Prasenjit Pal

 Electronics & Communication Engineering Department
Asansol Engineering College
Kanyapur, Sen Raleigh Road, Asansol 713304, Burdwan, India


What is VPN?

VPN is acronym for Virtual Private Network. A VPN is a way to provide remote access to an organization's network via the Internet. VPNs send data over the public Internet through secure "tunnels."
A Virtual Private Network (VPN) allows two or more private networks to be connected over a publicly accessed network. VPNs are similar to wide area networks (WAN) or a securely encrypted tunnel. The key feature of VPNs is that they are able to use public networks like the Internet rather than rely on expensive, private leased lines.  

Features of VPN :                    

VPNs have the same security and encryption features as a private network, while taking the advantage of the economies of scale and remote accessibility of large public networks.
 A VPN is an especially effective means of exchanging critical information for employees working remotely in branch offices, at home, or on the road.
VPN can securely deliver information between vendors, suppliers, and business partners, who may have a huge physical distance between them.
VPNs can also reduce costs by eliminating the need for long-distance telephone charges to obtain remote access, as client need only call into the service provider's nearest access point.
VPNs today are set up a variety of ways, and can be built over ATM, frame relay, and X.25 technologies. However, the most popular current method is to deploy
IP-based VPNs, which offer more flexibility and ease of connectivity. 
IP-VPNs can more transparently extend these capabilities over a wide network. An IP-VPN link can be set up anywhere in the world between two endpoints, and the IP network automatically handles the traffic routing.
Secure IP-VPNs are networks that are secured by encryption and authentication, and layered on an existing IP network. The Internet Engineering Task Force (ietf.org) has developed the
IP Security (IPSec) protocol suite, a set of IP extensions that offer strong data authentication and privacy guarantees.
Current generation of VPNs  is a more advanced combination of tunneling, encryption, authentication and access control technologies and services used to carry traffic over the Internet, a managed IP network or a provider's backbone.

Technology and protocol of VPN :

VPNs use familiar networking technology and protocols. The client sends a stream of encrypted Point-to-Point Protocol (PPP) packets to a remote server or router, except instead of going across a dedicated line (as in the case of WANs), the packets go across a tunnel over a shared network. The general idea behind using this method is that a company reduces the recurring telecommunications charges that are shouldered when connecting remote users and branch offices to resources in a corporation's headquarters.
 The most commonly accepted method of creating VPN tunnels is by encapsulating a network protocol inside the PPP, and then encapsulating the entire package inside a tunneling protocol, which is typicallyIP.
Using VPN model, packets headed towards the remote network will reach a tunnel initiating device, which can be anything from an extranet router to a PC with VPN-enabled dial-up software.
The tunnel initiator communicates with a VPN terminator, or a tunnel switch, to agree on an encryption scheme. The tunnel initiator then encrypts the package for security before transmitting to the terminator, which decrypts the packet and delivers it to the appropriate destination on the network.
VPN technology can be used for site-to-site connectivity as well, which would allow a branch office with multiple access lines get rid of the data line, and move traffic over the existing Internet access connection. Since many sites use multiple lines, this can be a very useful application, and it can be deployed without adding additional equipment or software.

Advantages of VPN :

The biggest selling point is the potential cost savings by adopting VPN. Companies no longer have to purchase expensive leased lines to branch or partners'offices as a VPN connection needs only to use a relatively short dedicated connection.In an organization experiencing rapid growth, this can make a enormous difference in costs.
VPNs can further reduce costs by lessening the need for long-distance telephone charges, as clients can gain access by dialing into the nearest service provider's access point.
 With a VPN, the service provider must support dial-up access, instead of the organization using it. Theoretically, a public service provider can charge much less for support, because its cost is shared among a wider customer base. 
VPNs save a company on operational costs for equipment previously used to support remote users. A company using a VPN can get rid of its modem pools, remote-access servers, and other WAN equipment and simply use its existing Internet installation. Many companies employ several links with different functions prior to setting up a VPN.
Since the introduction of IPSec, VPN data protection has become more standardized among service providers. Data that is sent over VPNs is confidential, requiring authorization to be received or replayed.

What is VPN encryption :

To ensure that our VPN is secure, limiting user access is only one piece of the equation. Once the user is authenticated, the data itself needs to be protected as well. Without a mechanism to provide data privacy, information flowing through the channel will be transmitted in clear text, which can easily be viewed or stolen with a packet sniffer. Most modern VPNs use some kind of cryptosystem, in order to scramble data into cipher text, which is then decrypted into readable text by the recipient.
The type of encryption available is highly varied

There are two basic cryptographic systems:
                         i) Symmetric  
                               ii) Asymmetric.

Symmetric cryptography tends to be much faster to deploy, and are commonly used to exchange large packets of data between two parties who know each other, and use the same private key to access the data.
Asymmetric systems are far more complex and require a pair of mathematically related keys - one public and one private - in order to be accessed. This method is often used for smaller, more sensitive packets of data, or during the authentication process.

What about VPN security:        

The key word in "virtual private networks" is private. VPNs are widely considered extremely secure, despite using public networks. In order to authenticate the VPN's users, a firewall will be necessary. All VPNs require configuration of an access device, either software- or hardware-based, to set up a secure channel. A random user cannot simply log in to a VPN, as some information is needed to allow a remote user access to the network, or to even begin a VPN handshake. Most VPNs use IPSec technologies. IPSec is useful because it is compatible with most different VPN hardware and software, and is the most popular for networks with remote access clients. IPSec requires very little knowledge for clients, because the authentication is not user-based, which means a token (such as Secure ID or Crypto Card) is not used. The security comes from the workstation's IP address or its certificate, establishing the user's identity and ensuring the integrity of the network. An IPSec tunnel basically acts as the network layer protecting all the data packets that pass through, regardless of the application. IPSec-based VPNs also allow the administrator to define a list of specific networks and applications to which traffic can be passed. One downside to IPSec-compliant products, is that they provide access control over the network and transport layers only, and not a great deal of measures to selectively regulate access to individual resources within these hosts. If customers given access to particular company information on a server, for instance, highly selective controls are needed to make sure they access only the information they've been authorized to see. This type of selective, or unidirectional access, within a VPN is available in some non-IPSec solutions, such as Aventail's SOCKS 5 server. In a unidirectional connection, a two-way trusted relationship is not assumed as it is with tunneled VPNs. With this model, if there is some kind of breach in security, only the destination network is affected. SOCKS 5 is also able to handle virtually any authentication and encryption standards.

Conclusion :

Although VPN vendors must decide which standard they use, it is the ADMINISTRATORS who will eventually decide the outcome of this emerging technology. Because of factors like this, it is all the more important to make a wise, informed decision before purchasing a VPN.