building virtual private network

openvpn - building and integrating virtual private networks

Virtual Private Network (VPN)

... SUMMARYVPNs do not make use of dedicated leased linesVPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secureVPN componentsVPN serversVPN clientsProtocols39TUNNELING PROTOCOLSLayer 2 Tunneling Protocol (L2TP)Provides better security through IPSecIPSec enables L2TP to performAuthenticationEncapsulationEncryption18TUNNELING PROTOCOLSSecure Shell (SSH)Provides authentication and encryptionWorks with UNIXbased systemsVersions for Windows are also availableUses publickey cryptographySocks V. 5Provides proxy services for applications That do not usually support proxyingSocks version 5 adds encrypted authentication and support for UDP2016ENCRYPTION SCHEMES USED BY VPNS (CONTINUED)Secure Sockets Layer (SSL) (continued)StepsServer uses its private key to decode premaster codeGenerates a master secret keyClient and server use it to generate session keysServer and client exchange messages saying handshake is completedSSL session begins34SUMMARY (CONTINUED)VPN typesSitetositeClienttositeEncapsulation encloses one packet within another Conceals the original informationVPN protocolsSecure Shell (SSH)Socks version 5PointtoPoint Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)40 Virtual Private Network (VPN) 29BIếN ĐổI ĐÓNG GÓI TRONG VPN (ENCAPSULATION)Các buớc trong tiến trình VPN Đóng gói (Encapsulation)Mã hoá (Encryption)Xác thực (Authentication)EncapsulationĐóng gói dữ liệu và các thông số khác nhauVí dụ như IP headerBảo vệ tính nguyên vẹn dữ liệu153127VPN CORE ACTIVITY 2: ENCRYPTIONEncryptionProcess of rendering information unreadable by all but the intended recipientComponentsKeyDigital certificateCertification Authority (CA)Key exchange methodsSymmetric cryptographyAsymmetric cryptographyInternet Key ExchangeFWZ2812SUMMARY (CONTINUED)IPSec/IKEEncryption makes the contents of the packet unreadableAuthentication ensures participating computers are authorized usersKerberos: strong authentication systemVPN advantagesHigh level of security at low costVPN disadvantagesCan introduce serious security risks412410255ENCRYPTION SCHEMES USED BY VPNSTriple Data Encryption Standard (3DES)Used by many VPN hardware and software3DES is a variation on Data Encryption Standard (DES)DES is not secure3DES is more secureThree separate 64bit keys to process data3DES requires more computer resources than DES30WHY ESTABLISH A VPN?VPN combinationsCombining VPN hardware with software adds layers of network securityOne useful combination is a VPN bundled with a firewallVPNs do not eliminate the need for firewallsProvide flexibility and versatility13FIREWALL CONFIGURATION FOR VPNS37Protocol ... SUMMARYVPNs do not make use of dedicated leased linesVPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secureVPN componentsVPN serversVPN clientsProtocols39TUNNELING PROTOCOLSLayer 2 Tunneling Protocol (L2TP)Provides better security through IPSecIPSec enables L2TP to performAuthenticationEncapsulationEncryption18TUNNELING PROTOCOLSSecure Shell (SSH)Provides authentication and encryptionWorks with UNIXbased systemsVersions for Windows are also availableUses publickey cryptographySocks V. 5Provides proxy services for applications That do not usually support proxyingSocks version 5 adds encrypted authentication and support for UDP2016ENCRYPTION SCHEMES USED BY VPNS (CONTINUED)Secure Sockets Layer (SSL) (continued)StepsServer uses its private key to decode premaster codeGenerates a master secret keyClient and server use it to generate session keysServer and client exchange messages saying handshake is completedSSL session begins34SUMMARY (CONTINUED)VPN typesSitetositeClienttositeEncapsulation encloses one packet within another Conceals the original informationVPN protocolsSecure Shell (SSH)Socks version 5PointtoPoint Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)40 Virtual Private Network (VPN) 29BIếN ĐổI ĐÓNG GÓI TRONG VPN (ENCAPSULATION)Các buớc trong