VPN (English version): Difference between revisions

From ICO wiki test
Jump to navigationJump to search
Ccataldo (talk | contribs)
Ccataldo (talk | contribs)
No edit summary
Line 12: Line 12:
* ensure that the data is supported by encryption and authentication protocol;
* ensure that the data is supported by encryption and authentication protocol;
* remote users can connect across a company's network;
* remote users can connect across a company's network;
* can be ordered from the relevant service providers, however it is important to make sure the reliability of the service. [http://www.brighthub.com/computing/hardware/articles/62501.aspx]
* can be ordered from the relevant service providers, however it is important to make sure the reliability of the service. <ref>[http://www.brighthub.com/computing/hardware/articles/62501.aspx] www.brighthub.com - "Understanding VPN - Advantages and Benefits Part 1" by Steve McFarlane.</ref>


==Creating tunnel==
==Creating tunnel==
Line 99: Line 99:
<references/>
<references/>


[1] Microsoft Technet. "Virtual Private Networking: An Overview".<br>
[2] www.brighthub.com - "Understanding VPN - Advantages and Benefits Part 1" by Steve McFarlane.


[] OpenVPN project homepage
[] OpenVPN project homepage

Revision as of 21:14, 6 May 2017

VPN (Virtual Private Network)

A VPN or Virtual Private Network enables users to send and receive data across shared or public networks as if their computing devices were directly connected to a private network. It is a method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. VPNs are most often used by corporations to protect sensitive data.

Individual Internet users may secure their wireless transactions with a VPN, to circumvent geo-restrictions and censorship, or to connect to proxy servers for the purpose of protecting personal identity and location. However, some Internet sites block access to known VPN technology to prevent the circumvention of their geo-restrictions.

A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely. [1]

VPN solution Benefits

Some VPN advantages are:

  • can be used to safely transfer data between different public networks, being independent from the data transmission protocol;
  • ensure that the data is supported by encryption and authentication protocol;
  • remote users can connect across a company's network;
  • can be ordered from the relevant service providers, however it is important to make sure the reliability of the service. [2]

Creating tunnel

A virtual private network is a secure solution for exchanging information between trusted parties, which are not open to public traffic. Remote users and different applications are able to connect through a private tunnel.

VPN tunnel creates a logical network connection between the terminal equipment that is not necessarily the physical topology alongside one another. In this connection, according to a VPN format generated network packets, or the necessary basic transport protocol and sent to the VPN server. Encapsulation is removed from the target point. [3]

Some protocols to create VPN tunnels are:

  • IPsec (Internet Protocol Security) - developed by the IETF and implemented at the network layer of the OSI model (Network Layer). This is a collection of various security measures, which uses a variety of cryptographic protocols for data confidentiality, integrity, authentication and key management reasons;
  • GRE (Genaral Routing Encapsulation) - Originally developed by Cisco protocol which is able to encapsulate several different protocols packages;
  • PPTP (Point-to-Point Tunneling Protocol) - acts as a transmission layer of the OSI model (the Data Link Layer). The data is encapsulated in the PPP (Point to Point Protocol) packets, which are encapsulated into IP packets. PPTP supports data encryption and packing and use the GRE protocol to transfer data;
  • L2F (Layer2 Forwarding) - acts as a transmission layer of the OSI model. L2F does not have the encryption option and has been replaced by L2TP;
  • L2TP (Layer2 Tunneling Protocol) - acts as a layer of the OSI model, data transfer, a Microsoft PPTP and Cisco L2F protocols properties.

VPN types

Technology

Trusted VPN transfers encrypted data through your ISP for leased lines. Privacy ensures the service promise that through rented channels provide a single customer data. Thus, depending on the data confidentiality and integrity of customer data against the service provider's discretion. One of the best known solutions is the VPN protocols entrusted MPLS (Multi-Protocol Label Switching).

Secure VPN transmits encrypted data over public networks. The data is encrypted in the device or the home network gateway, and the encryption is removed according to the destination gateway or terminal equipment. Encryption behaves destinations between the tunnel, even if a third party to connect monitors, they lack the ability to read and modify data. Some secure VPN protocols to be used are:

  • IPsec with encryption;
  • L2TP over IPsec encapsulated;
  • SSL encryption.

Hybrid VPN, it is possible to transmit encrypted data through a leased line. Since the trusted and secure the use of a VPN are not mutually exclusive, the VPN is a hybrid of the technologies for making a parallel implementation. [4]

Usage

The two most common types of VPN use is the Remote-Access VPN and Site-to-Site VPN.

