What Makes a Virtual Private Network Private?
Last Updated: 08-31-2010 , Posted: 06-01-2007
This Article explains what is a virtual private network and how a VPN works.
What is a Virtual Private network (VPN)?
Using a public network — usually the Internet — to connect securely to a private network, such as a company's network is the basis of a VPN or virtual private network.
One of the most common types of VPNs is a virtual private dial-up network (VPDN). A VPDN is a user-to-LAN connection, where remote users need to connect to the company LAN. Here the company will have a service provider set-up a NAS (network access server) and provide the remote users with the software needed to reach the NAS from their desktop computer or laptop. For a VPDN, the secure and encrypted connection between the company's network and remote users is provided by the third-party service provider.
A network based on TCP/IP protocols (an intranet) belonging to an organization, usually a corporation, accessible only by the organization's members, employees or others with authorization. Secure intranets are now the fastest-growing segment of the Internet because they are much less expensive to build and manage than private networks based on proprietary protocols.
An extranet refers to an intranet that is partially accessible to authorized outsiders. Whereas an intranet resides behind a firewall and is accessible only to people who are members of the same company or organization, an extranet provides various levels of accessibility to outsiders. You can access an extranet only if you have a valid username and password, and your identity determines which parts of the extranet you can view. Extranets are becoming a popular means for business partners to exchange information.
Other options for using a VPN include such things as using dedicated private leased lines. Due to the high cost of dedicated lines, however, VPNs have become an attractive cost-effective solution.
Securing a VPN
If you're using a public line to connect to a private network, then you might wonder what makes a virtual private network private? The answer is the manner in which the VPN is designed. A VPN is designed to provides a secure, encrypted tunnel in which to transmit the data between the remote user and the company network. The information transmitted between the two locations via the encrypted tunnel cannot be read by anyone else.
VPN security contains several elements to secure both the company's private network and the outside network, usually the Internet, through which the remote user connects through. The first step to security is usually a firewall. You will have a firewall site between the client (which is the remote users workstation) and the host server, which is the connection point to the private network. The remote user will establish an authenticated connection with the firewall.
Encryption is also an important component of a secure VPN. Encryption works by having all data sent from one computer encrypted in such a way that only the computer it is sending to can decrypt the data. Types of encryption commonly used include public-key encryption which is a system that uses two keys — a public key known to everyone and a private or secret key known only to the recipient of the message. The other commonly used encryption system is a Symmetric-key encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message.
With a VPN you'll need to establish a network connection that is based on the idea of tunneling. There are two main types of tunneling used in virtual private networks. Voluntary tunneling is where the client makes a connection to the service provider then the VPN client creates the tunnel to the VPN server once the connection has been made. In compulsory tunneling the service provider manages the VPN connection and brokers the connection between that client and a VPN server.
There are three main network protocols for use with VPN tunnels, which are generally incompatible with each other. They include the following
A set of protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement VPNs. IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet. For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.
Short for Point-to-Point Tunneling Protocol, a new technology for creating VPNs, developed jointly by Microsoft, U.S. Robotics and several remote access vendor companies, known collectively as the PPTP Forum. A VPN is a private network of computers that uses the public Internet to connect some nodes. Because the Internet is essentially an open network, PPTP is used to ensure that messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to their corporate network via the Internet.
Short for Layer Two (2) Tunneling Protocol, an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPNs). L2TP merges the best features of two other tunneling protocols: PPTP from Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that the ISP's routers support the protocol.
Depending on the type of VPN you decide to implement, either remote-access or site-to-site, you will need specific components to build your VPN. These standard components include a software client for each remote workstation, dedicated hardware, such as a firewall or a product like the Cisco VPN Concentrator, a VPN server, and a Network Access Server (NAS).
|Key Terms To Understanding virtual private networks: