Dissertationen zum Thema „Virtual Private Network“
Um die anderen Arten von Veröffentlichungen zu diesem Thema anzuzeigen, folgen Sie diesem Link: Virtual Private Network.
Geben Sie eine Quelle nach APA, MLA, Chicago, Harvard und anderen Zitierweisen an
Machen Sie sich mit Top-50 Dissertationen für die Forschung zum Thema "Virtual Private Network" bekannt.
Neben jedem Werk im Literaturverzeichnis ist die Option "Zur Bibliographie hinzufügen" verfügbar. Nutzen Sie sie, wird Ihre bibliographische Angabe des gewählten Werkes nach der nötigen Zitierweise (APA, MLA, Harvard, Chicago, Vancouver usw.) automatisch gestaltet.
Sie können auch den vollen Text der wissenschaftlichen Publikation im PDF-Format herunterladen und eine Online-Annotation der Arbeit lesen, wenn die relevanten Parameter in den Metadaten verfügbar sind.
Sehen Sie die Dissertationen für verschiedene Spezialgebieten durch und erstellen Sie Ihre Bibliographie auf korrekte Weise.
1
Celestino, Pedro. „Private virtual network“. Universidade de Taubaté, 2005. http://www.bdtd.unitau.br/tedesimplificado/tde_busca/arquivo.php?codArquivo=264.
Annotation:
Along with the computers networks emerges the possibility of managing remotely the intelligent organizations although the safe change of information has become a problem to the institutions which transport structured data through nets of computers. One of the largest challenges is the search for safe and economically viable solutions. Protocols of safety, cryptographic algorithms, safe means of communication are essential items so that the information can travel in environmentals free of external interferences. One of the alternatives is the Virtual Private Networks. In this work, the main prominences of this technology will be presented using the protocol IPSec with the purpose of presenting a more atractive tool to the organizations due to its safety and
economical viability.Com as redes de computadores, surge também a possibilidade de administrar remotamente as organizações inteligentes, no entanto a troca de informações segura tornou-se um problema para as instituições que trafegam dados estruturados através das redes de computadores. Um dos maiores desafios é a busca de soluções economicamente viáveis e ao mesmo tempo seguras. Protocolos de segurança, algoritmos criptográficos meios de comunicação seguros, são itens essenciais para que a informação possa trafegar em ambientes livres de interferências externas. Uma das soluções é a Rede Virtual Privada. Neste trabalho, serão apresentados os principais destaques desta tecnologia, utilizando o protocolo IPSec, com o propósito de apresentar mais uma solução atrativa para as organizações, pois trata-se de uma solução economicamente viável e segura.
2
Samuelsson, Joakim, und Richard Sandsund. „Implementing a virtual private network“. Thesis, KTH, Kommunikationssystem, CoS, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-91933.
Annotation:
Dagens företag vill ge anställda möjlighet att jobba hemifrån eller på resande fot. En vanlig lösning för att möjliggöra detta är virtual private network (VPN). VPN ger en användare tillgång till interna resurser på företaget från ett externt nät, exempelvis via Internet. Detta gör att användare kan komma åt de interna resurserna på ett säkert sätt. Vilken VPN-teknik är då att föredra för att få en så snabb, säker och pålitlig anslutning som möjligt? Detta examensarbete tar upp olika VPN-tekniker. Vi beskriver vanliga VPN-protokoll som L2TP, IPSec och PPTP. Hur användare autentiseras på ett säkert och smidigt sätt samt metoder att göra sin VPN-anslutning säker. Vi redovisar också den lösning vi har implementerat hos Confidence, för vilka arbetet utfördes. Problemen med att använda de produkter som redan fanns på företaget beskrivs. Förslag på lösningar ges för att lösa dessa problem i framtida arbeten.Companies of today want to give their employees the opportunity to work from home or while they travel. A common solution to accomplish this is to implement a VPN over top of the existing network. Using VPN gives the employees access to the company’s local area network from outside, via the internet. The VPN provides a secure channel for these employees to connect to the local services attached to the company’s network that they need to reach. Which VPN technology is most suitable to deliver a secure, fast, and reliable connection to theses employees? In this thesis examines we are taking a closer look at different VPN solutions. We describe different VPN-protocols like L2TP, IPSec and PPTP. How to authenticate users in a secure and flexible way and also methods used to make the VPN-connection secure. Lastly we will show the solution we have implemented at the company Confidence, for whom we made the solution. The difficulties in using existing products with the company’s infrastructure are described. Suggestions are offered for future work to address these problems.
3
Davis, Carlton R. „IPSec base virtual private network“. Thesis, McGill University, 2000. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=33390.
Annotation:
The Internet evolved from an experiential packet-switching network called the ARPANET. This network has grown exponentially since its conversion from an experimental to an operational network in 1975. However, the need for confidential and secure data channel has dissuaded many enterprises from using this ubiquitous public infrastructure. The IPSec protocol suite developed by the Internet Engineering Task Force (IETF) makes it possible to implement secure communication channels or virtual private network (VPN) over the Internet. Corporations can benefit from substantial financial savings by utilizing VPN for inter-company or intra-company communications rather than using expensive lease or privately own network infrastructure with its associated high maintenance costs. In this thesis, we will discuss the architecture, design and use of IPSec base VPN.
4
Habibovic, Sanel. „VIRTUAL PRIVATE NETWORKS : An Analysis of the Performance in State-of-the-Art Virtual Private Network solutions in Unreliable Network Conditions“. Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-17844.
Annotation:
This study aimed to identify the differences between state-of-the-art VPN solutions on different operating systems. It was done because a novel VPN protocol is in the early stages of release and a comparison of it, to other current VPN solutions is interesting. It is interesting because current VPN solutions are well established and have existed for a while and the new protocol stirs the pot in the VPN field. Therefore a contemporary comparison between them could aid system administrators when choosing which VPN to implement. To choose the right VPN solution for the occasion could increase performance for the users and save costs for organizations who wish to deploy VPNs. With the remote workforce increasing issues of network reliability also increases, due to wireless connections and networks beyond the control of companies. This demands an answer to the question how do VPN solutions differ in performance with stable and unstable networks? This work attempted to answer this question. This study is generally concerning VPN performance but mainly how the specific solutions perform under unreliable network conditions.It was achieved by researching past comparisons of VPN solutions to identify what metrics to analyze and which VPN solutions have been recommended. Then a test bed was created in a lab network to control the network when testing, so the different VPN implementations and operating systems have the same premise. To establish baseline results, performance testing was done on the network without VPNs, then the VPNs were tested under reliable network conditions and then with unreliable network conditions. The results of that were compared and analyzed. The results show a difference in the performance of the different VPNs, also there is a difference on what operating system is used and there are also differences between the VPNs with the unreliability aspects switched on. The novel VPN protocol looks promising as it has overall good results, but it is not conclusive as the current VPN solutions can be configured based on what operating system and settings are chosen. With this set-up, VPNs on Linux performed much better under unreliable network conditions when compared to setups using other operating systems. The outcome of this work is that there is a possibility that the novel VPN protocol is performing better and that certain combinations of VPN implementation and OS are better performing than others when using the default configuration. This works also pointed out how to improve the testing and what aspects to consider when comparing VPN implementations.
5
Norin, Anders, und Henrik Ohlsson. „VPN : Virtual Private Network i Windows 2000“. Thesis, University West, Department of Informatics and Mathematics, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:hv:diva-483.
6
Ikiz, Suheyla. „Performance Parameters Of Wireless Virtual Private Network“. Master's thesis, METU, 2006. http://etd.lib.metu.edu.tr/upload/12607094/index.pdf.