Entrance VPN (Remote Access VPN), sometimes known as a virtual private dial-up (virtual private dial-up network, VPDN), is the user and the LAN connection between organizations, which are used to connect remote users to the network. Entrance VPN uses a client-server architectures, in which a remote user VPN client acquires the rights to the entrance to a network through a network of peripheral areas of the VPN server. Because the remote user võrgusätestused often not static, is responsible for initiating a VPN session, the remote user equipment is located in VPN client. [5]

Site-to-Site solution, is mounted between the networks and the static VPN connection NETWORK terminal devices are not aware of the existence of the VPN. VPN gateway is responsible for the TCP / IP packet encapsulation and encryption for. Site-to-Site VPN is divisible into two:

  • intranet VPN, mainly for the larger companies and is designed to connect the company's departments, secure channel using a single network headquarters;
  • extranet VPN, for customers and partners to secure the connection to companies place by linking networks. [6]

VPN Solutions

Solutions, which creates virtual private networks, are generally divided into two categories: software and hardware. Universal solutions by software means, which can be realized in different hardware assets (computers) on the top. Hardware VPNs to realize is, as the name implies, require specialized equipment (for which, however, runs on software).

Software solutions

Here, for example, some specific software solutions, which are popular with the creation of virtual private networks [14]. Each of them is different from the other to some extent, and are aimed at different target groups.

OpenVPN

OpenVPN is a free and open source solution that allows you to create secure remote access - and site-to-site virtual private type. Encryption is performed using OpenVPN SSL / TLS protocol and is distributed under the GNU GPL. OpenVPN network allows two endpoints to authenticate each other in a pre-shared cryptographic key, certificate or username and password.

The application is available in a very wide variety of operating systems, including Windows, Linux and Mac OS X. Thus, both the client and the VPN server on your network is a software stack that runs on a desired mode according to the configuration.

OpenVPN uses UDP by default and the user's request, the TCP protocol. The solution also acts as a proxy, through most of -serverite. OpenVPN is known to have written a number of third-party client programs (such as Windows OpenVPN GUI) and its support has been integrated into some routers (such as tomato, Vyatta, DD-WRT). [7]

Hamachi

Hamachi is a section of a proprietary VPN solution, which is primarily known for its simplicity in terms of configuration and is therefore particularly popular among the fans of computer games. Hamachi manufacturer also uses the advertising slogan "Finally, a VPN that just works" (Eventually VPN that just works).

Hamachi is a centrally managed VPN system that consists of a server cluster, which is managed by the producer and the client program that is installed on the end user's computer. The client program will install a new virtual network adapter to which outgoing packets are transmitted to Hamachi program, which in turn transmits them over the Internet through a UDP connection. Incoming packets are sent Hamachi program that sends them to the virtual network card.

Each customer can either create a virtual network or join an existing one. When a client joins a network or leaving, tells the central server to all other customers to either create or remove the VPN tunnel client A. The manufacturer claims that nearly 95% of cases to establish a peer-to-peer tunnel between the two on the client computer. If it fails, a connection is established through a proxy, which is managed by the manufacturer.

Hamachi uses the IP address allocation 5.0.0.0 255.0.0.0 network mask, which is not the moment for public use and therefore eliminates potential conflicts with other computers on the Internet with the address. However, it is expected to take the address range in the near future, and in this case, may use Hamachi users conflicts arise.

Hamachi is available in two versions. The free version is designed for home users and supports a maximum of 16 clients. The commercial version supports up to 256 simultaneously connected clients, but it is necessary to use an annual fee. Hamachi is supported only in Windows. [8]

Shrew Soft VPN Client

Shrew Soft VPN Client is a virtual private client program, ie, it does not offer yourself the opportunity to create a VPN server. Shrew Soft VPN supports a variety of protocols, such as IPsec, OpenSWAN, FreeSWAN, strongSWAN. Shrew Soft also supports a number of sophisticated features that can be generally found only in expensive commercial solutions and is compatible with, for example, Cisco, Juniper, Netgear VPN equipment manufacturers and others. [9]

Windows built-in VPN

Although this property has been barely publicized, there already quite many Windows versions that had their built-in VPN client. Although Windows Vista became a built-in client with many criticism, the chances are now higher.

VPN server for the matching funds available for Windows servers, but "leaner" home user server can be set up in a desktop version. [10]

Hardware solutions

As the name suggests, it is a special independent network devices, which implement a virtual private network. It may be a single device, which customers will connect to your computer using custom software (Remote Access), but also, for example, two devices that are constantly over a public network through a tunnel in the Community and combine thus together, for example, the various branches to local area networks (site-to-site).

Hardware VPN has many advantages: higher security, load-balancing, capability to withstand a heavy load (ie, a large number of customers). Management is generally realized by means of a web interface.

Hardware VPN solutions offer a number of different manufacturers. [11]

References

  1. [1] Microsoft Technet. "Virtual Private Networking: An Overview".
  2. [2] www.brighthub.com - "Understanding VPN - Advantages and Benefits Part 1" by Steve McFarlane.


[] OpenVPN project homepage

[] LogMeIn_Hamachi_UserGuide.pdf

[18] Shrew Software homepage

External links

OpenVPN
LogMeIn Hamachi
Shrew Soft

Author

Author: Christian Cataldo

Curriculum: Cyber Security Engineering

Group: C11

Date created: 9 April 2017

Last modification: 6 May 2017