The document explains the technology underlying the Virtual Private Networks. It is intended for newbies to the field, It is explained in a layman's language.
3. Design:
Basic questions to ask before embarking onto VPN
How many users are at each site?
What are the bandwidth requirements for each needed
connection?
Does the connection need to be permanent or on-demand
(dial-up)?
How much traffic will the site generate?
Are there times when traffic is higher than others?
What are the service-level requirements?
Are there any problems existing in your company that will be
solved by the implementation of a VPN?
Why is a VPN better than the next competing alternative?
Should the VPN be outsourced or built in-house?
4. Design: ...
Besides the internet there are three other important
pieces for a VPN:
security gateways: to provide security against
unauthorized access to the information on the inside.
Include: routers, firewalls, VPN hardware and or
software
security policy servers: contain the access-
information list, to dictate what and who to allow and
disallow access the resources.
certificate authorities: for key verification. It could be a
database for example. An outsourced one is the best
option.
5. Implementation Options:
VPN Appliances:
Integrated appliances: come embedded in routers or
firewalls.
Reduced costs.
Standalone: Concentrators, have to be bought on their
own.
VPN Servers: come in as software (Oss). Consider
the hassle of managing the operating system and
the network itself.
Managed Service: Outsourcing. AT&T,
WorldCom, etc.
6. Security
Requirements to transfer data via VPN:
Integrity
Tamper-resistance
Protection from duplication by unauthorized parties
Confidentiality: from source to destination.
7. Security: Protocols
These requirements are met through tunnelling
protocols as described here:
PPTP: uses Point to Point Protocol. PPP packets are
encapsulated by using a modified version of GRE
(Generic Routing Encapsulation) Protocol. which allows
other protocols to be utilized by PPTP e.g. IPX and
NetBEUI.
L2F: works by encapsulation of PPP packets within IP
Packets.
L2TP: this combines the best of both PPTP and L2F
8. Security: Protocols
IPSec: originally developed to plug the security
inadequacies of IPv4 in the next generation of IP
protocols, Ipv6 as Ipv4 was developed without
consideration on security.
IPSec can be used by two methods: tunnel mode and
transport mode,
This is possible because of the ability to separate
authentication and encryption application to each
packet.
In transport mode, the transport layer is the only
segment that is authenticated or encrypted.
Tunnel mode authenticates or encrypts the entire
packet, providing even more protection against
unauthorized access, interception, or attack.