Professional Documents
Culture Documents
-2 -
outline
What is a VPN?
Types of VPN Why use VPNs? Disadvantage of VPN Types of VPN protocols Encryption
-3 -
What is a VPN?
A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and encryption to protect data integrity and confidentiality
2001 Check Point Software Technologies Ltd. - Proprietary & Confidential
VPN
Internet
VPN
-4 -
Types of VPNs
Remote Access VPN Provides access to internal corporate network over the Internet. Reduces long distance, modem bank, and technical support costs.
Corporate Site
Internet
-5 -
Types of VPNs
Corporate Site
Site-toSite-to-Site VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines
Branch Office
Internet
-6 -
Types of VPNs
Corporate Site
Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs
Internet
Partner #2 Partner #1
-7 -
Types of VPNs
Database Server
Links corporate headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections.
-8 -
More flexibility
Use multiple connection types (cable, DSL, T1, T3) Secure and low-cost way to link lowUbiquitous ISP services Easier E-commerce E-
-9 -
-1010-
Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical training and support
-1111-
5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88%
Check Point VPN Solution Startup Costs (Hardware and Software) Site-to-Site Annual Cost RAS Annual Cost Combined Annual Cost $51,965 $30,485 $48,000 $78,485 Non-VPN Solution Existing; sunk costs = $0 $71,664
Frame relay
$604,800
Dial-in costs
$676,464
-1212-
Disadvantages of VPN
Lower bandwidth available compared to dial-in line dial Inconsistent remote access performance due to changes in Internet connectivity No entrance into the network if the Internet connection is broken
-1313-
Uses proprietary authentication and encryption Limited user management and scalability
Internet
-1414-
Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Addition to Point-to-Point Protocol (PPP) Point-toMust be combined with IPSec for enterprise-level enterprisesecurity
Corporate Network L2TP Server
Internet
-1515-
Internet standard for VPNs Provides flexible encryption and message authentication/integrity
-1616-
Encryption
Used to convert data to a secret code for transmission over an trusted network
Clear Text The cow jumped over the moon Encryption Algorithm
-1717-
Symmetric Encryption
Same key used to encrypt and decrypt message Faster than asymmetric encryption Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5
-1818-
Asymmetric Encryption
Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or nonmessage integrity Examples include RSA, DSA, SHA-1, MD-5 SHA- MDAlice
Bob
-2020-
-2121-
Questions
-2222-
-2323-
Resource:
www.vpnc.org/vpnwww.vpnc.org/vpn-technologies.pdf www.adtran.com/ www.cisco.com/ipsec_wp.htm www.computerworld.com www.findvpn.com www. Shabake_mag.com
-2424-