What Makes a Virtual Private Network Private?

You are in the: Small Business Computing Channel

ť ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It

Enter a word for a definition...	...or choose a computer category.

   Home
   Term of the Day
   New Terms
   Pronunciation
   New Links
   Quick Reference
   Did You Know?
   Categories
   Tech Support
   Technology Jobs
   About Us
   Link to Us
   Advertising

Become a Marketplace Partner

   Submit a URL
   Suggest a Term
   Report an Error

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Be a Commerce Partner

What Makes a Virtual Private Network Private?
An overview of how VPNs work
Last updated: June 01, 2007

Using a public network, usually the Internet, to connect securely to a private network, such as a company's network is the basis of a VPN or virtual private network. Companies and organizations will use a VPN to communicate confidentially over a public network and can be used to send voice, video or data. It's an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.
One of the most common types of VPNs is a virtual private dial-up network (VPDN). A VPDN is a user-to-LAN connection, where remote users need to connect to the company LAN. Here the company will have a service provider set-up a NAS (network access server) and provide the remote users with the software needed to reach the NAS from their desktop computer or laptop. For a VPDN, the secure and encrypted connection between the company's network and remote users is provided by the third-party service provider.

Another type of VPN is commonly called a site-to-site VPN. Here the company would invest in dedicated hardware to connect multiple sites to their LAN though a public network, usually the Internet. Site-to-site VPNs are either intranet or extranet-based.

intranet
A network based on TCP/IP protocols (an intranet) belonging to an organization, usually a corporation, accessible only by the organization's members, employees or others with authorization. Secure intranets are now the fastest-growing segment of the Internet because they are much less expensive to build and manage than private networks based on proprietary protocols.

extranet
An extranet refers to an intranet that is partially accessible to authorized outsiders. Whereas an intranet resides behind a firewall and is accessible only to people who are members of the same company or organization, an extranet provides various levels of accessibility to outsiders. You can access an extranet only if you have a valid username and password, and your identity determines which parts of the extranet you can view. Extranets are becoming a popular means for business partners to exchange information.

Other options for using a VPN include such things as using dedicated private leased lines. Due to the high cost of dedicated lines, however, VPNs have become an attractive cost-effective solution.
Key Terms To Understanding virtual private networks:
VPN
A network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data.

VPDN
A network that extends remote access to a private network using a shared infrastructure.

tunneling
A technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.

split tunneling
The process of allowing a remote VPN user to access a public network, most commonly the Internet, at the same time that the user is allowed to access resources on the VPN.

encryption
The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.

Securing a VPN
If you're using a public line to connect to a private network, then you might wonder what makes a virtual private network private? The answer is the manner in which the VPN is designed. A VPN is designed to provides a secure, encrypted tunnel in which to transmit the data between the remote user and the company network. The information transmitted between the two locations via the encrypted tunnel cannot be read by anyone else.

VPN security contains several elements to secure both the company's private network and the outside network, usually the Internet, through which the remote user connects through. The first step to security is usually a firewall. You will have a firewall site between the client (which is the remote users workstation) and the host server, which is the connection point to the private network. The remote user will establish an authenticated connection with the firewall.

Encryption
Encryption is also an important component of a secure VPN. Encryption works by having all data sent from one computer encrypted in such a way that only the computer it is sending to can decrypt the data. Types of encryption commonly used include public-key encryption which is a system that uses two keys — a public key known to everyone and a private or secret key known only to the recipient of the message. The other commonly used encryption system is a Symmetric-key encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message.

VPN Tunneling
With a VPN you'll need to establish a network connection that is based on the idea of tunneling. There are two main types of tunneling used in virtual private networks. Voluntary tunneling is where the client makes a connection to the service provider then the VPN client creates the tunnel to the VPN server once the connection has been made. In compulsory tunneling the service provider manages the VPN connection and brokers the connection between that client and a VPN server.

There are three main network protocols for use with VPN tunnels, which are generally incompatible with each other. They include the following:

IPSec
A set of protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement VPNs. IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet. For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.

PPTP
Short for Point-to-Point Tunneling Protocol, a new technology for creating VPNs, developed jointly by Microsoft, U.S. Robotics and several remote access vendor companies, known collectively as the PPTP Forum. A VPN is a private network of computers that uses the public Internet to connect some nodes. Because the Internet is essentially an open network, PPTP is used to ensure that messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to their corporate network via the Internet.

L2TP
Short for Layer Two (2) Tunneling Protocol, an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPNs). L2TP merges the best features of two other tunneling protocols: PPTP from Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that the ISP's routers support the protocol.

VPN Equipment
Depending on the type of VPN you decide to implement, either remote-access or site-to-site, you will need specific components to build your VPN. These standard components include a software client for each remote workstation, dedicated hardware, such as a firewall or a product like the Cisco VPN Concentrator, a VPN server, and a Network Access Server (NAS).

Vangie 'Aurora' Beal
Writer, www.Webopedia.com
Last updated: June 01, 2007

CISCO: How Virtual Private Networks Work
This document covers the fundamentals of VPNs, such as basic VPN components, technologies, tunneling, and VPN security.

Network World: VPN software is not created equal
In the early days of VPNs, these clients weren't deployed in large enough numbers to make distributing and updating them a problem. But today, for large, remote-access VPN deployments, automated distribution and configuration tools are a must.

LogMeIn Hamachi
LogMeIn Hamachi is a VPN service that easily sets up in 10 minutes, and enables secure remote access to your business network, anywhere there's an Internet connection.

EnterpriseNetworkingPlanet
EnterpriseNetworkingPlanet provides practical advice and news for running and managing an enterprise network. In-depth articles and news cover topics such as network management, network monitoring, servers, communications, Internet telephony, operating systems, and much more.

PracticallyNetworked.com
PracticallyNetworked.com provides easy-to-understand help for small-network builders. The site contains how-to information for setting up and debugging home-office and small-business networks. Users can also find extensive troubleshooting information, tips on getting applications to work through firewalls, product reviews on network hardware and software, and more.

PracticallyNetworked.com Discussion Forums
If network connections, sharing computers, router problems or other networking issues are bogging you down, then the PracticallyNetworked.com discussion forum is the place to be. Here you'll find help and support for all your network-related problems.

Do you have an interesting piece of computer-related trivia that you would like us to explore?
Tell us about it.

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook Intel Go Parallel Article: Getting Started with TBB on Windows Microsoft Article: 7.0, Microsoft's Lucky Version?		Intel Go Parallel Article: Intel Threading Tools and OpenMP HP eBook: Storage Networking , Part 1 Avaya Article: Speech Sandbox: Application Simulation in Avaya Dialog Designer MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
HP Video: StorageWorks EVA4400 and Oracle HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind		MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook		Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
Featured Algorithm: Intel Threading Building Blocks - parallel_reduce Silverlight 2 App and Walkthrough: Leverage Silverlight 2 with SQL Server and XML		HP Demo: StorageWorks EVA4400 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES