Models MPLS VPN Types L3 MPLS VPN L2 MPLS VPN Why VPN? VPNs were developed
More informationWAN. Introduction. Services used by WAN. Circuit Switched Services. Architecture of Switch Services
WAN Introduction Wide area networks (WANs) Connect BNs and LANs across longer distances, often hundreds of miles or more Typically built by using leased circuits from common carriers such as AT&T Most
More informationComputer Network. Interconnected collection of autonomous computers that are able to exchange information
Introduction Computer Network. Interconnected collection of autonomous computers that are able to exchange information No master/slave relationship between the computers in the network Data Communications.
More informationThe Advantages Of A Virtual Private Network For Computer Security
Proceedings of the 16 th Annual NACCQ, Palmerston North New Zealand July, 2003 (eds) Mann, S. and Williamson, A. www.naccq.ac.nz ABSTRACT Computer and network security are leading edge risk challenges
More informationHow Virtual Private Networks Work
How Virtual Private Networks Work Document ID: 14106 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information What Makes a VPN? Analogy: Each LAN Is an IsLANd
More informationConnecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003 Microsoft Corporation Published: March 2003 Abstract Business professionals today require access to information on their network from anywhere
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationA Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform
A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform Peter Dulany, Chang Soo Kim, and James T. Yu PeteDulany@yahoo.com, ChangSooKim@yahoo.com, jyu@cs.depaul.edu School of Computer Science,
More informationFirewalls. Outlines: By: Arash Habibi Lashkari July 2010. Network Security 06
Firewalls Outlines: What is a firewall Why an organization ation needs a firewall Types of firewalls and technologies Deploying a firewall What is a VPN By: Arash Habibi Lashkari July 2010 1 Introduction
More informationMPLS VPN Technology. Overview. Outline
MPLS VPN Technology Overview This module introduces Virtual Private Networks (VPN) and two major VPN design options overlay VPN and peer-to-peer VPN. VPN terminology and topologies are introduced. The
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationSFWR 4C03: Computer Networks & Computer Security Jan 3-7, 2005. Lecturer: Kartik Krishnan Lecture 1-3
SFWR 4C03: Computer Networks & Computer Security Jan 3-7, 2005 Lecturer: Kartik Krishnan Lecture 1-3 Communications and Computer Networks The fundamental purpose of a communication network is the exchange
More informationRemote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6
Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6 Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani The Higher Institute of Industry Misurata, Libya goha_99@yahoo.com
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More information1.264 Lecture 37. Telecom: Enterprise networks, VPN
1.264 Lecture 37 Telecom: Enterprise networks, VPN 1 Enterprise networks Connections within enterprise External connections Remote offices Employees Customers Business partners, supply chain partners Patients
More informationOptimizing Networks for NASPI
Optimizing Networks for NASPI Scott Pelton, CISSP National Director AT&T Enterprise Network Architecture Center 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks
More informationIBM enetwork VPN Solutions
IBM enetwork VPN Solutions the Reach of Your Network Extend Agenda Description and Value of a VPN VPN Technology IBM's VPN Solutions and Future Enhancements Summary What is a VPN? Remote Access Business
More informationProCurve Secure Access 700wl Series Wireless Data Privacy Technical Brief
ProCurve Networking by HP ProCurve Secure Access 700wl Series Wireless Data Privacy Technical Brief Introduction... 2 The Data Security Problem in the Wireless World... 2 ProCurve 700wl Series Wireless
More informationGuide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various
More information1.1. Abstract. 1.2. VPN Overview
1.1. Abstract Traditionally organizations have designed their VPN networks using layer 2 WANs that provide emulated leased lines. In the last years a great variety of VPN technologies has appeared, making
More informationObjectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how
More informationVirtual Private Networks Solutions for Secure Remote Access. White Paper
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
More informationComputer Networking Networks
Page 1 of 8 Computer Networking Networks 9.1 Local area network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as a home, school, office
More informationRA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com
RA-MPLS VPN Services Kapil Kumar Network Planning & Engineering Data E-mail: Kapil.Kumar@relianceinfo.com Agenda Introduction Why RA MPLS VPNs? Overview of RA MPLS VPNs Architecture for RA MPLS VPNs Typical
More informationVirtual Private Network and Remote Access Setup
CHAPTER 10 Virtual Private Network and Remote Access Setup 10.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationBroadband Networks. Prof. Abhay Karandikar. Electrical Engineering Department. Indian Institute of Technology, Mumbai.
