Development and Technological Features of Virtual Private Networks

Virtualna privatna mreža (VPN) je tehnologija kod koje se podaci između korisnika putem Interneta prenose do lokalne mreže, a u tu svrhu koriste se posebni programi i protokoli. Situacije u kojima podaci koji putuju mrežom nisu adekvatno zaštićeni može doći do neželjenih posljedica, poput neovlaštenog pristupa podacima. Upravo iz tog razloga nastale su virtualne privatne mreže kao način da se osigura prijenos osjetljivih podataka preko javne mreže. U ovom radu detaljnije će biti analiziran razvoj i tehnološke značajke virtualnih privatnih mreža uključujući i tehnologije za prijenos podataka unutar spomenutih mreža, protokoli za tuneliranje te dvije vrste VPN-a, Remote-access VPN i Site-to-site VPN. Također, prikazan će biti i osvrt na budući razvoj virtualnih privatnih mreža.The Virtual Private Network (VPN) is a tehnology where data is transmitted to the local area network by user over the Internet, and special programs and protocols are used for this purpose. Situations in which network data are not adequately protected can lead to unwanted consequences such as unauthorized access to data. For this reason, virtual private networks, were created as a way to ensure the transmission of sensitive data over the public network. In this thesis, the development and technological features of virtual private networks, including data transfer technologies within said networks, tunneling protocols, and two VPN's, Remote-access VPN's and Site-to-site VPN's, will be further analyzed. Also, an overview of the future development of virtual private networks will be presented

Virtual Private Network Management

Nowadays Cisco routers are mainly configured with CLI (Command Line Interface). However, Cisco offers some GUI (Graphical User Interface) management tools like SDM (Security Device Manager) and CNA (Cisco Network Assistant). Although these are not widely used at this time, it tends to be familiar by all network managers, especially for the use of SDM, which is introduced in great details on CCNP and CCNA Security courses. SDM is a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues. A VPN (Virtual Private Network) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network. Its aim is to avoid an expensive system of leased lines that can be used by only one organization. The aim of my study is to get familiar with the GUI tool SDM and try to use it to establish a Virtual Private Network. Finally, I compared the difference between SDM and the original configuration by command line interface and gave my recommendation

Uma arquitetura de implementação de redes virtuais privadas sobre a estrutura da Universidade do Contestado - UnC

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.Este trabalho apresenta a proposta de um modelo para implementação de VPNs sobre a estrutura geograficamente distribuída da Universidade do Contestado - UnC. A pesquisa realizada verifica os tipos de VPN, os protocolos de comunicação existentes, as características e sub-características de cada um para à partir deste levantamento definir qual tipo utilizar. O foco da pesquisa é a ligação de cinco campi universitários à Reitoria da Universidade do Contestado para a alimentação de um datawarehouse utilizando redes virtuais privadas. O modelo leva em consideração a realidade da instituição, os equipamentos já existentes e a relação da solução escolhida perante outras possíveis soluções

Utilization of RADIUS Protocol AV Pairs for Dynamic Configuration of Remote Access into Virtual Private Networks

Import 04/07/2011V této diplomové práci se zabývám návrhem a realizací dynamické konfigurace mechanizmů vzdáleného přístupu do virtuálních privátních sítí, založených na technologii MPLS/VPN. Pro přistup, jsou využívány technologie ISDN, PSTN, DSL, které jsou podpořeny protokolem RADIUS k umožnění dynamického předá\-vání konfigurace síťovým prvkům. V konfiguraci, jež je takto předávána, je sdělená nutnost budování síťových tunelů, které zapouzdřují daný provoz klientů, a umožňuje logické oddělení datových toků. Tyto tunely jsou zakončovány virtuálním přístupovým rozhraním umožňující předá\-vání toku dat do příslušných VRF daných zákazníků.In this diploma thesis I deal with design and realization of a dynamic configuration mechanism of remote access to virtual private networks, based on MPLS/VPN technology. For access, ISDN, PSTN, DLS technologies are used. These technologies are supported by protocol RADIUS which enables dynamic configuration transfer to network elements. In the configuration, which is so transferred exist necessity for building a network of tunnels that encapsulate the client operations, and allows logical separation of dataflows. These tunnels are terminated by virtual access interface which allows transmission of dataflow to the customer’s VRF.460 - Katedra informatikyvelmi dobř

Analysis of Remote Access to Computer Networks

U završnom radu objašnjeni su načini udaljenog pristupa u računalnim mrežama. Rad započinje s uvodnim predstavljanjem osnovnih značajki računalnih mreža, njihovim razvojem i podjelom na vrste prema različitim kriterijima. Nakon toga, opisane su dvije temeljne arhitekture mreža i standardni protokolni složaj korišten u komunikaciji dvaju računala. Zatim slijedi aspekt sigurnosti u mrežama. Kroz model informacijske sigurnosti nastoje se predstaviti zahtjevi koje računalna komunikacija mora ispuniti da bi se smatrala vjerodostojnom i sigurnom. Potom je objašnjena kriptografija te metode, postupci i protokoli u službi sigurnosti. Nakon toga, čitatelj bi trebao steći teoretsku podlogu potrebnu za razumijevanje načina udaljenog pristupa koji su temelj ovog završnog rada. Načini udaljenog pristupa VNC, VPN, SSH definiraju se te se zatim obavlja pregled i testiranje odabranih programskih alata i rješenja. Naposljetku se provodi usporedna analiza na osnovu iskustva testiranja aplikacija. U svrhu usporedne analize uspostavljeni su relevantni parametri za usporedbu, npr. vrsta sučelja, interoperabilnost, korišteni protokoli, sigurnost, arhitektura, itd. Sukladno tome provodena je analiza te su utvrđene prednosti, nedostatci, sličnosti i razlike načina i programskih alata za udaljeni pristup.The final paper explains methods of remote access in computer networks. It begins with introduction of basic computer network features, their development and division into types according to different criteria. Subsequently, the paper describes two basic network architectures and a standard protocol arrangement that is used in communication between computers. Afterwards it follows the security aspects in computer networks. With an information security model, the paper seeks to present the requirements that computer communications must meet to be considered credible and safe. It continues with cryptography and methods, procedures and protocols in the service of security. After that, the reader should acquire the theoretical background needed to understand the remote access methods that are the basis of this final paper. Remote access methods VNC, VPN, SSH are defined and then selected remote access software tools and solutions are reviewed and tested. Finally, a comparative analysis is carried out based on the experience of application testing. For this purpose, relevant parameters for comparison are established, such as interface type, interoperability, used protocols, security, architecture, etc. According to the parameteres, the paper analyzes and finally determines advantages, disadvantages, similarities and differences of methods and program tools for remote access

Development and Technological Features of Virtual Private Networks

Virtualna privatna mreža (VPN) je tehnologija kod koje se podaci između korisnika putem Interneta prenose do lokalne mreže, a u tu svrhu koriste se posebni programi i protokoli. Situacije u kojima podaci koji putuju mrežom nisu adekvatno zaštićeni može doći do neželjenih posljedica, poput neovlaštenog pristupa podacima. Upravo iz tog razloga nastale su virtualne privatne mreže kao način da se osigura prijenos osjetljivih podataka preko javne mreže. U ovom radu detaljnije će biti analiziran razvoj i tehnološke značajke virtualnih privatnih mreža uključujući i tehnologije za prijenos podataka unutar spomenutih mreža, protokoli za tuneliranje te dvije vrste VPN-a, Remote-access VPN i Site-to-site VPN. Također, prikazan će biti i osvrt na budući razvoj virtualnih privatnih mreža.The Virtual Private Network (VPN) is a tehnology where data is transmitted to the local area network by user over the Internet, and special programs and protocols are used for this purpose. Situations in which network data are not adequately protected can lead to unwanted consequences such as unauthorized access to data. For this reason, virtual private networks, were created as a way to ensure the transmission of sensitive data over the public network. In this thesis, the development and technological features of virtual private networks, including data transfer technologies within said networks, tunneling protocols, and two VPN's, Remote-access VPN's and Site-to-site VPN's, will be further analyzed. Also, an overview of the future development of virtual private networks will be presented

Development and Technological Features of Virtual Private Networks

Virtualna privatna mreža (VPN) je tehnologija kod koje se podaci između korisnika putem Interneta prenose do lokalne mreže, a u tu svrhu koriste se posebni programi i protokoli. Situacije u kojima podaci koji putuju mrežom nisu adekvatno zaštićeni može doći do neželjenih posljedica, poput neovlaštenog pristupa podacima. Upravo iz tog razloga nastale su virtualne privatne mreže kao način da se osigura prijenos osjetljivih podataka preko javne mreže. U ovom radu detaljnije će biti analiziran razvoj i tehnološke značajke virtualnih privatnih mreža uključujući i tehnologije za prijenos podataka unutar spomenutih mreža, protokoli za tuneliranje te dvije vrste VPN-a, Remote-access VPN i Site-to-site VPN. Također, prikazan će biti i osvrt na budući razvoj virtualnih privatnih mreža.The Virtual Private Network (VPN) is a tehnology where data is transmitted to the local area network by user over the Internet, and special programs and protocols are used for this purpose. Situations in which network data are not adequately protected can lead to unwanted consequences such as unauthorized access to data. For this reason, virtual private networks, were created as a way to ensure the transmission of sensitive data over the public network. In this thesis, the development and technological features of virtual private networks, including data transfer technologies within said networks, tunneling protocols, and two VPN's, Remote-access VPN's and Site-to-site VPN's, will be further analyzed. Also, an overview of the future development of virtual private networks will be presented

Analysis of Remote Access to Computer Networks

U završnom radu objašnjeni su načini udaljenog pristupa u računalnim mrežama. Rad započinje s uvodnim predstavljanjem osnovnih značajki računalnih mreža, njihovim razvojem i podjelom na vrste prema različitim kriterijima. Nakon toga, opisane su dvije temeljne arhitekture mreža i standardni protokolni složaj korišten u komunikaciji dvaju računala. Zatim slijedi aspekt sigurnosti u mrežama. Kroz model informacijske sigurnosti nastoje se predstaviti zahtjevi koje računalna komunikacija mora ispuniti da bi se smatrala vjerodostojnom i sigurnom. Potom je objašnjena kriptografija te metode, postupci i protokoli u službi sigurnosti. Nakon toga, čitatelj bi trebao steći teoretsku podlogu potrebnu za razumijevanje načina udaljenog pristupa koji su temelj ovog završnog rada. Načini udaljenog pristupa VNC, VPN, SSH definiraju se te se zatim obavlja pregled i testiranje odabranih programskih alata i rješenja. Naposljetku se provodi usporedna analiza na osnovu iskustva testiranja aplikacija. U svrhu usporedne analize uspostavljeni su relevantni parametri za usporedbu, npr. vrsta sučelja, interoperabilnost, korišteni protokoli, sigurnost, arhitektura, itd. Sukladno tome provodena je analiza te su utvrđene prednosti, nedostatci, sličnosti i razlike načina i programskih alata za udaljeni pristup.The final paper explains methods of remote access in computer networks. It begins with introduction of basic computer network features, their development and division into types according to different criteria. Subsequently, the paper describes two basic network architectures and a standard protocol arrangement that is used in communication between computers. Afterwards it follows the security aspects in computer networks. With an information security model, the paper seeks to present the requirements that computer communications must meet to be considered credible and safe. It continues with cryptography and methods, procedures and protocols in the service of security. After that, the reader should acquire the theoretical background needed to understand the remote access methods that are the basis of this final paper. Remote access methods VNC, VPN, SSH are defined and then selected remote access software tools and solutions are reviewed and tested. Finally, a comparative analysis is carried out based on the experience of application testing. For this purpose, relevant parameters for comparison are established, such as interface type, interoperability, used protocols, security, architecture, etc. According to the parameteres, the paper analyzes and finally determines advantages, disadvantages, similarities and differences of methods and program tools for remote access

Virtual Private Network Design Using Huawei Routers

Import 22/07/2015Tématem této diplomové práce je popis a návrh VPN technologií, které se aktuálně používají v praxi a jsou implementovány na poskytnutých směrovačích značky Huawei. V první části této práce se čtenář seznámí obecně s technologií VPN a v dalších částech podrobněji s jednotlivými typy VPN. Mezi tyto VPN patří GRE, DSVPN, L2TP, IPSec a SSL VPN. Po seznámení s VPN je navrženo ke všem zmíněným typům VPN praktický návrh daného řešení a vyzkoušení funkčnosti dané implementace. Nedílnou součástí praktické části je i otestování kompatibility jednotlivých VPN řešení mezi směrovači značky Huawei a Cisco. Výsledkem tohoto ověřování bude možnost nasazení společně těchto síťových prvků obou značek do reálného síťového provozu.The theme of this thesis is the description and design of VPN technologies that are currently used in practice and are implemented on provided routers from brand Huawei. In the first part of this work, the reader is generally familiar with VPN technology and in next parts in more details familiarized with various types of VPN. These VPNs include GRE, DSVPN, L2TP, IPSec and SSL VPN. After familiarized with VPN is for every kind of VPN designed the own practical design of the solution and the test of the functionality of the implementation. An integral part of the practical part is to test the compatibility of individual VPN solutions between routers of brands Huawei and Cisco. The result of this verification allows deploying of these network elements of both brands together in real network traffic.440 - Katedra telekomunikační technikyvýborn

IP-based virtual private networks and proportional quality of service differentiation

IP-based virtual private networks (VPNs) have the potential of delivering cost-effective, secure, and private network-like services. Having surveyed current enabling techniques, an overall picture of IP VPN implementations is presented. In order to provision the equivalent quality of service (QoS) of legacy connection-oriented layer 2 VPNs (e.g., Frame Relay and ATM), IP VPNs have to overcome the intrinsically best effort characteristics of the Internet. Subsequently, a hierarchical QoS guarantee framework for IP VPNs is proposed, stitching together development progresses from recent research and engineering work. To differentiate IP VPN QoS, the proportional QoS differentiation model, whose QoS specification granularity compromises that of IntServ and Diffserv, emerges as a potential solution. The investigation of its claimed capability of providing the predictable and controllable QoS differentiation is then conducted. With respect to the loss rate differentiation, the packet shortage phenomenon shown in two classical proportional loss rate (PLR) dropping schemes is studied. On the pursuit of a feasible solution, the potential of compromising the system resource, that is, the buffer, is ruled out; instead, an enhanced debt-aware mechanism is suggested to relieve the negative effects of packet shortage. Simulation results show that debt-aware partially curbs the biased loss rate ratios, and improves the queueing delay performance as well. With respect to the delay differentiation, the dynamic behavior of the average delay difference between successive classes is first analyzed, aiming to gain insights of system dynamics. Then, two classical delay differentiation mechanisms, that is,proportional average delay (PAD) and waiting time priority (WTP), are simulated and discussed. Based on observations on their differentiation performances over both short and long time periods, a combined delay differentiation (CDD) scheme is introduced. Simulations are utilized to validate this method. Both loss and delay differentiations are based on a series of differentiation parameters. Though previous work on the selection of delay differentiation parameters has been presented, that of loss differentiation parameters mostly relied on network operators\u27 experience. A quantitative guideline, based on the principles of queueing and optimization, is then proposed to compute loss differentiation parameters. Aside from analysis, the new approach is substantiated by numerical results