Annotation:
ABSTRACT
PERFORMANCE PARAMETERS OF WIRELESS VIRTUAL PRIVATE NETWORK
KZ, Süheyla Ms.c, Department of Information Systems Supervisor: Assoc. Prof. Dr. Nazife Baykal Co-Supervisor: Assist. Prof. Dr. Yusuf Murat Erten January 2006, 78 pages As the use of PC&rsquo
s and handheld devices increase, it expected that wireless communication would also grow. One of the major concerns in wireless communication is the security. Virtual Private Network (VPN) is the most secure solution that ensures three main aspect of security: authentication, accountability and encryption can use in wireless networks. Most VPNs have built on IP Security Protocol (IPSec) to support end-to-end secure data transmission. IPSec is a wellunderstood and widely used mechanism for wired network communication. Because, wireless networks have limited bandwidth and wireless devices have limited power and less capable CPU, the performance of the networks when VPN&rsquo
s are used is an important research area. We have investigated the use of VPNs in wireless LANs to provide end &ndash
to &ndash
end security. We have selected IPSec as the VPN protocol and investigated the effects of using IPSec on the throughput, packet loss, and delay of the wireless LANs. For this purpose, we have set up a test bed and based, our results on the actual measurements obtained from the experiments performed using the test bed. v The wireless LAN we have used is an 802.11g network and the results show that the performance of the network is adversely affected when VPN&rsquo
s are used but the degradation is not as bad as expected.
7
Liang, Huan. „Minimal cost design of virtual private network“. Thesis, University of Ottawa (Canada), 2003. http://hdl.handle.net/10393/26513.
Annotation:
VPN technology is an attractive cost-effective solution for the support of the networking needs of enterprises. In this work, we review current issues in the development of VPN technology. We then focus our research on minimal cost design, used by network-based IP VPN service providers. The interest in such solutions is generated by both customers seeking to reduce support costs and by Internet Service Providers (ISPs) seeking new revenue sources. Solving the cost minimization would allow ISPs to define and deploy new VPN services.
In this thesis, Multicommodity Min-Cost Flows (MMCF) formulations are applied to the resource allocation in network-based IP VPN, in order to develop a cost-effective routing proposal. Compared with RFC 2676, one of the Open Shortest Path First (OSPF) algorithms, various improvements in routing costs are obtained corresponding to different proposed network topologies.
8
Rüegg, Maurice. „Virtual private network provisioning in the hose model /“. Zürich : ETH, Eidgenössische Technische Hochschule Zürich, Institut für Technische Informatik und Kommunikationsnetze, 2003. http://e-collection.ethbib.ethz.ch/show?type=dipl&nr=119.
9
Lin, Zhangxi. „Virtual private network traffic pricing : an exploratory study /“. Digital version accessible at:, 1999. http://wwwlib.umi.com/cr/utexas/main.
10
Bazama, Muneer I. „Investigation into Layer 3 Multicast Virtual Private Network Schemes“. Thèse, Université d'Ottawa / University of Ottawa, 2012. http://hdl.handle.net/10393/22653.
Annotation:
The need of multicast applications such as Internet Protocol Television (IPTV) and dependent financial services require more scalable and reliable MVPN infrastructures. This diversity and breadth of services pose a challenge for operators to create an infrastructure that supports Layer 2 (ATM/Frame relay/Ethernet/PPP) and Layer 3(IPv4/IPv6) Virtual Private Networks. The difficulty is particularly true for virtual services that require complex control and data plane operations. Another challenge is to support emerging multicast applications incrementally on top of the existing Layer 3 VPN infrastructure without adding operational complexity.
In this thesis, we investigate and analyze several implementation methods of Multicast Virtual Private Network (MVPN) schemes by carrying out tests in a research testbed environment. These schemes are intended for offering multicast services over layer 3 VPN. However, some of these technologies can be tuned to offer multicast services over layer 2 VPN as well. We also provide tools and tactics on how to implement and evaluate the scalability and performance of two MPVN schemes in IP/MPLS core networks such as Rosen scheme and NG MVPN.
11
Ögren, Niklas. „Selecting/realization of Virtual Private Networks with Multiprotocol Label Switching or Virtual Local Area Networks“. Thesis, KTH, Mikroelektronik och Informationsteknik, IMIT, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-93211.
Annotation:
Many reports have been written about the techniques behind Virtual Private Networks (VPN) and Multi Protocol Label Switching (MPLS). They usually deal with the low level design of the software implementing a specific technique. The initial products are usually not mature enough to run in a large network or have to be adjusted in some way to fit. This report investigates the different ways of implementing strict layer 2 Virtual Private Networks in an existing nation-wide Gigabit Ethernet. The infrastructure in use, as well as the hardware, has to be used without major changes. Since 1998/1999, when MPLS first started in the laboratories, development has continued. Today it is possible to introduce MPLS or tunneled national virtual local area network into an existing network. This requires high speed, fault tolerant, and stable hardware and software. Going beyond the separation of traffic at layer 3 using Virtual Private Networks, i.e., IPSec, we can tunnel layer 2 traffic through a network. Although the first layer 3 VPN products are already in use, layer 2 VPNs still need to be evaluated and brought into regular use. There are currently two ways of tunneling VLANs in a core network: tunneled VLANs (or as Extreme Networks calls them, VMANs) and MPLS. This project showed that it is possible to start with a VLAN-only solution, and then upgrade to MPLS to solve scalability issues. The VMAN solution can not be used at Arrowhead, since there are too many disadvantages in the way Extreme Networks has implemented it. However, a mix of tunneling VMAN in a VLAN core is possible, and enables customer tagging of VLANs in a Layer 2 VPN. Furthermore, the testing of EAPS and per-VLAN Spanning Tree Protocol turned out well, and showed that EAPS should not be used when there is more than one loop.
12
Gaspoz, Jean-Paul. „Object-oriented method and architecture for virtual private network service management /“. [S.l.] : [s.n.], 1996. http://library.epfl.ch/theses/?nr=1446.
13
Soler, Avellén Carl Richard. „Virtual Private Network Communication over a session layer socket protocol (SOCKS)“. Thesis, Linköpings universitet, Institutionen för datavetenskap, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-66277.
Annotation:
SYSTeam is an IT solutions supplier company that wants to develop a product which permits users to communicate with each other, over the Internet, in a secure way. The solution creates communication between two subnets which are connected through a Virtual Private Network (VPN) Gateway. The security of the communication is implemented at the application layer by using the Secure Socket Layer (SSL) protocol which carries, encrypted within it, a session layer technology called Sock-et-s (SOCKS). The communication prototype is developed in a Linux platform with the Integrated Development Environment (IDE) Eclipse and Java programming language. There are many similar software-hardware based products in the market, but these solutions usually demand high budgets. This thesis shows the development of a communication prototype of a new, and low cost, alternative product. This report also describes how the Java SOCKS methods are increased with further functionality in order to reach the designed communication infrastructure. The entire implementation is tested by using a network analyzer software called Wireshark and a log function which writes out messages in order for us to know which part of the code is running.
14
Ng, Walfrey. „MIBlet approach to virtual private network management, design, applications and implementation“. Thesis, National Library of Canada = Bibliothèque nationale du Canada, 1999. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape8/PQDD_0002/MQ45994.pdf.
15
Chowdavarapu, Pradeep Kumar, Pramod Kati und Williams Opoku. „INFORMATION INTERCHANGE IN VIRTUAL PRIVATE NETWORKS : Key Considerations for Efficient Implementation“. Thesis, Högskolan i Borås, Institutionen Handels- och IT-högskolan, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:hb:diva-20915.
Annotation:
This thesis identifies some key Considerations to be considered to create an efficient virtual private network and also investigates to understand some efficiency problems affecting the interchange of information in such networks. It then outlines some possible solutions to manage such problems.The ICT and the telecommunications have been advancing at a rapid rate. This has been seen in the exchange of information in virtual networks such as the social networks like Facebook, Skype, Google talk, Yahoo messenger, Twitter etc. The need for maximum security, privacy and cost effectiveness in different organizations, institutions and private sectors etc makes it useful and needful to have efficient virtual private networks.Understanding the problems affecting the information interchange in such networks and suggesting some probable solutions will both help the provider and the user.Program: Magisterutbildning i informatik
16
Liyanage, M. (Madhusanka). „Enhancing security and scalability of Virtual Private LAN Services“. Doctoral thesis, Oulun yliopisto, 2016. http://urn.fi/urn:isbn:9789526213767.
