Background
There also was a time, not too long ago, when companies could allow their LANs
to operate as separate, isolated islands; each branch office might have its own
LAN, with its own naming scheme, email system, and even its own favorite
network protocol none of which might he compatible with other offices setups. As
more company resources moved to computers, however, there came a need for
these offices to interconnect. This was traditionally done using leased phone
lines of varying speeds. By using leased lines, a company can be assured that
the connection is always available, and private. Leased phone lines, however,
can be expensive. They’re typically billed based upon a flat monthly fee, plus
mileage expenses. If a company has offices across the country, this cost can be
prohibitive.
Private networks also have trouble handling moving users, such as traveling
salespeople. If the salesperson doesn’t happen to be near one of the corporate
computers, he or she has to dial into a corporation’s modern long-distance, which
is an extremely expensive proposition.
VPN allow you to create a secure, private network over a public network such as
the Internet. They can he created using software, hardware, or a combination of
the two that creates a secure link between peers over a public network. This is
done through encryption, authentication, packet tunneling, and firewalls. In this
chapter well go over exactly what is meant by each of these and what roles they
play in a VPN we’ll touch upon them again and again. Because they skirt leased
line costs by using the internet as a WAN, VPN are more cost effective for large
companies, and well within the reach of smaller ones.
Even though a VPN data travels across a public network like the Internet, it is
secure because of very strong encryption. If anyone ‘listens’ to the VPN
communications, they will not understand it because all the data is encrypted. In
addition, VPN monitor their traffic in very sophisticated ways that ensure packets
never get altered while traveling across the public network. Encryption and data
verification is very CPU intensive.
CLIENTS AND SERVERS
VPN LANGUAGES
There are two major languages’ or protocols that VPNs speak. Microsoft uses
PPTP or Point to Point Tunneling Protocol and most everyone else use IPSec -
Internet Protocol Security
VPN server hardware was very expensive. As home networks become more
sophisticated, the demand for home level VPN increases. At the end of 2001, the
home network industry responded by adding VPN servers into some broadband
routers. These products are often priced at under $900 (us) and some are as
inexpensive as $470.
Broadband router with VPN server is often limited in throughput because of their
microprocessors. Most have a maximum VPN throughput of around 6Mbps or
600Kbps
WHAT DOES A VPN DO?
Virtual private networks can be used to expand the reach of an intranet. Since
Intranets are typically used to communicate proprietary information, you don’t
want them accessible from the Internet. There may be cases, however, where
you’ll want far-flung offices to share data or remote users to connect to your
Intranet and these users may be using the Internet as their means of connection.
A VPN will allow them to connect to the Intranet securely, so there are no fears of
sensitive information leaving the network unprotected. You might see this type of
connection also referred to as an “Extranet
A remote-access VPN utilizing IPSEC
IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the
header and the payload of each packet while transport only encrypts the payload.
Only systems that are IPSec compliant can take advantage of this protocol. Also,
all devices must use a common key and the firewalls of each network must have
very similar security policies set up. IPSec can encrypt data between various
devices.
WHAT ARE WE PROTECTING WITH OUR VPN?
The first things that come to mind when you think of protection are the files on
your networked computers: documents that contain your company’s future plans,
spreadsheets that detail the financial analysis of a new product introduction,
databases of your payroll and tax records, or even a security assessment of your
network pointing out holes and problematic machinery. These files are a good
starting point, but don’t forget about the other, less tangible assets that you
connect to the internet when you go online. These include the services that you
grant your employees and customers, the computing resources that are available
for use, and even your reputation. For instance, a security failure can cause
vendors email to bounce back to them, or prevent your users from making
connections to other sites.
VPN Technologies will examine possible threats to your network and data, and
explore the technologies that VPN use to avoid them.
VPN TECHNOLOGIES