logging in or signing up CheckPoint VPN Presentation Lilly Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 7043 Category: Education License: All Rights Reserved Like it (8) Dislike it (0) Added: April 22, 2008 This Presentation is Public Favorites: 3 Presentation Description No description available. Comments Posting comment... By: juls4u (6 month(s) ago) please send Checkpoint presentation to jullian@ideaonthink.com Saving..... Post Reply Close Saving..... Edit Comment Close By: juls4u (6 month(s) ago) please send Checkpoint presentation to jullian@ideaonthink.com Saving..... Post Reply Close Saving..... Edit Comment Close By: jagirankit8000 (11 month(s) ago) plz. send to my email id jagirankit8000@gmail.com i want to present this topic in my class. so interesting subject. Saving..... Post Reply Close Saving..... Edit Comment Close By: kcsbus (18 month(s) ago) I am instructor at Charter College teaching this course, this would be very helpful to my students. Please could you send me a copy of these slides. I would greatly appreciated. You can send it to lionel.maybin@gmail.com. Saving..... Post Reply Close Saving..... Edit Comment Close By: spjena2000 (30 month(s) ago) It's really very useful as it contains all fundamental in detail reg vpn.I would like to have this soft copy with me.Can u pls send me it to my email, spjena2000@gmail.com Thanks & Regards Smruti Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript An Introduction to VPN Technology: An Introduction to VPN Technology QTS Ongoing Education SeriesCheck Point Facts: Check Point Facts History Founded June 1993 IPO June 1996 Strong growth in revenues and profits Global market leadership 62% VPN market share (Datamonitor, 2001) 42% firewall market share (#1 Position - IDC, 2000) De-facto standard for Internet security Strong business model Technology innovation and leadership Technology partnerships Strong and diversified channel partnerships Check Point SoftwareCheck Point’s Solid Foundation: Check Point’s Solid Foundation Financial Strength Last 12 Months Revenues of $543M Profit of $313M Strong Balance Sheet Market Leadership 220,000+ Installations 100,000+ VPN Gateways 83 Million+ VPN Clients 81,000+ Customers 1,500+ Channel Partners 300+ OPSEC Partners 100Platform Choice - Open: Platform Choice - Open Dedicated Appliances (Check Point Pioneered the market) Entry Level Easy set up Enterprise Class Network Grade Data Center & ISPs High Performance / Carrier Class Future Platforms Consumer & Small Business Cable & DSL Wireless GPRS, 2.5G-3G Infrastructure Multi-Subscriber Service Providers Network Services Open Systems Attractive Price/Performance Wide Variety of Platforms 60-80% of the Market FlexibilityOPSEC Partners: OPSEC Partners Open framework for security integration - “The Security OS” Over 270 partners Breadth of solutions Choice Certification www.OPSEC.com Voted #1 Partner Alliance Program The Open Platform for SecurityEnhanced Management Capabilities: Enhanced Management Capabilities SecureUpdate for OPSEC Partners Central management of software install for OPSEC applications OPSEC Application monitoring Central monitoring of OPSEC applications alongside Check Point products Open Management repository Import/Export objects from management database Agenda: Agenda What is a Virtual Private Network (VPN)? VPN deployment situations Why use VPNs? Types of VPN protocols IPSec VPNs Components A sample session Deployment questions What is a VPN?: What is a VPN? A VPN is a private connection over an open network A VPN includes authentication and encryption to protect data integrity and confidentiality Internet Acme Corp Acme Corp Site 2Types of VPNs: Types of VPNs Remote Access VPN Provides access to internal corporate network over the Internet Reduces long distance, modem bank, and technical support costs Internet Corporate SiteTypes of VPNs: Types of VPNs Remote Access VPN Site-to-Site VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines Internet Branch Office Corporate SiteTypes of VPNs: Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs Corporate Site Internet Partner #1 Partner #2Types of VPNs: Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Client/Server VPN Protects sensitive internal communications Most attacks originate within an organization Internet LAN clients Database Server LAN clients with sensitive dataAlternate Technologies: Alternate Technologies Site-to-site/extranets Frame relay, leased lines Remote access Dial up modem banksWhy Use Virtual Private Networks?: Why Use Virtual Private Networks? More flexibility Leverage ISP point of presence Use multiple connection types (cable, DSL, T1, T3) Why Use Virtual Private Networks?: Why Use Virtual Private Networks? More flexibility More scalability Add new sites, users quickly Scale bandwidth to meet demandWhy Use Virtual Private Networks?: Why Use Virtual Private Networks? More flexibility More scalability Lower