Course 616: VPN Fundamentals

A VPN is a communications environment in which access is controlled to permit peer connections only within a defined community of interest, and is constructed though some form of partitioning of a common underlying communications medium, where this underlying communications medium provides services to the network on a non-exclusive basis.

Virtual private networks have become an essential part of today's business networks, as they provide a cost-effective means of assuring private internal and external communications over the shared Internet infrastructure. Virtual Private Networks: Technologies and Solutions is a comprehensive, practical guide to VPNs.

VPN Fundamentals includes VPN concepts and architectures,an in-depth examination of advanced features and functions such as tunneling, authentication, access control, VPN gateways, VPN clients, and VPN network and service management.

This course presents the various technology components, concrete solutions, and best practices you need to deploy and manage a highly successful VPN.

After completing this course, attendees will be able to:

• Understand IPsec, featuring the Authentication Header, Encapsulating Security Payload, Internet Key
  Exchange, and implementation details
• Understand PPTP, L2F, L2TP, and MPLS as VPN tunneling protocols
• Review Two-party and three-party authentication, including RADIUS and Kerberos
• Explore Public key infrastructure (PKI) concept and its integration into VPN solutions
• Understand Access control policies, mechanisms, and management, and their application to VPNs
• Review VPN gateway functions, including site-to-site intranet, remote access, and extranet
• Review Gateway configuration, provisioning, monitoring, and accounting
• Explore Gateway interaction with firewalls and routers
• Understand VPN client implementation issues, including interaction with operating systems
• Understand Client operation issues, including working with NAT, DNS, and link MTU limits
• Explore VPN service and network management architectures and tunnel and security management
• Review successful VPN deployments
• Discuss successful and unsuccessful VPN deployments
• Step through a practical process for managing a VPN deployment project
• Explore the current and future market trends

Introduction

• VPN Definition
• Potential Uses and Benefits
• VPN Motivation
• The VPN Market
• VPN Requirements
• Building Blocks of a VPN
• VPN Technologies
• VPN Topology
• VPN Protocols
• VPN versus Mobile IP

VPN Architectures

• VPN Requirements, Building Blocks, and Architectures
• Implementer-based VPN Architectures
• Security-based VPN Architectures
• Layer-based VPN Architectures
• Class-based VPN Architectures Site-to-Site Intranet VPNs
• Remote Access VPNs
• Extranet VPNs

Key Aspects of VPN Security

• Overview of Network Security
• Internet Architecture
• Security Issues Connecting to Internet
• Relevant Cryptography
• Generic Secure Channel
• Cryptography
• Shared Key Cryptography
• Public Key Cryptography
• Digital Signatures
• Message Authentication Codes

Tunnels and VPN

• Data Integrity and Confidentiality.
• VPN Tunneling Protocols
• PPTP
• L2F
• L2TP
• Ipsec
• MPLS

Point-to-Point Protocol (PPP)

• Overview and Basic Operation
• Basis for L2 VPN Protocols
• Major Components
• Wire Authentication Protocols
• Backend Authentication Servers
• Configuration of Network Protocols

Layer Two VPN Protocols

• Common Aspects
• Advantages and Disadvantages
• Layer Two Forwarding (L2F)
• Point-to-Point Tunneling Protocol (PPTP)
• Layer Two Tunneling Protocol (L2TP)

IP Security Protocol (IPSEC)

• Basic IPsec Concepts
• IPsec and VPNs
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
• Internet Key Exchange (IKE)
• Operational Modes
• Security Associations
• Mandatory Configurations
• Issues with Remote Access
• Key Management
• ANX Implementation
• L2TP with IPSEC
• Phase 1 Negotiation
• Phase 2 Negotiation
• IPsec Implementation

Authentication and access control in VPN

• PAP and CHAP
• PPP Authentication
• RADIUS
• S/KEY and OTP
• Trusted Third-Party Authentication
• Kerberos
• X.509 Public Key Infrastructure
• Pretty Good Privacy Trust Model
• Authentication in VPNs
• Gateway-Gateway Authentication
• Access Control Policy
• Access Control Rules
• Access Control Lists
• Access Control Policy Management
• Access Control in VPNs

Public Key Infrastructure (PKI) and VPNs

• PKI Architecture
• Certification
• Validation
• Trust Models
• Digital Certificate Formats
• X.509 Digital Certificate
• Certificate Management System
• Certificate Protocols
• Certificate Use in VPNs

VPN SOLUTIONS and implementations

• Assessing Your Environment and Needs
• Design Methodology
• Basic Administrative Tasks
• VPN Project Management
• Successful VoIP deployments
• A practical process for managing a VoIP deployment project
• VPN Gateways.
• Gateway Configuration and Provisioning
• VPN Gateway and Firewall
• VPN Design Issues
• A VPN Solution Scenario
• VPN Clients
• Alternative VPN Clients
• A Remote Access VPN Scenario

QOS and Performance Issues

• Factors Affecting Performance
• QOS Defined
• TCP Operation
• Broad Protocol Options
• Applicability to VPNs
• Role of the ISP

Multiprotocol Label Switching (MPLS)

• Evolution of Typical ISP Backbone
• Attempts at Switching IP Traffic
• Applicability to VPNs

VPN Network and Service Management

• Network Management Architecture
• Network Management Protocols
• Applicable MIBs and Probes
• SNMP Issues
• VPN Service Management.
• Service Level Agreement.
• Network Operations Center (NOCs)
• Redundancy and Load-balancing
• Integration with Existing Security

Survey of VPN Products and Services

• Product Categories
• Vendor Survey
• Factors in Product Selection
• Outsourcing Options
• Future Trends

Feedback from Students attending this course:

The course was very well balanced and the instructor communicated very well with me He provided excellent analogies to familiar things to help conceptual understanding. Overall the course, the material, the presentation was excellent. Howard Carlin , National Weather Service Headquarter Silver Spring, MD, Baltimore July 2004 The instructor's knowledgeable and command of subject was excellent and was excellently prepared. He was very professional and enthusiastic . Christopher White, National Weather Service Headquarter Silver Spring, MD, Baltimore July 2004 Stimulation of open exchange ideas, participation and group interaction was excellent. The instructor was very well prepared and answered all questions This class was very relevant to my organization and the instructor was very professional. Christopher D. Parrise, National Weather Service Headquarter Silver Spring, MD, Baltimore July 2004 The instructor explained the subject very clearly, was sufficiently prepared and had excellent knowledge of the subject. The course was relevant to my company and he answered all my questions. Herbert A. Hawkins, National Weather Service Headquarter Silver Spring, MD, Baltimore July 2004