tiến trình VPN Đóng gói (Encapsulation)Mã hoá (Encryption)Xác thực (Authentication)EncapsulationĐóng gói dữ liệu và các thông số khác nhauVí dụ như IP headerBảo vệ tính nguyên vẹn dữ liệu153127VPN CORE ACTIVITY 2: ENCRYPTIONEncryptionProcess of rendering information unreadable by all but the intended recipientComponentsKeyDigital certificateCertification Authority (CA)Key exchange methodsSymmetric cryptographyAsymmetric cryptographyInternet Key ExchangeFWZ2812SUMMARY (CONTINUED)IPSec/IKEEncryption makes the contents of the packet unreadableAuthentication ensures participating computers are authorized usersKerberos: strong authentication systemVPN advantagesHigh level of security at low costVPN disadvantagesCan introduce serious security risks412410255ENCRYPTION SCHEMES USED BY VPNSTriple Data Encryption Standard (3DES)Used by many VPN hardware and software3DES is a variation on Data Encryption Standard (DES)DES is not secure3DES is more secureThree separate 64bit keys to process data3DES requires more computer resources than DES30WHY ESTABLISH A VPN?VPN combinationsCombining VPN hardware with software adds layers of network securityOne useful combination is a VPN bundled with a firewallVPNs do not eliminate the need for firewallsProvide flexibility and versatility13FIREWALL CONFIGURATION FOR VPNS37Protocol ... SUMMARYVPNs do not make use of dedicated leased linesVPNs send data through a secure tunnel that leads from one endpoint to another VPNs keep critical business communications private and secureVPN componentsVPN serversVPN clientsProtocols39TUNNELING PROTOCOLSLayer 2 Tunneling Protocol (L2TP)Provides better security through IPSecIPSec enables L2TP to performAuthenticationEncapsulationEncryption18TUNNELING PROTOCOLSSecure Shell (SSH)Provides authentication and encryptionWorks with UNIXbased systemsVersions for Windows are also availableUses publickey cryptographySocks V. 5Provides proxy services for applications That do not usually support proxyingSocks version 5 adds encrypted authentication and support for UDP2016ENCRYPTION SCHEMES USED BY VPNS (CONTINUED)Secure Sockets Layer (SSL) (continued)StepsServer uses its private key to decode premaster codeGenerates a master secret keyClient and server use it to generate session keysServer and client exchange messages saying handshake is completedSSL session begins34SUMMARY (CONTINUED)VPN typesSitetositeClienttositeEncapsulation encloses one packet within another Conceals the original informationVPN protocolsSecure Shell (SSH)Socks version 5PointtoPoint Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)40 Virtual Private Network (VPN) 29BIếN ĐổI ĐÓNG GÓI TRONG VPN (ENCAPSULATION)Các buớc trong tiến trình VPN Đóng gói (Encapsulation)Mã hoá (Encryption)Xác thực (Authentication)EncapsulationĐóng gói dữ liệu và các thông số khác nhauVí dụ như IP headerBảo vệ tính nguyên vẹn dữ liệu153127VPN CORE ACTIVITY 2: ENCRYPTIONEncryptionProcess of rendering information unreadable by all but the intended recipientComponentsKeyDigital certificateCertification Authority (CA)Key exchange methodsSymmetric cryptographyAsymmetric cryptographyInternet Key ExchangeFWZ2812SUMMARY (CONTINUED)IPSec/IKEEncryption makes the contents of the packet unreadableAuthentication ensures participating computers are authorized usersKerberos: strong authentication systemVPN advantagesHigh level of security at low costVPN disadvantagesCan introduce serious security risks412410255ENCRYPTION SCHEMES USED BY VPNSTriple Data Encryption Standard (3DES)Used by many VPN hardware and software3DES is a variation on Data Encryption Standard (DES)DES is not secure3DES is more secureThree separate 64bit keys to process data3DES requires more computer resources than DES30WHY ESTABLISH A VPN?VPN combinationsCombining VPN hardware with software adds layers of network securityOne useful combination is a VPN bundled with a firewallVPNs do not eliminate the need for firewallsProvide flexibility and versatility13FIREWALL CONFIGURATION FOR VPNS37Protocol...

