This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Virtual Private Network (VPN) is a private network, which is used by many organizations. It is safe and secure and it safeguards the companyï¿½s trade secret data by unauthorized access. But sometime hackers are so smart that they will get the data before it reaches the destination and edit it. Here we are encrypting the data to provide more security. In opnet academic edition encryption is not available so we are making use of compression and this will cause a bit delay and the same is elaborated in our project.
We always had a problem to connect remotely although we had Dial up and Wide Area Network. Connecting through Dial-up is slow and WAN set up will charge and lot and will be having problem in case of travelling with laptops. The single answer to connect system is open internet. But it is very risky because of open so we developed a secure line for that called Virtual Private Network (VPN). It establishes a point-to-point ï¿½tunnelï¿½ across network through which ordinary traffic will pass. (Casad, J., 2003)
VPN networks are private networks established worldwide among companies for secure, fast and reliable communication. There are mainly two types of VPN based on ï¿½tunnelingï¿½. They are:
Remote Access VPN: It is the connection done outside the office area using Internet. It means you can access your sever remotely. For example an employer can access his business server sitting in home. It is done by ISP provider or by installing the VPN software. Here the data will be sent in the encrypted form and it will very much secure even though it passes from open internet. (Mir, N. F, 2006)
Site-to-Site VPN: An organization may connect so many sites over public network, of course by using the security techniques. Site-to-site VPN may be intranet or extranet. Intranet means connecting remote-site LANs into single private network of an organization. Extranet means all two or more originations (or may be branches of the same origination) to work in a shared environment using a tunnel built to connect their LANs. (Mir, N. F., 2006)
Firewall is a filtering a packets to allow or disallow the traffic. In IP packet filtering is the way of what IP traffic to allowed throw the firewall and this filtering too important when you connect your private intranets to public networks via internet. Firewalls are very useful when use in VPN. There are two configurations for firewall with in a VPN server 1) The firewall between the VPN server and the intranet and VPN server is attached to the Internet 2) In second approach the firewall is attached to the internet and VPN server located in between the firewall and the intranet.
Figure1: VPN server attached to the internet in front of firewall
From figure 1 it shows the approach of VPN server in front of firewall and attached to the internet, in this process packets filters added to the internet, it means that only allows a VPN traffic and VPN IP address is interface to the internet.
Figure 2: Firewall attached to the internet and VPN server behind the firewall
From figure 2, it shows the approach of firewall is attached to the internet and VPN server located in between the firewall and the intranet. DMZ is an IP network and that contains the typically resources to internet users such as FTP servers and Web servers. Here VPN server is an interface on the intranet and interface on the DMZ. So, Firewall must be configured with output and input filters on internet to allow tunnel traffic and also tunnel data passes to the VPN. Some addition filters are allowing the traffic to the FTP servers, Web servers and different types of servers on the DMZ. Firewall passes the all tunneled data because firewall doesnï¿½t have any encryption keys for VPN connection, so it just filters the plain text of headers of the tunneled data. VPN server needs a authentication process and also prevents the unauthorized access on the VPN server so that above concern is not a security concern.( Microsoft, 2010)
We used the encryption in VPN for security purpose. Encryption means it encrypt the data of one computer is sending to the computer and other computer only decodes the encrypted data. It is very helpful to avoid the unauthorized on the data which transfer on the internet. This encryption is done by 2 ways 1) Symmetric-key encryption and 2) Public-key Encryption. In the process of Symmetric encryption every computer has an own secret key, this key used for encryption of a data before it sent on the internet. In the process of public key encryption we have combination of a public key and a private key. Private Key is a privacy one and that only known to your system and the public is given to the system which is you want the sent the data. Another computer uses this public key to decrypt the data which is sent by the originated system. ( Jeff, 2011)
II. Project Aim
The aim of our project is to find out the delay in simulation of Perfect Network i.e. no firewall and VPN, VPN with firewall and without encryption and VPN with firewall and with encryption. To achieve this we do compression rather than encryption, because encryption is not available on OPNET academic edition. Internet is the place for transferring more sensitive private data such as business data, personal information or passwords for online banking. In order to protect this data, we provide an encryption in our simulation.
III. Project Development
To order to perform the simulation of VPN with encryption/compression we used OPNET ITGuru Academic Edition. The simulation will provide the detail knowledge of events that occurred in data flow and about traffic received.
i. Simulation Topologies
This part of the report will explain you about flow of the traffic when VPN is established with encryption/compression and also shows the traffic in plain network i.e. without VPN and/or firewall. Here data will be flowing freely without any obstacles like firewall or VPN. There wonï¿½t be any delay and the traffic will be received in time. The applications chosen to use this simulation are Application Configuration, Profile Configuration, PPP Server, Two IP Routers, IP Cloud and Two 100BaseT Switched LAN. IP Router and 100BaseT Switched LANï¿½s are connected using 100BaseT cable and remaining are connected using PPP DS1.
