Design and Implementation of Virtual Private Networks (VPN) Security (A Case Study of Computer Science, Lab)
Chapter One
Objectiveย andย Researchย Questions
Theย mainย objectiveย ofย thisย researchย projectย wasย toย designย andย implementย aย functionalย secureย virtual private network over the internet considering that use of traditional fixed telephones lines is not cost effective and it is unsecured.
Thus,ย theย researchย questionsย were;
- How can a VPN be designed and implemented over the Internet to create intranet and extranet for corporate businesses in Cameroon that wish to incorporate suppliers, partners, remote users and remote offices over WAN?
- What are the security measures that are incorporated in the design and implementation of a VPN to ascertain data privacy, authenticity and access control?
CHAPTER TWO
LITERATURE REVIEW
ย Virtualย Privateย Networkingย (VPN)
ย A common requirement for the firewalls at the edge of a network is encrypting and decrypting specific network traffic flows between the protected network and external networks. This nearly always involves Virtual Private Networks (VPN) which use additional protocols to encrypt traffic, authenticate users and check integrity.
Aย virtual privateย network (VPN) is a technologyย that creates private networksย through public networks. It is a private network that uses the Internet network to connect one network node to another providing secure network communication across untrusted networks. The data that is passed through the internet or intranet will be encapsulated and encrypted so that the data is guaranteed confidentiality. A virtual private network (VPN) is a secure tunnel that permits remote connections across a public network to access a LAN in an enterprise campus. VPN (Virtual Private Network) is a method of making a network private and secure over a public network such as the Internet using the concept of VPN tunnel. The tunnel can be created with various standards of ciphers and thus this data is secured [31].
Data is transported across a secure tunnel to ensure security, and VPN users must get access to the VPN server using authentication mechanisms such as passwords, orย other identifying procedures. They are used to preserve and safeguard the integrity of communications as well as the secrecy of data and information during transmission using encryption. The data is encapsulated with a header containing the routing informationย toย obtainย aย point-to-pointย connectionย soย thatย itย canย passย throughย theย public network and can reach its final destination [35].
Currently, VPN is regarded as a standard tool when dealing with critical security and router-related issues. VPN technology is highly recommended among mostย institutions and companies worldwide [36]. VPN provides institutions with an easy, inexpensive, and secure wayย ofย sending and receivingย data acrossย theย world.ย This way anyoneย canย browseย andย transferย dataย safelyย andย securelyย overย aย publicย networkย by renting aย leased line. BHUย has more than one campus.ย Itย can choose VPN services for lower costs and reliable network security, rather than using WAN services [37]. Due to this enterprises, institutions and their clients can communicate securely on a cost- effective transmission.
Based on how users access the VPN in an enterprise organization, site-to-site VPNs and remote access VPNs are the two most common forms of VPNs.
CHAPTER THREE
Advertisements
RESEARCHย METHODOLOGYย ANDย MATERIALSย USED
Research Design
Data collection was based on the analysis of electronic documents. As such, data was obtained fromย severalย documentsย onย whyย andย howย VPNsย areย implementedย andย whatย advantagesย theyย have compared to their alternatives. UML (Unified Modeling Language) was selected as a primary notation for this project. Thus, in this project, the researchers constructed use case, class and activity diagrams with the aid of Pacestar UML diagrammer.
Theย followingย materialsย wereย used asย virtualย items; Ciscoย Routerย 2901/1841,ย Personalย computers andย Serverย machines,ย 24-port LANย switch,ย Access point,ย Wirelessย router,ย DSLย Modem,ย DialโUp Modem,ย Cisco Packet Tracer versionย 8.2.0, Pacestarย UMLย Diagrammerย version 6.06, Windows 7
ย ANALYSISย OFย THE SYSTEM
Aย simpleย systemย wasย conceivedย basedย onย carefulย studyย ofย data.ย Thisย hasย beenย demonstratedย inย the use case, class and activity diagrams respectively.
Useย Caseย Diagram
Thisย diagramย illustratedย howย usersย ofย eachย systemย utilizeย theirย systems.ย Theย useย caseย diagramย took into consideration the remote access VPN and the intranet VPN.
CHAPTER FOUR
RESULTS ANALYSIS
ย Remoteย Accessย IPSecย VPN
This implementation covered secure access to intranet resources through the Internet by using VPNย clientย softwareย installedย onย theย remoteย machine. In this paperย sinceย ciscoย routers wereย used, the VPN client software was the cisco VPN client or Cisco AnyConnect Secure Mobility Client. The client software performed encryption and decryption at the remote end whereas the VPN server carried out encryption and decryption at the HQ end. IPSec worked in this case in the transport mode. This can be shown by looking into a packet in transit from PC1 to a home user (PC0) as shown in Figure 18.
CHAPTER FIVE
CONCLUSIONย ANDย RECOMMENDATION
ย Conclusion
Virtual Private Networks form an integral part of remote business communications across the Internetย dueย toย theย inherentย risksย thatย existย whenย sendingย privateย informationย overย aย publicย network. With the seemingly persistent increase in online identify theft and the hijacking of sensitive customerย dataย byย anonymousย hackers,ย VPNsย haveย beenย identifiedย asย anย effectiveย meansย ofย securing business data and thereby safeguarding reputation of various organizations.
