Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

VPN

No description
by

Nouf n

on 16 December 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of VPN

THANK YOU
Outline
Introduction
VPN topology
Tunneling
Security issues and techniques

Virtual Private Network
Introduction
Virtual Private Network
It works by combining a public telecommunication network, with a private network
What is a VPN?
VPN Topology : Types of VPNs
Remote access VPN
Intranet VPN
Extranet VPN

Remote Access VPN
Intranet VPN
Extranet VPN
late 80's
early 90's
early 90's
mid 90's
Long-distance of WANs and were strongly based on databases.

Use X.25 and ISDN technologies to transmit packet streams go over a shared public network.

Use FR and ATM technologies, it based on virtual circuit switching.

Use tunneling technology, by encapsulating data packet in a tunneling protocol (IPSec, PPTP, L2TP) then packing it again into an IP packet. Then use IP information to send the packet to the destination.

VPN Topology : VPN generations

Late 80's
Early 90's
Early 90's
Mid 90's
VPN Topology : Advantages and Disadvantages of VPN
Advantages
Cost-Saving
Scalability
VPNs and Mobile Workers
Privacy and Security
global reach
Disadvantages
Cannot control the VPN directly
Technical issues if you use a different product vendor
Security issues
Lack of support to the legacy protocols
VPN Topology: What is needed?
Existing hardware (Servers, workstations,…)
Internet connection
VPN - Router/Switch
Software to create and manage tunnels
Security Device such as firewall

Tunneling
Tunneling

A core concept in VPN implementation!

Refers to the encapsulation of original data packets within a packet of another protocol format (e.g. PPTP for IP)

Tunneling Protocols
Tunneling Protocols
Can be categorized by the layer in which they work

OSI Layer 2

OSI Layer 3
PPTP
L2F
L2TP
IPsec
Tunneling Protocol: PPTP
Developed by PPTP consortium (Microsoft and other companies)

PPTP
Relies on PPP to connect to NAS

Packet Encapsulation Process

PPTP
Weak Security Mechanism


Security through PPP’s (MPPT)

Tunneling Protocol: L2TP
Improvement over PPTP, Standardized by IETF. It combines the best in both L2F and PPTP


L2TP
Extends the tunnel up to host’s gateway


L2TP Packet Encapsulation Process

L2TP

1. Compulsory Mode
2. Voluntary Mode

It is platform independent. Orgs can authenticate instead of ISP
Slower than PPTP due to IPSec

Tunnel modes
Tunneling Protocol: IPSec
It is a protocol suite that contain multiple protocols (ESP, AH, IKE)
Standardized by IETF

Standard
Standard in Today’s VPN
Solutions

Security + confidentiality + integrity

IPSec : Security Associations (SA)
Used to negotiate security measurements between communicating parties
Unidirectional logical path between the two communicating nodes
Defines:
- Authentication protocols
- Encryption algorithms
- Hash functions
- Mode of operation
- Address of destination

SA
Cryptographic Operations
Used to encrypt and secure data

Hashing for Integrity
Digital Signature
(hash+assym. Key)
IPSec : Modes of Operation
Modes

Transport

Tunnel

IPSec : Security Protocols
Encapsulating Security Protocol
Authentication Header
Internet Key Exchange

IPSec : Security Protocols
Encapsulating Security Protocol (ESP)

Transport Mode

Tunnel Mode

Authentication Header

Transport Mode

Tunnel Mode

IPSec : Security Protocols
Internet Key Exchange

Non-IPSec protocol
Used to maintain dynamic SA to establish VPN sessions
It has two phases: 1. IKE SA 2. IPSec SA
Terminates Sessions Periodically

Dynamic SA assignment

Manages DB records


Security
Security issues
Any network possibly exposed to attacks.
Motivations of attacks: competitions ,stealing sensitive information , revenge, and amateur hackers.

Security issues
The security threats:

External
Internal
Collaborative
VPN attacks
VPN elements.
VPN protocols.
Denial-of-service attack Dos.

VPN attacks: VPN elements
VPN attacks: VPN protocols
Attacks on PPTP.
Attacks on IPSec.

VPN attacks :Denial-of-service attack (Dos)
Make some services or target computers in the network inaccessible.
Tips to prevent DoS :backups ,monitoring daily logs and separate sensitive application or files from regular data.

Security Techniques

Authentication Authorization Accounting (AAA)
Remote Access Dial-In User Service (RADIUS)
Terminal Access Controller Access Control System (TACACS+)
Remote Authentication Techniques:

Security Techniques
Firewall : prevents an unauthorized user from accessing a network or specific resources within it.

Security Techniques
Network address translation (NAT): effective solution to prevent external users from violates the network
TLS/SSL

presented by
Latifa AL-Jebreen
Shaden AL-Aqeeli
Nouf Al-Kahtani

Terminates Sessions Periodically
Full transcript