Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Private
Networks
Raj Jain
The Ohio State University
Columbus, OH 43210
Jain@cse.ohio-State.Edu
http://www.cse.ohio-state.edu/~jain/
Raj Jain
1
Overview
Types of VPNs
When and why VPN?
VPN Design Issues
Security Issues
VPN Examples: PPTP, L2TP, IPSec
Raj Jain
2
What is a VPN?
Types of VPNs
ISP
Head Office
Partner
Telecommuter
Raj Jain
4
When to VPN?
Modest
Bandwidth
Many
Locations
QoS not
Long
Critical
Distance
More Locations, Longer Distances, Less
Bandwidth/site, QoS less critical
VPN more justifiable
Fewer Locations, Shorter Distances, More
Bandwidth/site, QoS more critical
VPN less justifiable
5
Raj Jain
Raj Jain
Security 101
Ciphertext
Key
Ciphertext
Text
Raj Jain
9
Ciphertext
Key2
Ciphertext
Text
Raj Jain
10
Raj Jain
12
Confidentiality
User 1 to User 2:
Encrypted_Message = Encrypt(Public_Key2,
Encrypt(Private_Key1, Message))
Message = Decrypt(Public_Key1,
Decrypt(Private_Key2, Encrypted_Message)
Authentic and Private
Your Public
Key
My Private
Key
Message
Raj Jain
13
R1
Bastion
Bastion
Host
Host
R2
Internet
Proxy Servers
Client
R2
Proxy
Proxy
Server
Server
R1
Internet
Server
Private Addresses
Raj Jain
17
164.1.1.2
NAT
NAT
Router
Router
164.1.1.1
VPN
VPN
Server
Server
164.1.1.2
10.1.1.2
10.1.1.3
Host
10.1.1.1
Address Translation
R2
Internet
Tunnel
IP Land IP Not Spoken Here
Non-IP Header
IP Header
IP Land
Payload
Tunnel = Encaptulation
Used whenever some feature is not supported in some
part of the network, e.g., multicasting, mobile IP
Raj Jain
19
Raj Jain
20
GRE
Delivery Header GRE Header Payload
PPTP
PPTP
Server
ISP
Network
Access
Server
Client
PPTP Tunnel
PPTP Packets
Private PPTP
Network Server
Public IP
Addressing
IP/IPX/NetBEUI
Data
Internet
Network
Access
Server
IP
GRE
PPP
IP/IPX/NetBEUI
Data
Internal IP
Addressing
Client
PPP
IP
GRE
PPP
IP/IPX/NetBEUI
Data
Encrypted
Raj Jain
23
L2TP
Raj Jain
24
IPSec
Original
Original
AH ESP
IP Header*
Data
Encrypted
Authenticated
* Optional
25
Raj Jain
IPSec (Cont)
Secure HTTP
Secure MIME
Secure Electronic Transaction (SET)
Private Communications Technology (PCT)
Raj Jain
27
Summary
References
Raj Jain
29