VPN Presentation Iman

8/3/2019 VPN Presentation Iman

1/24

Virtual Private Network

(VPN)

Virtual Private Network

(VPN)


2/24

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential --22--

If saving money is wrong,If saving money is wrong,

I dont want to be rightI dont want to be right

-- William ShartnerWilliam Shartner


3/24


outlineoutline

What is a VPN?What is a VPN?

Types of VPNTypes of VPN

Why use VPNs?Why use VPNs?

Disadvantage of VPNDisadvantage of VPN

Types of VPN protocolsTypes of VPN protocols

EncryptionEncryption


4/24


What is a VPN?What is a VPN?

A VPN is A networkA VPN is A network

that uses Internet orthat uses Internet or

other network serviceother network service

to transmit data.to transmit data.

A VPN includesA VPN includes

authentication andauthentication andencryption to protectencryption to protect

data integrity anddata integrity and

confidentialityconfidentiality

VPN

VPN

InternetInternet


5/24


Types of VPNsTypes of VPNs

Remote Access VPNRemote Access VPN

Provides access toProvides access to

internal corporateinternal corporate

network over thenetwork over theInternet.Internet.

Reduces longReduces long

distance, modemdistance, modem

bank, and technicalbank, and technicalsupport costs.support costs.

InternetInternet

CorporateSite


6/24


Types of VPNsTypes of VPNs Remote Access VPNRemote Access VPN

SiteSite--toto--Site VPNSite VPN

Connects multipleConnects multiple

offices over Internetoffices over Internet ReducesReduces

dependencies ondependencies on

frame relay andframe relay and

leased linesleased lines

InternetInternet

BranchOffice

Corporate

Site


7/24




Extranet VPNExtranet VPN

Provides businessProvides business

partners access topartners access tocritical informationcritical information

(leads, sales tools,(leads, sales tools,

etc)etc)

Reduces transactionReduces transaction

and operational costsand operational costs

CorporateSite

InternetInternet

Partner #1

Partner #2


8/24




Extranet VPNExtranet VPN

Intranet VPN:Intranet VPN:Links corporateLinks corporate

headquarters, remoteheadquarters, remote

offices, and branchoffices, and branch

offices over a sharedoffices over a shared

infrastructure usinginfrastructure usingdedicated connections.dedicated connections.

InternetInternet

LAN

clients

Database

Server

LAN clients with

sensitive data


9/24


Why Use Virtual PrivateNetworks?


More flexibilityMore flexibility

Use multiple connection types (cable, DSL,Use multiple connection types (cable, DSL,T1, T3)T1, T3)

Secure and lowSecure and low--cost way to linkcost way to link

Ubiquitous ISP servicesUbiquitous ISP services

Easier EEasier E--commercecommerce


10/24





More scalabilityMore scalability

Add new sites, users quicklyAdd new sites, users quickly

Scale bandwidth to meet demandScale bandwidth to meet demand


11/24





More scalabilityMore scalability

Lower costsLower costs Reduced frame relay/leased line costsReduced frame relay/leased line costs Reduced long distanceReduced long distance

Reduced equipment costs (modemReduced equipment costs (modembanks,CSU/DSUs)banks,CSU/DSUs)

Reduced technical training and supportReduced technical training and support


12/24


VPN Return on InvestmentVPN Return on Investment

5 branch offices, 1 large corporate office, 200 remoteaccess users.

Payback: 1.04 months. Annual Savings: 88%

Check Point

VPN Solution

Non-VPN

Solution

Savings with

Check Point

StartupCosts(Hardware

and Software)

$51,965Existing;

sunk costs =

$0

Site-to-Site

Annual Cost$30,485 $71,664

Frame relay$41,180 /yr

RAS

Annual Cost $48,000 $604,800Dial-in costs

$556,800 /yr

Combined

Annual Cost$78,485 $676,464 $597,980 /yr

Case History Professional Services Company


13/24


Disadvantages of VPNDisadvantages of VPN

Lower bandwidth available comparedLower bandwidth available comparedto dialto dial--in linein line

Inconsistent remote accessInconsistent remote access

performance due to changes inperformance due to changes inInternet connectivityInternet connectivity

No entrance into the network if theNo entrance into the network if the

Internet connection is brokenInternet connection is broken


14/24


Point-to-Point TunnelingProtocol (PPTP)

Point-to-Point TunnelingProtocol (PPTP)

Layer 2 remote access VPN distributed with Windows productLayer 2 remote access VPN distributed with Windows productfamilyfamily Addition to PointAddition to Point--toto--Point Protocol (PPP)Point Protocol (PPP)

Allows multiple Layer 3 ProtocolsAllows multiple Layer 3 Protocols

Uses proprietary authentication and encryptionUses proprietary authentication and encryption

Limited user management and scalabilityLimited user management and scalability Used MPPE encryption methodUsed MPPE encryption method

Internet

Remote PPTP Client

ISP Remote Access

Switch

PPTP RAS Server

Corporate Network


15/24


16/24


Internet Protocol Security(IPSec)

Internet Protocol Security(IPSec)

Layer 3 protocol for remote access,Layer 3 protocol for remote access,

intranet, and extranet VPNsintranet, and extranet VPNs

Internet standard for VPNsInternet standard for VPNs

Provides flexible encryption and messageProvides flexible encryption and messageauthentication/integrityauthentication/integrity


17/24


EncryptionEncryption

Used to convert data to a secret codeUsed to convert data to a secret code

for transmission over an trusted networkfor transmission over an trusted network

EncryptionAlgorithm

The cow jumpedover the moon

4hsd4e3mjvd3sda1d38esdf2w4d

ClearTextClearText Encrypted TextEncrypted Text


18/24


Symmetric EncryptionSymmetric Encryption Same key used to encrypt and decryptSame key used to encrypt and decrypt

messagemessage

Faster than asymmetric encryptionFaster than asymmetric encryption

Used by IPSec to encrypt actual messageUsed by IPSec to encrypt actual messagedatadata

Examples: DES, 3DES, RC5Examples: DES, 3DES, RC5

Shared Secret KeyShared Secret Key


19/24


Asymmetric EncryptionAsymmetric Encryption Different keys used to encrypt and decryptDifferent keys used to encrypt and decrypt

message (One public, one private)message (One public, one private)

Provides nonProvides non--repudiation of message orrepudiation of message ormessage integritymessage integrity

Examples include RSA, DSA, SHAExamples include RSA, DSA, SHA--1, MD1, MD--55

Alice Public KeyAlice Public Key

EncryptEncrypt

Alice Private KeyAlice Private Key

DecryptDecrypt

BobBob AliceAlice


20/24


Industries That May Use a VPNIndustries That May Use a VPN Healthcare:: enables the transferring of confidentialenables the transferring of confidential

patient information within the medical facilities &patient information within the medical facilities &health care providerhealth care provider

Manufacturing:: allow suppliers to view inventory &allow suppliers to view inventory &

allow clients to purchase online safelyallow clients to purchase online safely

Retail:: able to securely transfer sales data orable to securely transfer sales data orcustomer info between stores & the headquarterscustomer info between stores & the headquarters

Banking/Financial:: enables account information toenables account information tobe transferred safely within departments & branchesbe transferred safely within departments & branches

General Business:: communication between remotecommunication between remoteemployees can be securely exchangedemployees can be securely exchanged


21/24


Some Businesses using a VPNSome Businesses using a VPN

CVS Pharmaceutical CorporationCVS Pharmaceutical Corporation

upgraded their frame relay network toupgraded their frame relay network to

an IP VPNan IP VPN

Bacardi & Co. Implemented a 21Bacardi & Co. Implemented a 21--

country, 44country, 44--location VPNlocation VPN


22/24


QuestionsQuestions


23/24


presented by :presented by :

Iman AbooeeIman Abooee

Thanks for your attentionThanks for your attention

WinterWinter 8585


24/24


Resource:Resource:www.vpnc.org/vpnwww.vpnc.org/vpn--technologies.pdftechnologies.pdf

www.adtran.com/www.adtran.com/

www.cisco.com/ipsec_wp.htmwww.cisco.com/ipsec_wp.htm

www.computerworld.comwww.computerworld.com

www.findvpn.comwww.findvpn.com

www. Shabake_mag.comwww. Shabake_mag.com

VPN Presentation Iman

Documents

Transcript of VPN Presentation Iman