Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.



No description

Nouf n

on 16 December 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of VPN

VPN topology
Security issues and techniques

Virtual Private Network
Virtual Private Network
It works by combining a public telecommunication network, with a private network
What is a VPN?
VPN Topology : Types of VPNs
Remote access VPN
Intranet VPN
Extranet VPN

Remote Access VPN
Intranet VPN
Extranet VPN
late 80's
early 90's
early 90's
mid 90's
Long-distance of WANs and were strongly based on databases.

Use X.25 and ISDN technologies to transmit packet streams go over a shared public network.

Use FR and ATM technologies, it based on virtual circuit switching.

Use tunneling technology, by encapsulating data packet in a tunneling protocol (IPSec, PPTP, L2TP) then packing it again into an IP packet. Then use IP information to send the packet to the destination.

VPN Topology : VPN generations

Late 80's
Early 90's
Early 90's
Mid 90's
VPN Topology : Advantages and Disadvantages of VPN
VPNs and Mobile Workers
Privacy and Security
global reach
Cannot control the VPN directly
Technical issues if you use a different product vendor
Security issues
Lack of support to the legacy protocols
VPN Topology: What is needed?
Existing hardware (Servers, workstations,…)
Internet connection
VPN - Router/Switch
Software to create and manage tunnels
Security Device such as firewall


A core concept in VPN implementation!

Refers to the encapsulation of original data packets within a packet of another protocol format (e.g. PPTP for IP)

Tunneling Protocols
Tunneling Protocols
Can be categorized by the layer in which they work

OSI Layer 2

OSI Layer 3
Tunneling Protocol: PPTP
Developed by PPTP consortium (Microsoft and other companies)

Relies on PPP to connect to NAS

Packet Encapsulation Process

Weak Security Mechanism

Security through PPP’s (MPPT)

Tunneling Protocol: L2TP
Improvement over PPTP, Standardized by IETF. It combines the best in both L2F and PPTP

Extends the tunnel up to host’s gateway

L2TP Packet Encapsulation Process


1. Compulsory Mode
2. Voluntary Mode

It is platform independent. Orgs can authenticate instead of ISP
Slower than PPTP due to IPSec

Tunnel modes
Tunneling Protocol: IPSec
It is a protocol suite that contain multiple protocols (ESP, AH, IKE)
Standardized by IETF

Standard in Today’s VPN

Security + confidentiality + integrity

IPSec : Security Associations (SA)
Used to negotiate security measurements between communicating parties
Unidirectional logical path between the two communicating nodes
- Authentication protocols
- Encryption algorithms
- Hash functions
- Mode of operation
- Address of destination

Cryptographic Operations
Used to encrypt and secure data

Hashing for Integrity
Digital Signature
(hash+assym. Key)
IPSec : Modes of Operation



IPSec : Security Protocols
Encapsulating Security Protocol
Authentication Header
Internet Key Exchange

IPSec : Security Protocols
Encapsulating Security Protocol (ESP)

Transport Mode

Tunnel Mode

Authentication Header

Transport Mode

Tunnel Mode

IPSec : Security Protocols
Internet Key Exchange

Non-IPSec protocol
Used to maintain dynamic SA to establish VPN sessions
It has two phases: 1. IKE SA 2. IPSec SA
Terminates Sessions Periodically

Dynamic SA assignment

Manages DB records

Security issues
Any network possibly exposed to attacks.
Motivations of attacks: competitions ,stealing sensitive information , revenge, and amateur hackers.

Security issues
The security threats:

VPN attacks
VPN elements.
VPN protocols.
Denial-of-service attack Dos.

VPN attacks: VPN elements
VPN attacks: VPN protocols
Attacks on PPTP.
Attacks on IPSec.

VPN attacks :Denial-of-service attack (Dos)
Make some services or target computers in the network inaccessible.
Tips to prevent DoS :backups ,monitoring daily logs and separate sensitive application or files from regular data.

Security Techniques

Authentication Authorization Accounting (AAA)
Remote Access Dial-In User Service (RADIUS)
Terminal Access Controller Access Control System (TACACS+)
Remote Authentication Techniques:

Security Techniques
Firewall : prevents an unauthorized user from accessing a network or specific resources within it.

Security Techniques
Network address translation (NAT): effective solution to prevent external users from violates the network

presented by
Latifa AL-Jebreen
Shaden AL-Aqeeli
Nouf Al-Kahtani

Terminates Sessions Periodically
Full transcript