Introduction
Art bank and Noel bank is famous bank of the world. They want to join with each other and want to continue there business. Noel bank is situated in the very far a way from the Ark bank
They can get advantages when the joining. Company management take a decision to combine these two banks to there business expand.
They suppose to take a wide area network to connect these two different geographical locations.
Connecting two geographical locations
We can connect these two different geographical locations by the several methods
We can use the
- Leased line connection
- Satellite connection
- Radio wave connection
- Infrared frequency connection
- Using VPN connection
Recommendation solution
- Virtual Private network
Why other technologies not suitable for this situation?
We can use dedicated leased line to connect these two different geographical locations.
But when we use dedicated lease line we have to pay more cost to this solution not only cost but also we can’t provide long distance to fiber optic cable it is more expensive. Leased line provider take more charge to this situation. They take a fixed charged. We have to use the more application software’s to implement these solutions. This software is more expensive.
But leased line has a high security and confidential solution. It has a more capacity of data traveling.
We can use satellite connection but it is more expensive. We want to take a dedicated satellite provider to get this facility. They take a high charged to give facility. Initial cost is high. We have to fix more expensive equipments.
When we are using the satellite connection, we can travel data in very fast. And the security is very high. Satellite connection is global reached.
Radio and infrared frequency solution is not very compatible for this situation. Some times data corruptions and security is very low. We cannot trust to the signal. There are lot of frequency problems can be arrived. We want to consider about the some security reasons. We want to purchase and install the electronic equipments to this connection.
Virtual private network
VPNS are temporary or permanent connections that across a public network. Such as internet that use encryption technology to transmit and receive data.
This is some kind of a network. Network means consists of any number of devices connecting with each other and for the common purpose to share the resources in the network.
But
VPN means virtual private network.
Virtual means it will perform some actions like do some work but actually we can’t see the physically. Because it some kind of the imagination.
Private means that communications between two (or more) devices is only fore the limited way. It wants a right to access. All the public or with in the organization member can’t access the network. They want permission to log to the network.
This is some kind of a network that we are using in the modern technology. A VPN is a computer network which transfers information in a secure method over a public network through the internet.
Through the internet it has tunnel, it has a capability to handle all the encrypted data in the internet data flow is coming through the tunnel to the VPN server from the VPN client.
But internet is a public for the all. Not only we using internet for transfer the data but also any organizational network which is not connected to the Internet but they can dedicate a leased lines. Then VPN is a combine of a private and public.
In the VPN facility, we can’t go to the physically that area but we can handle the all the data through the VPN.
.The network can be accessed from home or the office
Main object of VPN is to expand the companies’ business over a wide area network to process electronic data interchange (EDI) and other forms of network activities with keeping the security of the data.
In any public network the VPN become a dedicate one for that network. When transmit the data via
The VPN, it will create a logical tunnel through the other network with encrypting data. There fore no traffic to communicate via the VPN. Considering the encrypting data that transmit through the network can only refer the other party of the same VPN after decoding them.
VPN is specially design and suitable for the mobile and wireless users. That is why it uses a public network like internet, because they work in wireless environment. So it will provide the remote working system via a secured network.
When designing a VPN it always concern about security of the data because in the network it will transmit sensitive data that belongs to the company and the users will communicate with the central system of the head office. There fore VPN should be designed and also operated under security policies.
The VPN use several protocols which contain rules and regulations which consist about the data transmission, operations, administrative authorities and etc. IPSec, PPTP, SSLVPN, L2TP are some of the protocols that use for the VPNs.
In virtual private network company must want to consider about the rules and regulations. Because this network totally depend on the public network (internet) then security is depend on company private policies. Up to date security want to use.
Why we used VPN?
- INTRANET
This is mostly we used to connecting company locations. Most of the branches and the headquarters are located in the different places so we can connect the by the VPN. Employees can also connect the company network. They can transfer the files. Emails checking and company can Frame Relay, ATM, and MPLS.
- Remote access
This is mostly used in the business world. It has a lot of advantages. Mobile workers can access to the company system without coming to the company locations. It can easily expand the company area.
- Extranet
This means we are connect two different complains network. We want to think about the company security very much. Company wise it has a lot of advantages. Company can spared a long rang, capital increasing and give more facilities.
This tunnel is used to communicate between networks, computers , routers , gateways and the firewalls. It situate in the internet. It has a set of information.
End of this tunnel it has a gateways.
The VPN, it will create a logical tunnel through the other network with encrypting data. There fore no traffic to communicate via the VPN. Considering the encrypting data that transmit through the network can only refer the other party of the same VPN after decoding them.
There are several tunneling mechanisms available.
• GRE (Generic routing encapsulation)
• L2PT(Layer 2 tunneling protocol)
• PPTP(point to point tunneling protocol)
• DVMRP(Distance vector multicast routing protocol)
Internet connectivity of the VPN
VPN is totally depending on the internet. Internet used to transfer and connect the computers.
Today internet technology is more advanced and faster than the previous days. Then we can easy take internet as our requirements.
Today mostly ISP providers are provide internet some methods
• Leased line
• WI- FI
• Dial up connection
• ADSL
• GPRS
Dial up connection to VPN
Now we want to consider about the internet facility to the internet. In the Dial up connection we used to the internet connection we have to face lot of disadvantages to our system.
In the dial up connection is not a dedicated line to the internet. Then we have to take a lot of time to connect with the ISP provider. We cannot take the continuous internet facility. Because we can’t use the telephone line and the internet line in the same time.
Connection speed is low. Then it takes a lot of time to transfer the data. Sometimes it cannot connect the service provider.
But we have some advantages of the connection. We need not to fix additional hardware parts to the system. We want only computer and modem to connect the internet. We need not to pay additional charges to get this type of connection. It is easy to configure and maintain.
Leased line connection to VPN.
We can use the leased line facility to this network. It has a lot of advantages and disadvantages.
Leased line is a dedicated line to connect the both company’s. It has good security and the speed, bandwidth to the data transferring.
But when we use in the leased line to this project we want consider about the cost. These two companies are situated in the different locations. Then we want to take long fiber optic cables to connect the network. It is so expensive method.
WI-FI facility to the VPN.
WI FI is the latest technology of the taking internet facility. It has a capability to the transferring radio waves to the access point and then we have to connect the access point and use the internet.
It has some advantages and the disadvantages.
We can always connect to the internet when we having the wireless facility. We need not to fix networked cables or other network hardware.
But this scenario we have to connect two different locations. And this is a bank network we have to consider about the network security.
GPRS for the VPN
We can take the GPRS facility to the internet facility. But it has some advantages and disadvantages.
We can easy to get the internet facility, we can access in every ware, it has a fast speed of internet.
But it has some disadvantages. Cost is very high and we can’t connect number of computers.
ADSL for the VPN
This is another internet connect type. This has some advantages and disadvantages.
ADSL has a high speed data transferring attribute and it provide a dedicated line to the internet. Then we can access this line for the internet and phone line in the same time.in the ADSL we have to think some hardware parts.
it wants a DSL modem. we have to connct this ADSL conncetion to computer USB or 10 base-T ethernet conncetion.
In the ADSL has a high speed download facilities and low upload facility. It is a disadvantage of the ADSL connection. We have to use some additional hardware to ADSL connection. If we near to ISP provider we can access internet in some small access speed but some areas internet facility is not available.
VPN software
We want to take VPN software to connect the two different locations.
• Operating system coming with VPN
• VPN client software
Microsoft windows operating system is coming with the VPN facility.
• Windows XP
• windows server 2003
Hardware resources for the VPN
To develop the VPN system wants some hardware parts. This company has current local area network. But it wants some additional hardware’s to the systems.
Servers: - Proxy server
VPN server
Mail server
Web server
Network components: - Switches
Routers
Network cables
Software
This software can be divided as server software,
Server Software: Windows Server 2003
VPN server software
Mail server software
Client Software: Windows XP
VPN Client software
Security Software: Firewall software
Antivirus software
1. VPN Server
VPN server is held in the head office and it is the main component to create the virtual private network.
The VPN server is acting as the Remote Access Server for this network.
All the configurations for the VPN such as Administrative activities, restricts, username and passwords and etc have to be done with in the VPN server
Hardware features of VPN server
Intel dual core 3.0
512 MB DDR 2 RAM
160GB HDD
Onboard VGA
VPN server is including in Windows 2000 and also available in Windows XP. You have to enable the VPN server to get the facility.
VPN server should have an IP address (a public IP) to identify the server with in the internet, so have to assign this IP address to the VPN clients also.
VPN server can act as a router to handle the network traffic with in the network, because several users can access the network as once. For that we have to configure the server as a router.
2. VPN Client
VPN client software wants to use the connection to the system .VPN CISCO software is a one of software we used to the system
3. . Proxy Server
• Proxy server is a type of server which acts as an interface between clients and server in a Local area network and an interface between computer and the internet.
• Mainly we use the proxy server as the interface between the LAN and the internet.
• Proxy can increase the performance of connection to the internet. It has an ability to save web sites and other applications which are the most often requested by the users.
• When a user is going to access a web site that already accessed will provide from the saved list with out access the original web page. This special database which saves the web application is called as “cache”.
• The public IP that mentioned earlier is configured in the Proxy server which has a direct connection to the internet.
• Proxy server has an ability to provide some restrictions for the users
3. Web server
Also known as HTTP server. Web server is used to give the service of internet which request from the client machines. This server is responsible for accepting HTML documents and other data objects from the internet by using Web browser and distributes them to the clients.
This is software which uses TCP/IP protocol to distribute information. Windows 2000 include a Web server called IIS( internet information service). How ever Apache Web server is the most popular one in world today
4. Mail Server
One of the main tasks of the remote working system is sending E-mails for both directions.
There fore it is better to maintain a Mail server to do that task in well manner.
Mail server is an exchanger for the messages and handles the E-mail messages with in the network.
Even you can program the e-mail service with the time scales.
Like wise there are many advantages to use mail server in the head office.
Microsoft Exchange Server is a better mail server software.
5. Router
• Router is also known as DSL modem is used to connect two separate networks. Especially it is used to connect a LAN and a WAN. Have ability to communicate information in two dissimilar network types or data format.
• In our case we use the router to connect our LAN to the internet.
• Not like the other connectivity devices the router has several advantages .
• Router has an ability to connect different and filter traffic in complex networks.
• Router uses a routing table to assign the addresses of the every node in the network
• DSL router use frequencies from 25 kHz to above 1MHz .Voice band routers (modems) use the same frequency for the ordinary telephones, and will interfere with voice service.
6. Twisted Pair Cables
Twisted –pair cables also can in to several types.
There are two primary types of twisted pair cables
1. UTP(Unshielded twisted pair)
2. STP(Shielded twisted pair)
UTP cables can be categorized into several parts and they are known a Category 1, Category2,
, Category 5. Category 5 is known as Cat5 is the common cable type that designed for the LAN.
These Cat 5 cables are unshielded but some are shielded.
RJ 45 jackets are used to connect the cables to the nodes.
Advantages of using Cat 5
1. Those are designed for the high signal integrity
2. Despite many interferences from external sources
3. Can support bandwidth up to 100Mbps networks
4. Cheaper than the other cable type
There are two types of wire arrangement that connect the twisted pairs in to the RJ 45
1. Straight through wiring:-
This use to connect PCs to a Hub or a switch
2. Cross Over wiring:-
This type is used to connect PC to PC
For those wire arrangements there is standard number system for the RJ 45 connectors and a appropriate color coding to connect the cables.
Advantages of VPN
1. Cost Effective method
This VPN is a remote access system.. There fore it must get a public network. If we try to get a public network separately to the company, have to spend a lot of money to get the connection and have to
Pay a high monthly rental. Satellite connection is another method for the remote working system but it is also high expend method
But here for this remote working system it is used Internet as the public network which is
Low cost method but reliable. For the remote users, can access the internet by using ADSL.
For the Head Office have to get a dedicated line for the internet there for it have to spend an amount to get that connection and a monthly rental, but not expansive than the other methods.
2. Clients and staff can communicate with the head office remotely
The bank staffs have to communicate with the head office at any time when they need to get some information or to give any information. To do that they don’t need to come to the office,
Because of the remote working system they can communicate at any time, from any location
They work with the office and also the head office can contact their sales staff easily.
VPN which enabled using the internet and then using the VPN they can communicate with the office in secured manner
3. Expand the Business area
Now they have the limited area to work with the customers, because they didn’t have any connection with the office to get the information when they need.
They can communicate two different location people with this facility.
Customers can operate there accounts in two different locations.
But after implementing the VPN system they can travel long distance expanding..
And so it will expand the business environment and it will give high benefits to the company and the customer..
This remote working system is designed using the internet as the public network.
So the staff members only have to connect to the internet. You can get the internet facility
At ant location easily. So it is very reliable even it expand in several countries
4. Security and privacy
Data security and privacy
Virtual private network is always a secure network which ensure the protection of the company
Data. VPN is created in separate line in the internet. Using the public IP of the Head office the remote
Users connect to the head office VPN server.
So when the users connect with the office in the VPN it is created a tunnel through the internet
Then the communication is occurred with in that logical tunnel. So it is not easy to hack that data in
This remote working system
After connect with the head office they have to give the password to get the information from the database server. So there are lot more facilities available with the VPN to keep the data in secured manner.
Administrative Control
VPN have high administrative control, administrative authority. For the VPN it is used the VPN server in the head office which can do all the administrative activities.
Network administrator can restrict the unauthorized access by using the user name and the password settings. Each staff member has to be giving a unique user name and a password.
They have to connect to the head office server by using the user name and the password. This user name and the passwords should be changed time to time, because those name and numbers can go to the unauthorized persons.
Encryption
Encryption is the process of taking all of the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode.
The IP data packet that is being sent across the Internet is first encrypted and then wrapped in another IP packet. The corporate and Internet routers see the “Wrapper” packages, while the internal data is securely contained in the payload section of the first IP packet. The IPSec protocol users the Data Encryption Standard (DES) to encrypt and decrypt data. Encryption key lengths range from 56 bits (DES) to 168 bits (3DES). To date, triple DES is the strongest level of encryption publicly available. It is exponentially more difficult to crack than single DES; it’s not just three times harder. Microsoft’s PPTP uses 40- or 128-bit encryption keys.
5. Reliability
This VPN system is highly depend on the internet facility that used by customer and the company.
In the recent internet is highly expand all over the world and it is now available at any location. The failures regarding the internet are less, so the connection is available at any time.
Head office is give a dedicated line for the internet, therefore the users has a chance to communicate with the office even at night
6. Flexibility
This system is very flexibility to the company. They can use the remote working system at any location and at any time.
As mentioned previously remote location of the head office, can change the location with out doing any additional changes to the VPN, it is available at any time.
If it happened, only need to get the internet connection for the new location. Other configurations are same there for can continue the remote working system as it is.
7. Easy to implement
The centre of the remote working system is the head office. If it needs to embed another office for this remote working system or if it is need to get more members for the sales staff that need
To work with the remote working system, can easily implement those new facilities as a VPN
Disadvantages of VPN
1. One of the disadvantages of the user name and the password can go to the unauthorized person. In the VPN client software has a user password and user name. If it is goes to third party it will effect to the company network.
2. VPN, we used a public network. Then we want to consider about the network security very much. Internet is a very less security medium to travel the data. We want to used the high security software’s to protect the data. Hacking threats, virus attacks may be effect to the network.
3. We have to pay more cost to the increase the security to the system. We want to use high performance anti virus’s software, firewalls to the system.
4. VPN is totally depending the internet. Sometimes internet connection will damage we have to terminate the whole network. Then we cannot fulfill our goals. Sometimes internet facility is not available some areas. we cannot trust the internet bandwidth and the speed.
5. We want to purchase some hardware parts to the system. then we have to allocate the high initial cost to the system and want to take high knowledgeable person to implement system. Need a networked administrators helps to continue the system.
Security of the VPN
In this scenario we want to think about the company situation. Because these two companies are banks. Then they are deal with the money. Then it wants to consider about the security in the high. VPN connect with the Internet. Internet is a public network. Al people has a capability to connect with the internet. Then company wise we want to consider about the VPN in high demand.
1. We want to use the passwords to access the network.
In the virtual private network we want to protect our data from the out side the public person. We can use the password to connect the network to the users. Each and every users want to give the password. Password must be wanted to have a capability to identify the correct person who connects the network.
2. We want to give permission only authorized person can access the network.
This is authentication. It is all the people cannot access the network. Company network security wants to think about the authentication. They want to give right person to access the network. All the custom met and the staff member wants to give some special identification number to access the network. It is authorization. Because they can do some work after the log the network. We can’t give high restrictions. Because company want to be flexible to get some advantages from the VPN
3. We want build some special strategic decisions to the network administrators.
This is about the network administrators and the other network users. They want to give some special responsibilities to the network and the security of the network. They want to bind some rules to protect the networks. Company wants to create a special rules and regulations to the network administrators to protect the network from the frauds.
4. Data encryption technology.
We want to consider about the data encryption technology to the VPN. Because in the VPN system data traveling in the internet. Then data privacy should be in the high standard. Data encryption is the VPN in used in the IPSEC. It is a some of the protocol of the VPN. We gave the detail description in the VPN protocol section.
5. we want to use the firewalls to the network
Firewall is a security system used in the network. Two types of firewalls are available in the market. We have software firewalls and hardware firewalls. Hardware firewalls are directly connecting with the hardware parts. Software firewall is we have to install the computer and used in the network system.
It is protect the network from the unauthorized persons who connect with the network.
There are several types of firewalls available.
• Packet filter firewalls
This type of firewalls can identify the correct packet to the network. If it is a correct packet it will allow transferring the networked and other not allowed. It has a filtering facility.
• Application gateways
This is some of standard filtering system. It will check the parameter and check the SMTP proxy servers.
This wants some of high standards CPU capacity. Because it is some of integrated software and it can do some of the performance.
