Presented By R.Manasa Gupta Roll no -08x81a0526 Branch c.s.

Fundamentally, a VPN is a set of tools which allow networks at different locations to be securely connected, using a public network as the transport layer.

VPNs are most commonly used today for telecommuting and linking branch offices via secure WANs.

Separate private networking solutions are expensive and cannot be updated quickly to adapt to changes in business requirements. The Internet is inexpensive but does not by itself ensure privacy. Connect two sites. Allow remote access by individual users.

VPNs must be encrypted

so no one can read it

VPNs must be authenticated No one outside the VPN can alter the VPN All parties to the VPN must agree on the security properties

IPSec Tunnel Mode

RFC 2401

Point-to-Point Tunneling Protocol (PPTP)

RFC 2637

-Usually used with serial connections. - Provides IP connection between two points. -Establishes IP address at both ends of connection
`

. Layer 2 Tunneling Protocol (L2TP)

RFC 2661

Tunneling Authentication Access Control Data Security

PPTP (Point-to-Point Tunneling Protocol)

Uses a TCP connection for tunnel maintenance and generic routing encapsulated PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted and/or compressed.

L2TP (Layer 2 Tunneling Protocol)

Uses UDP and a series of L2TP messages for tunnel maintenance.

The solution must identify the users identity and only allow access to authorized users. The user account can be a local account on the VPN server or, in most cases, a domain account granted appropriate dial-in permissions. The default policy for remote access is Allowed access if dial-in permission is enabled.

limiting unauthorized users from accessing the network. Authentication validates that the data was sent from the sender. Confidentiality preventing the data to be read or copied as the data is being transported. Data Integrity ensuring that the data has not been altered

` `

Data sent and received over the Internet must be encrypted for privacy. PPTP and L2TP use PPP-based data encryption methods Optionally you can use Microsoft Point-to-Point Encryption (MPPE), based on the RSA RCA algorithm Microsoft Implementation of the L2TP protocol uses IPSec encryption to protect the data stream form the client to the tunnel server.

There are three basic VPN categories:

`

Intranet Extranet Internet

A VPN must protect against passive and active attacks. A passive attacker has no ability to interrupt or modify the data channel between two parties. Encryption is effective at defeating passive attacks.

An active attacker has the ability to insert himself into the communication channel and add, modify, or delete data packets between both parties to the channel.

For this reason, such attacks are commonly referred to as Man-in-the-middle attacks.

- Eliminating the need for expensive longdistance leased lines. -Reducing the long-distance telephone charges for remote access. -Flexibility of growth -Efficiency with broadband technology

VPNs require an in-depth understanding of public network security issues and proper deployment of precautions Availability and performance depends on factors largely outside of their control Immature standards VPNs need to accommodate protocols other than IP and existing internal network technology

Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely Retail: able to securely transfer sales data or customer info between stores & the headquarters Banking/Financial: enables account information to be transferred safely within departments & branches General Business communication between remote employees can be securely exchanged