Annotation:
Abstract Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider networks. VPLS networks are now becoming attractive in many Enterprise applications, such as DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their simple, protocol-independent and cost efficient operation. However, these new VPLS applications demand additional requirements, such as elevated security, enhanced scalability, optimum utilization of network resources and further reduction in operational costs. Hence, the motivation of this thesis is to develop secure and scalable VPLS architectures for future communication networks. First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol (HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism that increase the forwarding and security plane scalability of VPLS networks. Second, a secure hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted label-based secure frame forwarding mechanism is designed to transport L2 frames over a hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the impact of invisible loops in the provider network. Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is designed to overcome tunnel management limitations in legacy secure VPLS architectures. Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized controller to command VPLS tunnel establishment based on real-time network behavior. Hence, the results of the thesis will help for more secure, scalable and efficient system design and development of VPLS networks. It will also help to optimize the utilization of network resources and further reduction in operational costs of future VPLS networksTiivistelmä Ethernet-pohjainen VPLS (Virtual Private LAN Service) on läpinäkyvä, protokollasta riippumaton monipisteverkkomekanismi (Layer 2 Virtual Private Network, L2VPN), jolla yhdistetään asiakkaan etäkohteet IP (Internet Protocol)- tai MPLS (Multiprotocol Label Switching) -yhteyskäytäntöön pohjautuvien palveluntarjoajan verkkojen kautta. VPLS-verkoista on yksinkertaisen protokollasta riippumattoman ja kustannustehokkaan toimintatapansa ansiosta tullut kiinnostavia monien yrityssovellusten kannalta. Tällaisia sovelluksia ovat esimerkiksi DCI (Data Center Interconnect), VoIP (Voice over IP) ja videoneuvottelupalvelut. Uusilta VPLS-sovelluksilta vaaditaan kuitenkin uusia asioita, kuten parempaa tietoturvaa ja skaalautuvuutta, optimaalista verkkoresurssien hyödyntämistä ja käyttökustannusten pienentämistä entisestään. Tämän väitöskirjan tarkoituksena onkin kehittää turvallisia ja skaalautuvia VPLS-arkkitehtuureja tulevaisuuden tietoliikenneverkoille. Ensin väitöskirjassa esitellään skaalautuva ja turvallinen flat-VPLS-arkkitehtuuri, joka perustuu Host Identity Protocol (HIP) -protokollaan. Seuraavaksi käsitellään istuntoavaimiin perustuvaa tietoturvamekanismia ja tehokasta lähetysmekanismia, joka parantaa VPLS-verkkojen edelleenlähetyksen ja tietoturvatason skaalautuvuutta. Tämän jälkeen esitellään turvallinen, hierarkkinen VPLS-arkkitehtuuri, jolla saadaan aikaan ohjaustason skaalautuvuus. Väitöskirjassa kuvataan myös uusi salattu verkkotunnuksiin perustuva tietokehysten edelleenlähetysmekanismi, jolla L2-kehykset siirretään hierarkkisessa VPLS-verkossa. Lisäksi väitöskirjassa ehdotetaan uuden Distributed Spanning Tree Protocol (DSTP) -protokollan käyttämistä vapaan Ethernet-verkkosilmukan ylläpitämiseen VPLS-verkossa. DSTP:n avulla on mahdollista ajaa muokattu STP (Spanning Tree Protocol) -esiintymä jokaisessa VPLS-verkon etäsegmentissä. Väitöskirjassa esitetään myös kaksi Redundancy Identification Mechanism (RIM) -mekanismia, Customer Associated RIM (CARIM) ja Provider Associated RIM (PARIM), joilla pienennetään näkymättömien silmukoiden vaikutusta palveluntarjoajan verkossa. Viimeiseksi ehdotetaan uutta SDN (Software Defined Networking) -pohjaista VPLS-arkkitehtuuria (Soft-VPLS) vanhojen turvallisten VPLS-arkkitehtuurien tunnelinhallintaongelmien poistoon. Näiden lisäksi väitöskirjassa ehdotetaan kolmea uutta mekanismia, joilla voidaan parantaa vanhojen arkkitehtuurien tunnelinhallintatoimintoja: 1) dynaaminen tunnelinluontimekanismi, 2) tunnelin jatkomekanismi ja 3) nopea tiedonsiirtomekanismi. Ehdotetussa arkkitehtuurissa käytetään VPLS-tunnelin luomisen hallintaan keskitettyä ohjainta, joka perustuu reaaliaikaiseen verkon käyttäytymiseen. Tutkimuksen tulokset auttavat suunnittelemaan ja kehittämään turvallisempia, skaalautuvampia ja tehokkaampia VLPS järjestelmiä, sekä auttavat hyödyntämään tehokkaammin verkon resursseja ja madaltamaan verkon operatiivisia kustannuksia
17
Perez, Fridrich Shane. „A Framework for the Performance Analysis and Tuning of Virtual Private Networks“. BYU ScholarsArchive, 2018. https://scholarsarchive.byu.edu/etd/6867.
Annotation:
With the rising trend of personal devices like laptops and smartphones being used in businesses and significant enterprises, the concern for preserving security arises. In addition to preserving security measures in outside devices, the network speed and performance capable by these devices need to be balanced with the security aspect to avoid slowing down virtual private network (VPN) activity. Performance tests have been done in the past to evaluate available software, hardware, and network security protocol options that will best benefit an entity according to its specific needs. With a variety of comparable frameworks available currently, it is a matter of pick and choose. This study is dedicated to developing a unique process-testing framework for personal devices by comparing the default security encryptions of different VPN architectures to the Federal Information Processing Standards (FIPS) set of complying encryptions. VPN architectures include a vendor-supplied VPN, Palo Alto Networks, open-sourced OpenVPN application, and a Windows PPTP server to test security protocols and measure network speed through different operating platforms. The results achieved in this research reveal the differences between the default security configurations and the encryption settings enforced by FIPS, shown through the collected averaged bandwidth between multiple network tests under those settings. The results have been given additional analysis and confidence through t-tests and standard deviation. The configurations, including difficulty in establishing, between different VPNs also contribute to discovering OpenVPN under FIPS settings to be favorable over a Palo Alto firewall using FIPS-CC mode due to higher bandwidth rate despite following the same encryption standards.
18
Ferguson, Jason. „An Examination of a Virtual Private Network Implementation to Support a Teleworking Initiative: The Marcus Food Company Inc. Case Study“. NSUWorks, 2010. http://nsuworks.nova.edu/gscis_etd/149.
Annotation:
In this dissertation, the author examined the capabilities of virtual private networks (VPNs) in supporting teleworking environments for small businesses in the food marketing sector. The goal of this research was to develop an implementation model for small businesses in the food marketing sector that use a VPN solution to support teleworker access to corporate resources. The author conducted a case study of the Marcus Food Company (MFC) VPN implementation in conjunction with the system development life cycle (SDLC) methodology to achieve this objective.
The SDLC methodology was used to support the planning, design, and implementation of the MFC VPN. The SDLC consists of five phases. For Phase 1, the Research Phase, the author examined the business requirements for a VPN, conducted a survey of MFC employees, and performed participant observation. In Phase 2, the Analysis Phase, the author analyzed the data collected during Phase 1 to facilitate the development of a requirements list. Next, in Phase 3, the Logical Design Phase, the author designed and developed standardized diagrams of the MFC VPN implementation. In Phase 4, the Physical Design Phase, the author identified specific processes, procedures, and technologies. For Phase 5, the Implementation Phase, the author described the implementation processes for the MFC VPN initiative. Finally, the author analyzed and interpreted the data collected and then reported the results of the research.
The findings from this investigation demonstrate that the SDLC methodology was a framework for planning, designing, and implementing a secure and reliable VPN solution to support teleworking. Utilizing the SDLC methodology resulted in thorough documentation, including a review of in-place network documentation, results from a survey, prioritized functional and nonfunctional requirements lists, logical design diagram, and specific hardware/software components and configurations. Using the findings from the case study and SDLC methodology, the MFC VPN implementation model is presented. The MFC implementation model may be used in small businesses, of a size similar to MFC, in which VPN initiatives are being considered.
19
Corfiati, Matteo. „Valutazione sperimentale di tecnologie per la creazione di VPN in ambito LAN/WAN“. Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2012. http://amslaurea.unibo.it/4548/.
Annotation:
Il documento riporta, con prove sperimentali, un confronto tra le prestazioni che diverse tecnologie VPN hanno all'interno dello scenari wired e wireless. Il protocollo di tunneling utilizzato per la creazione delle VPN incide in modo particolare sulle performance della rete. L'obiettivo è proprio quello di valutare il protocollo che fornisce una qualità migliore a livello prestazionale, il tutto tramite un insieme mirato di test.
20
Tabassum, Mujahid, und Khamees Elkhateeb. „Network Capability Analysis and Related Implementations Improvements Recommendations“. Thesis, Halmstad University, School of Information Science, Computer and Electrical Engineering (IDE), 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-2476.
Annotation:
The networking field has become a core component for any company. All of the
businesses rely on the networking industry, due its vastness and significance. Every day
companies are planning and thinking to develop better strategies that can offer efficient
and reliable communication solutions between their employees and customers for
maximum revenue. The planning of a company’s network requires a lot of resources and
aspects to study, and to evaluate them carefully to build a comprehensive secure and
reliable platform. It is the job of a network administrator to take care of the company’s
network infrastructure and upgrade or update the required components and applications
from time-to-time that can follow new standards.
This thesis is a practical work aimed to evaluate a company network infrastructure in its
real environment. The purpose of this thesis is to evaluate different aspects of the
network infrastructure used such as VPN, WLAN, firewall and physical security and give
recommendations to make their performance better and to offer more advanced strategies.
This study will also provide an inclusive observation of the company’s needs and their
network infrastructure, and will provide a concept how to evaluate and fix small mistakes,
the kind of problems that can occur in an evolving company network. Lastly, this research
will make recommendations and suggest a possible implementation on the studied
network infrastructure.
21
SATO, Ken-ichi, Hiroshi HASEGAWA, Yoshiyuki YAMADA und Fumisato NARUSE. „Virtual Fiber Networking and Impact of Optical Path Grooming on Creating Efficient Layer One Services“. 電子情報通信学会, 2012. https://search.ieice.org/.
22
Cote, ̕. Richard Scott. „Implementation considerations for a Virtual Private Network (VPN) to enable broadband secure remote access to the Naval Postgraduate School Intranet /“. Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2000. http://handle.dtic.mil/100.2/ADA386706.
Annotation:
Thesis (M.S. in Information Technology Management) Naval Postgraduate School, Dec. 2000.Thesis advisors, Rex Buddenberg, Daniel Warren. "December 2000." Includes bibliographical references (p. 81-82). Also available in print.
23
Cote, Richard Scott. „Implementation considerations for a Virtual Private Network (VPN) to enable broadband secure remote access to the Naval Postgraduate School Intranet“. Thesis, Monterey, California. Naval Postgraduate School, 2000. http://hdl.handle.net/10945/9179.
Annotation:
As broadband connections to the home become more prevalent, through Digital Subscriber Lines (DSL) and cable modems, students and faculty will desire to access the NPS Internet via these new means instead of their 56K modems. The introduction of these new technologies will require NPS to re- evaluate how to allow remote access to their internal resources in a secure way, while still allowing for the use of broadband technologies. This thesis will examine the alternative methods for implementing VPNs, from simple use of Point to Point Protocols (PPP) to high end specialized internet appliances and gateways. Pros and cons of each will be discussed. A mock-up of the schools network will be created to test each of the discussed methods. Final recommendations will be made for a model that can be used by the NPS to implement a VPN. Also discussed will be how that model may be altered to fit other commands throughout the US Navy who desire similar secure remote access to their internal network resources.
24
Wagner, Edward Dishman. „Public Key Infrastructure (PKI) And Virtual Private Network (VPN) Compared Using An Utility Function And The Analytic Hierarchy Process (AHP)“. Thesis, Virginia Tech, 2002. http://hdl.handle.net/10919/32685.
Annotation:
This paper compares two technologies, Public Key Infrastructure (PKI) and Virtual Private Network (VPN). PKI and VPN are two approaches currently in use to resolve the problem of securing data in computer networks. Making this comparison difficult is the lack of available data. Additionally, an organization will make their decision based on circumstances unique to their information security needs. Therefore, this paper will illustrate a method using a utility function and the Analytic Hierarchy Process (AHP) to determine which technology is better under a hypothetical set of circumstances. This paper will explain each technology, establish parameters for a hypothetical comparison, and discuss the capabilities and limitations of both technologies.Master of Arts
25
Kilcrease, Patrick N. „Employing a secure Virtual Private Network (VPN) infrastructure as a global command and control gateway to dynamically connect and disconnect diverse forces on a task-force-by-task-force basis“. Thesis, Monterey, California : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/Sep/09Sep%5FKilcrease.pdf.
Annotation:
Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, September 2009.Thesis Advisor(s): Barreto, Albert. "September 2009." Description based on title screen as viewed on 6 November 2009. Author(s) subject terms: Virtual Private Network, GHOSTNet, maritime interdiction operations, internet protocol security, encapsulating security protocol, data encryption standard. Includes bibliographical references (p. 83-84). Also available in print.
26
Goh, Vik Tor. „Intrusion detection framework for encrypted networks“. Thesis, Queensland University of Technology, 2010. https://eprints.qut.edu.au/41733/1/Vik_Tor_Goh_Thesis.pdf.
Annotation:
Network-based Intrusion Detection Systems (NIDSs) monitor network traffic for signs of malicious activities that have the potential to disrupt entire network infrastructures and services. NIDS can only operate when the network traffic is available and can be extracted for analysis. However, with the growing use of encrypted networks such as Virtual Private Networks (VPNs) that encrypt and conceal network traffic, a traditional NIDS can no longer access network traffic for analysis. The goal of this research is to address this problem by proposing a detection framework that allows a commercial off-the-shelf NIDS to function normally in a VPN without any modification. One of the features of the proposed framework is that it does not compromise on the confidentiality afforded by the VPN. Our work uses a combination of Shamir’s secret-sharing scheme and randomised network proxies to securely route network traffic to the NIDS for analysis. The detection framework is effective against two general classes of attacks – attacks targeted at the network hosts or attacks targeted at framework itself. We implement the detection framework as a prototype program and evaluate it. Our evaluation shows that the framework does indeed detect these classes of attacks and does not introduce any additional false positives. Despite the increase in network overhead in doing so, the proposed detection framework is able to consistently detect intrusions through encrypted networks.
27
Våge, William. „Digitala hjälpmedel för aktivitetsbaserat arbetssätt“. Thesis, Mittuniversitetet, Avdelningen för informationssystem och -teknologi, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-30874.
Annotation:
The activity based workplace model is becoming more and more com- mon and the Swedish Insurance Agency is an authority that has em- braced this model. The new way of working means that more employ- ees work from home or another place than the office. The new working model needs IT solutions that can handle communication and secure document management. This has caused two problems at the Swedish Insurance Agency. The first problem is concerning confusion about how employees should connect correctly to the authority’s conference room equipment. The solution proposal should be able to evaluate if the correct equipment has been connected and present connection status information. The second is for connection to the authority’s Private Network (VPN). The problem is that users often lose or not get proper connection to the network devices when they connect through VPN. A technical solution for each problem were developed. The application for connection against conference room equipment evaluates that the user has a USB dock (with more components connected to it) connected, that the user has network connection and that the USB dock driver has installed correctly. Usability test showed that the application works as intended, except some confusion about the navigation, which was corrected. The application for VPN connection visually shows the user through an icon in the taskbar if the user is properly connected to VPN or not. The application also got the option of calling a connection script if the user loses connection. Evaluation based on Requirements Specifi- cation showed that both applications could meet their requirements and the applications were packaged and distributed to employees at the Swedish Insurance Agency.Aktivitetsbaserad arbetsmodell blir mer och mer vanligt och Försäkringskassan är en myndighet som anammat detta arbetssätt. Det nya sättet att jobba innebär att fler anställda jobbar hemifrån eller annan plats. Arbetssättet medför att det behövs IT-lösningar som kan hantera bland annat kommunikation och säker dokumenthantering. Det har gett upphov till två problem på Försäkringskassan. Det första problemet är förvirring kring hur anställda skall koppla upp sig korrekt mot Försäkringskassans konferensrumsutrustning. Lösningsförslaget skall kunna utvärdera ifall korrekt utrustning har kopplats in och presentera information gällande anslutningsstatus. Det andra gäller uppkoppling mot Försäkringskassans Virtuella Privata Nätverk (VPN). Problemet gäller att användare ofta tappar eller inte får korrekt anslutning till nätverksenheterna då de ansluter sig via VPN. Ett tekniskt lösningsförslag för respektive problem utvecklades. Applikationen gällande uppkoppling mot konferensrumsutrustning utvärderar att användaren har USB-docka (med fler komponenter ansluten till den) ansluten, att användaren har nätverksuppkoppling samt att drivrutin för USB-docka har hunnit installerats. Användbarhetstest visade på att applikationen fungerar som tänkt, förutom lite förvirring kring navigation, vilket korrigerades. Applikationen gällande VPN- uppkoppling visar visuellt för användaren genom en ikon i aktivitetsfältet om användaren är korrekt ansluten till VPN eller inte. Applikationen fick också inbyggt alternativet att ropa på ett uppkopplingsskript om användaren tappar anslutning. Utvärdering utifrån Kravspecifikation visade att båda applikationerna kunde uppnå sina krav och applikationerna har paketerats och distribuerats till anställda på Försäkringskassan.