We can take some Linux VPN systems. That system has some capabilities to edit the software according to our company requirements. Then we can build a high security features.
Linux firewalls are
• The Firewall ToolKit
• IPF
• IP CHAINS
• IP TABLES
• IP FILTERS
Firewall is protecting shield to the computer. Because it is perform several tasks. It can protect the computer by the network outside.
This VPN used by the internet. Lot of users are in the internet. Sometimes hackers are try to come to the extranet for some reasons sometimes they come to the extranet and destroy the data, take the valuable data to the fraud money transactions.
Then firewall protects the extranet from the outside. It not allowed coming them.
We have to main types of firewall.
Some firewalls are coming with the hardware and software.
Routers are inbuilt with the firewalls. Then it is a hardware part.
We can use the software as the firewalls.
Windows operating system is coming with firewall facility.
We have several methods to fix the firewalls.
• Directly firewall connects to the interne
6. we want to install the virus guards
We want to install the virus guards and want to update the regularly. There are lots of viruses in the internet. Not only viruses’ Trojan horses, worms in the internet.
Virus guards are available in the market.
• AVG
• Norton semantic
7. we want to give a physical care to the network
Physical care means we want to protect network component from physical situations.
We want to protect from the network cables from the breaks. We can take the security person help to protect hardware parts.
We want to protect servers from the dust.
8. We want to provide the continuous electricity to the network components. Sometimes we want to provide the additional cooling systems like air conditions to the network servers.
Power supply systems want to provide continuous power to the systems.
9. We want to protect network from the thundering and lightning. We want to provide some additional components to protect these situations.
10. We want to clean the network area properly. Because dust is become a problem to the network
How we can improve the performance of the VPN?
• We want to take the higher bandwidth internet connection. It must be want to high speed and the continuous connection.
• New technological equipments and more useful life hardware components want to take.
• Proper cabling techniques want to use.
• Recruit higher standard knowledgeable person to implement the VPN.
• System wants to use up-to-date virus software.
• System wants to implement the networking standards.
Current VPN technologies.
There are four types of VPNs that can be used:
1) Hardware-based VPNs,
2) Software-based VPNs
3) Firewall-based VPNs and
4) VPNs offered by Internet Service Providers.
1) Hardware-based VPNs,
employ standalone equipment that is specifically designing for VPN functions
such as authentication, encapsulation, and encryption. Hardware-based VPNs obviously being themost expensive of the four also offer the greatest performance since they are designed specifically for VPN operations.
e.g.: inbuilt VPN routers
2) Software-based VPNs ,
Software is overlaid into the personal computer or workstation, in which the software performs all the operations. Even though they will perform the basic VPN functions, they are limited in performance since the processor must perform and run many other functions and programs beside the VPN.
3) Firewall-based VPNs.
Firewall-based VPNs are also software based with an additional of a firewall package. (Firewalls control all traffic in and out of the network, permitting only those that meet the
local security policy of that network. To pass)
4) Internet Service Providers (ISPs).
This type of ISP is one of the cheapest and easiest methods to use since the ISP is performing all the tasks of the VPN. The disadvantage of this service is that company’s “security infrastructure will not be directly under (it’s) control”.
Protocols used for VPN
VPN uses several protocols to transmit the data in secured method. Protocols are the common rules and the regulations that enable the communication between the network nodes. So it is essential to know what are the protocols that used for this remote working system ensure the security and the reliability of the data.
VPN uses some special protocol types called tunneling protocols. These protocols mainly used in public networks (usually internet) and provide great security for the data by creating a tunnel between the computers with in the network.
There are three main protocols used for the VPN. They are
1. PPTP (point to point tunneling protocol)
2. L2TP ( Layer two tunneling protocol)
3. IPSec ( Internet Protocol Security)
PPTP (Point to Point Tunneling Protocol)
This is one of the major and commonly used protocols in VPN. This protocol mainly used in TCP/IP based networks. This is a network protocol which transfer data from a remote client to a server machine by creating a virtual private network with in a public network. (E.g. internet)
PPTP id developed by the Microsoft Company so Microsoft operating systems include this protocol. How ever this client software is also available in Linux and
Macintosh OS.
PPTP extends the Point to Point Protocol (PPP) standard for traditional dial-up networking. PPTP is best suited for the remote access applications of VPNs
PPTP operates at Data Link Layer of the OSI model.
PPTP Scenario
First the remote users have to connect to the enterprise LAN by using the public network that given by the ISP. Here the user will connect to the network access server of the ISP. For that he/she have to use dial-up networking and remote access protocol
Point to point protocol. Then the client can send and receive data over the network.
