CheckPoint VPN Presentation

Views:
 
Category: Education
     
 

Presentation Description

No description available.

Comments

By: juls4u (96 month(s) ago)

please send Checkpoint presentation to jullian@ideaonthink.com

By: juls4u (96 month(s) ago)

please send Checkpoint presentation to jullian@ideaonthink.com

By: jagirankit8000 (102 month(s) ago)

plz. send to my email id jagirankit8000@gmail.com i want to present this topic in my class. so interesting subject.

By: kcsbus (109 month(s) ago)

I am instructor at Charter College teaching this course, this would be very helpful to my students. Please could you send me a copy of these slides. I would greatly appreciated. You can send it to lionel.maybin@gmail.com.

By: spjena2000 (120 month(s) ago)

It's really very useful as it contains all fundamental in detail reg vpn.I would like to have this soft copy with me.Can u pls send me it to my email, spjena2000@gmail.com Thanks & Regards Smruti

See all

Presentation Transcript

An Introduction to VPN Technology: 

An Introduction to VPN Technology QTS Ongoing Education Series

Check Point Facts: 

Check Point Facts History Founded June 1993 IPO June 1996 Strong growth in revenues and profits Global market leadership 62% VPN market share (Datamonitor, 2001) 42% firewall market share (#1 Position - IDC, 2000) De-facto standard for Internet security Strong business model Technology innovation and leadership Technology partnerships Strong and diversified channel partnerships Check Point Software

Check Point’s Solid Foundation: 

Check Point’s Solid Foundation Financial Strength Last 12 Months Revenues of $543M Profit of $313M Strong Balance Sheet Market Leadership 220,000+ Installations 100,000+ VPN Gateways 83 Million+ VPN Clients 81,000+ Customers 1,500+ Channel Partners 300+ OPSEC Partners 100

Platform Choice - Open: 

Platform Choice - Open Dedicated Appliances (Check Point Pioneered the market) Entry Level Easy set up Enterprise Class Network Grade Data Center & ISPs High Performance / Carrier Class Future Platforms Consumer & Small Business Cable & DSL Wireless GPRS, 2.5G-3G Infrastructure Multi-Subscriber Service Providers Network Services Open Systems Attractive Price/Performance Wide Variety of Platforms 60-80% of the Market Flexibility

OPSEC Partners: 

OPSEC Partners Open framework for security integration - “The Security OS” Over 270 partners Breadth of solutions Choice Certification www.OPSEC.com Voted #1 Partner Alliance Program The Open Platform for Security

Enhanced Management Capabilities: 

Enhanced Management Capabilities SecureUpdate for OPSEC Partners Central management of software install for OPSEC applications OPSEC Application monitoring Central monitoring of OPSEC applications alongside Check Point products Open Management repository Import/Export objects from management database

Agenda: 

Agenda What is a Virtual Private Network (VPN)? VPN deployment situations Why use VPNs? Types of VPN protocols IPSec VPNs Components A sample session Deployment questions

What is a VPN?: 

What is a VPN? A VPN is a private connection over an open network A VPN includes authentication and encryption to protect data integrity and confidentiality Internet Acme Corp Acme Corp Site 2

Types of VPNs: 

Types of VPNs Remote Access VPN Provides access to internal corporate network over the Internet Reduces long distance, modem bank, and technical support costs Internet Corporate Site

Types of VPNs: 

Types of VPNs Remote Access VPN Site-to-Site VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines Internet Branch Office Corporate Site

Types of VPNs: 

Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs Corporate Site Internet Partner #1 Partner #2

Types of VPNs: 

Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Client/Server VPN Protects sensitive internal communications Most attacks originate within an organization Internet LAN clients Database Server LAN clients with sensitive data

Alternate Technologies: 

Alternate Technologies Site-to-site/extranets Frame relay, leased lines Remote access Dial up modem banks

Why Use Virtual Private Networks?: 

Why Use Virtual Private Networks? More flexibility Leverage ISP point of presence Use multiple connection types (cable, DSL, T1, T3)

Why Use Virtual Private Networks?: 

Why Use Virtual Private Networks? More flexibility More scalability Add new sites, users quickly Scale bandwidth to meet demand