Broadband Networks Prof. Abhay Karandikar Electrical Engineering Department Indian Institute of Technology, Mumbai Lecture - 32 Metro Ethernet Access Networks So, in today s lecture we will talk about
More informationGroup Encrypted Transport VPN
Group Encrypted Transport VPN Petr Růžička petr.ruzicka@cisco.com Cisco Systems Czech Republic V Celnici 10, 117 21 Praha Abstract Today's networked applications, such as voice and video, are accelerating
More informationQuidway MPLS VPN Solution for Financial Networks
Quidway MPLS VPN Solution for Financial Networks Using a uniform computer network to provide various value-added services is a new trend of the application systems of large banks. Transplanting traditional
More informationOverview of Routing between Virtual LANs
Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationCase Studies. Static p2p GRE over IPsec with a Branch Dynamic Public IP Address Case Study. Overview CHAPTER
CHAPTER 5 The following two case studies are provided as reference material for implementing p2p GRE over IPsec designs. Static p2p GRE over IPsec with a Branch Dynamic Public IP Address Case Study This
More informationAN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION
AN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION DR. P. RAJAMOHAN SENIOR LECTURER, SCHOOL OF INFORMATION TECHNOLOGY, SEGi UNIVERSITY, TAMAN SAINS SELANGOR, KOTA DAMANSARA, PJU
More informationVirtual Private Networks
Virtual Private Networks Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More information"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
More informationBest Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications
Best Effort gets Better with MPLS Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications A White Paper on Multiprotocol Label Switching October,
More informationManaging the Costs and Complexities of VPN Deployment
THE TECHNOLOGY GUIDE SERIES www.techguide.com Managing the Costs and Complexities of VPN Deployment This Guide has been sponsored by Can-Do! VPN solutions Table of Contents Introduction....................................
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationChapter 2 Virtual Private Networking Basics
Chapter 2 Virtual Private Networking Basics What is a Virtual Private Network? There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies,
More informationImplementing Secured Converged Wide Area Networks (ISCW) Version 1.0
COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Chair for
More informationMCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access
MCTS Guide to Microsoft Windows 7 Chapter 14 Remote Access Objectives Understand remote access and remote control features in Windows 7 Understand virtual private networking features in Windows 7 Describe
More informationMPLS VPN in Cellular Mobile IPv6 Architectures(04##017)
MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) Yao-Chung Chang, Han-Chieh Chao, K.M. Liu and T. G. Tsuei* Department of Electrical Engineering, National Dong Hwa University Hualien, Taiwan, Republic
More informationVIRTUAL PRIVATE NETWORKS: SECURE REMOTE ACCESS OVER THE INTERNET
51-10-38 DATA COMMUNICATIONS MANAGEMENT VIRTUAL PRIVATE NETWORKS: SECURE REMOTE ACCESS OVER THE INTERNET John R. Vacca INSIDE Remote User Access over the Internet; Connecting Networks over the Internet;
More informationBuilding scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF
Building scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF Presenter information Tomas Kirnak Network design Security, wireless Servers Virtualization MikroTik Certified Trainer Atris,
More informationMPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net
MPLS Layer 3 and Layer 2 VPNs over an IP only Core Rahul Aggarwal Juniper Networks rahul@juniper.net Agenda MPLS VPN services and transport technology Motivation for MPLS VPN services over an IP only core
More informationRFC 2547bis: BGP/MPLS VPN Fundamentals
White Paper RFC 2547bis: BGP/MPLS VPN Fundamentals Chuck Semeria Marketing Engineer Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2001 or 888 JUNIPER www.juniper.net
More informationProCurve Networking IPv6 The Next Generation of Networking
ProCurve Networking The Next Generation of Networking Introduction... 2 Benefits from... 2 The Protocol... 3 Technology Features and Benefits... 4 Larger number of addresses... 4 End-to-end connectivity...