On the other hand the enterprise’s LAN server has to connect to the internet by using its PPTP server option.
Then the client and the enterprise LAN connect over the existing PPP connection and it send form of IP datagram referred as encapsulated PPP packets. This create virtual private network
With in the two nodes using the PPTP server this connection create tunnel with in that network.
L2TP (Layer two Tunneling Protocol)
L2TP protocol is made up by using Point to Point protocol (PPP) and Point to Point Tunneling Protocol (PPTP). This is also used in public networks (normally Internet) and L2TP is a operated in the Data Link layer in the OSI reference model. L2TP client software is available in Windows 2000, XP and 2003 and it can use for the other operating systems also.
This protocol is used to tunneling the network traffic between the computers in the particular network. It uses a registered UDP ( ) and this entire packet include its data(payload) and it’s header.
L2Tp uses IPSec protocol to provide the authentication to the data. So it need both of these protocols to provide the encryption part. Combination of these two protocols is called as L2TP/IPSec
L2TP scenario
L2TP also a tunneling protocol, so it will provide a tunnel with in the network. The end points of
L2TP is called as LAC (L2TP Access centre) and LNS (L2TP Network Server)
After it connects both LAC and LNS it will be created a tunnel between the peers and it is isolated by the L2TP.
After establishing the tunnel it used the higher level protocols such as PPP to give this
Facilities to the network. It has an ability to create multiple virtual networks with in the single
Tunnel.
IPSec (Internet Protocol Security)
IPSec mainly used for Encrypt data with in a network. Generally it is used for public networks
There fore as mentioned previously L2TP uses this protocol to encrypt data with in its tunnel.
it is operate at the higher levels such as Network layer and it give high performance at all the
existing TCP/IP cryptosystems.
Most hardware resources such as routers and firewall software used IPSec to provide a security
of its data. . Cisco’s VPN Concentrators and PIX firewalls support IPSec, as do
Net Screen, SonicWall, and Watch Guard appliances. Enterprise level software firewalls such as ISA Server, Checkpoint and Symantec Enterprise Firewall also support IPSec VPNs.
IPSec require operating system support to do its functions. It is available in windows XP/2000 and
2003 and also anyone can get the client software for the IPSec VPNs from those vendors such as
Cisco.
Tunneling
Essentially, tunneling is the process of placing an entire packet within another packet (which provide the routing information) and sending it over the Internet. The path through which the packets travel is called a tunnel. For a tunnel to be established, both the tunnel client and the tunnel server must be using the same tunneling protocol.
Two popular tunneling protocols are the point-to-point Tunneling Protocol (PPTP) and Internet Protocol Security (IPSec). The benefit of using PPTP is that it is built into the Windows operating system allowing any client running Windows to securely connect to the corporate VPN gateway. IPSec, on the other hand, requires client software for remote users. IPSec’s advantage is that it provides better overall security with stronger encryption, and higher performance than PPTP.
In a VPN, a company uses the bandwidth of the Internet to establish private, secure connections between its remote offices and employees. Each of the remote users connects to the local ISP in the same manner that is used for Internet access: dial-up, cable, DSL, ISDN, T1 or wireless. A process called “tunneling” is used to carry the data over the Internet. However, tunneling alone does not ensure privacy. To secure a tunneled transmission against interception, all traffic over a VPN is encrypted for safety.
VPN Tunneling
VPNs must be implemented using some form of tunneling mechanism. This section looked at the generic requirements for such VPN tunneling mechanisms. A number of characteristics and aspects common to any link layer protocol are taken and compared with the features offered by existing tunneling protocols. This provides a basis for comparing different protocols and is also useful to highlight areas where existing tunneling protocols could benefit from extensions to better support their operation in a VPN environment.
An IP tunnel connecting two VPN endpoints is a basic building block from which a variety of different VPN services can be constructed.
An IP tunnel operates as an overlay across the IP backbone, and the traffic sent through the tunnel is opaque to the underling IP backbone. In effect the IP backbone is being used as a link layer technology, and the tunnel forms a point-to-point link.
A VPN device may terminate multiple IP tunnel and forward packets between these tunnels and other network interfaces in different ways.
Hardware list for the VPN
• Proxy server
• VPN server
• Mail server
• Web server
• Switch
• Router
• Network cables
• RJ 45 connectors
Software to the VPN
• Windows server 2003
• Mail server software
• VPN server software
• Windows XP professional
• VPN client software
• Firewall software
• Antivirus software
Implementing the VPN system
1. Analyse the requirements
It very important to analyse the whole system before design the network. Finally the developed network is used by the actual users (head office employees and sales staff) ,so it is necessary to fulfill All the requirements of them.