Why Use Virtual Private Networks?: 

Why Use Virtual Private Networks? More flexibility More scalability Lower costs Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical support

VPN-1 Return on Investment: 

VPN-1 Return on Investment 5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88% Case History – Professional Services Company

VPN ROI Calculator: 

VPN ROI Calculator Tool URL: http://www.checkpoint.com/products/vpn1/roi_calculators/index.html

Components of a VPN: 

Components of a VPN Encryption Message authentication Entity authentication Key management

Point-to-Point Tunneling Protocol: 

Point-to-Point Tunneling Protocol Layer 2 remote access VPN distributed with Windows product family Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 Protocols Uses proprietary authentication and ancryption Limited user management and scalability Known security vulnerabilities Remote PPTP Client ISP Remote Access Switch PPTP RAS Server Corporate Network

Layer 2 Tunneling Protocol (L2TP): 

Layer 2 Tunneling Protocol (L2TP) Layer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Does not include packet authentication, data integrity, or key management Must be combined with IPSec for enterprise-level security Remote L2TP Client ISP L2TP Concentrator L2TP Server Corporate Network

Internet Protocol Security (IPSec): 

Internet Protocol Security (IPSec) Layer 3 protocol for remote access, intranet, and extranet VPNs Internet standard for VPNs Provides flexible encryption and message authentication/integrity Includes key management

Components of an IPSec VPN: 

Components of an IPSec VPN Encryption Message Authentication Entity Authentication Key Management DES, 3DES, and more HMAC-MD5, HMAC-SHA-1, or others Digital Certificates, Shared Secrets,Hybrid Mode IKE Internet Key Exchange (IKE), Public Key Infrastructure (PKI) All managed by security associations (SAs)

Security Associations: 

Security Associations An agreement between two parties about: Authentication and encryption algorithms Key exchange mechanisms And other rules for secure communications Security associations are negotiated at least once per session – possibly more often for additional security

Encryption Explained: 

Encryption Explained Used to convert data to a secret code for transmission over an untrusted network Encryption Algorithm “The cow jumped over the moon” “4hsd4e3mjvd3sd a1d38esdf2w4d” Clear Text Encrypted Text

Symmetric Encryption: 

Symmetric Encryption Same key used to encrypt and decrypt message Faster than asymmetric encryption Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5, Rijndael Shared Secret Key

Asymmetric Encryption: 

Asymmetric Encryption Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or message integrity Examples include RSA, DSA, SHA-1, MD-5 Alice Public Key Encrypt Alice Private Key Decrypt Bob Alice

Key Management: 

Key Management Shared Secret Simplest method; does not scale Two sites share key out-of-band (over telephone, mail, etc) Public Key Infrastructure Provides method of issuing and managing public/private keys for large deployments Internet Key Exchange Automates the exchange of keys for scalability and efficiency

What are Keys?: 

What are Keys? An Encryption Key is: A series of numbers and letters… …used in conjunction with an encryption algorithm… …to turn plain text into encrypted text and back into plain text The longer the key, the stronger the encryption

What is Key Management?: 

What is Key Management? A mechanism for distributing keys either manually or automatically Includes: Key generation Certification Distribution Revocation

Internet Key Exchange (IKE): 

Internet Key Exchange (IKE) Automates the exchange of security associations and keys between two VPN sites IKE provides: Automation and scalability Improved security Encryption keys be changed frequently Hybrid IKE Proposed standard designed by Check Point Allows use of existing authentication methods

Different Types of VPN/Firewall Topologies: 

VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service Different Types of VPN/Firewall Topologies

Different Types of VPN/Firewall Topologies: 

VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service Different Types of VPN/Firewall Topologies

Protecting Remote Access VPNs: 

Protecting Remote Access VPNs The Problem: Remote access VPN clients can be “hijacked” Allows attackers into internal network The Solution: Centrally managed personal firewall on VPN clients Internet Attacker Cable or xDSL

Summary: 

Summary Virtual Private Networks have become mission-critical applications IPSec is the leading protocol for creating enterprise VPNs Provides encryption, authentication, and data integrity Organizations should look for: Integrated firewalls and VPNs Centralized management of VPN client security A method to provide VPN QoS

authorStream Live Help