Delivery in day(s): 4
MN610 Virtual Private Networks Assignment Help
This assignment focuses on virtual private network significance when used in contemporary organizations. The way it will function, provide interfaces, secure and reduce the complexity of ground connections are majorly covered topics in it .
Interfacing in Virtual Private Networks On scenario Basis
Interfacing is the way of interaction in virtual private networks. Comparing with the scenario if we have an ISP that is internet service provider connecting three offices of any organization head office and two regional offices. These offices request internet service provider for an interface to interact, in response ISP will provide a single tunnel system for the interaction of two offices. If particularly an office wants online internet connectivity, ISP will provide an Internet Protocol address through which all systems in that particular office will get connectivity through LAN system, LAN is local area network. Interfacing is divided into two parts. Following is the description.
INTERNAL IP INTERFACING
In this, the scope of internet protocol access is restricted to a private connection only. As per the scenario when internet service provider provides IP address to a particular office that IP is the external one. Internal IP is created by the database administrator using classes may it be A, B or C. Internal IP is one with which our local computers are connected to the IP provided by ISP that is the external IP. All local systems on an external IP have different internal IP’s as internal IP interfacing is only supported by Local Area Network.
EXTERNAL IP INTERFACING
External IP is also known as Public IP. As per the Scenario, External IP is provided by Internet Service Provider to each regional office for global interaction. Using external Internet Protocols both the regional offices and head office can interact globally using tunneling methodology. Wide area network supports external IP interfacing.
Table1CLASSES USED IN IP ADDRESSING
FIRST OCTET DECIMAL RANGE
DEFAULT SUBNET MASK
Reversed for multicasting
Classes used in Internet Protocol
For Host Address – Classes A, B, and C are used.
For Multicasting—Class D is used.
TOPOLOGY USED – HUB AND SPOKE
According to the scenario, head office can be called as a hub and regional offices as spokes because it is the centralized hub/main area where all the data of regional offices is present so if required employees of regional offices can access directly to the main area for data retrieval in a secure network. Head office works like a central Vpn router by communicating securely through tunneling track with each individual office at remote sites .
Table2: TABULAR REPRESENTATION OF ALL INTERFACES AT EVERY SITE
Internal interface ip
External interface ip
Table3: TUNNEL INTERFACES
ISP TO HEAD OFFICE
ISP TO REGIONAL OFFICE-1
ISP TO REGIONAL OFFICE-2
FEW SCREENSHOTS OF TEST CASES
1.Type of VPN implemented and Reason to implement it.
According to scenario most suitable VPN connection for the network is MGRE over IP SEC. It works through Layer 3 VPN and abbreviates to Multiple Generic Routing Encapsulation with IP Security. Generic routing was introduced to overcome the tunneling issues and is carried out by two methods, one is Point to point and another is Multiple Generic routing Encapsulation which we are using here. With MGRE we get an advantage of dynamic access between the centralized data center and regional offices of the respective company .
Point to point Connection: This is a static procedure as fits where the client has to access one site over ISP. ISP is Internet Service Provider. In the scenario this cannot be used as we may require accessing more than one regional office or head office may require accessing more than one regional offices which means access to more than one site is required, hence cannot fit.
MGRE: This works on NHRP protocol, which abbreviates to Next Hop Resolution Protocol. With this, mapping of each tunnel through its corresponding public IP is done. If we have to send data from regional office 1 to 2, NHRP will help in configuring other spokes about NHS server .
Reason for choosing MGRE over IP Security VPN
In the scenario we have two regional offices and a head office, their interaction should be always dynamic as we never know when any of the two offices would be interacting and the need of third one may be required, at this time MGRE will create a tunnel using generic routing encapsulation and NHRP will play its role by configuring all other spokes about NHS server. Each router will have same tunnel id which will ensure the security while interaction. Instead of a point to point connection, we preferred MGRE because it serves a dynamic culture for interaction .
2. Functionalities Provided By VPN to the Network
VPN solves a critical issue of data hacking by providing confidentiality. Confidentiality is implemented by using methods like encryption and decryption. As per the scenario, confidentiality can be used for data securely from one office to another or from one regional office to head office.
ENCRYPTION: While sending data from one office to another data is sent in an encrypted form means, it is in non readable form. Majorly Advance Encryption standards including 128-bit encryption range is followed.
DECRYPTION: When receiving data from one office to another end , data is received in encrypted form, if data sent from regional office is in 128 bit encryption then at other end it is known data sent will be in 128 bit , if third-party attacks in between, data cannot be decrypted as attacker will never know in which encryption form the data was sent.
As per the scenario, authenticity can be reached by sharing configuration key at both ends. For example, if data is shared from head office to regional office, both ends would be having the configuration key of data set which is to be shared.