28
Konstantaras, Dimitrios, und Mustafa Tahir. „Securing Network Connected Applications with Proposed Security Models“. Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2022.
Annotation:
In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies.
However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security
within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications.
By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies.
An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.
29
Castillo, Meza Joel Omar. „Migración e implementación hacia una red MPLS-VPN aplicado a una entidad empresarial en la ciudad de Lima“. Bachelor's thesis, Universidad Ricardo Palma, 2015. http://cybertesis.urp.edu.pe/handle/urp/1278.
Annotation:
En la presente tesina se realiza una descripción de la tecnología de Conmutación Multi-Protocolo mediante etiquetas usando una red privada virtual para la comunicación de una entidad empresarial. Se realizó una descripción de la tecnología MPLS con VPN mostrando sus cualidades, ventajas y desventajas, se promueve la esta tecnología a la red de comunicación de datos de la empresa tenga un performance y confidencialidad en los datos transmitidos, diseñando un esquema así como la infraestructura que podría ser usada en esta implementación, con características modulares las cuales permitirá a la empresa ir creciendo a la medida de que su tráfico o demanda de transporte vaya aumentando al igual que la integración de las demás extensiones se amerita el caso; para el diseño nos ayudaremos del programa de simulación “GNS3” el mismo que se hará un bosquejo de la configuración y modelo para la transmisión de sucursal a matriz y viceversa.
This thesis is a description of MPLS VPN using a communication from the business entity. Was a description of MPLS VPN showing his qualities, advantages and disadvantages, promotes the introduction of this technology to the data communication network of the company to have a performance traffic and confidentiality of the data transmitted, designing scheme as well as the infrastructure that could be used in this implementation, modular features which allow the company to grow to the extent that their traffic and transport demand will increase as the integration of other extensions are merited case, to help us design simulation program "GNS3" the same to be made a sketch of the model configuration and transmission branch to parent and vice versa.
30
Harris, B. A. „Firewalls and virtual private networks“. Thesis, University of Canterbury. Computer Science, 1998. http://hdl.handle.net/10092/8413.
Annotation:
The Internet has become a global computing phenomenon, and during the 1990's has had more influence on the computer - communications industry than any other development in its history. There are two major issues effecting the development of the Internet for the 21st century; performance and security. This thesis is concerned with the later; in particular the issues raised by the interconnection of TCP/IP based networks between trusted and untrusted network domains.
Four main topics are addressed: the common threats and vulnerabilities that effect the TCP/IP protocol suite at the Network, Transport, and Application layers; the application of firewall architectures to counter the risks posed by TCP/IP based connections between trusted and untrusted network domains; the issue of independent firewall architecture evaluation and certification; and the application of Virtual Private Network (VPN) technology to protect traffic over untrusted networks.
This thesis examines the common threats and vulnerabilities which effect the current TCP/IP protocol suite, and hence the Internet. A firewall architecture can be a powerful tool for preventing attacks based on TCP/IP vulnerabilities, however, it is only as effective as the security policy that it implements. Although firewalls can benefit computer and network security, they suffer from several significant limitations, including; the inability to protect network traffic; defending against insider abuse; and controlling the content of end-user access (e.g. virus infected files, Java applets, etc.)
Firewalls are generally considered impregnable, however they are certainly not immune to software and hardware vulnerabilities. Therefore, this thesis examines independent evaluation and certification of firewall architectures with particular focus on New Zealand and Australian efforts.
The final section of this thesis examines the use of VPNs for securing network traffic. The amalgamation of VPN and firewall technologies allows the security policy to be extended onto the network in the form of services, such as, confidentiality, integrity, non-repudiation, and strong authentication.
31
Lukaszewski, Daniel. „Multipath transport for virtual private networks“. Thesis, Monterey, California: Naval Postgraduate School, 2017. http://hdl.handle.net/10945/53013.
Annotation:
Approved for public release; distribution is unlimitedVirtual Private Networks (VPNs) are designed to use the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) to establish secure communication tunnels over public Internet. Multipath TCP (MPTCP) extends TCP to allow data to be delivered over multiple network paths simultaneously. This thesis first builds a testbed and investigates the potential of using MPTCP tunnels to increase the goodput of VPN communications and support seamless mobility. Based on the empirical results and an analysis of the MPTCP design in Linux kernels, we further introduce a full-multipath kernel, implementing a basic Multipath UDP (MPUDP) protocol into an existing Linux MPTCP kernel.We demonstrate the MPUDP protocol provides performance improvements over single path UDP tunnels and in some cases MPTCP tunnels. The MPUDP kernel should be further developed to include more efficient scheduling algorithms and path managers to allow better performance and mobility benefits seen with MPTCP.
Outstanding Thesis
Lieutenant, United States Navy
32
Космина, Андрій Сергійович, und Andrii Kosmyna. „Дослідження відмовостійкості з'єднання OpenVPN для забезпечення неперервності бізнес-процесів“. Master's thesis, ТНТУ, 2021. http://elartu.tntu.edu.ua/handle/lib/36800.
Annotation:
Дослідження відмовостійкості з'єднання OpenVPN для забезпечення
неперервності бізнес-процесів// Дипломна робота ОР «Магістр» // Космина
Андрій Сергійович // Тернопільський національний технічний університет імені
Івана Пулюя, факультет комп’ютерно-інформаційних систем і програмної
інженерії, кафедра кібербезпеки, група СБмз-61 // Тернопіль, 2021 // С. 75 , рис.
– 14 , табл. – 3 , додат. – 5Дана магістерська кваліфікаційна робота присвячена дослідженню відмовостійкості з'єднання OpenVPN для забезпечення неперервності бізнес- процесів. Проведено аналіз видів VPN та їх використання для бізнесу, аналіз OpenVPN технології та порівняння продуктивності алгоритмів шифрування. Організовано мережу відмовостійкого з’єднання OpenVpn з функцією автоматичної зміни сервера. У першій главі розглянуто основні характеристики віртуальних приватних мереж та проведено аналіз видів VPN та способи їх використання для потреб бізнесу. У другій главі проведено загальний аналіз технології OpenVPN та проведено порівняння продуктивності основних алгоритмів шифрування У третій главі проведено практичну побудову відмовостійкого з’єднання OpenVpn з функцією автоматичної зміни сервера з використанням найоптимальніших налаштувань та продуктивних алгоритмів вибраних на основі порівняння в попередньому розділі. У підрозділі "Охорона праці" розглянуто загальні правила охорони праці та питання забезпечення електробезпеки користувачів ПК.