More informationCommunications and Computer Networks
SFWR 4C03: Computer Networks and Computer Security January 5-8 2004 Lecturer: Kartik Krishnan Lectures 1-3 Communications and Computer Networks The fundamental purpose of a communication system is the
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationProtocol Data Units and Encapsulation
Chapter 2: Communicating over the 51 Protocol Units and Encapsulation For application data to travel uncorrupted from one host to another, header (or control data), which contains control and addressing
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationI. What is VPN? II. Types of VPN connection. There are two types of VPN connection:
Table of Content I. What is VPN?... 2 II. Types of VPN connection... 2 III. Types of VPN Protocol... 3 IV. Remote Access VPN configuration... 4 a. PPTP protocol configuration... 4 Network Topology... 4
More informationCourse Description. Students Will Learn
Course Description The next generation of telecommunications networks will deliver broadband data and multimedia services to users. The Ethernet interface is becoming the interface of preference for user
More informationNetwork Management for Common Topologies How best to use LiveAction for managing WAN and campus networks
Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks April 2014 www.liveaction.com Contents 1. Introduction... 1 2. WAN Networks... 2 3. Using LiveAction
More informationEVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE
EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need
More informationIP/MPLS-Based VPNs Layer-3 vs. Layer-2
Table of Contents 1. Objective... 3 2. Target Audience... 3 3. Pre-Requisites... 3 4. Introduction...3 5. MPLS Layer-3 VPNs... 4 6. MPLS Layer-2 VPNs... 7 6.1. Point-to-Point Connectivity... 8 6.2. Multi-Point
More informationComparison of VPN Protocols IPSec, PPTP, and L2TP
Project Report ECE 646 (Fall 2001) Comparison of VPN Protocols IPSec, PPTP, and L2TP Poonam Arora, Prem R. Vemuganti, Praveen Allani Department of Electrical and Computer Engineering George Mason University
More informationCS 4803 Computer and Network Security
Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and
More informationTransparent LAN Services Offer Visible Benefits
Transparent LAN Services Offer Visible Benefits Introduction Over the past few years, several trends have developed that have resulted in the need for better ways to manage wide area networks. The first
More informationChapter 2 - The TCP/IP and OSI Networking Models
Chapter 2 - The TCP/IP and OSI Networking Models TCP/IP : Transmission Control Protocol/Internet Protocol OSI : Open System Interconnection RFC Request for Comments TCP/IP Architecture Layers Application
More informationNetwork Working Group Request for Comments: 2547. March 1999
Network Working Group Request for Comments: 2547 Category: Informational E. Rosen Y. Rekhter Cisco Systems, Inc. March 1999 BGP/MPLS VPNs Status of this Memo This memo provides information for the Internet
More informationPart The VPN Overview
VPN1 6/9/03 6:00 PM Page 1 Part 1 The VPN Overview VPN1 6/9/03 6:00 PM Page 2 VPN1 6/9/03 6:00 PM Page 3 Chapter 1 VPN-in-Brief 1.1 VPN Overview This is the information age. We no longer have to commute
More informationIVCi s IntelliNet SM Network
IVCi s IntelliNet SM Network Technical White Paper Introduction...2 Overview...2 A True ATM Solution End to End...2 The Power of a Switched Network...2 Data Throughput:...3 Improved Security:...3 Class
More informationIntroduction to MPLS-based VPNs
Introduction to MPLS-based VPNs Ferit Yegenoglu, Ph.D. ISOCORE ferit@isocore.com Outline Introduction BGP/MPLS VPNs Network Architecture Overview Main Features of BGP/MPLS VPNs Required Protocol Extensions
More informationMultiprotocol Label Switching (MPLS)
Multiprotocol Label Switching (MPLS) รศ.ดร. อน นต ผลเพ ม Asso. Prof. Anan Phonphoem, Ph.D. anan.p@ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University, Bangkok, Thailand
More informationEvaluating Bandwidth Optimization Technologies: Bonded Internet
Evaluating Bandwidth Optimization Technologies: Bonded Internet Contents Channel Bonding and MLPPP Load Balancing and BGP Configuring Tunnels Traditional Bonding MetTel s Bonded Internet Service 3 4 5
More informationVirtual Private Network and Remote Access
Virtual Private Network and Remote Access Introduction A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A
More informationPRASAD ATHUKURI Sreekavitha engineering info technology,kammam
Multiprotocol Label Switching Layer 3 Virtual Private Networks with Open ShortestPath First protocol PRASAD ATHUKURI Sreekavitha engineering info technology,kammam Abstract This paper aims at implementing
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationSprint Global MPLS VPN IP Whitepaper
Sprint Global MPLS VPN IP Whitepaper Sprint Product Marketing and Product Development January 2006 Revision 7.0 1.0 MPLS VPN Marketplace Demand for MPLS (Multiprotocol Label Switching) VPNs (standardized
More informationMulti Protocol Label Switching (MPLS) is a core networking technology that
MPLS and MPLS VPNs: Basics for Beginners Christopher Brandon Johnson Abstract Multi Protocol Label Switching (MPLS) is a core networking technology that operates essentially in between Layers 2 and 3 of
More informationVirtual Private Networks
Virtual Private Networks Rene Bahena Felipe Flores COEN 150 Project Report Chapter 1: What is a VPN? VPN stands for Virtual Private Network and is a way of making a secure remote connection to a private
More informationProtocols and Architecture. Protocol Architecture.
Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between
More informationIP VPN Solutions Secure, flexible networking options from a leader in IP solutions
IP VPN Solutions Secure, flexible networking options from a leader in IP solutions IP VPN Security that s virtually everywhere An increasing number of businesses today are leveraging the power of IP virtual
More informationVirtual Private Networks (VPN) VPN. Agenda. Classical VPN s
Virtual Private Networks (VPN) VPN Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP) old idea private networks of different customers can share a single WAN infrastructure since 1980
More informationMPLS is the enabling technology for the New Broadband (IP) Public Network
From the MPLS Forum Multi-Protocol Switching (MPLS) An Overview Mario BALI Turin Polytechnic Mario.Baldi@polito.it www.polito.it/~baldi MPLS is the enabling technology for the New Broadband (IP) Public
More information