What is a Virtual Private Network (VPN)?

**Admin** · 01-Dec-2006, 12:17 AM

A Virtual Private Network, or VPN, is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network. VPN message traffic is carried on public networking infrastructure (e.g. the Internet) using standard (often insecure) protocols, or over a service provider's network providing VPN service guarded by well defined Service Layer Agreement (SLA) between the VPN customer and the VPN service provider.
Authentication Mechanism
Generally, a firewall sits between a remote user's workstation or client and the host network or server. The firewall may pass authentication data to an authentication service in a host network. A known trusted person with privileged access, sometimes only using trusted devices, can be allowed to access resources not available to general users. That's why the user feels that the network is private, even though it is not.
Many VPN client programs can be configured to require that all IP traffic must pass through the tunnel while the VPN is active, for better security. From the user's perspective, this means that while the VPN client is active all access outside their employer's secure network must pass through the same firewall as would be the case while physically connected to the office ethernet. This reduces the risk that an attacker might gain access to the secured network by attacking the employee's laptop: to other computers on the employee's home network, or on the public internet, it is as though the machine running the VPN client simply does not exist. Such security is important because other computers local to the network on which the client computer is operating may be untrusted or partially trusted. Even with a home network that is protected from the outside internet by a firewall, people who share a home may be simultaneously working for different employers over their respective VPN connections from the shared home network. Each employer would therefore want to ensure their proprietary data is kept secure, even if another computer in the local network gets infected with malware. And if a travelling employee uses a VPN client from a Wi-Fi access point in a public place, such security is even more important.
Types of VPNs
Secure VPNs use cryptographic tunneling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes on the market. Secure VPN technologies may also be used to enhance security as a 'security overlay' within dedicated networking infrastructures.
Secure VPN protocols include the following:
* IPsec (IP security), an obligatory part of IPv6.
* SSL used either for tunneling the entire network stack, such as in OpenVPN, or for securing what is essentially a web proxy. Although the latter is often called a "SSL VPN" by VPN vendors, it is not really a fully-fledged VPN.
* PPTP (point-to-point tunneling protocol), developed jointly by a number of companies, including Microsoft.
Some large ISPs now offer "managed" VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. In addition to providing remote workers with secure access to their employer's internal network, sometimes other security and management services are included as part of the package, such as keeping anti-virus and anti-spyware programs updated on each client's computer.
Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. Multi-protocol label switching (MPLS) is commonly used to build trusted VPNs. Other protocols for trusted VPNs include:
* L2F (Layer 2 Forwarding), developed by Cisco.
* L2TP (Layer 2 Tunnelling Protocol), including work by both Microsoft and Cisco.
* L2TPv3 (Layer 2 Tunnelling Protocol version 3).
Characteristics in application
A well-designed VPN can greatly benefit a company. For example, it can:
* Extend geographic connectivity.
* Improve security where data lines have not been ciphered.
* Reduce operational costs versus traditional WAN.
* Reduce transit time and transportation costs for remote users.
* Improve productivity.
* Simplify network topology in certain scenarios.
* Provide global networking opportunities.
* Provide telecommuter support.
* Provide broadband networking compatibility.
* Provide faster ROI (return on investment) than traditional carrier leased/owned WAN lines.
* Show a good economy of scale.
* Scale well, when used with a PKI (Public Key Infrastructure).
However, since VPNs extend the "mother network" by such an extent (almost every employee) and with such ease (no dedicated lines to hire), there are certain security implications that have to receive special attention:
* Security on the client side has to be tightened and enforced. Keywords: Central Client Administration, Security Policy Enforcement. It is common for a company to require that each employee wishing to use their VPN from home first install an approved hardware firewall.
* The scale of access to the target network may have to be limited.
* Logging must be evaluated and in most cases revised.

