|
Using a public network, usually the
Internet, to connect securely to a private network, such as a company's
network is the basis of a VPN or
virtual
private network. Companies and
organizations will use a VPN to communicate confidentially over a
public
network and can be used to send voice, video or data. It's an
excellent option for remote workers and organizations with global
offices and partners to share data in a private manner.
One of the most common types of VPNs is
a virtual
private dial-up network (VPDN). A VPDN
is a user-to-LAN connection, where remote users need to connect to
the company LAN. Here the company will have a service provider
set-up a NAS (network
access server) and provide the remote users
with the software needed to reach the NAS from their desktop
computer or laptop. For a VPDN, the secure and encrypted connection
between the company's network and remote users is provided by the
third-party service provider.
Another type of VPN is commonly called a site-to-site VPN.
Here the company would invest in dedicated hardware to connect
multiple sites to their
LAN though a public network, usually the Internet. Site-to-site
VPNs are either intranet or extranet-based.
intranet
A network based on TCP/IP protocols (an intranet) belonging to
an organization, usually a corporation, accessible only by the
organization's members, employees or others with authorization.
Secure intranets are now the fastest-growing segment of the
Internet because they are much less expensive to build and
manage than private networks based on proprietary protocols.
extranet
An extranet refers to an intranet that is partially accessible
to authorized outsiders. Whereas an intranet resides behind a
firewall and is accessible only to people who are members of the
same company or organization, an extranet provides various
levels of accessibility to outsiders. You can access an extranet
only if you have a valid username and password, and your
identity determines which parts of the extranet you can view.
Extranets are becoming a popular means for business
partners to exchange information.
Other options for using a VPN include
such things as using dedicated private leased lines. Due to the high
cost of dedicated lines, however, VPNs have become an attractive
cost-effective solution. |
Key Terms To
Understanding virtual private networks:
VPN
A network that is constructed by using public wires to connect
nodes. For example, there are a number of systems that enable you to
create networks using the Internet as the medium for transporting
data.
VPDN
A network that extends remote access to a private network using
a shared infrastructure.
tunneling
A technology that enables one network to send its data via
another network's connections. Tunneling works by encapsulating a
network protocol within packets carried by the second network.
split
tunneling
The process of allowing a remote VPN user to access a public
network, most commonly the Internet, at the same time that the user
is allowed to access resources on the VPN.
encryption
The translation of data into a secret code. Encryption is the
most effective way to achieve data security. To read an encrypted
file, you must have access to a secret key or password that enables
you to decrypt it. There are two main types of encryption:
asymmetric encryption (also called public-key encryption) and
symmetric encryption. |
Securing a VPN
If you're using a public line to connect to a private network, then you might wonder
what makes a virtual private network private? The answer is the manner in which the
VPN is designed. A VPN is designed to provides a secure, encrypted
tunnel in
which to transmit the data between the remote user and the company network.
The information transmitted between the two locations via the encrypted
tunnel cannot be read by anyone else.
VPN security contains several
elements to secure both the company's private network and the outside
network, usually the Internet, through which the remote user connects
through. The first step to security is usually a firewall. You will have a
firewall site between the client (which is the remote users workstation) and
the host server, which is the connection point to the private network. The
remote user will establish an authenticated connection with the firewall.
Encryption
Encryption is also an important component of a secure VPN. Encryption
works by having all data sent from one computer encrypted in such a way that
only the computer it is sending to can decrypt the data. Types of encryption
commonly used include
public-key encryption which is a system that uses two keys — a public
key known to everyone and a private or secret key known only to the
recipient of the message. The other commonly used encryption system is a
Symmetric-key encryption system in which the sender and receiver of a
message share a single, common key that is used to encrypt and decrypt the
message.
VPN Tunneling
With a VPN you'll need to establish a network connection that is based on
the idea of tunneling. There are two main types of tunneling used in virtual
private networks. Voluntary tunneling is where the client makes a
connection to the service provider then the VPN client creates the tunnel to
the VPN server once the connection has been made. In compulsory tunneling
the service provider manages the VPN connection and brokers the connection
between that client and a VPN server.
There are three main network protocols for
use with VPN tunnels, which are generally incompatible with each other. They
include the following:
IPSec
A set of protocols developed by the IETF to support secure exchange
of packets at the IP layer. IPsec has been deployed widely to implement
VPNs. IPsec supports two encryption modes:
Transport and Tunnel. Transport mode encrypts only the data portion
(payload) of each packet, but leaves the header untouched. The more
secure Tunnel mode encrypts both the header and the payload. On the
receiving side, an IPSec-compliant device decrypts each packet. For
IPsec to work, the sending and receiving devices must share a public
key. This is accomplished through a protocol known as Internet Security
Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which
allows the receiver to obtain a public key and authenticate the sender
using digital certificates.
PPTP
Short for Point-to-Point Tunneling Protocol, a new technology for
creating VPNs, developed jointly by
Microsoft, U.S. Robotics and several remote access vendor
companies, known collectively as the PPTP Forum. A VPN is a private
network of computers that uses the public Internet to connect some
nodes. Because the Internet is essentially an open network,
PPTP is used to ensure that messages
transmitted from one VPN node to another are secure. With PPTP, users
can dial in to their corporate network via the Internet.
L2TP
Short for Layer Two (2) Tunneling Protocol, an extension to the PPP
protocol that enables ISPs to operate Virtual Private Networks (VPNs).
L2TP merges the best features of two other tunneling protocols: PPTP
from Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that
the ISP's routers support the protocol.
VPN Equipment
Depending on the type of VPN you decide to implement, either remote-access
or site-to-site, you will need specific components to build your VPN. These
standard components include a software client for each remote workstation,
dedicated hardware, such as a firewall or a product like the
Cisco VPN Concentrator, a VPN server, and a Network Access Server
(NAS).
Vangie 'Aurora' Beal
Writer, www.Webopedia.com
Last updated: June 01, 2007
CISCO: How
Virtual Private Networks Work
This document covers the fundamentals of VPNs, such as basic VPN components,
technologies, tunneling, and VPN security.
Network
World: VPN software is not created equal
In the early days of VPNs, these clients weren't deployed in large enough
numbers to make distributing and updating them a problem. But today, for large,
remote-access VPN deployments, automated distribution and configuration tools
are a must.
LogMeIn
Hamachi
LogMeIn Hamachi is a VPN service that easily sets up in 10 minutes, and enables
secure remote access to your business network, anywhere there's an Internet
connection.
EnterpriseNetworkingPlanet
EnterpriseNetworkingPlanet provides practical advice and news for running and
managing an enterprise network. In-depth articles and news cover topics such as
network management, network monitoring, servers, communications, Internet
telephony, operating systems, and much more.
PracticallyNetworked.com
PracticallyNetworked.com provides easy-to-understand help for small-network
builders. The site contains how-to information for setting up and debugging
home-office and small-business networks. Users can also find extensive
troubleshooting information, tips on getting applications to work through
firewalls, product reviews on network hardware and software, and more.
PracticallyNetworked.com
Discussion Forums
If network connections, sharing computers, router problems or other networking
issues are bogging you down, then the PracticallyNetworked.com discussion forum
is the place to be. Here you'll find help and support for all your
network-related problems. |
