SlideShare a Scribd company logo

The vpn

Download as PPTX, PDF
Abhinav Dwivedi
Abhinav Dwivedi

Virtual private networks (VPNs) allow organizations to securely connect to a private network over a shared public infrastructure like the Internet. VPNs work by encrypting data that is sent between devices so that it can only be read by the intended recipient. This creates a secure "tunnel" to transmit data privately across a public network. VPNs provide benefits like extending a private network's reach, improving security, and reducing costs compared to traditional private leased lines. However, VPNs still face security risks such as hacking attacks, weak user authentication, client-side vulnerabilities, and virus/malware infections that could compromise the private network.

Related slideshows

Firewall
FirewallFirewall
Firewall
 
Ch11 Vpn
Ch11 VpnCh11 Vpn
Ch11 Vpn
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
1 of 27
The Virtual Private Network A quick overviewCreated By : Abhinav Dwivedi
What is the Virtual Private Network? VPN is termed as the connectivity, deployed on a Shared Infrastructure with the same policies and ‘Performance’ as a private Network.
A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organisation. The goal of a VPN is to provide the organisation with the same capabilities, but at a much lower cost.
A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunnelling protocols. In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a “tunnel” that cannot be “entered” by data that is not properly generated. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
How does the VPN works?
The vpn
Types of VPN
Intranet VPN Extends the connectionless IP model across a shared WAN —> Reduces application development time —> Reduces support costs —>Reduces line costs
Extranet VPN Extends connectivity to suppliers, customers, and business partners. Over a shared infrastructures. Using dedicated connections While ensuring proper level of authorised access
Router/Firewall initiated VPN For site to site connectivity - internets and extranets.
The vpn
Benefits of VPN Extend geographic connectivity Improve security Reduce operational costs versus traditional WAN. Reduce transit time and transportation cost for remote users. Improve Productivity Simplify network Provides global networking opportunities Easy to configure Provide telecommuter support Used to access BLOCKED websites
The vpn
VPN Security
A well-designed VPN uses several methods for keeping your connection and data secure: Fire walls Encryption Sec AAA server
VPN uses encryption to provide the data confidentiality. Once connected, the VPN makes use of the tunnelling mechanism to encapsulate encrypted data into a secure tunnel, with openly read headers, which can cross the public networks. VPN also provides the data integrity check.This is typically performed using a message digest to ensure that the data has not been tampered with during transmission. VPN Security
Firewalls Provides a strong barrier between your private network and the internet. You can set firewalls to restrict the numbers of ports, what types of packets are passed through and which protocols are allowed through.
Encryption Process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode.
IPSec Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication.
Creating Dial up VPN on windows server 2008R2 Conditions: >IP address should be static >firewall should be turned off > computers must be in a network >domain should be built already Go to server manager, install the RRAS role from the Administrative tools. Follow the onscreen instructions with a desired choice of options as according you want to build the VPN.
Risks and Limitations
Hacking Attacks VPN Hijacking is the unauthorised take-over of an established VPN connection from a remote client, and impersonating that client on the connecting network. Man-in-Middle attacks affect traffic being sent between communicating parties , and can include interception, insertion, deletion, and modification of messages, reflecting messages back at the sender, repaying old messages and redirecting messages.
User Authentication By default, VPN does not provide/enforce strong user authentication. A VPN connection should only be established by an authenticated user. If the authentication is not strong enough to restrict unauthorised access, an unauthorised party could access the connected network and its resources. Most VPN implementations provide limited authentications methods. For example, PAP, used in PPTP, transports both username and password in clear text. A third party could capture this information and use it to gain subsequent access to the network.
Client-Side risks The VPN client machines of, say, home users may be connected to the Internet via a standard broadband connection while at the same time holding a VPN connection to a private network, using split tunnelling. This may pose a risk to the private network being connected to. A client machine may also be shared with other parties who are not fully aware of the security implications. In addition, a laptop used by a mobile user may be connected to the Internet, a wireless LAN at a hotel, airport or on other foreign networks. However, the security protection in most of these public connection points is inadequate for VPN access. If the VPN client machine is compromised, either before or during the connection, this poses a risk to the connecting network.
Virus/ Malware Infections A connecting network can be compromised if the client side is infected with a virus. If a virus or spyware infects a client machine, there is chance that the password for the VPN connection might be leaked to an attacker. In the case of an intranet or extranet VPN connection, if one network is infected by a virus or worm, that virus / worm can be spread quickly to other networks if anti- virus protection systems are ineffective.
Conclusion VPN provides a means of accessing a secure, private, internal network over insecure public networks such as the Internet. A number of VPN technologies have been outlined, among which IPsec and SSL VPN are the most common. Although a secure communication channel can be opened and tunnelled through an insecure network via VPN, client side security should not be overlooked.
–Abhinav Dwivedi “Thank You” Made by Apple Keynote

