Who should attend: System administrators and network managers responsible for remote access and wide-area networks within their organization. Participants should be familiar with TCP/IP networking and fundamental network security, although some review is provided. The purpose of this tutorial is to provide a step-by-step guide to evaluating an organization's VPN requirements, selecting the appropriate technology, and implementing it within a preexisting security infrastructure.

Virtual private networking technology provides a flexible mechanism for addressing connectivity needs within many organizations. This tutorial focuses on assessing business and technical requirements for remote access and extranet connections; evaluating VPN technology; integrating VPNs within an existing network infrastructure; and common implementation difficulties.

Topics covered include:

• VPN security features (encryption, access control, NAT) and how they protect against common Internet threats
• Assessing your organization's needs for remote access
• VPN architectures and where they fit
• A brief review of commercial VPN products
• Implementing VPN technology within your organization's network
• Common VPN difficulties

Tina Bird is a security analyst at Secure Networking Group, a consulting firm in Lawrence, Kansas, that specializes in the installation and management of secure wide-area networks. She has implemented and managed a variety of wide-area-network security technologies, such as firewalls and VPN packages; built and supported extranet and intranet remote access packages; and developed, implemented, and enforced corporate IS security policies in a variety of environments. Her main focus in the past year has been on the evaluation and implementation of virtual private networking solutions in small- to mid-sized networks (40 to 4000 hosts). Tina is the moderator of the Virtual Private Networks mailing list. She has a B.S. in physics from Notre Dame and an M.S. and Ph.D. in astrophysics from the University of Minnesota.