Virtual private network pdf


A virtual private network (VPN) allows the provisioning of private network as the VPN backbone and is used to transport traffic for multiple VPNs, as well as. Abstract – The term “VPN,” or Virtual Private Network, has become almost as recklessly used in the A Common Sense Definition of Virtual Private Networks. 2. PDF | Virtual Private Networks (VPN) have many different implementations being deployed and numerous definitions are consequently found in the literature.

Language:English, Spanish, Japanese
Country:Sierra Leone
Genre:Children & Youth
Published (Last):09.01.2016
Distribution:Free* [*Register to download]
Uploaded by: BRYNN

48754 downloads 173627 Views 31.48MB PDF Size Report

Virtual Private Network Pdf

This document covers the fundamentals of VPNs, such as basic VPN components, technologies, tunneling, and VPN security. Virtual private networks (VPNs) offer low-cost, secure, dynamic access to private A virtual private network gives secure access to LAN resources over a shared. The term VPN(Virtual Private Networks) is first introduced in telephone company. .

First published ; Latest version April Introduction Virtual Private Network VPN connections can be an effective means of providing remote access to a network; however, VPN connections can be abused by an adversary to gain access to a network without relying on malware and covert communication channels. This document identifies security controls that should be considered when implementing VPN connections. This document does not discuss the different technologies involved in establishing VPN connections, the protocols and algorithms used to secure VPN connections, or how to establish VPN connections. User accounts User accounts for VPN connections should be separate from standard user accounts. This will limit the activities that can be performed by an adversary should a VPN user account be compromised. This will minimise the severity of a successful compromise. VPN user accounts with minimum permissions, that can only perform basic operations on a network, will also impede the ability of an adversary to gain a foothold on a network. Finally, access to applications, servers and shared resources on a network should only be granted where necessary for users to perform their duties. For example, if a user only needs access to email services, they should be denied access to file servers. Multi-factor authentication Adversaries frequently attempt to steal credentials to compromise a network. These credentials allow them to easily propagate on a network and conduct malicious activities without installing additional exploits, thereby reducing the likelihood of detection.

Virtual Private Networking

Device authentication Device authentication ensures that a device establishing a VPN connection is approved for such purposes. Device authentication is applicable to both site-to-site VPNs and remote access VPNs, and typically takes the form of a certificate issued to a device.

The device, and by extension the device certificate, may or may not be tied to a specific user. If a VPN endpoint receives a connection request, it should authenticate the device in addition to the user.

The VPN connection should be terminated if either device or user authentication fails. A connection attempt from an unauthenticated device should be considered suspicious and logged for further investigation.

VPN termination points Devices used for VPN connections have the same potential for compromise as corporate workstations.

If a device using a VPN connection is compromised there is the security risk it could be used to compromise connected networks. Because of this, all VPN traffic should be treated as untrusted and potentially malicious, and subjected to the same scrutiny as any external communications. Organisations should ensure that web browsing from a device connected to a VPN connection is conducted through their internet gateway rather than via a direct connection to the Internet.

This will prevent unauthorised connection attempts even when legitimate credentials have been provided. If a non-approved source appears in the VPN connection logs, it should be treated as suspicious and logged for further investigation.

Effective logging and log analysis Effective logging and log analysis of VPN connections is vital to accounting for activities performed on a network.

Using Virtual Private Networks

Effective logging also provides a central repository of information in the event of an attempted or successful compromise. Effective log analysis further aids in finding malicious and other unauthorised activities in a timely manner. VPN connection information which should be logged, where available, includes: Authentication information — Any certificate information provided when a VPN connection is made using a certificate, VPN user account credentials, and any information about the remote host and time of any failed authentication attempts.

New, value-added services can help carriers increase their revenues and profits—today.

VPN services have received ample attention over the last few years as they are viewed by carriers as an attractive value added service and by customers as a cost effective replacement of leased private lines. VPNs can also help carriers reduce their costs—both capital and operational—by supporting multiple customers, each allowed with varying levels of network control and management over the same shared infrastructure.

Although both carriers and vendors have been talking about O-VPNs for years, the first commercially viable solutions started becoming available in early [1].

(PDF) Analysis of the Efficiency of the different VPN Protocols | Piyush Rochwani -

O-VPNs provide carriers with new revenue opportunities as well as the potential to reduce their operating and capital costs. Additionally, O-VPNs offer carrier-customers several benefits, including lower networking costs, increased network flexibility and control, and improved network operational efficiency. Preview Unable to display preview. Download preview PDF. Carugi, D. McDysan, eds, Service requirements for layer 3 provider provisioned virtual private networks, Internet Draft, Work in Progress, draft-left-ppvpn-requirements October Google Scholar [5] Cisco System whitepaper , A comparison between IPsec and multiprotocol label switching virtual private networks

Related Posts:

Copyright © 2019
DMCA |Contact Us