More Related Content

The vpn

  • 1. The Virtual Private Network A quick overviewCreated By : Abhinav Dwivedi
  • 2. What is the Virtual Private Network? VPN is termed as the connectivity, deployed on a Shared Infrastructure with the same policies and ‘Performance’ as a private Network.
  • 3. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organisation. The goal of a VPN is to provide the organisation with the same capabilities, but at a much lower cost.
  • 4. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunnelling protocols. In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a “tunnel” that cannot be “entered” by data that is not properly generated. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
  • 5. How does the VPN works?
  • 8. Intranet VPN Extends the connectionless IP model across a shared WAN —> Reduces application development time —> Reduces support costs —>Reduces line costs
  • 9. Extranet VPN Extends connectivity to suppliers, customers, and business partners. Over a shared infrastructures. Using dedicated connections While ensuring proper level of authorised access
  • 10. Router/Firewall initiated VPN For site to site connectivity - internets and extranets.
  • 12. Benefits of VPN Extend geographic connectivity Improve security Reduce operational costs versus traditional WAN. Reduce transit time and transportation cost for remote users. Improve Productivity Simplify network Provides global networking opportunities Easy to configure Provide telecommuter support Used to access BLOCKED websites
  • 15. A well-designed VPN uses several methods for keeping your connection and data secure: Fire walls Encryption Sec AAA server
  • 16. VPN uses encryption to provide the data confidentiality. Once connected, the VPN makes use of the tunnelling mechanism to encapsulate encrypted data into a secure tunnel, with openly read headers, which can cross the public networks. VPN also provides the data integrity check.This is typically performed using a message digest to ensure that the data has not been tampered with during transmission. VPN Security
  • 17. Firewalls Provides a strong barrier between your private network and the internet. You can set firewalls to restrict the numbers of ports, what types of packets are passed through and which protocols are allowed through.
  • 18. Encryption Process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode.
  • 19. IPSec Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication.
  • 20. Creating Dial up VPN on windows server 2008R2 Conditions: >IP address should be static >firewall should be turned off > computers must be in a network >domain should be built already Go to server manager, install the RRAS role from the Administrative tools. Follow the onscreen instructions with a desired choice of options as according you want to build the VPN.
  • 22. Hacking Attacks VPN Hijacking is the unauthorised take-over of an established VPN connection from a remote client, and impersonating that client on the connecting network. Man-in-Middle attacks affect traffic being sent between communicating parties , and can include interception, insertion, deletion, and modification of messages, reflecting messages back at the sender, repaying old messages and redirecting messages.
  • 23. User Authentication By default, VPN does not provide/enforce strong user authentication. A VPN connection should only be established by an authenticated user. If the authentication is not strong enough to restrict unauthorised access, an unauthorised party could access the connected network and its resources. Most VPN implementations provide limited authentications methods. For example, PAP, used in PPTP, transports both username and password in clear text. A third party could capture this information and use it to gain subsequent access to the network.
  • 24. Client-Side risks The VPN client machines of, say, home users may be connected to the Internet via a standard broadband connection while at the same time holding a VPN connection to a private network, using split tunnelling. This may pose a risk to the private network being connected to. A client machine may also be shared with other parties who are not fully aware of the security implications. In addition, a laptop used by a mobile user may be connected to the Internet, a wireless LAN at a hotel, airport or on other foreign networks. However, the security protection in most of these public connection points is inadequate for VPN access. If the VPN client machine is compromised, either before or during the connection, this poses a risk to the connecting network.
  • 25. Virus/ Malware Infections A connecting network can be compromised if the client side is infected with a virus. If a virus or spyware infects a client machine, there is chance that the password for the VPN connection might be leaked to an attacker. In the case of an intranet or extranet VPN connection, if one network is infected by a virus or worm, that virus / worm can be spread quickly to other networks if anti- virus protection systems are ineffective.
  • 26. Conclusion VPN provides a means of accessing a secure, private, internal network over insecure public networks such as the Internet. A number of VPN technologies have been outlined, among which IPsec and SSL VPN are the most common. Although a secure communication channel can be opened and tunnelled through an insecure network via VPN, client side security should not be overlooked.