First it is important the managers point of view and what they want to actually do and what are their Requirements.
2. Design the VPN System for the requirements
This is a crucial task because we have to think each an every part in computer networking when designing a network. When designing the network we should always think about the requirements
Of the company. These are the main factors that we have to consider when designing the network
• What are the technologies available for the VPN
• What is the suitable VPN for the required system.
• Existing network in bank
• Number of computers in the bank
• What they needed to do in the bank
• Expected future modifications
3 Feasibility checking for the Designed System
It is important to check the feasibility of the designed network. First we have to check that the developed system is practicable or not. Here we must check the resources requires for the system are available in the market.
It is important that the cost need to implement the remote working system. The estimated cost have to compare with the budget that the management reserved.
Then it is better to check the security provided to the system, thus there are more factors have to check of designed network
4. Buy the equipments for the VPN system.
Before buy the equipments we have to consider the technology regarding those equipments
It is recommended to buy the equipments that in the latest technology because it gives high performances and it is better for the future modifications too
.
5 Re- arrange the existing LAN
As mentioned previously it is used all the equipments in the existing LAN. In addition to that we have to connect new machines, equipments and re-arrange the LAN to implement the Remote working system
We connect new four server machines to switch to connect those servers and a router. Previously in this task we mention how those equipments are connected each other and the layout
of the re-arranged LAN
It is important to know the cable system that is going to use connect the devices. The following
cable system is used to connect devices.
Cabling System
Cabling system is very important part in computer network because those are the networking physical Connectivity methods.
Network cables are play a vital role in networking, there fore it is must to select the best cabling system.
6. Software Installation
Software installation can be divided in to two parts.
1. Install software for the servers
2. Install software for the computers
For the servers, first of all have to install server operating system. Windows server 2003 is the O/S
Used for the server machines. Then can install the VPN server, Web server, Proxy server and Mail server as application server on to the Windows server 2003. After installing them we have to configure those servers to get the facilities
On VPN server have to create the all the usernames and the passwords to allow the remote users
To access the head office database. On Proxy server we have to assign the public IP to connect the
LAN to the internet by using that IP address. On Proxy server it must install the Firewall software to restrict the unauthorized access.
In remote user’s part is coming with the client operating system. So we have to only install the appropriate application software. First of all must install the VPN client software. In VPN client have to assign the public IP of the head office as the destination IP.
On both head office machines and remote users machines need to install the Antivirus software to protect those computers from viruses.
7. Establish the internet connection
Internet acts as the public network for this remote working system. There fore it is important part
To establish the internet connection. This can be divided in to two parts
1. Get ADSL for the Head office
2. get the internet connection for the remote users’ devices
For the head office we have to get the ADSL connection from the ISP. For that it needs a DSL router and before get the connection we must connect the router to the LAN. We have to pay to get the connection and then a monthly rental to the ISP.
For the remote users there are two methods have to follow to get the internet. For the notebooks we have to get the internet using Dial up connection. For that there should be a telephone connection.
We have to enable the computer to get the dial up connection. Username and the password is given according to the ISP.
There fore we only have to get the connection from the particular service provider. It takes only few minutes to get the GPRS connection.
8. Test the Developed VPN
After establish the every thing that need for the remote working system including VPN configurations it must test the network to ensure that the network is performed well and
Give all the requirements that the company need.
First should check all the functions of the LAN including inter connection of all the devices in the LAN, internet connection, VPN settings and firewalls and etc.
Then we have to check all the devices of the remote users’ separately and should check to ensure
That all the devices can communicate with the head office by using the VPN in secured manner.
Finally the network is given to the company to work with the actual users to refer the network
Internet service provider for the VPN
Internet service provider is a major role of the VPN system. They have many responsibilities in a VPN system. They are the person give the internet connection to the organization.
Responsibilities of the ISP providers
• Give the internet connection continuously.
If a company use VPN for their network they ISP provider has provide the internet continuously. Because then company mostly depend on the internet connection specially banks. Because company wise, their is a mistake in an internet whole bank transactions have to stop. It is a huge lost for the bank. Internet connection is mostly powerful to the system.
Bank transaction cannot stop for the internet reasons.
• Giver the higher bandwidth
ISP provider has a responsibility to provide higher bandwidth to the system, because company wants to travel high capacity of data traveling capacity to their organizations at a time.
• High speed internet connection
ISP provider has a responsibility to provide high speed internet connection to the organization. Transaction time want to reduce to the customers. Internet speed will cause to the whole transaction time.
Bank managements are all ways consider to the increase the productivity of the system. They want to provide good service to the customer. Today bank competition is really high.