This master's thesis is devoted to the study of fault tolerance of OpenVPN connections to ensure business continuity. The analysis of VPN types and their use for business, the analysis of OpenVPN technology and the comparison of productivity of encryption algorithms are carried out. Organize a failover OpenVpn connection with automatic server change. The first chapter discusses the main characteristics of virtual private networks and analyzes the types of VPN and ways to use them for business purposes. The second chapter provides a general analysis of OpenVPN technology and compares the performance of basic encryption algorithms The third chapter provides a practical way to build a failover OpenVpn connection with an automatic server change function using the most optimal settings and productive algorithms selected based on the comparison in the previous section. In the subsection "Labor protection" the general rules of labor protection and questions of ensuring electrical safety of PC users are considered.
ВСТУП ...8 РОЗДІЛ 1 ЗАГАЛЬНИЙ АНАЛІЗ ТЕХНОЛОГІЇ ВІРТУАЛЬНИХ МЕРЕЖ ...10 1.1 Загальні положення технології VPN ... 10 1.2 Класифікація VPN ... 12 1.3 Функції безпеки, які забезпечються технологією VPN ... 12 1.4 Порівняння найпоширеніших протоколів (PPTP,L2TP,IPSec ) ...18 1.5 Порівняння готових рішень VPN для бізнесу ... 21 Висновки до розділу 1... 23 РОЗДІЛ 2 АНАЛІЗ ТЕХНОЛОГІЇ OPENVPN ... 25 2.1 OpenVPN, призначення, мережі та схема використання ... 25 2.2 Переваги та недоліки протоколу OpenVpn. ... 30 2.3 Реалізація відмовостійкого з’єднання на базі програмного забезпечення OpenVpn... 33 2.4 Порівняння продуктивності алгоритмів шифрування які підтримує OpenVPN... 34 Висновки до розділу 2... 36 РОЗДІЛ 3 ОРГАНІЗАЦІЯ ЗАХИЩЕНОГО ВІДДАЛЕНОГО ПІДКЛЮЧЕННЯ ДО РЕСУРСІВ КОРПОРАТИВНИХ МЕРЕЖ ВИКОРИСТОВУЮЧИ ТЕХНОЛОГІЮ OPENVPN ... 38 3.1 Описання проблеми та моделювання мережі. ... 38 3.2 Створення реальної моделі відмовостійкої мережі. .... 39 3.2.1 Встановлення OpenVPN ...39 3.2.2 Створення директорії центру сертифікації ... 40 3.2.3 Налаштування центру сертифікації ... 40 3.2.4 Створення центру сертифікації ... 41 3.2.5 Створення сертифіката, ключа і файлів шифрування для сервера ... 43 3.2.6 Створення сертифіката і пари ключів для клієнта ... 44 3.2.7 Налаштування сервісу OpenVPN ... 45 3.2.8 Налаштування мережевої конфігурації сервера .... 45 3.2.9 Відкриття порту OpenVPN і застосування змін ... 46 3.2.10 Включення сервісу OpenVPN ... 47 3.2.11 Налаштування серверу 2. ... 48 3.2.12 Налаштування серверу 3 ... 48 3.3 Порядок дій для налаштування клієнта ... 49 3.3.1 Завантаження необхідного ПЗ ... 49 3.3.2 Створення файлу конфігурації ... 49 3.4 Практичне виконання відмовостійкого з’єднання ... 50 Висновки до розділу 3... 56 РОЗДІЛ 4 ОХОРОНА ПРАЦІ ТА БЕЗПЕКА В НАДЗВИЧАЙНИХ СИТУАЦІЯХ .. 57 4.1 Охорона праці ... 57 4.2 Забезпечення електробезпеки користувачів ПК ... 58 ВИСНОВКИ ... 61 СПИСОК ВИКОРИСТАНИХ ДЖЕРЕЛ ... 63 ДОДАТКИ ... 65
33
Bergvall, Ricardo. „Secure remote access to a work environment“. Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-45124.
Annotation:
This project is about how free, open-source tools can create reasonable, secure and flexible remote access solutions for smaller companies with a limited budget. Secure remote access to a working environment is a solution for its time, as last year Covid-19 change the working environment for millions of employers and employees. The importance of secure remote access to a working environment became noticeable as offices closed down and employers started working from home. Still, the need for secure access to the company's infrastructure remains. This is where Virtual Private Networks (VPNs) enter the picture, as it has a broad application scope and is particularly useful for secure remote access. My project was subdivided into three parts: How to implement secure remote access to a working environment within the requirements of the chosen company, which are an inexpensive solution with high-security features. Automate the creation and distribution of all the necessary parts that their employees will need in a VPN structure. Research about the future direction regarding VPN and the importance of cybersecurity to help ensure security preparedness for the company. The chosen solution was OpenVPN and Google authenticator, together with a written bash script. It became a solution that was free, flexible, secure and scalable. But why the need and what about the future? Research shows that a high percentage of small and medium-sized enterprises are vulnerable to cyberattacks. It also shows that these companies have the lowest cybersecurity. "It wouldn't happen to us" is dangerous but, sadly, a typical mindset throughout the S&M companies. It's primarily because of this S&M's are more exposed than larger companies. The future of VPN's has become more important than ever before, and it's something that during Covid-19 has risen in use all over the world, the research and development of VPNs has accelerated. The research objectives of this project are of high interest to many other organizations in the same position, and the presented work has helped answer the question: "Where will we stand in a few years regarding secure remote work, cybersecurity andencrypted networks?"
34
Sirisukha, Sid. „Protecting management information systems virtual private network competitive advantage : a thesis submitted to the graduate faculty of design and creative technologies AUT University in partial fulfilment for the degree of doctor of philosophy, 2007“. Click here to access this resource online, 2007. http://aut.researchgateway.ac.nz/handle/10292/324.
35
Evlogimenou, Anna. „Programmable accounting management for Virtual Private Networks“. Thesis, National Library of Canada = Bibliothèque nationale du Canada, 2001. http://www.collectionscanada.ca/obj/s4/f2/dsk3/ftp04/MQ62962.pdf.
36
Balasubramanian, Ashok. „Protected virtual private networks in the hose model“. Thesis, University of Hawaii at Manoa, 2003. http://hdl.handle.net/10125/7018.
Annotation:
A Virtual Private Network (VPN) is a service by a Telecommunication (TSP) or Internet Service Provider (ISP) to emulate a private network for a customer. The hose model is for VPNs where the customer is not required to know the exact pair wise traffic pattern between VPN sites, but specifies the maximum traffic rate that can originate or terminate at each VPN site. Hose VPNs protected from single link failures are considered. Two strategies for protection - Path and Line are described, and mixed integer linear programming problems (MILP) are formulated to determine the bandwidth requirements of the protection schemes. Comparisons are performed for path and line protection using simulations on topologies like a 12-node ring, NSFNET16 and Euroring. Path protection is found to be the most bandwidth-efficient strategy and requires approximately 100% or more additional bandwidth than an unprotected optimal tree, whereas line protection requires approximately 200% or more additional bandwidth. To compute the bandwidth required for protected VPN trees, a naive strategy of first computing optimal unprotected VPN trees and then determining the protection bandwidth is used. We also investigate the efficiency of this naive approach, by formulating a simple heuristic that iteratively constructs different trees for a given set of VPN sites and determines the cost of path protection for each of the trees. This heuristic determines a VPN tree that requires the minimum total bandwidth. Experimental results on NSFNET16 and Euroring show that this heuristic results in average savings of about 5% of the total bandwidth from the naive strategy.vii, 52 leaves
37
Flodin, Carl, und Pontus Lantz. „Studenters användning och syn på Virtual Private Networks“. Thesis, Uppsala universitet, Institutionen för informatik och media, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-414714.
38
Ben, Houidi Zied. „Scalable routing in provider provisoned virtual private networks“. Paris 6, 2010. http://www.theses.fr/2010PA066611.