As per the scenario, regional offices may be situated in other geographical location then that of the head office but remote access through Virtual Private network is always available. Remote access between two ends can be reached by the tunneling process. Tunneling provides a virtual network to two offices for interaction.
Integrity in data transfer from one office to another is achieved by sharing a similar key at both ends. Every data packet while transferring has its own hash value, if any third party will try to modify the data packets, its hash value will change and the receiver end may it be regional office will come to know that modification has been done.
As per the scenario, while data transfer between two offices is done, tunneling provides a virtual interface which reduces on ground connections. This helps in cost and time complexity reduction. Instead of sharing data physically, the virtual network helps to work in a traffic free area.
EMPLOYEE PRODUCTIVITY BOOST
Employee productivity in the wide area network of regional offices and the head office gets boosted as time remains focused for a fixed amount of work.
The whole system in the scenario gets fully scalable as everything is accessible remotely means can be accessed from any geographic location .
3. Security Features VPN can Provide to Protect Data
DATA INTEGRITY: While sending data from one office to another every time data is sent with a hash value which is cross-checked when the session is created between two sites. If we are sending data packet 12 to regional office 2, a hash value will be generated with it. if an attacker tries to modify the data this hash value will change and will be known as the other end because the already know the actual hash value.Security features are majorly based on CIA model. CIA model includes Confidentiality, Integrity and availability .
DATA ENCAPSULATION: For security, Data encapsulation is processed using tunneling method. Tunneling ensures a secure transmission of data in an encrypted form. Data is not readable via transmission; both ends contain a key with which data can be converted into readable form. Types of the key are listed below.
SYMMETRIC KEY: At both ends symmetric key is common. Range till it can encrypt data is from 128 bit to 2048 bit.
ASYMMETRIC KEY: At one side key is public and another side we have a private key too. For encryption, a public key is shared with sender and receiver but there also exists a private key at only the receiver end for decryption process.
CONFIDENTIALITY: According to scenario Data when sent using symmetric key is first transmitted in plain text form than a key known as a symmetric key shared at both ends through which decryption can be done.This ensures the confidentiality using a symmetric key.
AUTHENTICATION HEADER:In this scenario, we have used Pre share authentication header. It is defined while deciding the suitable policy for transmission.For providing source authentication with the integration of data packets without encryption authentication headers are used. It consists of a sequence number with a hash value of the data. Authentication header helps in preventing replay attacks, verifying the sender and ensuring data integrity.
ENCAPSULATED SECURITY PAYLOAD:By using symmetric algorithms, this protocol provides source authentication plus integrity. While transmission the algorithm needs to be same at both ends.
4. Types of organizations who can use Multipoint Virtual Private Network.
As per the scenario, we know Multi-Virtual Private Network provides dynamic interaction between two ends while interaction. Considering all the properties of Multipoint Virtual Private Network it can fit only in those organizations where there are possibilities of multi interaction, the interaction between different geographic locations . Some types are listed below.
MEDIUM SIZE ENTERPRISES: All medium-sized enterprises which have a wide network for interaction including several sites connected to a centralized data center use Multipoint Virtual Private Network system for data transmission. Examples are Financial, Retail and insurance companies which generally have branches at different geographical areas and remote access is necessary.
VPN SERVICE PROVIDERS:VPN service providers need to connect with several customers and their data traffic gets aggregated at a particular router, to avoid congestion Multipoint Virtual Private Network is preferred. These services provider Virtual Routing and Forwarding features, again to proceed that this Vpn is must. For virtual routing tunneling is required at a dynamic level and this feature is provided by Multipoint Virtual Network only.
EXTRANET ENTERPRISES:For securing traffic between partner sites and several enterprises, not a single spoke to spoke traffic is allowed nor from any end neither from any hub. These enterprises utilize Multipoint Virtual Private Network connectivity to establish connections with several business partners.
BANKS/ATM’s:Banks have several branches at different geographical locations, to access them dynamically and interact securely Multipoint Virtual Private network Connectivity is utilized.
WAN CONNECTIVITY BACKUP ENTERPRISES:In a wide area network remote access to private backup WAN’s is available over internet links as a solution to security.
SMALL ENTERPRISE OFFICES:In small enterprise offices Multipoint Virtual Network Connectivity is responsible for integration.
5. Advantages and disadvantages brought by the VPN to corporate networks
The virtual private network is very import technology for a network. The virtual private network is used in different types of the business and different corporation. Commonly it is used to provide security over the networks. In this session, I am describing different advantages and disadvantages of the virtual private network. They are following:
Advantages of the VPN
Remote control: The main advantage of the Virtual private network is that user can access data from the different place. Here the virtual private network is important because the user can access data which is stored at head office from the different location. By using this technique the head office can increase the productivity because different users can work from the different location for the same corporation so profit will be increased at the same time.
