Intel / Shiva VPN Solutions Stephen Wong System Engineer 1

Intel / Shiva VPN Solutions
Stephen Wong
System Engineer
1
Agenda
•
•
•
•
•
VPN Concept
VPN Benefit
Shiva VPN Suite
Case Study - Open University
Conclusion
2
VPN Provides a New Option
•
A VPN (Virtual Private Network) Is a Technology That Connects
Individuals and Systems Securely Over the Internet.
Branch Office
Remote
LAN
VPN
Client
Headquarters
VPN
Gateway
Internet
VPN
Gateway
Corporate
LAN
ISP
Modems
Traveling Employee
or Telecommuter
3
Remote Access:
Dial and VPN
Local
Long Distance
Telephone
Network
Local
Corporate
Modems
VPN
Client
LAN
Secure VPN Tunnel
ISP
Modems
Internet
Router/
Firewall
VPN
Gateway
4
LAN-to-LAN:
Leased Line and VPN
Chicago
San
Francisco
New York
Dallas
Fully Meshed Leased
Line or Frame Relay
Network
Chicago
San
Francisco
Internet
New York
Fully meshed VPN network
Dallas
5
VPN Benefits
• Save Money (Reduce NW Costs by 30-60%)
– Eliminate long distance charges
– Reduce private leased line charges
• Increase Business Speed and Flexibility
– Internet can be accessed everywhere through many
technologies
– Internet capacity is available on demand
6
VPN Technology
• Basic VPN Concepts
– Tunneling
– Encryption
– Authentication
• Associated VPN Concepts
– Routing
– Firewalling
– Load Balancing
7
Basics: Tunneling
Internet
Definition
Tunnels are a method of transmitting private data over public
networks
Tunnels employ a technique called “encapsulation”
Secure Tunnels are tunnels that guarantee the privacy and integrity
of the transmitted data and the authenticity of the parties
communicating
Standards Alternatives
PPTP, L2F, L2TP (Layer 2, Remote Access Only, Not Secure)
IPSec (Layer 3, Remote Access AND LAN-to-LAN, Strong Security)
Tunneling Benefits
hides network topology and application information
connect “un-routed” networks across the Internet
8
Basics: Encryption
• Encryption Ensures the Privacy and
Integrity of Transmitted Data
• Encryption Terms
–
–
–
–
DES - encryption standard (also known as 56-bit)
3DES - 168-bit encryption standard; most secure
Public and Private keys
IKE - Internet Key Exchange
• Level of Security Is Dependent On:
– Strength of the underlying algorithm
– Key length (512, 1024, or 2048-bit)
– Frequency of key change
9
Basics: Authentication
• Authentication
Guarantees the Identity
and Authority of the VPN
Participants
• Choices Include:
– Technologies: passwords,
challenge phrase, tokens with onetime passwords, and X.509 digital
certificates
– Products: NT Domains, NDS,
RADIUS, SDI, Entrust, Shiva CA
• A VPN Solution Should Allow
You to Choose the
Authentication Method That
Matches Your Needs
10
Shiva’s VPN Suite
11
VPN Components
• LanRover VPN Gateway
–
–
–
–
Dedicated Hardware Platform
Dedicated Triple-DES acceleration hardware
Integrated ICSA-certified firewall & routing
Scalability (load balancing & redundancy)
• Shiva VPN Client for Windows 95, 98 and NT
– Transparent to end user
– Works with existing client and server applications
• Shiva Certificate Authority
– Best security available
• Shiva VPN Manager
– Centralized management of distributed gateways
12
Shiva VPN Client
• Client Software for Windows 95, 98, and NT
Platforms
• Establishes an Encrypted Tunnel From the
Client to the LanRover VPN Gateway
– Supports the same tunneling, encryption and
authentication protocols as LanRover VPN
Gateway
• Interoperates Transparently With Existing
Business Applications Such As E-mail and
Databases
• Supports Dial-up, Cable Modem, DSL and
LAN Connections
• Supports Compression for Improved
Performance
13
Case Studies - Open University
(Intel / Shiva VPN Solution)
Remote Access
14
Case Study - Open University
ISSUES
– Security for remote users (encryption, tunneling,
authentication)
– Sensitive information (Course material, etc)
– Long distance charges for oversea students
– Protect internal network with Firewall
– Same username and password in different
applications(e.g. RAS, VPN, Mail, etc)
15
Case Study - Open University
• Open University:
– An University base in Hong Kong
• SOLUTION
– Shiva VPN Client provides access through VPN tunnels
– Security with encryption, tunneling and digital certificates
– No long distance charges
– ICSA-Certified firewall in Shiva VPN Gateway
– In process of replacing frame relay with office to office
VPN across the Internet
– Shiva Access Manager provide Integrated VPN and RAS
solution and provide proxy services to UNIX, KEBEROS
16
Case Study: Education
Benefits:
• Extend the campus
network to remote
students
• Eliminate long
distance toll charges
• Supplement directdial capacity
• Single Login for
UNIX, RAS, VPN
Shiva VPN Client
ISP
POP
Internet
Management
Consultant
dialing any local ISP
Router
LanRover
VPN Gateway
Open University
Shiva
Access
Manager
Library System
File
Servers
17
Conclusion
•
•
•
•
Save Money (Reduce NW Costs by 30-60%)
Increase Business Speed and Flexibility
Improve Security
Use Existing Applications, Infrastructure and
User Environments
• Build a secured, easy to use, scalable and
standard base Business Network
• Increase your Business competitiveness thru
Intel / Shiva VPN
18
Thank You
stephen.wong@intel.com
19