costs Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical support VPN-1 Return on Investment: VPN-1 Return on Investment 5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88% Case History – Professional Services CompanyVPN ROI Calculator: VPN ROI Calculator Tool URL: http://www.checkpoint.com/products/vpn1/roi_calculators/index.htmlComponents of a VPN: Components of a VPN Encryption Message authentication Entity authentication Key managementPoint-to-Point Tunneling Protocol: Point-to-Point Tunneling Protocol Layer 2 remote access VPN distributed with Windows product family Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 Protocols Uses proprietary authentication and ancryption Limited user management and scalability Known security vulnerabilities Remote PPTP Client ISP Remote Access Switch PPTP RAS Server Corporate Network Layer 2 Tunneling Protocol (L2TP): Layer 2 Tunneling Protocol (L2TP) Layer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Does not include packet authentication, data integrity, or key management Must be combined with IPSec for enterprise-level security Remote L2TP Client ISP L2TP Concentrator L2TP Server Corporate NetworkInternet Protocol Security (IPSec): Internet Protocol Security (IPSec) Layer 3 protocol for remote access, intranet, and extranet VPNs Internet standard for VPNs Provides flexible encryption and message authentication/integrity Includes key managementComponents of an IPSec VPN: Components of an IPSec VPN Encryption Message Authentication Entity Authentication Key Management DES, 3DES, and more HMAC-MD5, HMAC-SHA-1, or others Digital Certificates, Shared Secrets,Hybrid Mode IKE Internet Key Exchange (IKE), Public Key Infrastructure (PKI) All managed by security associations (SAs)Security Associations: Security Associations An agreement between two parties about: Authentication and encryption algorithms Key exchange mechanisms And other rules for secure communications Security associations are negotiated at least once per session – possibly more often for additional securityEncryption Explained: Encryption Explained Used to convert data to a secret code for transmission over an untrusted network Encryption Algorithm “The cow jumped over the moon” “4hsd4e3mjvd3sd a1d38esdf2w4d” Clear Text Encrypted TextSymmetric Encryption: Symmetric Encryption Same key used to encrypt and decrypt message Faster than asymmetric encryption Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5, Rijndael Shared Secret KeyAsymmetric Encryption: Asymmetric Encryption Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or message integrity Examples include RSA, DSA, SHA-1, MD-5 Alice Public Key Encrypt Alice Private Key Decrypt Bob AliceKey Management: Key Management Shared Secret Simplest method; does not scale Two sites share key out-of-band (over telephone, mail, etc) Public Key Infrastructure Provides method of issuing and managing public/private keys for large deployments Internet Key Exchange Automates the exchange of keys for scalability and efficiencyWhat are Keys?: What are Keys? An Encryption Key is: A series of numbers and letters… …used in conjunction with an encryption algorithm… …to turn plain text into encrypted text and back into plain text The longer the key, the stronger the encryptionWhat is Key Management?: What is Key Management? A mechanism for distributing keys either manually or automatically Includes: Key generation Certification Distribution Revocation Internet Key Exchange (IKE): Internet Key Exchange (IKE) Automates the exchange of security associations and keys between two VPN sites IKE provides: Automation and scalability Improved security Encryption keys be changed frequently Hybrid IKE Proposed standard designed by Check Point Allows use of existing authentication methods Different Types of VPN/Firewall Topologies: VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service Different Types of VPN/Firewall TopologiesDifferent Types of VPN/Firewall Topologies: VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service Different Types of VPN/Firewall TopologiesProtecting Remote Access VPNs: Protecting Remote Access VPNs The Problem: Remote access VPN clients can be “hijacked” Allows attackers into internal network The Solution: Centrally managed personal firewall on VPN clients Internet Attacker Cable or xDSLSummary: Summary Virtual Private Networks have become mission-critical applications IPSec is the leading protocol for creating enterprise VPNs Provides encryption, authentication, and data integrity Organizations should look for: Integrated firewalls and VPNs Centralized management of VPN client security A method to provide VPN QoS You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