Annotation:
Les entreprises ont souvent des sites dispersés dans des endroits éloignés et qui ont besoin de communiquer. Au lieu de construire leur propre infrastructure de communication, la plupart des entreprises aujourd'hui, préfèrent acheter un service de réseau privé virtuel (VPN) à un fournisseur de services. Le fournisseur de service VPN est responsable de réaliser le routage afin d'interconnecter les différents sites des entreprises. Dans cette thèse, on fait d'abord un effort pour unifier la vision du routage dans les réseaux privés virtuels fournis par un opérateur. En particulier, on s'intéresse de plus près à la technologie la plus répandue, BGP MPLS IP VPNs, pour réaliser ce besoin. On étudie les limites de cette technologie en se basant sur des données de routage récoltées sur le réseau d'un grand opérateur VPN. Ensuite, grâce à une étude expérimentale sur des routeurs de différents constructeurs, on explique et on aide à dépasser une de ces limites, à savoir la lenteur des transferts de table de routage BGP. Enfin, nous démontrons que le standard actuel n'est pas bien adapté pour servir les besoins du routage VPN tel qu'on l'a définit dans cette thèse et on propose un nouveau protocole pour le remplacer.
39
Palomares, Velasquez Daniel. „Study of mechanisms ensuring service continuity for IKEv2 and IPsec protocols“. Phd thesis, Institut National des Télécommunications, 2013. http://tel.archives-ouvertes.fr/tel-00939092.
Annotation:
During 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed
40
Jia, Yuxiao. „Dynamic quality of service support in virtual private networks“. Thesis, University of Ottawa (Canada), 2004. http://hdl.handle.net/10393/26667.
Annotation:
This thesis presents a framework for the provision of dynamic Quality of Service (QoS) support in Virtual Private Networks (VPNs). Specifically, we focus on MPLS based VPN, with the QoS components including use of MPLS Diffserv, MPLS Traffic Engineering, RSVP-TE signaling protocol etc. The framework consists of a Dynamic Bandwidth Allocation model that includes traffic estimators and the development of a resource reservation technique.
The Dynamic Bandwidth Allocation (DBA) uses traffic estimators whose outputs are used for the reservation of resource within some time duration in the future. Three traffic estimation algorithms are implemented and tested. The Dynamic Classed Based Queuing (CBQ) technique is applied in our systems to allocate resources. This model can automatically adjust to the bandwidth size of a VPN tunnel based on how much traffic is flowing through the tunnel. An Internet Service Provider (ISP) can simplify the task of managing its network and reduce costs by using our DBA mechanism, taking advantage of the available tunnel bandwidth while still providing guarantees for high-priority traffic.
We implemented and evaluated this model on our MPLS Diffserv enabled Linux test-bed. Performance evaluation shows a higher resource utilization can be achieved by using our model.
41
Sherry, Zaida. „Governance of virtual private networks using COBIT as framework“. Thesis, Stellenbosch : University of Stellenbosch, 2007. http://hdl.handle.net/10019.1/3389.
Annotation:
Thesis (MAcc (Accountancy))--University of Stellenbosch, 2007.The purpose of this assignment is to ascertain whether the COBIT framework is an adequate framework to assist in the governance of virtual private networks. The assignment focuses on whether the framework can ensure the identification of virtual private network-related risks and address IT compliance with policies and statutory regulations. A brief summary of the risks and issues pertaining to the pre-implementation, implementation and post-implementation phases of virtual private networks is included in the assignment. These risks and issues are then individually mapped onto a relevant COBIT control objective. The scope of the assignment does not include the intricacies of how these networks operate, the different types of network topologies or the different technologies used in virtual private networks. It was found that the COBIT framework can be implemented to manage and/or mitigate virtual private network risks.
42
Elis, Martin. „Datově úsporné zabezpečení cloudových úložišť“. Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2016. http://www.nusl.cz/ntk/nusl-242018.
Annotation:
This work is focused on problematics of a cloud solution, especially on its security side. It describes the current security trends and approaches used by security engineers when creating sophisticated designs of secure cloud systems. As part of it there is a risk analysis and an overview of the most common types of attacks led against the cloud solutions. Also, this document deals with the possibilities, principles, advantages and negatives of different types of cloud distributions. Another text deals with the usual methods used for accessing the cloud. This thesis contains author’s own design of possible realization. In the next part of the document, process of building a safe cloud data storage is described together with principles of ensuring its security. In the conclusion, the author focuses on comparison of cryptographic algorithms and their behavior depending on the length of a used keys.
43
Isaacs, Rebecca. „Dynamic provisioning of resource-assured and programmable virtual private networks“. Thesis, University of Cambridge, 2001. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.621158.
44
Rosenbaum, Gustav Filip Computer Science & Engineering Faculty of Engineering UNSW. „Providing resilient quality of service connections in provider-based virtual private networks“. Awarded by:University of New South Wales. School of Computer Science and Engineering, 2005. http://handle.unsw.edu.au/1959.4/25989.
Annotation:
This thesis focuses on efficient provisioning of resilient Virtual Private Network (VPN) services. It first confirms the intuition that network resources can be more efficiently utilized when resilience mechanisms are implemented by a network provider in the physical network than by its VPN customers in their VPNs. Next, a Multiprotocol Label Switching-based programmable VPN architecture is presented that delivers virtual links as resilient quality of service (QoS) connections and virtual sites. Virtual sites allow customers to implement functionality like customized routing and content adaptation ???in the cloud???, as opposed to the current network model where all functionality is implemented at the network edge. To provision a resilient QoS connection, two paths need to be computed from the ingress to the egress nodes, such that both paths meet the given QoS constraints. Two different frameworks have been proposed in the literature to compute resilient QoS connections when the QoS constraints are bandwidth and end-to-end delay. They both use a preprocessing step whereby either all links with less residual capacity than the given bandwidth constraint are pruned, or the given end-to-end delay is converted to an effective bandwidth. The frameworks thus reduce the problem to one with only a single constraint. We argue in this thesis that these frameworks individually lead to poor network utilization and propose a new framework where both constraints are considered simultaneously. Our framework exploits the dependency between endto- end delay, provisioned bandwidth and chosen path through using the provisioned bandwidth as a variable. Here, two link-disjoint paths are computed together with their respective minimum bandwidths such that both the bandwidth and end-to-end delay constraints are satisfied. Given our framework we first propose a new generic algorithm that decomposes the problem into subproblems where known algorithms can be applied. Then we propose two new linear programming (LP) formulations that return the two paths and their respective bandwidths such that they have the minimum combined cost. To make our framework applicable in a production environment, we develop two new algorithms with low run times that achieve even higher network performance than their LP formulation counterpart. These algorithms systematically use an algorithm that computes non-resilient QoS connections. As no algorithm for computing nonresilient QoS connections with sufficiently low run time has been proposed in the current literature we develop two new algorithms and their respective heuristics with a run time comparable to Dijkstra???s shortest-path algorithm. Our simulations show that exploiting the dependency between end-to-end delay, provisioned bandwidth and chosen path can significantly improve the network performance.
45
Tryggvason, Thorir. „Analysis of the PPTP and IPSec protocols in Virtual Private Networks“. Thesis, University of Skövde, Department of Computer Science, 2000. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-415.
Annotation:
Today increasing numbers of individuals are working away from the ordinary workplace while still requiring access to the server located at the workplace. New technology is meeting this demand allowing for safe and secure transmission of the data over the Internet. The aim of this project is to analyse two protocols that are used within the Virtual Private Network (VPN) structure today, with the focus on installation, transmission speed on both Local Area Networks (LAN) and via telephone line and security aspects of the protocols.
The results show that it is quite complicated to setup a VPN network and to get operational. The results also show that there are security compromises within the VPN structure that indicate that if proper precaution is not taken it may give a false sense of security, where the user believes that it is a secure communication when in reality it is not.
46
Valella, William. „Securing open source Virtual Private Networks a study in Linux security /“. [Gainesville, Fla.] : University of Florida, 2001. http://purl.fcla.edu/fcla/etd/UFE0000362.
Annotation:
Thesis (M.S.)--University of Florida, 2001.Title from title page of source document. Document formatted into pages; contains x, 188 p.; also contains graphics. Includes vita. Includes bibliographical references.
47
Janeček, Vít. „Modul rozšiřující funkcionalitu GDPR řešení“. Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2018. http://www.nusl.cz/ntk/nusl-385988.
