A DISCUSSION ON VIRTUAL PRIVATE
NETWORK (V.P.N)
By
Prasenjit Pal
Electronics & Communication
Engineering Department
Asansol Engineering College
Kanyapur, Sen Raleigh Road, Asansol 713304, Burdwan, India
What is VPN?
VPN is acronym for Virtual Private Network. A VPN is a way to
provide remote access to an organization's network via the
Internet. VPNs send data over the public Internet through secure
"tunnels."
A Virtual Private Network
(VPN) allows two or more private networks to be connected over a
publicly accessed network. VPNs are similar to wide area
networks (WAN) or a securely encrypted tunnel. The key feature
of VPNs is that they are able to use public networks like the
Internet rather than rely on expensive, private leased lines.
Features of VPN :
VPNs have the same security and
encryption features as a private network, while taking the advantage of
the economies of scale and remote accessibility of large public
networks.
A VPN is an especially effective means of exchanging
critical information for employees working remotely in branch offices,
at home, or on the road.
VPN can securely deliver information between vendors,
suppliers, and business partners, who may have a huge physical distance
between them.
VPNs can also reduce costs by eliminating the need for
long-distance telephone charges to obtain remote access, as client need
only call into the service provider's nearest access point.
VPNs today are set up a variety of ways, and can be built
over ATM, frame relay, and X.25 technologies. However, the most popular
current method is to deploy
IP-based VPNs, which offer more flexibility and ease of connectivity.
IP-VPNs can more transparently extend these capabilities
over a wide network. An IP-VPN link can be set up anywhere in the world
between two endpoints, and the IP network automatically handles the
traffic routing.
Secure IP-VPNs are networks that are secured by
encryption and authentication, and layered on an existing IP network.
The Internet Engineering Task Force (ietf.org) has developed the
IP Security (IPSec) protocol suite, a set of IP extensions that offer
strong data authentication and privacy guarantees.
Current generation of VPNs is a more advanced
combination of tunneling, encryption, authentication and access control
technologies and services used to carry traffic over the Internet, a
managed IP network or a provider's backbone.
Technology and protocol of VPN :
VPNs
use familiar networking technology and protocols. The client
sends a stream of encrypted Point-to-Point Protocol (PPP)
packets to a remote server or router, except instead of going
across a dedicated line (as in the case of WANs), the packets
go across a tunnel over a shared network. The general idea
behind using this method is that a company reduces the
recurring telecommunications charges that are shouldered when
connecting remote users and branch offices to resources in a
corporation's headquarters.
The most commonly accepted method of
creating VPN tunnels is by encapsulating a network protocol
inside the PPP, and then encapsulating the entire package
inside a tunneling protocol, which is typicallyIP.
Using VPN model, packets headed towards
the remote network will reach a tunnel initiating device, which
can be anything from an extranet router to a PC with
VPN-enabled dial-up software.
The tunnel initiator communicates with a VPN terminator, or a tunnel switch, to agree on an encryption
scheme. The tunnel initiator then encrypts the package for
security before transmitting to the terminator, which decrypts
the packet and delivers it to the appropriate destination on
the network.
VPN technology can be used for
site-to-site connectivity as well, which would allow a branch
office with multiple access lines get rid of the data line, and
move traffic over the existing Internet access connection.
Since many sites use multiple lines, this can be a very useful
application, and it can be deployed without adding additional
equipment or software.
Advantages of VPN :
The
biggest selling point is the potential cost savings by adopting
VPN. Companies no longer have to purchase expensive leased
lines to branch or partners'offices as a VPN connection needs
only to use a relatively short dedicated connection.In an
organization experiencing rapid growth, this can make a
enormous difference in costs.
VPNs can further reduce costs by
lessening the need for long-distance telephone charges, as
clients can gain access by dialing into the nearest service
provider's access point.
With a VPN, the service provider must
support dial-up access, instead of the organization using it.
Theoretically, a public service provider can charge much less
for support, because its cost is shared among a wider customer
base.
VPNs save a company on operational costs
for equipment previously used to support remote users. A
company using a VPN can get rid of its modem pools,
remote-access servers, and other WAN equipment and simply use
its existing Internet installation. Many companies employ
several links with different functions prior to setting up a
VPN.
Since the introduction of IPSec, VPN data
protection has become more standardized among service
providers. Data that is sent over VPNs is confidential,
requiring authorization to be received or replayed.
What is VPN encryption :
To ensure that our VPN is secure, limiting user access is only
one piece of the equation. Once the user is authenticated, the
data itself needs to be protected as well. Without a mechanism
to provide data privacy, information flowing through the
channel will be transmitted in clear text, which can easily be
viewed or stolen with a packet sniffer. Most modern VPNs use
some kind of cryptosystem, in order to scramble data into
cipher text, which is then decrypted into readable text by the
recipient.
The type of encryption available is highly varied
There are two basic cryptographic systems:
i) Symmetric
ii) Asymmetric.
Symmetric cryptography
tends to be much faster to deploy, and are commonly used to
exchange large packets of data between two parties who know
each other, and use the same private key to access the data.
Asymmetric systems
are far more complex and require a pair of mathematically
related keys - one public and one private - in order to be
accessed. This method is often used for smaller, more sensitive
packets of data, or during the authentication process.
What
about VPN security:
The key word in "virtual private networks" is private. VPNs are
widely considered extremely secure, despite using public networks. In
order to authenticate the VPN's users, a firewall will be necessary. All
VPNs require configuration of an access device, either software- or
hardware-based, to set up a secure channel. A random user cannot simply
log in to a VPN, as some information is needed to allow a remote user
access to the network, or to even begin a VPN handshake. Most VPNs use
IPSec technologies. IPSec is useful because it is compatible with most
different VPN hardware and software, and is the most popular for
networks with remote access clients. IPSec requires very little
knowledge for clients, because the authentication is not user-based,
which means a token (such as Secure ID or Crypto Card) is not used. The
security comes from the workstation's IP address or its certificate,
establishing the user's identity and ensuring the integrity of the
network. An IPSec tunnel basically acts as the network layer protecting
all the data packets that pass through, regardless of the application.
IPSec-based VPNs also allow the administrator to define a list of
specific networks and applications to which traffic can be passed. One
downside to IPSec-compliant products, is that they provide access
control over the network and transport layers only, and not a great deal
of measures to selectively regulate access to individual resources
within these hosts. If customers given access to particular company
information on a server, for instance, highly selective controls are
needed to make sure they access only the information they've been
authorized to see. This type of selective, or unidirectional access,
within a VPN is available in some non-IPSec solutions, such as
Aventail's SOCKS 5 server. In a unidirectional connection, a two-way
trusted relationship is not assumed as it is with tunneled VPNs. With
this model, if there is some kind of breach in security, only the
destination network is affected. SOCKS 5 is also able to handle
virtually any authentication and encryption standards.
Conclusion
:
Although VPN vendors must decide which standard they use, it is the
ADMINISTRATORS who will eventually decide the outcome of this emerging
technology. Because of factors like this, it is all the more important
to make a wise, informed decision before purchasing a VPN. |