The document explains the technology underlying the Virtual Private Networks. It is intended for newbies to the field, It is explained in a layman's language.

1. TECHNOLOGY BEHIND VPN
Sovello Hildebrand Mgani
IT Consultant - FUGIT Consult
Tanzania
sovellohpmgani@gmail.com

2. Outline:
 Design:
 security gateways, security policy servers and
certificate authorities.
 Implementation options:
 VPN appliances (integrated [firewalls and routers] &
standalone)
 VPN Servers
 Managed Service: (AT&T, WorldCom, Quest, etc.)
 Security: IPSec, L2F, L2TP, PPTP

3. Design:
 Basic questions to ask before embarking onto VPN
 How many users are at each site?
 What are the bandwidth requirements for each needed
connection?
 Does the connection need to be permanent or on-demand
(dial-up)?
 How much traffic will the site generate?
 Are there times when traffic is higher than others?
 What are the service-level requirements?
 Are there any problems existing in your company that will be
solved by the implementation of a VPN?
 Why is a VPN better than the next competing alternative?
 Should the VPN be outsourced or built in-house?

4. Design: ...
 Besides the internet there are three other important
pieces for a VPN:
 security gateways: to provide security against
unauthorized access to the information on the inside.
Include: routers, firewalls, VPN hardware and or
software
 security policy servers: contain the access-
information list, to dictate what and who to allow and
disallow access the resources.
 certificate authorities: for key verification. It could be a
database for example. An outsourced one is the best
option.

5. Implementation Options:
 VPN Appliances:
 Integrated appliances: come embedded in routers or
firewalls.
 Reduced costs.
 Standalone: Concentrators, have to be bought on their
own.
 VPN Servers: come in as software (Oss). Consider
the hassle of managing the operating system and
the network itself.
 Managed Service: Outsourcing. AT&T,
WorldCom, etc.

6. Security
 Requirements to transfer data via VPN:
 Integrity
 Tamper-resistance
 Protection from duplication by unauthorized parties
 Confidentiality: from source to destination.

7. Security: Protocols
 These requirements are met through tunnelling
protocols as described here:
 PPTP: uses Point to Point Protocol. PPP packets are
encapsulated by using a modified version of GRE
(Generic Routing Encapsulation) Protocol. which allows
other protocols to be utilized by PPTP e.g. IPX and
NetBEUI.
 L2F: works by encapsulation of PPP packets within IP
Packets.
 L2TP: this combines the best of both PPTP and L2F

8. Security: Protocols
 IPSec: originally developed to plug the security
inadequacies of IPv4 in the next generation of IP
protocols, Ipv6 as Ipv4 was developed without
consideration on security.
 IPSec can be used by two methods: tunnel mode and
transport mode,
 This is possible because of the ability to separate
authentication and encryption application to each
packet.
 In transport mode, the transport layer is the only
segment that is authenticated or encrypted.
 Tunnel mode authenticates or encrypts the entire
packet, providing even more protection against
unauthorized access, interception, or attack.