Project proposal

VITUAL PRIVATE NETWORK

Background

VPN is an acronym for Virtual Private Network. A VPN provides an encrypted

and secure connection “tunnel” path from a user’s machine to its destination
through the public internet. The internet has become a popular, low cost
backbone infrastructure. Its universal reach has led many companies to consider
constructing a secure Virtual Private Network over the public internet.

A private network is composed of computers owned by a single organization that

share information specifically with each other. They’re assured that they are
going to be the only ones using the network, and that information sent between
them will (at worst) only be seen by others in the group.

There also was a time, not too long ago, when companies could allow their LANs
to operate as separate, isolated islands; each branch office might have its own
LAN, with its own naming scheme, email system, and even its own favorite
network protocol none of which might he compatible with other offices setups. As
more company resources moved to computers, however, there came a need for
these offices to interconnect. This was traditionally done using leased phone
lines of varying speeds. By using leased lines, a company can be assured that
the connection is always available, and private. Leased phone lines, however,
can be expensive. They’re typically billed based upon a flat monthly fee, plus
mileage expenses. If a company has offices across the country, this cost can be
prohibitive.
Private networks also have trouble handling moving users, such as traveling
salespeople. If the salesperson doesn’t happen to be near one of the corporate
computers, he or she has to dial into a corporation’s modern long-distance, which
is an extremely expensive proposition.

VPN allow you to create a secure, private network over a public network such as
the Internet. They can he created using software, hardware, or a combination of
the two that creates a secure link between peers over a public network. This is
done through encryption, authentication, packet tunneling, and firewalls. In this
chapter well go over exactly what is meant by each of these and what roles they
play in a VPN we’ll touch upon them again and again. Because they skirt leased
line costs by using the internet as a WAN, VPN are more cost effective for large
companies, and well within the reach of smaller ones.

VIRTUAL PRIVATE NETWORKING OVERVIEW

A VPN is a secure, private communication tunnel between two or more devices

across a public network (like the Internet). These VPN devices can be either a
computer running VPN software are special device like a VPN enabled router. It
allows your home computer to be connected to your office network or can allow
two home computers in different locations to connect to each over the Internet.

Even though a VPN data travels across a public network like the Internet, it is
secure because of very strong encryption. If anyone ‘listens’ to the VPN
communications, they will not understand it because all the data is encrypted. In
addition, VPN monitor their traffic in very sophisticated ways that ensure packets
never get altered while traveling across the public network. Encryption and data
verification is very CPU intensive.
CLIENTS AND SERVERS

A VPN server is a single computer. It is generally always on and listening for

VPN clients to connect to it.
A VPN Client is a computer a client initiates a call to the server and logs on. Then
the client computer and server network can communicate. Many broadband
routers can pass one or more VPN sessions from your LAN to the Internet

VPN LANGUAGES

There are two major languages’ or protocols that VPNs speak. Microsoft uses
PPTP or Point to Point Tunneling Protocol and most everyone else use IPSec -
Internet Protocol Security

BROADBAND ROUTERS WITH VPN SERVERS

VPN server hardware was very expensive. As home networks become more
sophisticated, the demand for home level VPN increases. At the end of 2001, the
home network industry responded by adding VPN servers into some broadband
routers. These products are often priced at under $900 (us) and some are as
inexpensive as $470.
Broadband router with VPN server is often limited in throughput because of their
microprocessors. Most have a maximum VPN throughput of around 6Mbps or
600Kbps
WHAT DOES A VPN DO?

A virtual private network is a way to simulate a private network over a public

network, such as the Internet. It is called “virtual” because it depends on the use
of virtual connections that is, temporary connections that have no real physical
presence, but consist of packets routed over various machines on the Internet on
an ad-hoc basis. Secure virtual connections are created between two machines,
a machine and a network or two networks
HOW VPN RELATE TO INTRANET?

Virtual private networks can be used to expand the reach of an intranet. Since
Intranets are typically used to communicate proprietary information, you don’t
want them accessible from the Internet. There may be cases, however, where
you’ll want far-flung offices to share data or remote users to connect to your
Intranet and these users may be using the Internet as their means of connection.
A VPN will allow them to connect to the Intranet securely, so there are no fears of
sensitive information leaving the network unprotected. You might see this type of
connection also referred to as an “Extranet
A remote-access VPN utilizing IPSEC
IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the
header and the payload of each packet while transport only encrypts the payload.
Only systems that are IPSec compliant can take advantage of this protocol. Also,
all devices must use a common key and the firewalls of each network must have
very similar security policies set up. IPSec can encrypt data between various
devices.
WHAT ARE WE PROTECTING WITH OUR VPN?

The first things that come to mind when you think of protection are the files on
your networked computers: documents that contain your company’s future plans,
spreadsheets that detail the financial analysis of a new product introduction,
databases of your payroll and tax records, or even a security assessment of your
network pointing out holes and problematic machinery. These files are a good
starting point, but don’t forget about the other, less tangible assets that you
connect to the internet when you go online. These include the services that you
grant your employees and customers, the computing resources that are available
for use, and even your reputation. For instance, a security failure can cause
vendors email to bounce back to them, or prevent your users from making
connections to other sites.
VPN Technologies will examine possible threats to your network and data, and
explore the technologies that VPN use to avoid them.
VPN TECHNOLOGIES

Depending on the type of VPN (remote-access or site-to-site), you will need to

put in place certain components to build your VPN. These might include:
• Desktop software client for each remote user
• Dedicated hardware such as a VPN concentrator or secure PIX firewall
• Dedicated VPN server for dial-up services
• NAS (network access server) used by service provider for remote-user
VPN access
• VPN network and policy-management center
GOALS ACHIEVED BY VPN?

A well-designed VPN can greatly benefit a company. For example it can:

• Extend geographic connectivity Improve security

• Reduce operational costs versus traditional WAN
• Reduce transit time and transportation costs for remote users Improve
productivity
• Provide global networking opportunities
Provide broadband networking compatibility
What features are needed in a well-designed VPN?
It should incorporate:
• Security
• Reliability
• Scalability
• Network management