• Research new technology
ISP provider also has to research new technologies to they’re companies. They want to think about the fiber optic technology, wireless technology.
They want to provide new technology to there VPN provider.
• They want to provide the security to the users.
Through the internet, Lot of hacker and viruses can attack to the VPN system. They want to provide the high security to their users. They want to think about the up to date virus protection.
• Quick maintain facility.
They have ability to take quick actions to the disturbance of the VPN system. Customer care is wanted to be very high level.
Computer viruses
Computer viruses are the computer software. But computer virus is a executable program it has reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed.
Computer viruses can perform several tasks. That is the reason it harm to the computer. It can spread the computer very fast. Most of the viruses are harmful the computer.
Early days there are small amounts of computer viruses. But today 100,000 of viruses are in the computer network.
After attacking, virus to computer has to face many problems.
• Computer speed slow
• Some continuous programs coming to the desk top. Like messages,
• Computer operating system files are deleted by the viruses
• Computer hardware parts are not working properly.
• Always face the power faults. Sometimes it will destroy the voltage of the computer
Some of good viruses are also with the computer viruses. it will provide many advantages to the computer.
• The anti virus viruses
• The file compression viruses
• The disk encrypt viruses
• The maintain viruses
Above viruses are provide advantages. They are increasing performance to the computer
Some of the computer viruses are computer software threats software viruses can create general problem by the malicious programs. These programs can create unauthorized user can control the computer. These software can attack computer and spared as soon as possible. Other wise it can spared whole computer network and attack all the computers in the network. This software can create unauthorized user accounts in the computer.
Software computer viruses are
• Trojan
• Worms
• Logic bombs
Viruses can infect computer
• Files viruses
These viruses are common viruses. It can spared fast. These file viruses are infect .com, .exe and overwriting the file
• Macros viruses
These viruses are mostly coming with the Emails.
• Companion files viruses
These viruses infect the exe file by installing a same named com files.
• Disk clutters viruses
Cluster viruses change the directory so the virus is run before any infected programs.
• Batch files viruses
Batch files viruses write a batch file that contains a virus
• Source code viruses
These virus software infect the source code. It will destroyed compilers and languages.
• System sectors viruses
System sector viruses attacked the master boot record & dos boot record. These viruses infect the memory, hard disk.
Viruses are infect in several types
• Polymorphic Viruses
• stealth Viruses
• fast and Slow Infectors
• Sparse Infectors
• Armored Viruses
• Multipartite Viruses
• Cavity (Spacefiller) Viruses
• Tunneling Viruses
• Camouflage Viruses
• NTFS ADS Viruses
Trojan horses
These are malicious programs. Trojan horses mean a Greek story. It means Trojan horse took solders inside horse to the city of troy. These viruses are pretend as useful to the users. But inside the program, it will harm to the computer. Trojan horse programs always connect with the legally to another users. Hackers can easily attack with the computer.
Some Trojan programs are destroying the computer disk area. User can’t know the Trojan horse programs are in the computer. it creates the big hole in the computer.
Most of the networks are corrupted by the Trojan horse programs.
Sometimes network hacker sends some Trojan horse programs to the network and they directly connect with the network.
Most of the Trojan horse programs are coming with the E mails
Worms
Worms are other programs in the computer. It has a capability to re reproduce the programs. Like worms it can create many copies like same. It has a capability to spread network all computers.
Most worms are coming with the e mail attachments.
Protect from the viruses
• Using anti virus software
• This software wants to update every day.
• We don’t want to use unnecessary software. Only using authorized software
• Emails and other attachments want to give proper attention.
Anti virus soft wares
• AVG Professional
• Kaspersky Anti-Virus
• McAfee VirusScan
• Norton AntiVirus
• Panda Antivirus
Network security policy
The main reason of the network policy is to protect the network from the outside environment.
Sometimes company has to face lot of problems because of the damage the data and release some secure data to the outside world.
Then lot of companies build network policies to there own requirements. Company higher management and information technology department take the strategic decisions to the network policies.
Before we create the network policies we must want to search the company environment.
First we want to identify the company business background. Mostly company data how much valuable to think, data privacy is most important thing.
If company is based on the government security or banking system we want to provide high networking security.
Not only protect the data from outside but also in the inside company. Company network administrators want to give high responsibility to the network. Other users have to give minimum privilege to enter the data and take the data.
They want to give proper authorization in the network. They want to bound by the legally to protects the data. Lot of competitive companies tries to destroy and damage the data for the business purpose.
Company networking policy must want to up to date. Company is always wanted to give attention to the company network.