Annotation:
The goal of this thesis is to introduced the principles of access control technologies, the General Data Protection Regulation and the software for data leakage protection. An essential part of the work is a draft and implementation of the expansion module for user device authentication including shared storage access authorization. Therefore, this module allows to verify whether a user can access shared corporate resources. It also allows to enable or disable access based on specified attributes, such as the type of the protected service or user permission. The basic verification of the module's functionality is realized through different sets of tests and a virtual environment that simulates the corporate environment. The result of the draft is a module that allows to verify access based on the device, and this module is moreover integrated into the Safetica security platform.
48
Wikström, Alexander, Mark Thomson und Lolita Mageramova. „Virtual Private Networks: : A feasibility study of secure communications between remote locations“. Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-24550.
Annotation:
Virtual Private Networks (VPNs) are an integral part of protecting company communications from unauthorized viewing, replication or manipulation. In order for employees to remotely conduct business in an effective and secure manner from a branch location or while traveling, Virtual Private Networks can be viewed as an absolute necessity. Starting with a certain set of network communication requirements, our project's hypothesis was that the most suitable VPN implementation for Cheap Flats (a fictitious company we created) would be an IPSec client VPN. Included in the report are basic definitions, implementations and tests for three different types of VPNs that were used to confirm this hypothesis: 1) Site-to-site: Tunnel mode connection between VPN gateways. The process of encrypting and transferring data between networks is transparent to end-users. [1] 2) IPSec client: Network Layer VPN for both network-to-network and remote-access deployments. End-users will need to run either Cisco or Open Source VPN software on their PCs. 3) Clientless SSL: “Remote-access VPN technology that provides Presentation Layer encryption services for Applications through local redirection on the client.” [2] VPN communications are established using a browser rather than specific software installed on the end-user’s device. The test results from the above VPN implementations have been published and comparisons were made between the different types of VPNs regarding the time taken to apply network device/end-user configurations, expenses incurred in procuring additional equipment/software to implement the VPN (if any), impact on end-users, scalability and lastly, the overall functionality of the VPN solution as it relates to the day-to-day business operations. Following the testing phase, a discussion of the merits and drawbacks of each of the VPN implementations was drafted. After which, a final recommendation was presented regarding the VPN solution that best fit the needs of the hypothetical company described in the paper.
49
Ballapuram, Vijayanand Sreenivasan. „Impact of Queuing Schemes and VPN on the Performance of a Land Mobile Radio VoIP System“. Thesis, Virginia Tech, 2007. http://hdl.handle.net/10919/33033.
Annotation:
Land mobile radio (LMR) systems are used for communication by public safety and other government and commercial organizations. LMR systems offer mission-critical or even life-critical service in the day-to-day activities of such organizations. Traditionally, a variety of different LMR systems have been deployed by different organizations, leading to a lack of radio interoperability. A voice application that connects LMR systems via a packet-switched network is called an LMR Voice over IP (LMRVoIP) system and is a potential solution to the interoperability problem. LMRVoIP systems are time critical, i.e., are delay and jitter sensitive. Transmission of LMRVoIP traffic in a congested packet-switched network with no quality of service (QoS) or priority mechanisms in place could lead to high delays and extreme variations in delay, i.e., high jitter, thus resulting in poor application performance. LMRVoIP systems may also have performance issues with the use of virtual private networks (VPNs). To the best of our knowledge, there has been no prior thorough investigation of the performance of an LMRVoIP system with different queuing schemes for QoS and with the use of VPN. In this thesis, we investigate the performance of an LMRVoIP system with different queuing schemes and with the use of VPN.
An experimental test bed was created to evaluate four QoS queuing schemes: first-in first-out queuing (FIFO), priority queuing (PQ), weighted fair queuing (WFQ), and class-based weighted fair queuing (CBWFQ). Quantitative results were obtained for voice application throughput, delay, jitter, and signaling overhead. Results show that, compared to a baseline case with no background traffic, LMRVoIP traffic suffers when carried over links with heavy contention from other traffic sources when FIFO queuing is used. There is significant packet loss for voice and control traffic and jitter increases. FIFO queuing provides no QoS and, therefore, should not be used for critical applications where the network may be congested. The situation can be greatly improved by using one of the other queuing schemes, PQ, WFQ, or CBWFQ, which perform almost equally well with one voice flow. Although PQ has the best overall performance, it tends to starve the background traffic. CBWFQ was found to have some performance benefits over WFQ in most cases and, thus, is a good candidate for deployment.
The LMRVoIP application was also tested using a VPN, which led to a modest increase in latency and bandwidth utilization, but was found to perform well.
Master of Science
50
Palomares, Velasquez Daniel. „Study of mechanisms ensuring service continuity for IKEv2 and IPsec protocols“. Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2013. http://www.theses.fr/2013TELE0025.
Annotation:
En 2012, le trafic mobile mondial représentait 70% de plus qu'en 2011. L'arrivée de la technologie 4G a multiplié par 19 le volume de trafic non 4G, et en 2013 le nombre de mobiles connectés à l'Internet a dépassé le nombre d'êtres humains sur la planète. Les fournisseurs d'accès Internet (FAI) subissent une forte pression, car ils ont pour obligations d'assurer à leurs clients l'accès au réseau et le maintien de la qualité de service. À court/moyen terme, les opérateurs doivent délester une partie de leur trafic sur des réseaux d'accès alternatifs afin de maintenir les mêmes caractéristiques de performances. Ainsi, pour désengorger les réseaux d'accès radio (RAN), le trafic des clients peut être préférentiellement pris en charge par d'autres réseaux d'accès disponibles. Notons cependant que les réseaux d'accès sans fil offrent des niveaux de sécurité très différents. Pour les femtocells, WiFi ou WiMAX (parmi d'autres technologies sans fil), il doit être prévu des mécanismes permettant de sécuriser les communications. Les opérateurs peuvent s'appuyer sur des protocoles (tels que IPsec) afin d'étendre un domaine de sécurité sur des réseaux non sécurisés. Cela introduit de nouveaux défis en termes de performances et de connectivité pour IPsec. Cette thèse se concentre sur l'étude des mécanismes permettant de garantir et améliorer les performances du protocole IPsec en termes de continuité de service. La continuité de service, aussi connu comme résilience, devient cruciale lorsque le trafic mobile est dévié depuis un réseau d'accès RAN vers d'autres réseaux d'accès alternatifs. C'est pourquoi nous nous concentrons d'abord dans l'ensemble de protocoles assurant une communication IP: IKEv2 et IPsec. Ensuite, nous présentons une étude détaillée des paramètres nécessaires pour maintenir une session VPN, et nous démontrons qu'il est possible de gérer dynamiquement une session VPN entre différentes passerelles de sécurité. L'une des raisons qui justifient la gestion des sessions VPN est d'offrir de la haute disponibilité, le partage de charge ou l'équilibrage de charge pour les connexions IPsec. Ces mécanismes ont pour finalité d'augmenter la continuité de service de sessions IPsec. Certains nouveaux mécanismes ont été récemment mis en oeuvre pour assurer la haute disponibilité sur IPsec. Le projet open source VPN, StrongSwan, a mis en place un mécanisme appelé ClusterIP afin de créer un cluster de passerelles IPsec. Nous avons fusionné cette solution basée sur ClusterIP avec nos propres développements afin de définir deux architectures : une architecture permettant la Haute Disponibilité et une deuxième architecture présentant la gestion dynamique d'un contexte IPsec. Nous avons défini deux environnements : le Mono-LAN où un cluster de noeuds est configuré sous une même adresse IP unique, et le Multi-LAN où chaque passerelle de sécurité dispose d'une adresse IP différente. Les mesures de performance tout au long de la thèse montrent que le transfert d'une session VPN entre différentes passerelles évite les délais supplémentaires liés à la ré-authentification et réduit la consommation CPU, ainsi que les calculs par le matériel cryptographique. D'un point de vue FAI, le transfert de contexte IPsec/IKEv2 pourrait être utilisé pour éviter la surcharge des passerelles, et permettre la redistribution de la charge, de meilleures performances du réseau ainsi que l'amélioration de la qualité de service. L'idée est de permettre à un utilisateur de profiter de la continuité d'un service tout en conservant le même niveau de sécurité que celui initialement proposéDuring 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed