![]() |
A Virtual Private Network Breakdown
Author: Enigma (enigma@fatelabs.com) www.fatelabs.com |
Table of Contents |
|
Introduction |
This paper was written to educate the average reader on the basics of the VPN (Virtual Private Network). This paper will be the first in a series of papers that will cover a spectrum of VPN issues. In this issue the reader will be introduced to some of the basic ideas and technologies that play into the world of Virtual Private Networking. |
Understanding What a VPN Is |
The working definition of a VPN is the following: a combination of tunneling, encryption, authentication, and access control technologies, and services used to carry traffic over the Internet, a managed IP network, or a provider's backbone. That traffic that flows to the VPN can be delivered using many of the current access technologies, including T1, T3, frame relay, ISDN, ATM, fiber optic technologies, or a simple dial up access. Of course this is a very basic definition. But for the purposes of this paper it gives you a basic understanding of what you’re dealing with. In the following papers these topics will be broken down into explicit detail. |
Reasons For Implementing A VPN Solution |
The basic reason for a VPN is to save money on communications. The VPN allows users to access the network safely over the Internet from locations all over the world. When a network wants to expand into a WAN their needs to be a way to safely transfer data between them without a point-to-point connection. The VPN allows the networks to do this in a secure manner over the Internet. This technology gives companies an edge on their competitor. VPN’s have been known to increase sales, productivity, partner relationships, and save time. |
Types Of VPN’s |
There are many types of VPN implementations, each with its specific set of technology requirements. However, VPN deployments can be grouped into three categories:
Remote Access VPN’s are usually used to link the remote network to mobile users. The users can connect to the VPN through any ISP if they have the proper access and technology. The most important thing to consider in a remote access VPN is to ensure strong authentication is applied to verify remote and mobile users identities in the most accurate and efficient manner possible. These VPN’s can benefit companies with employees that travel on a regular basis. The Extranet VPN implements multiple technologies to create a larger scale VPN with more flexibility and options to the users. It uses the Internet as the large backbone. For example you could have an extranet VPN that allows several branch offices, suppliers, and customers access to the VPN. The most used and accepted standard to the Internet based VPN is the Internet Security Protocol (IPSec). |
Basic VPN Components |
There are three basic components to any good VPN. These are as follows:
Including access control, authentication and encryption technologies to guarantee the security of network connections, authenticity of users, and privacy and integrity of data communications
|
Security |
Most VPN vendors provide some security within the structure of the VPN. Authentication and encryption are two technologies that are provided but those technologies only protect data on the network. The following three technologies ensure the privacy of the VPN and the security. If all three of these technologies are in place the VPN will be more secure than most. But there is no such thing as full security. The three technologies are:
Access control
Authentication
Encryption
|
Traffic Control |
Traffic control is needed to ensure that programs and other such applications do not starve the network out. Traffic control divides the bandwidth up between the applications to ensure that the users have the amount off access to the specific programs that are used more often. The division of bandwidth ensures that user will not be lagged out and starved of the speed that a VPN can provide to its users. By providing quarries of such events the network can control the amount of use and speed at witch the users can access.
The act of encryption and decryption of data on the VPN is one of the most CPU draining events preformed by the network. It is possible to have a separate CPU or server that handles only the encryption and decryption of data. This will decrease the amount of lag that is endured on the CPU. |
Enterprise Management |
Enterprise management is one of the most overlooked factors in the world of VPN’s. Although the act of setting up a VPN and tunneling is important it is still necessary to make sure the physical network is secure. The larger the VPN is the more security problems there could be. If a local network is not secure then there is vulnerability in the VPN info structure. Ensuring that the separate nodes no the networks are secure is the first step. There should also be an easy and secure way to resolve and manage the VPN. Actions like adding and removing users and sending and revoking public and private encryption keys. Managing the VPN properly will ensure that the security of the VPN stays tight. |
The Concept of Tunneling |
The best way to describe tunneling is with an analogy. Picture that you’re in an open market full of people rushing to buy the latest VPN technologies. You see someone you know across the market and you speak to him or her in a normal everyday voice. Although you and your friend are hundreds of feet away he or she hears you and replies. Everyone around you in the market didn’t hear or understand a word you said to you friend but you two can completely understand.
The market is the Internet, full of people and data. The person you’re speaking to is a node on your VPN. You can exchange messages in the form of speech or dada over the VPN. The reason that the people around you can hear you is that you connected through the market to your pal with a tunnel, a link that sends encrypted data that you and your friend can only understand. “Tunneling” is the act of connecting through the Internet to the other networks or users on the VPN and creating a secure link that you and your “friend” can only understand. |
Options In VPN Setup |
There are four different kinds of VPN’s you can set up within the 3 types. The three types are Intranet, Remote Access, and Extranet. Within each of those types you can set up 4 kinds of VPN’s, they are:
|
Conclusion |
VPN’s have come along way over the last 5 years but there are still leaps and bounds to be made. VPN technology is expanding and being used by more and more corporations to increase productivity. There is a lack of people in the IT world with the skills and knowledge to implement and troubles shoot these devices. The technology presented here was designed to give the reader a basic swimming lesson be for they jump of the peer. Check out the rest of the papers in this series at: http://www.fatelabs.com/ |