Virtual Private Network -mạng riêng ảo- VPN

Danh mục: Công nghệ thông tin

... - In LuËn v¨n, TiÓu luËn : 6.280.688Lý thuyết. I. Tổng quan về mạng riêng ảo VPN (Virtual Private Network) . II. VPN và bảo mật internet VPN. III. Thiết kế VPNI. Tổng quan về mạng riêng ... tiết kiệm được chi phí và thời gian. VPN ra đời đáp ứng tất cả các yêu cầu trênCụm từ Virtual Private Network gọi là mạng riêng ảo- VPN được khởi sự năm 1997.Mục đích mong muốn của công nghệ ... dịch nào dựa trên PPTP triển khai ít nhất 3 thành phần, các thành phần đó là : - PPTP client - Network Access Server (NAS) - PPTP server23CH sè 11 - B1 - §H KTQD Chuyªn Photocopy - §¸nh m¸y...

VIRTUAL PRIVATE NETWORK (VPN)

Danh mục: Công nghệ thông tin

... tunnel về mạng của họ.I. Giới Thiệu VPN1. Khái niệm- Mạng riêng ảo hay VPN (viết tắt cho Virtual Private Network) là mộtmạng dành riêng để kết nối các máy tính của các công ty, tập đoàn hay các ... lại đóng vai_________________________________________________________________________ VIRTUAL PRIVATE NETWORK (VPN)Nhóm 18Lớp: DHTH3GV: Th.s Nguyễn HòaDanh sách:1. Đặng Hồng Hải2. Hồ Thanh ... cho mỗi vị trí một giaothức đặc trưng chỉ định trong gói IP header, tạo một đường kết nối ảo (virtual point-IV. Kết Luận- Hiện nay xu hướng các công ty có nhiều chi nhánh là phổ biến, do nhucầu...

Virtual Private Networks

Danh mục: Quản trị mạng

... services to keep your network safe. However, most modern VPNsystems are combined with firewalls in a single device. Virtual Private Networking Explained Virtual Private Networks solve the problem ... connecting to a remote network via IPSec. This provides thehacker remote access to the private network, so he uses network scanning tools to "sniff out" the−structure of the network. He then ... passwords.The solution to this problem is Virtual Private Networks (VPNs). VPNs are a cost effective way to−extend your LAN over the Internet to remote networks and remote client computers. VPNs...

Virtual Private Networking in Windows 2000: An Overview

Danh mục: Tin học văn phòng

... public internetwork in a manner that emulates the properties of a point-to-point private link.The act of configuring and creating a virtual private network is known as virtual private networking. ... the internetwork appears to the user as a private network communication—despite the fact that this communication occurs over a public internetwork—hence the name virtual private network. VPN ... White Paper19USER ADMINISTRATION A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A VPN enables...

Thí nghiệm TTDL & Mạng máy tính - Bài 3: VPN (VIRTUAL PRIVATE NETWORK)

Danh mục: Quản trị mạng

... Thí nghiệm TTDL & Mạng máy tính Trang 55 9. Nhấn Next. Trên trang Network Connection, chọn Virtual Private Network connection. 10. Nhấn Next. Trên trang Connection Name, gõ VPN Client ... TTDL & Mạng máy tính Trang 62 4. Trên trang Connection type chọn Connect using virtual private networking (VPN). 5. Nhấn Next. Trên trang VPN Type chọn Point-to-Point Tunneling Protocol ... phỏng & Truyền số liệu Thí nghiệm TTDL & Mạng máy tính Trang 49 BAØI 3 : VPN (VIRTUAL PRIVATE NETWORK) I. Lý thuyết chung cho VPN • VPN cung cấp kết nối mạng với khoảng cách dài. Về...

Virtual Private Networks

Danh mục: Quản trị mạng

... number of terms are used widely in Secure VPN implementation, namely:•VPN. A private network configured within a public network, such as the Internet• VPN Tunnel. An exclusive channel or encrypted ... 545Miscellaneous 546Product.ini Parameters 549Chapter 28 SSL Network Extender Introduction to the SSL Network Extender 554How the SSL Network Extender Works 555Commonly Used Concepts 556Remote ... etc.).Overview44Figure 2-2IKE Phase II Once the IPSec keys are created, bulk data transfer takes place: Virtual Private NetworksAdministration GuideVersion NGX R65701675 March 18, 2007Table of Contents 5ContentsPreface...

