VPN (virtual private network)

VPN (virtual private network)IntroductionVirtual : not real/bentuk lain dari aslinya.Dalam VPN komunikasi privat antara 2 atau lebih perangkat melalui jaringan publik internetPrivate : to keep something secret from general publicmeskipun melalui jaringan publik, tidak ada pihak ketiga yg menginterupsi komunikasiNetwork : terdiri dari dua atau lebih perangkat yg saling terhubung secara elektronikVPN adalah jaringan berbasis IP yg mentransimiskan informasi jarak jauh secara efektif dan efisienTunneling : metode penyediaan medium yg aman bagi VPN untuk saling bertukar data melalui jaringan internet 4 Kategori VPNTrusted VPNcustomer trust (percaya) jaringan sewa dari service provider dan menggunakannya tanpa interupsi, meskipun trusted bkn berarti secureSecure VPNketika sekuriti mjd concern bagi user, enkripsi dan dekripsi digunakan utk menjaga informasi dari dan ke titik komunikasiHybrid VPNgabungan trusted dan secure VPNProvider-provisioned VPNVPN yang di kelola oleh service providerVPN Topology: Tipe VPNAccess VPNIntranet VPNExtranet VPN

VPN Topology: Access VPN

Access VPN architecture

Access VPN architectureClient-initiated access VPNsUsers establish an encrypted IP tunnel across the ISPs shared network to the enterprise customers network. The enterprise customer manages the client software that initiates the tunnel. The main advantage of client-initiated VPNs is that they secure the connection between the client and the ISP. However, client-initiated VPNs are not as scalable and are more complex than NAS-initiated VPNs.NAS (Network Access Server) -initiated access VPNsUsers dial in to the ISPs NAS, which establishes an encrypted tunnel to the enterprises private network. NAS-initiated VPNs are more robust than client-initiated VPNs, allow users to connect to multiple networks by using multiple tunnels, and do not require the client to maintain the tunnel-creating software. NAS-initiated VPNs do not encrypt the connection between the client and the ISP, but this is not a concern for most enterprise customers because the PSTN is much more secure than the Internet.VPN Topology: Intranet VPN

VPN Topology: Extranet VPN

VPN Topology: Advantages of VPNAdvantages:Greater scalabilityEasy to add/remove usersReduced long-distance telecommunications costsMobilitySecurity

VPN Topology: Disadvantages of VPNDisadvantages Lack of standardsUnderstanding of security issuesUnpredictable Internet trafficDifficult to accommodate products from different vendorsVPN Topology: What is needed?Existing hardware (Servers, workstations,)Internet connectionVPN - Router/SwitchSoftware to create and manage tunnelsSecurity Device such as firewall

VPN Topology: How it worksOperates at layer 2 or 3 of OSI modelLayer 2 frame EthernetLayer 3 packet IPTunnelingallows senders to encapsulate their data in IP packets that hide the routing and switching infrastructure of the Internetto ensure data security against unwanted viewers, or hackers. Komponen pada VPNSekuritiAppliances intrusion detection firewallsProtocol/Management managing security policy, access allowances, dan traffic management

VPN Components: SecurityEncryptionTechnique for scrambling and unscrambling informationUnscramble called clear-textScrambled information cipher-text

VPN Components: SecurityKeysSecret code that the encryption algorithm uses to create a unique version of cipher-text8-bits keys = 256 combinations or two to the eighth power16-bits keys = 65,536 combinations or two to the 16th power56-bits keys = 72,057,594,037,927,900 or two to the 56th power168-bits keys

VPN Components: SecurityAuthenticationDetermine if the sender is the authorized person and if the data has been redirect or corrupted User/System AuthenticationData Authentication

VPN Components: AppliancesIntrusion detection firewallsMonitors traffic crossing network parameters and protects enterprises from unauthorized accessPacket-level firewall checks source and destinationApplication-level firewall acts as a host computer between the organizations network and the Internet

VPN Components: ProtocolsIP Security (IPSec)Transport modeTunnel modePoint-to-Point Tunneling Protocol (PPTP)Voluntary tunneling methodUses PPP (Point-to-Point Protocol)

VPN Components: ProtocolsLayer 2 Tunneling Protocol (L2TP)Exists at the data link layer of OSIComposed from PPTP and L2F (Layer 2 Forwarding)Compulsory tunneling method

Produktifitas dan Cost BenefitExtends Geographic ConnectivityBoost Employee ProductivityImprove Internet SecurityScales easilyThe future of VPNVPN popularityCompanies choosing VPNCost efficient?New way of communicating?