Sharing of the file: The other advantage is file sharing. Suppose that one regional office user wants to share some important file to another user who is in different regional office then this technology is best. By using this technology user can easily share important data and information one end to another end .
Use the feature of DMVPN;The DMVPN is the dynamic multipoint virtual private network. VPN use three main feature of DMVPN and they are confidentiality, integrity, and authentication. These three major features are used for security of the data and networks.
It is used for secure transmission of the file over the internet. The VPN will use two main topologies for file transmission between head office and regional office. Topologies are encryption and decryption of data. Suppose one user want to transfer file head office to regional office in a secure manner than by using encryption method user encrypts the data and he will send the encrypted data over the network. Advantage of this process is that nobody can read the encrypted data without decryption
The using this feature nobody can read and modify the data over the network. The corporation required this feature because the corporation handle different sensitive data over the internet so this feature can be accessed by the virtual private network.
By using the authentication feature only the authorized user can access the data over the network. The user will use encryption process to access the data. An authorized user can read the data by using specify key .
The VPN follow the tunneling. The tunneling protocol provides encapsulation facility. Tunneling will divide the data into small parts and datagram will contain the small parts. After this process, the datagram will be transferred from one end to another end. This is known as encapsulation and it will be used for security of the data.
Reduce network Complexity:
The complexity is the major problem for any network so the virtual private network is used to reduce the complexity of the networks because the VPN will not use the routing table for data transmission between Hubs and spokes.
Disadvantages of the VPN:
There are some disadvantages of the VPN networks in the corporation and they are following:
Speed: The speed of data transmission depends on a router when the number of devices connected to the router then it reduces the data transmission speed. It can become a negative factor for VPN.
Security design: The security of the VPN is to increase the complexity of the design it means experienced is required to handle the security of the network.
Cost: The virtual private network increases the cost for the system because the system will include different routers and different hardware component for different regions.
Scalability: The changes are difficult when the additional implementation is required. It is main disadvantages of VPN .
Virtual Private networks play a vital role in providing a secure network that too virtually, without connecting any lease lines.This report is a set of important features that Virtual Private network avails. All security features, organizations that implement the Vpn and the functionalities it provides, everything is covered in it. We have successfully implemented MGRE Vpn using IP security.
 S. Mariu, M. Marian, G. Dragoi and I. Raluca, "Virtual Enterprise Network based on IPSec VPN Solutions and Management", International Journal of Advanced Computer Science and Applications, vol. 3, no. 11, pp. 26-29, 2012.
 H. Lian and A. Faragó, "Optimizing Virtual Private Network Design Using a New Heuristic Optimization Method", ISRN Communications and Networking, vol. 2012, pp. 1-9, 2012.
 Microsoft, "How VPN Works: Virtual Private Network (VPN)", Microsoft, 2018. [Online]. Available: https://technet.microsoft.com/en-us/library/cc779919(v=ws.10).aspx. [Accessed: 02- Jan- 2018].
 Ccri, "Overview of Virtual Private Networks (VPNs)", Ccri, 2017. [Online]. Available: https://www.ccri.edu/it/network/vpn/. [Accessed: 02- Jan- 2018].
 T. Cladwell, "Network Security", Elsevier, vol. 2012, no. 6, pp. 14-18, 2012.
 Cisco, "Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Data Sheet", Cisco, 2018. [Online]. Available: https://www.cisco.com/c/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/data_sheet_c78-468520.html. [Accessed: 02- Jan- 2018].
 Cisco, "Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Data Sheet", Cisco, 2017. [Online]. Available: https://www.cisco.com/c/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/data_sheet_c78-468520.html. [Accessed: 02- Jan- 2018].
 Thrive Networks, "The Pros and Cons of Using a Virtual Private Network", Thrive Networks, 2018. [Online]. Available: https://www.thrivenetworks.com/blog/pros-and-cons-of-using-a-VPN/. [Accessed: 02- Jan- 2018].
 NordVPN, "The Advantages and Disadvantages of Connecting a VPN to Your Router", NordVPN, 2018. [Online]. Available: https://nordvpn.com/blog/the-advantages-and-disadvantages-of-connecting-a-vpn-to-your-router/. [Accessed: 02- Jan- 2018].
 A. Balchunas, "IPSEC Site-to-Site VPNs on an IOS Router", Routeralley. [Online]. Available: http://www.routeralley.com/guides/ipsec_site2site_router.pdf. [Accessed: 02- Jan- 2018].
 J. klomp, "P4 VPN Authentication", Authentication of VPN Traffic on a Network Device with P4, pp. 4-7, 2015.