Tài liệu 22.5. Virtual Private Networking pptx

Danh mục: Hệ điều hành

... stolen.) Figure 22-5. You're on your way to joining the corporate network from thousands of miles away. Virtual private networking is ideal for the paranoid (because it's very secure) ... Network. Click the + button below the list of connections at the left side. The "Select an interface" sheet appears. 2. From the pop-up menu, choose VPN. 22.5. Virtual Private Networking ... cheap: the Virtual Private Networke, or VPN. Running a VPN allows you to create a super-secure "tunnel" from your Mac, across the Internet, and straight into your corporate network. ...

Tài liệu Cách thiết lập VPN (Virtual Private Networks) Client - Phần II pdf

Danh mục: Quản trị mạng

... cho các học viên lớp MCSA - www.athenavn.com Cách thiết lập VPN (Virtual Private Networks) Client - Phần II Virtual Private Networks (VPN) hay gọi theo tiếng Việt là Mạng Riêng Ảo, cho phép ... ảnh minh họa 1. Right click vào My Network Places, chọn Properties, double click vào Make New Connection, sau đó click Next 2. Chọn vào Connect to private network through the Internet theo...

Xây dựng và thiết kế hệ thống virtual private networks

Danh mục: Công nghệ thông tin

Tài liệu Virtual Private Networking doc

Danh mục: Quản trị mạng

... +,6,2-2=."1'. (/,6& VIRTUAL PRIVATE NETWORKING01/24/14 8"01/24/14 31Financial PlanHigh-level financial...

Tài liệu Configuring Virtual Private Networks pdf

Danh mục: Quản trị mạng

... term virtual private dialup network (VPDN) instead of VPN.Enables VPN.Configuring Virtual Private NetworksVerifying VPN SessionsDNC-176Cisco IOS Dial Services Configuration Guide: Network ... 4500-Medge routerFrame Relaydata network Serial lines4 TI PRI linesPSTNDNC-145Cisco IOS Dial Services Configuration Guide: Network ServicesConfiguring Virtual Private NetworksThis chapter describes ... bothrouters.Configuring Virtual Private NetworksVPN Technology OverviewDNC-152Cisco IOS Dial Services Configuration Guide: Network ServicesTraditional dialup networking services only support...

Tài liệu Virtual Private Network (VPN) Implementation Options pptx

Danh mục: Quản trị mạng

... model is deployed?mp900725.eps8705002107/15/00steve gifford Virtual Networks Virtual Private Networks Virtual Dial-up Networks Virtual LANsOverlay VPN Peer-to-Peer VPNLayer 2 VPN Layer 3 ... 138 Chapter 8: Virtual Private Network (VPN) Implementation Options networks that are mostly IP-based, thus increasing the acquisition and operational costs of such a network. Peer-to-peer ... JoseAmsterdamWashingtonAtlantaParisLondon Virtual circuits (FrameRelay DLCI)CH08 Page 149 Wednesday, February 19, 2003 4:23 PM 130 Chapter 8: Virtual Private Network (VPN) Implementation Options...

Tài liệu Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs) ppt

Danh mục: An ninh - Bảo mật

... [Page 4] Network Working Group M. BehringerRequest for Comments: 4381 Cisco Systems IncCategory: Informational February 2006 Analysis of the Security of BGP/MPLS IP Virtual Private Networks ... BGP/MPLS IP virtual private network (VPN) architecture that is described in RFC 4364, for the benefit of service providers and VPN users. The analysis shows that BGP/MPLS IP VPN networks can ... the network. Proper tools are required to configure the core network. o To minimise the risk of "internal" attacks, the core network must be properly secured. This includes network...

Tài liệu Virtual Private Networks doc

Danh mục: An ninh - Bảo mật

... of hubs•star of hubs Virtual Private Networks (VPNs)•Used to connect two private networks together via the Internet•Used to connect remote users to a private network via the Internet•This ... work together•make sure that remote clients software works with your firewall VPN• Virtual Private NetworksCS-480bDick Steflik ... security stuff to IP then this transport can be made more secure•Can be done two ways:•At the network level using IPSec•Currently the most widely used method–But requires special client...