VPNs - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

VPNs

Description:

Virtual Private Network - A network that performs private, trusted data ... .com/press/news/releases/20011030_gateway.asp. Citrix Secure gateway press release ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 18
Provided by: david2692
Category:
Tags: vpns

less

Transcript and Presenter's Notes

Title: VPNs


1
VPNs Remote Access Issues
  • David Trepp
  • VP of Technology
  • davidt_at_infogroupnw.com

2
Housekeeping Issues
  • Duration 1.25 hours /-
  • Questions comments early and often

3
Why Were Here
  • Examine a brief summary of considerations
    surrounding successful VPN and remote access
    planning, deployment and management.
  • Note other perimeter security issues.

4
What is a VPN?
  • Virtual Private Network - A network that performs
    private, trusted data transmissions over a
    public, untrusted network (e.g. the Internet).
  • Usage
  • Point to Point(s)
  • Remote Access
  • Hybrid

5
Essential VPN Definitions
  • Authentication A method of establishing
    identity between systems or users.
  • Authorization The right to access a network
    service after authentication has taken place.
  • CIA Confidentiality, Integrity, Availability
    The three primary ways your (or your customers)
    information can be compromised.

6
More EssentialVPN Definitions (Cont.)
  • Encryption The process of converting cleartext
    into what appears to be random characters (a.k.a.
    ciphertext) FIPS standards include DES, 3DES,
    AES
  • Tunneling Encapsulation of packets within other
    packets, primarily for transmission across public
    IP networks (e.g. the Internet) i.e. IPSec,
    L2TP, PPTP, PPP

7
VPN Economic Considerations
  • VPNs can be less expensive than WANs and more
    functional and secure than modem banks.
  • Often cost-benefit compared with voice over
    solutions.
  • Decision criteria include
  • Current connectivity costs
  • Distances
  • Locations
  • of sites
  • Type volume of traffic
  • Existing equipment software

8
Basic VPN Connectivity Steps
  • Site-to-Site
  • 1) Authenticate once
  • 2) Encapsulate an IP packet
  • 3) Encrypt and transmit
  • 4) De-crypt
  • 5) Un-encapsulate
  • Remote Access
  • 1) Authenticate each time a session begins
  • 2) See 2 5 above

9
VPN Scaling Considerations
  • Processor Cycles number of tunnels (hence,
    processor cycles) is greater for remote user
    deployments than for a single site-to-site
    connection (i.e. 10 remote users require more
    processor cycles than 100 users across a
    site-to-site VPN).
  • Bandwidth depends on how the applications are
    deployed, but the VPN tunnel itself adds
    approximately 10-30 overhead.

10
VPN Security Considerations
  • Authentication Authorization!
  • Centrally manageable firewalls at remote sites
    and/or users.
  • Generic O/Ss vs. pre-hardened firewall/VPN
    device O/Ss.
  • Application security.

11
VPN Technical Considerations
  • Latency gt 200ms causes application errors
    (often a problem for remote users with DSL
    connections).
  • Non-standard tunneling, encryption and
    hardware/software solutions can cause problems.
  • Meshing site-to-site(s) VPNs for fault tolerance
    is complex.
  • VPN access for remote users does not mean
    complete network/application access.
  • Every O/S on remote user PCs has its own
    idiosyncrasies.

12
Proven VPN Remote Access Solutions
  • CheckPoint VPN-1
  • Management of remote site and user security
  • Runs on appliances w/ hardened O/Ss (e.g.
    Nokia)
  • Supports many authentication schemes
  • -
  • Citrix NFUSE with Secure Gateway
  • Requires only browser and authentication
    mechanism
  • Supports many authentication schemes
  • - Not a complete solution for site-to-site VPN
  • Cisco/Altiga VPN
  • VPN concentrator has easy remote client setup
  • Runs on appliance w/ hardened O/S
  • Supports many authentication schemes
  • - Limited management of remote user security

13
Other Perimeter Security Considerations
  • Mail Relay/Virus Scanning
  • Intrusion Detection
  • Voice Systems
  • Backdoors
  • Web Servers
  • Vendor/Business Partners

14
Regulatory Considerations
  • FITSAF (any departments dealing with the federal
    government)
  • http//www.cio.gov/documents/federal_it_security_a
    ssessment_framework_112800.html
  • HIPAA (health departments)
  • http//aspe.os.dhhs.gov/adminsimp/nprm/seclist.htm

15
(No Transcript)
16
(No Transcript)
17
References
  • http//www.rsasecurity.com/solutions/vpn/infocente
    r/ Good white papers and such
  • http//www.internetwk.com/VPN/default.html Intern
    et Week VPN site
  • http//www.checkpoint.com/products/security/gatewa
    y_vpnsolutions.html
  • Check Point VPN site
  • http//www.citrix.com/press/news/releases/20011030
    _gateway.asp
  • Citrix Secure gateway press release
  • http//www.cisco.com/warp/public/779/largeent/lear
    n/technologies/VPNs.html
  • Cisco VPN site
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "VPNs" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!