Not only do VPNs prevent the unethical use of private business correspondence by unauthorized partiesย butย theyย alsoย playย anย importantย roleย inย reducingย theย environmentalย impactย ofย businessย travel. VPNs can reduce a company’s carbon footprint by allowing workers to securely access company resourcesย fromย homeย thusย savingย aย tripย toย theย officeย orย byย usingย newย servicesย suchย asย secureย video conferencingย allowingย remoteย agentsย toย attendย meetingsย heldย atย theย mainย branchย withoutย traveling hundreds of miles to be there in person. Therefore, VPNs do not only provide security but they provide cost effective alternatives to long distance leased lines, DSL and fibre optics networks. Equally, their deployment can mitigate the impact of Covid-19 since people can use them from their various locations and avoid the aspect of travelling to attend meeting/conferences.
Asย such,ย theย effectivenessย andย productivityย ofย anyย organizationย inย theย present-dayย worldย is rooted to their IT infrastructure developed to support their policy in delivering services. VPN is a very effectiveย wayย toย reduceย costย andย deliverย secureย dataย communicationย linksย toย connectย officesย located inย differentย geographicalย areasย withย theย aimย ofย increasingย productivityย andย achievingย aย outstanding results. This reality is an opportunity for businesses in Cameroon to establish connectivity with their branches, business partners, and customers in order to set and realize greater business goals forย thisย country.ย Ratherย thanย maintainingย multipleย routersย atย manyย smallย branchย andย SOHOย (Small Office/Home Office) sites companies can use an outsourced VPN service where the routers are managed by the ISP to reduce cost even further. MTN, Camtel and Orange can provide VPN services to their subscribers.
Recommendations
Upon the successful implementation of VPNs and highlighting the benefits that are accrued, in addition to the VPN designs covered in this research paper, it is worth making the following recommendations to companies in Cameroon that wish to deploy VPNs.
- Firstly, the researchers implore all organizations, agencies and departments in Cameroon to deploy VPN in connecting their various offices across the country to bring about a turnaround and improve service delivery.
- Rather than using only a single email/web/DNS/FTP server for the entire intranet, an organization which considers security as its top priority can make a bold decision of embracing the rather expensive solution of implementing an email/Web/DNS/FTP server at eachย ย This will reduce the amount of information that organization sends across the Internet and increase information access speeds. Home users or small office can equally be installed with an email/web/DNS/FTP server.
- With regards to the site-to-site implementation, as a cheaper solution, a company can outsource the installation and management of site1, site2 and site3 VPN servers to theย Sites will then connect to VPN server using the host routers of their network.
- In the remote access case, a company can outsource the installation and management of their remote access VPN server to theย ย This VPN server will then route traffic through a leased line, optic fibre, or DSL connection to the gateway router of the main office. Moreover, just using IPSec for remote access users is not enough. Remote access IPSec VPN implementation should always be associated with a tunneling protocol such as PPTP.
- In implementing a VPN it is worthwhile and preferable to use encryption techniques and authentication algorithms that offer more security. For instance instead of using MD5 for authentication, one should use SHA.
- Lastly, a company can evolve into an extranet by taking its intranet composed of remote offices, telecommuters, mobile users to the Internet in order to offer support for customers and business partners by deploying a demilitarized zone (DMZ) to host its email, DNS, FTP, and web servers. In computer networking, a DMZ is a firewall configuration for securing local area networks.
REFERENCES
- Agency,ย C.ย I.ย (Ed.).ย (2016).ย Theย Worldย Factbookย 2016-17ย (Annual,ย Quot;ย 50thย Anniversaryย ed. edition). Central Intelligence Agency.
- Angelescu, S. (2010). CCNA Certification All-in-One For Dummies (1st edition). For Dummies. Barriersย toย affordableย broadbandย accessย inย Cameroon.ย (n.d.).ย OAfrica.ย Retrievedย Januaryย 7,ย 2023,
- fromย https://www.oafrica.com/broadband/barriers-to-affordable-broadband-access-in-ย cameroon/
- Booch,ย G.ย (1994).ย Object-orientedย analysisย andย designย withย applicationsย Gradyย Boochย (2ndย ed, p. ). Menlow Park, Calif. Wokingham Addison-Wesley. http://library.lincoln.ac.uk/items/47635
- Bosworth,ย S.,ย Kabay,ย M.ย E.,ย &ย Whyne,ย E.ย (Eds.).ย (2014). Computerย Securityย Handbookย (Volume 2 edition). Wiley.
- Chapple,ย M.,ย Stewart,ย J.ย M.,ย &ย Gibson,ย D.ย (2021).ย (ISC)2ย CISSPย Certifiedย Informationย Systems Security Professional Official Study Guide (9th edition). Sybex.
- Ciscoย ASAย 5500-Xย Seriesย FirewallsโConfigurationย Guides.ย (n.d.).ย Cisco.ย Retrievedย Januaryย 4, 2023, from https://www.cisco.com/c/en/us/support/security/asa-5500-series-next-ย generation-firewalls/products-installation-and-configuration-guides-list.html