01-Dec-2006, 12:17 AM	#1 (permalink)
Admin Administrator Posts: 876 Join Date: Oct 2005 Rep Power: 10 IM:	What is a Virtual Private Network (VPN)? A Virtual Private Network, or VPN, is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network. VPN message traffic is carried on public networking infrastructure (e.g. the Internet) using standard (often insecure) protocols, or over a service provider's network providing VPN service guarded by well defined Service Layer Agreement (SLA) between the VPN customer and the VPN service provider. Authentication Mechanism Generally, a firewall sits between a remote user's workstation or client and the host network or server. The firewall may pass authentication data to an authentication service in a host network. A known trusted person with privileged access, sometimes only using trusted devices, can be allowed to access resources not available to general users. That's why the user feels that the network is private, even though it is not. Many VPN client programs can be configured to require that all IP traffic must pass through the tunnel while the VPN is active, for better security. From the user's perspective, this means that while the VPN client is active all access outside their employer's secure network must pass through the same firewall as would be the case while physically connected to the office ethernet. This reduces the risk that an attacker might gain access to the secured network by attacking the employee's laptop: to other computers on the employee's home network, or on the public internet, it is as though the machine running the VPN client simply does not exist. Such security is important because other computers local to the network on which the client computer is operating may be untrusted or partially trusted. Even with a home network that is protected from the outside internet by a firewall, people who share a home may be simultaneously working for different employers over their respective VPN connections from the shared home network. Each employer would therefore want to ensure their proprietary data is kept secure, even if another computer in the local network gets infected with malware. And if a travelling employee uses a VPN client from a Wi-Fi access point in a public place, such security is even more important. Types of VPNs Secure VPNs use cryptographic tunneling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes on the market. Secure VPN technologies may also be used to enhance security as a 'security overlay' within dedicated networking infrastructures. Secure VPN protocols include the following: * IPsec (IP security), an obligatory part of IPv6. * SSL used either for tunneling the entire network stack, such as in OpenVPN, or for securing what is essentially a web proxy. Although the latter is often called a "SSL VPN" by VPN vendors, it is not really a fully-fledged VPN. * PPTP (point-to-point tunneling protocol), developed jointly by a number of companies, including Microsoft. Some large ISPs now offer "managed" VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. In addition to providing remote workers with secure access to their employer's internal network, sometimes other security and management services are included as part of the package, such as keeping anti-virus and anti-spyware programs updated on each client's computer. Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. Multi-protocol label switching (MPLS) is commonly used to build trusted VPNs. Other protocols for trusted VPNs include: * L2F (Layer 2 Forwarding), developed by Cisco. * L2TP (Layer 2 Tunnelling Protocol), including work by both Microsoft and Cisco. * L2TPv3 (Layer 2 Tunnelling Protocol version 3). Characteristics in application A well-designed VPN can greatly benefit a company. For example, it can: * Extend geographic connectivity. * Improve security where data lines have not been ciphered. * Reduce operational costs versus traditional WAN. * Reduce transit time and transportation costs for remote users. * Improve productivity. * Simplify network topology in certain scenarios. * Provide global networking opportunities. * Provide telecommuter support. * Provide broadband networking compatibility. * Provide faster ROI (return on investment) than traditional carrier leased/owned WAN lines. * Show a good economy of scale. * Scale well, when used with a PKI (Public Key Infrastructure). However, since VPNs extend the "mother network" by such an extent (almost every employee) and with such ease (no dedicated lines to hire), there are certain security implications that have to receive special attention: * Security on the client side has to be tightened and enforced. Keywords: Central Client Administration, Security Policy Enforcement. It is common for a company to require that each employee wishing to use their VPN from home first install an approved hardware firewall. * The scale of access to the target network may have to be limited. * Logging must be evaluated and in most cases revised.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Private Data Protector 1.0	SlimShady	Application Downloads	0	06-Apr-2008 10:21 PM
Bluetooth Private Area Network Auditor v1.3.5.0	Jokes	Application Downloads	0	18-Apr-2007 04:40 AM
Clearing Private Data	Anilrgowda	Microsoft Windows xp error	1	11-Mar-2007 11:07 PM
Gigabyte Intel(R) Advanced Network Services Virtual Adapter	Anilrgowda	Driver Downloads	0	13-Feb-2007 02:02 AM
Virtual Private Networks (VPN / PPTP)	Anilrgowda	Networking Error !	0	29-Dec-2006 03:39 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)