You are on page 1of 24

Virtual Private Network (VPN)

If saving money is wrong,

I dont want to be right - William Shartner

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2 -

outline


What is a VPN?
    

Types of VPN Why use VPNs? Disadvantage of VPN Types of VPN protocols Encryption

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-3 -

What is a VPN?


A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and encryption to protect data integrity and confidentiality
2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

VPN

Internet

VPN

-4 -

Types of VPNs


Remote Access VPN  Provides access to internal corporate network over the Internet.  Reduces long distance, modem bank, and technical support costs.

Corporate Site

Internet

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-5 -

Types of VPNs


Corporate Site

Remote Access VPN

Site-toSite-to-Site VPN  Connects multiple offices over Internet  Reduces dependencies on frame relay and leased lines
Branch Office

Internet

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-6 -

Types of VPNs
 

Remote Access VPN Site-toSite-to-Site VPN  Extranet VPN




Corporate Site

Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs

Internet

Partner #2 Partner #1

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-7 -

Types of VPNs
 

Remote Access VPN Site-toSite-to-Site VPN


 

Database Server

Extranet VPN Intranet VPN:


LAN clients Internet

Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections.

LAN clients with sensitive data

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-8 -

Why Use Virtual Private Networks?




More flexibility


Use multiple connection types (cable, DSL, T1, T3) Secure and low-cost way to link lowUbiquitous ISP services Easier E-commerce E-

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-9 -

Why Use Virtual Private Networks?


More flexibility  More scalability

 

Add new sites, users quickly Scale bandwidth to meet demand

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1010-

Why Use Virtual Private Networks?


More flexibility  More scalability  Lower costs

  

Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical training and support

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1111-

VPN Return on Investment


Case History Professional Services Company
 

5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88%
Check Point VPN Solution Startup Costs (Hardware and Software) Site-to-Site Annual Cost RAS Annual Cost Combined Annual Cost $51,965 $30,485 $48,000 $78,485 Non-VPN Solution Existing; sunk costs = $0 $71,664
Frame relay

Savings with Check Point

$41,180 /yr $556,800 /yr $597,980 /yr

$604,800
Dial-in costs

$676,464

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1212-

Disadvantages of VPN
Lower bandwidth available compared to dial-in line dial Inconsistent remote access performance due to changes in Internet connectivity  No entrance into the network if the Internet connection is broken


2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1313-

Point-to-Point Tunneling Protocol (PPTP)




Layer 2 remote access VPN distributed with Windows product family


 

Addition to Point-to-Point Protocol (PPP) Point-toAllows multiple Layer 3 Protocols

 

Uses proprietary authentication and encryption Limited user management and scalability


Used MPPE encryption method


Corporate Network PPTP RAS Server

Remote PPTP Client

Internet

ISP Remote Access Switch


2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1414-

Layer 2 Tunneling Protocol (L2TP)




Layer 2 remote access VPN protocol


   

Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Addition to Point-to-Point Protocol (PPP) Point-toMust be combined with IPSec for enterprise-level enterprisesecurity
Corporate Network L2TP Server

Remote L2TP Client

Internet

ISP L2TP Concentrator


2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1515-

Internet Protocol Security (IPSec)




Layer 3 protocol for remote access, intranet, and extranet VPNs


 

Internet standard for VPNs Provides flexible encryption and message authentication/integrity

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1616-

Encryption


Used to convert data to a secret code for transmission over an trusted network

Clear Text The cow jumped over the moon Encryption Algorithm

Encrypted Text 4hsd4e3mjvd3sd a1d38esdf2w4d

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1717-

Symmetric Encryption
   

Same key used to encrypt and decrypt message Faster than asymmetric encryption Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5

Shared Secret Key


2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-1818-

Asymmetric Encryption
  

Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or nonmessage integrity Examples include RSA, DSA, SHA-1, MD-5 SHA- MDAlice

Bob

Alice Public Key Encrypt


2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

Alice Private Key Decrypt


-1919-

Industries That May Use a VPN


Healthcare: enables the transferring of confidential : patient information within the medical facilities & health care provider Manufacturing: allow suppliers to view inventory & : allow clients to purchase online safely Retail: able to securely transfer sales data or : customer info between stores & the headquarters Banking/Financial: enables account information to : be transferred safely within departments & branches General Business: communication between remote : employees can be securely exchanged
2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2020-

Some Businesses using a VPN


CVS Pharmaceutical Corporation upgraded their frame relay network to an IP VPN Bacardi & Co. Implemented a 2121country, 44-location VPN 44-

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2121-

Questions

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2222-

presented by : Iman Abooee

Thanks for your attention


Winter 85

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2323-

Resource:
www.vpnc.org/vpnwww.vpnc.org/vpn-technologies.pdf www.adtran.com/ www.cisco.com/ipsec_wp.htm www.computerworld.com www.findvpn.com www. Shabake_mag.com

2001 Check Point Software Technologies Ltd. - Proprietary & Confidential

-2424-