CheckPoint VPN Presentation Lilly Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 7043 Category: Education License: All Rights Reserved Like it (8) Dislike it (0) Added: April 22, 2008 This Presentation is Public Favorites: 3 Presentation Description No description available. Comments Posting comment... By: juls4u (6 month(s) ago) please send Checkpoint presentation to jullian@ideaonthink.com Saving..... Post Reply Close Saving..... Edit Comment Close By: juls4u (6 month(s) ago) please send Checkpoint presentation to jullian@ideaonthink.com Saving..... Post Reply Close Saving..... Edit Comment Close By: jagirankit8000 (11 month(s) ago) plz. send to my email id jagirankit8000@gmail.com i want to present this topic in my class. so interesting subject. Saving..... Post Reply Close Saving..... Edit Comment Close By: kcsbus (18 month(s) ago) I am instructor at Charter College teaching this course, this would be very helpful to my students. Please could you send me a copy of these slides. I would greatly appreciated. You can send it to lionel.maybin@gmail.com. Saving..... Post Reply Close Saving..... Edit Comment Close By: spjena2000 (30 month(s) ago) It's really very useful as it contains all fundamental in detail reg vpn.I would like to have this soft copy with me.Can u pls send me it to my email, spjena2000@gmail.com Thanks & Regards Smruti Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript An Introduction to VPN Technology: An Introduction to VPN Technology QTS Ongoing Education SeriesCheck Point Facts: Check Point Facts History Founded June 1993 IPO June 1996 Strong growth in revenues and profits Global market leadership 62% VPN market share (Datamonitor, 2001) 42% firewall market share (#1 Position - IDC, 2000) De-facto standard for Internet security Strong business model Technology innovation and leadership Technology partnerships Strong and diversified channel partnerships Check Point SoftwareCheck Point’s Solid Foundation: Check Point’s Solid Foundation Financial Strength Last 12 Months Revenues of $543M Profit of $313M Strong Balance Sheet Market Leadership 220,000+ Installations 100,000+ VPN Gateways 83 Million+ VPN Clients 81,000+ Customers 1,500+ Channel Partners 300+ OPSEC Partners 100Platform Choice - Open: Platform Choice - Open Dedicated Appliances (Check Point Pioneered the market) Entry Level Easy set up Enterprise Class Network Grade Data Center & ISPs High Performance / Carrier Class Future Platforms Consumer & Small Business Cable & DSL Wireless GPRS, 2.5G-3G Infrastructure Multi-Subscriber Service Providers Network Services Open Systems Attractive Price/Performance Wide Variety of Platforms 60-80% of the Market FlexibilityOPSEC Partners: OPSEC Partners Open framework for security integration - “The Security OS” Over 270 partners Breadth of solutions Choice Certification www.OPSEC.com Voted #1 Partner Alliance Program The Open Platform for SecurityEnhanced Management Capabilities: Enhanced Management Capabilities SecureUpdate for OPSEC Partners Central management of software install for OPSEC applications OPSEC Application monitoring Central monitoring of OPSEC applications alongside Check Point products Open Management repository Import/Export objects from management database Agenda: Agenda What is a Virtual Private Network (VPN)? VPN deployment situations Why use VPNs? Types of VPN protocols IPSec VPNs Components A sample session Deployment questions What is a VPN?: What is a VPN? A VPN is a private connection over an open network A VPN includes authentication and encryption to protect data integrity and confidentiality Internet Acme Corp Acme Corp Site 2Types of VPNs: Types of VPNs Remote Access VPN Provides access to internal corporate network over the Internet Reduces long distance, modem bank, and technical support costs Internet Corporate SiteTypes of VPNs: Types of VPNs Remote Access VPN Site-to-Site VPN Connects multiple offices over Internet Reduces dependencies on frame relay and leased lines Internet Branch Office Corporate SiteTypes of VPNs: Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Provides business partners access to critical information (leads, sales tools, etc) Reduces transaction and operational costs Corporate Site Internet Partner #1 Partner #2Types of VPNs: Types of VPNs Remote Access VPN Site-to-Site VPN Extranet VPN Client/Server VPN Protects sensitive internal communications Most attacks originate within an organization Internet LAN clients Database Server LAN clients with sensitive dataAlternate Technologies: Alternate Technologies Site-to-site/extranets Frame relay, leased lines Remote access Dial up modem banksWhy Use Virtual Private Networks?: Why Use Virtual Private Networks? More flexibility Leverage ISP point of presence Use multiple connection types (cable, DSL, T1, T3) Why Use Virtual Private Networks?: Why Use Virtual Private Networks? More flexibility More scalability Add new sites, users quickly Scale bandwidth to meet demandWhy Use Virtual Private Networks?: Why Use Virtual Private Networks? More flexibility More scalability Lower costs Reduced frame relay/leased line costs Reduced long distance Reduced equipment costs (modem banks,CSU/DSUs) Reduced technical support VPN-1 Return on Investment: VPN-1 Return on Investment 5 branch offices, 1 large corporate office, 200 remote access users. Payback: 1.04 months. Annual Savings: 88% Case History – Professional Services CompanyVPN ROI Calculator: VPN ROI Calculator Tool URL: http://www.checkpoint.com/products/vpn1/roi_calculators/index.htmlComponents of a VPN: Components of a VPN Encryption Message authentication Entity authentication Key managementPoint-to-Point Tunneling Protocol: Point-to-Point Tunneling Protocol Layer 2 remote access VPN distributed with Windows product family Addition to Point-to-Point Protocol (PPP) Allows multiple Layer 3 Protocols Uses proprietary authentication and ancryption Limited user management and scalability Known security vulnerabilities Remote PPTP Client ISP Remote Access Switch PPTP RAS Server Corporate Network Layer 2 Tunneling Protocol (L2TP): Layer 2 Tunneling Protocol (L2TP) Layer 2 remote access VPN protocol Combines and extends PPTP and L2F (Cisco supported protocol) Weak authentication and encryption Does not include packet authentication, data integrity, or key management Must be combined with IPSec for enterprise-level security Remote L2TP Client ISP L2TP Concentrator L2TP Server Corporate NetworkInternet Protocol Security (IPSec): Internet Protocol Security (IPSec) Layer 3 protocol for remote access, intranet, and extranet VPNs Internet standard for VPNs Provides flexible encryption and message authentication/integrity Includes key managementComponents of an IPSec VPN: Components of an IPSec VPN Encryption Message Authentication Entity Authentication Key Management DES, 3DES, and more HMAC-MD5, HMAC-SHA-1, or others Digital Certificates, Shared Secrets,Hybrid Mode IKE Internet Key Exchange (IKE), Public Key Infrastructure (PKI) All managed by security associations (SAs)Security Associations: Security Associations An agreement between two parties about: Authentication and encryption algorithms Key exchange mechanisms And other rules for secure communications Security associations are negotiated at least once per session – possibly more often for additional securityEncryption Explained: Encryption Explained Used to convert data to a secret code for transmission over an untrusted network Encryption Algorithm “The cow jumped over the moon” “4hsd4e3mjvd3sd a1d38esdf2w4d” Clear Text Encrypted TextSymmetric Encryption: Symmetric Encryption Same key used to encrypt and decrypt message Faster than asymmetric encryption Used by IPSec to encrypt actual message data Examples: DES, 3DES, RC5, Rijndael Shared Secret KeyAsymmetric Encryption: Asymmetric Encryption Different keys used to encrypt and decrypt message (One public, one private) Provides non-repudiation of message or message integrity Examples include RSA, DSA, SHA-1, MD-5 Alice Public Key Encrypt Alice Private Key Decrypt Bob AliceKey Management: Key Management Shared Secret Simplest method; does not scale Two sites share key out-of-band (over telephone, mail, etc) Public Key Infrastructure Provides method of issuing and managing public/private keys for large deployments Internet Key Exchange Automates the exchange of keys for scalability and efficiencyWhat are Keys?: What are Keys? An Encryption Key is: A series of numbers and letters… …used in conjunction with an encryption algorithm… …to turn plain text into encrypted text and back into plain text The longer the key, the stronger the encryptionWhat is Key Management?: What is Key Management? A mechanism for distributing keys either manually or automatically Includes: Key generation Certification Distribution Revocation Internet Key Exchange (IKE): Internet Key Exchange (IKE) Automates the exchange of security associations and keys between two VPN sites IKE provides: Automation and scalability Improved security Encryption keys be changed frequently Hybrid IKE Proposed standard designed by Check Point Allows use of existing authentication methods Different Types of VPN/Firewall Topologies: VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service Different Types of VPN/Firewall TopologiesDifferent Types of VPN/Firewall Topologies: VPN device is vulnerable to attack eg. denial of service Two connections to the firewall for every communication request Bypasses security policy Denial of service Different Types of VPN/Firewall TopologiesProtecting Remote Access VPNs: Protecting Remote Access VPNs The Problem: Remote access VPN clients can be “hijacked” Allows attackers into internal network The Solution: Centrally managed personal firewall on VPN clients Internet Attacker Cable or xDSLSummary: Summary Virtual Private Networks have become mission-critical applications IPSec is the leading protocol for creating enterprise VPNs Provides encryption, authentication, and data integrity Organizations should look for: Integrated firewalls and VPNs Centralized management of VPN client security A method to provide VPN QoS