bullet Back

 

Why do we want Virtual Private Netwok?
bullet For security reasons; because each end of a virtual private tunnel on a public network with a firewall/router/VPN software, is encrypted.
bullet Both the data and the IP address at each end are encrypted and this is called tunneling.
bullet When we lease public WAN (wide area network).  Because it's too expencive to have our own network with our own cables laid out around the world, it's easier and cheaper to lease a line and use firewall- or router-based VPN.
bullet For home offices; when employees want to log into the office through an ISP (internet Service Provider) with a fast internet line (1024 or 2048 kbps compared to a 56 kbps modem through a telephone line) you can use VPN software on the home computer.
bullet Replaces modem pools for telephone lines where you have to call the office number to get on the internet or intranet. Phone lines have lower speed than cable and are expencive to maintain.
bullet With encryption you need authentication as well, VPN solutions use standards like LDAP (lightweight directory access protocol).
bullet A safe VPN tunnel needs:     #1: Confidetiality: Your data can not be read by others (encryption)       #2:  Your data is not altered by others (hashing)       #3.: Verify Data Integrity: Your data can prove that it comes from you only (authentication)

 

What is needed?
bullet Each site must set up a VPN capable device like a router or firewall or a device dedicated to VPN activity only.
bullet Each site must know the IP subnet addresses used by the other side of the VPN tunnel.
bullet Both sites must agree on a method of authentication (#3) and exchange digital certificates if required.
bullet Both sites must agree on a method of encryption and exchange encryption keys as required (#1).

 

Exchanging keys:
bullet The preferred method of sharing keys is to use Diffie-Hellman (the one that uses public and private keys), but it takes a longer time to use this option than other key options.
bullet You  can then use an option in the VPN software that will GET the key for you from the other end of the VPN tunnel and you will then validate it over the phone to make sure that you are communicating with the right person/machine.  This is for encryption (# 1).
bullet You can use a PKI card for authentication (# 3).     The secret key is within the card and the public key is public anyway.
bullet The VPN software still needs to know which algorithm to use when the system exchange Crypt and MAC (media access control) keys, encrypting and decrypting data  and authenticating the system at the remote end of the VPN tunnel.  The algorith follows the different encryption standards like DES, Diffie-Hellman and so on.

 

Tunneling protocols:
bullet There are different "tunneling" protocols.  Micrsoft has one called PPTP (point to point tunneling protocol)
bullet Cisco has L2F (layer 2 firewall)
bullet Both above together are called L2TP which uses IPSec for data encryption (#1).

 

bullet Back to start