Understanding VPN Technology Choices



Similar documents
VPN. Date: 4/15/2004 By: Heena Patel

Case Study for Layer 3 Authentication and Encryption

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Technical papers Virtual private networks

Virtual Private Networks

Connecting an Android to a FortiGate with SSL VPN

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

How to configure VPN function on TP-LINK Routers

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Cornerstones of Security

What is the Barracuda SSL VPN Server Agent?

How to configure VPN function on TP-LINK Routers

Windows Remote Access

ReadyNAS Remote White Paper. NETGEAR May 2010

VPN. VPN For BIPAC 741/743GE

App Orchestration 2.0

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Remote Access VPN Solutions

FileCloud Security FAQ

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Scenario: IPsec Remote-Access VPN Configuration

SSL VPN Technical Primer

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

Chapter 4 Virtual Private Networking

Network Access Security. Lesson 10

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Remote Vendor Monitoring

Security and the Mitel Networks Teleworker Solution (6010) Mitel Networks White Paper

REMOTE ASSISTANCE SOLUTIONS Private Server

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Accessing the Media General SSL VPN

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

QoS VPN Router.

S. No. Type of Information Document Data. Date Version Nature of Change Author. Referred Policies, Procedures & Forms

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

SSL VPN vs. IPSec VPN

VPN L2TP Application. Installation Guide

SSL-Based Remote-Access VPN Solution

Best Practices & Deployment SurfControl Mobile Filter v

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

msuite5 & mdesign Installation Prerequisites

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

Secure remote access to your applications and data. Secure Application Access

How To Configure An Ipsec Tunnel On A Network With A Network Gateways (Dfl-800) On A Pnet 2.5V2.5 (Dlf-600) On An Ipse Vpn

Comparing Mobile VPN Technologies WHITE PAPER

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Chapter 5 Virtual Private Networking Using IPsec

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Ensuring the security of your mobile business intelligence

Cisco SA 500 Series Security Appliance

High Level Overview of IPSec and MPLS IPVPNs

Security Considerations for DirectAccess Deployments. Whitepaper

Edgewater Routers User Guide

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Clientless SSL VPN Users

Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations

Securely Delivering Applications Over the Internet. White Paper

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Wireless VPN White Paper. WIALAN Technologies, Inc.

Advanced Administration

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

Using Rsync for NAS-to-NAS Backups

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

2003, Rainbow Technologies, Inc.

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Protecting the Home Network (Firewall)

University of Hawaii at Manoa Professor: Kazuo Sugihara

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Virtual Private Networks (VPN) Connectivity and Management Policy

ehealth Ontario EMR Connectivity Guidelines

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Edgewater Routers User Guide

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

A Guide to New Features in Propalms OneGate 4.0

Overcoming the Performance Limitations of Conventional SSL VPN April 26, 2006

Cisco QuickVPN Installation Tips for Windows Operating Systems

GPRS / 3G Services: VPN solutions supported

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Cisco WAAS Express. Product Overview. Cisco WAAS Express Benefits. The Cisco WAAS Express Advantage


Certes Networks Layer 4 Encryption. Network Services Impact Test Results

Setting Up Scan to SMB on TaskALFA series MFP s.

What s New in Juniper s SSL VPN Version 6.0

VPN PPTP Application. Installation Guide

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Experiment # 6 Remote Access Services

Scenario: Remote-Access VPN Configuration

Design and Implementation Guide. Apple iphone Compatibility

Astaro Gateway Software Applications

Security. TestOut Modules

A Web Broker Architecture for Remote Access A simple and cost-effective way to remotely maintain and service industrial machinery worldwide

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Cisco Which VPN Solution is Right for You?

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Transcription:

Understanding VPN Technology Choices Presented by: Rob Pantazelos, Network Administrator Brown Rudnick, LLP The most current version of this presentation can be downloaded at: http://www.brownrudnick.com/nr/ilta2008_vpn.ppt Presentation Overview Introduction Background Remote Access VPN Topologies and Technologies Caveats, Considerations, and Competing Technologies Site to Site VPN Benefits, Challenges, and Considerations Summary Questions, Comments, Ideas Introduction Expansion of companies, particularly law firms outside the traditional boundaries of a central office Need to deliver content and applications to remote offices and remote users Ability to deliver reliably Ability to deliver at low cost 1

Background What is VPN? Stands for Virtual Private Network. Provides private connectivity, through a public connection medium (Internet) referred to as a tunnel Virtual The availability of internal networks and resources is extended to remote users and remote offices Private Through the use of encryption, although traffic is passing through the public domain it is only decipherable by intended recipients Background - Encryption Encryption is the use of a key or cipher to alter (off-set) the data set. The data stream can only be understood by recipients with the key. THI SISTHE THI DECRY PTEDME SSAGE Background How does VPN work? Uses two endpoints to encrypt/decrypt traffic The end points share a key or certificate which serves as the encryption algorithm Can be used to connect remote PCs to a central office (remote access VPN) or even whole networks (site to site VPN) Creates a secured connection over the public internet without the need for dedicated (expensive) point to point links 2

User User Remote Access VPN Topology EMAIL SERVER FIREWALL RAS SERVER VPN CONCENTRATOR INTERNET REMOTE USER MAIN OFFICE REMOTE USER FILE SERVER Remote Access VPN Technology - PPTP Authentication based VPN Requires a connection and an authentication server, most prevalently Microsoft RAS Server + LDAP or RADIUS Encryption key is generated from the password Pros Deployment Cost Single Sign-on integrated Cons Lowest level of encryption Remote Access Technology Firewall Client Based VPN Requires a hardware device either a Firewall or a VPN Concentrator Authentication is 2 phase, requires a preshared key, then authenticates the user either Device Local or RADIUS Encryption key is generated from the password Pros Strong Encryption Cons Software must be installed on all client machines Often blocked by Hotel/Hotspot Firewalls 3

Remote Access Technology SSL Web-based VPN Users are able to connect to the VPN by logging into a webpage All network traffic is then encrypted over SSL (443) port Pros Clientless Uses standard SSL port removing Hotel/Hotspot Challenges Cons Licensing Costs Service based deployment, whole network is not available by default Caveats & Considerations Network is actually extended to the client and data is actually extended to the client machine Processing is done on the connecting machine, data must transfer, can be slow for large files Client machine must have all of the required applications and configurations installed Data can be copied locally/removed Maintaining security policy - Antivirus Competing Technology Transmit presentation data, not actual data Centralized Single connection point, managed environment Citrix Terminal Server Decentralized PC Redirection GoToMyPC Logmein.com VNC 4

VPN vs. CITRIX/Terminal Server Site to Site VPN Connect multiple networks at multiple sites Connection provided by appliances, either firewalls, VPN concentrators, potentially routers Each device has the encryption key data is encrypted using device memory and CPU utilization then transmitted, received and decrypted Higher encryption level = higher overhead = slower transmission rates Site to Site VPN Topology EMAIL SERVER FILE SERVER INTERNET Firewall Firewall REMOTE OFFICE MAIN OFFICE FILE SERVER 5

Considerations for Site to Site VPN Bandwidth Shared with Internet bandwidth Also has overhead and encapsulation requirements Latency Sensitive Public Relies on upstream devices Single point of failure for both WAN and Internet No QOS for VOIP/VIDEO Benefits of VPN Low Deployment Cost Speed in connecting sites, only internet connectivity is needed Strong encryption On the network with local resources that are available on the PC that you are connecting through Limitations/Shortcomings of VPN Even though data is encrypted, it is still being transmitted on the public internet International regulations and export guidelines restrict where you can create a VPN tunnel to and from Firewalls at remote sites particularly Hotels, Conferences, and Wifi hotspots typically do not allow IPSec passthrough, thus blocking a tunnel formation. This is why SSL VPN s are becoming more prevalent. Challenges enforcing endpoint security on remote clients (local antivirus and antispyware, etc.) No QOS since you are using a public network. VOIP/Video can be problematic over a VPN. Requires software to be installed on remote computer the same way it is installed on the corporate computer. 6

Summary A strong solution for certain applications/requirements Many Considerations Often works best in tandem with other Solutions Future of VPN Stronger encryption Offered by ISP vendors to complement MPLS networks Deployments being made easier Devices offering endpoint security methods Questions, Comments, Ideas 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information