Here will be using the default application and a sample profile for application definitions and profile configuration respectively. And setting server attribute to allow all type of traffic. By linking and setting the attributes of all the components will be getting simulation for traffic received in global as well individual for NET10 and NET11. Figure 1 depicts the same in Opnet.
Figure 1 OPNET Topology for ï¿½Perfect Networkï¿½ (Without VPN and/or Firewall)
This is the basic topology used to show the traffic received in case of VPN with Firewall and with encryption/decryption. The components used are the basic components and will be available throughout the project and will be adding one or two components in further topologies.
Now to see the traffic received in case of VPN with Firewall will move towards the second topology. Here will be adding two components, they are IP VPN Config and a Router. Here will change the Router B to Firewall by setting the attributes and will assign NO for proxy server deployment attribute. Now will remove the link between Router B and Server, place an IP Router in-between of them, and connect it using PPP DS1.Now will set the IP VPN Config by changing its attributes. Will set the Tunnel Source and Destination names by Router A and Router C respectively and will also set the remote client list as NET10 and NET11. Figure 2 shows you the topology used for VPN with firewall and without encryption/compression.
Figure 2 OPNET Topology for VPN with Firewall and without encryption/compression
Finally will have a topology which shows us the delay in traffic received when the encryption/compression is done with the VPN with firewall. Here will add one more component called IP Layer attribute definer, which will be used to set the compression and decompression delay. Along with this we must edit the compression information in server, NET10 and NET11 as Default per-Virtual Circuit Compression. Figure 3 shows us the topology for VPN with Firewall and with Encryption.
Figure 3 OPNET Topology for VPN with Firewall and with encryption/compression
ii. Simulation Scenarios
There are mainly three scenarios used in Opnet to study about the simulation. First one is the scenario where we study about traffic flow, where it start increasing in the beginning and it maintain the same without any drop in-between, in a perfect network i.e. without any firewall and/or VPN. The first scenario is the first topology and which is shows in figure 1.
Second scenario is about VPN with Firewall and without Encryption. It shows you the traffic for response time is more compared with first scenario. It is because of firewall and VPN. One more point should be noted here is that DB Query response time will be more than a HTTP response time. Second is shown in figure 2 which is nothing but a second topology.
Lastly third scenario is about VPN with Firewall and with Encryption. It mainly shows you the traffic for response time more than other two scenarios. It is mainly because of compression and decompression time and VPN and Firewall will also contribute some delay. Figure 3 will provide you the clear picture about scenario with topology.
iii. Simulation Statistics
The statistics will be collected from each scenario about the Data Base (DB) Query, Hyper Text Transfer Protocol (HTTP) from Global Statistics and Object Statistics. Here will be collecting Response time in DB Query and Page Response Time in HTTP from Global Statistics and Packets Received (bits/sec) in DB Query and HTTP from Object statistics. This will give the clear picture of traffic received in case DB Query and HTTP in clients NET10, NET11 and globally. We have run the simulation for an hour to collect all the statistics and viewed it in time_average.
IV. Simulation Results
The operation for the simulation conducted was successful. We got a graph for traffic received is more in case of encryption/compression with VPN and Firewall. Below are the few graphs which explain you clearly about simulations.
Figure 4 Traffic received in DB Query Response Time in Global Statistics Figure 5 Traffic received in HTTP Page Response Time in Global Statistics
Figure 6 DB Query Traffic Received in NET10 Figure 7 HTTP Page Traffic Received in NET10
Figure 8 DB Query Traffic Received in NET11 Figure 9 HTTP Page Traffic Received in NET11
Our simulation of VPN is enable you to good understand about the VPN encryption connections through firewalls, servers, LAN and routers. Our simulation helps to find out the data transferring delay over the internet. If we use perfect network i.e. no firewall and VPN, the data transformation is very high when compare to VPN with firewall without encryption. If we use firewall VPN with encryption we find out some delay in data transmission when compare to firewall VPN without encryption. The cause for delay is encryption in VPN. Our simulation results are correctly describes the encryption in VPN in practical way and also shows the delay measurement in practical way. Encryption is the process of protecting the over the internet. Our simulation helps to find out the use of encryption in VPN and also compares the results of firewall VPN and encrypted firewall VPN. If we use encryption the data will protect as well as some delay will occur. Without encryption we can also transfer the data over the internet but data may not be secured. If we use encryption the encrypted data should not be decrypted until it reaches the destination. This encrypted data were unused by anyone in the internet until it decrypted. But encryption designing and encryption algorithms are not too easy. And also decryption canï¿½t be happen until having the decryption keys.
In the future we have to improve the encryption policies in VPN which is to reduce the delay. OPNET academic should be provides the encryption policies, by this we can get more practical knowledge on delay in VPN. Encryption algorithm design is not easy, so in the future we have to find out the simple and more effective algorithms to encryption.