A Virtual Private Network (VPN) is a network technology that
creates a secure network connection over a public network such as the Internet
or a private network owned by a service provider. Large corporations,
educational institutions, and government agencies use VPN technology to enable
remote users to securely connect to a private network.
A VPN can connect multiple sites over a large distance just like
a Wide Area Network (WAN). VPNs are often used to extend intranets worldwide to
disseminate information and news to a wide user base. Educational institutions
use VPNs to connect campuses that can be distributed across the country or
around the world.
In order to gain access to the private network, a user must be
authenticated using a unique identification and a password. An authentication
token is often used to gain access to a private network through a personal
identification number (PIN) that a user must enter. The PIN is a unique
authentication code that changes according to a specific frequency, usually
every 30 seconds or so.
Protocols
There are a number of VPN protocols in use that secure the
transport of data traffic over a public network infrastructure. Each protocol
varies slightly in the way that data is kept secure.
IP security (IPSec) is used to secure communications over the
Internet. IPSec traffic can use either transport mode or tunneling to encrypt
data traffic in a VPN. The difference between the two modes is that transport
mode encrypts only the message within the data packet (also known as the
payload) while tunneling encrypts the entire data packet. IPSec is often
referred to as a "security overlay" because of its use as a security
layer for other protocols.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
use cryptography to secure communications over the Internet. Both protocols use
a "handshake" method of authentication that involves a negotiation of
network parameters between the client and server machines. To successfully
initiate a connection, an authentication process involving certificates is
used. Certificates are cryptographic keys that are stored on both the server
and client.
Point-To-Point Tunneling Protocol (PPTP) is another tunneling
protocol used to connect a remote client to a private server over the Internet.
PPTP is one of the most widely used VPN protocols because of it's
straightforward configuration and maintenance and also because it is included
with the Windows operating system.
Layer 2 Tunneling Protocol (L2TP) is a protocol used to tunnel data
communications traffic between two sites over the Internet. L2TP is often used
in tandem with IPSec (which acts as a security layer) to secure the transfer of
L2TP data packets over the Internet. Unlike PPTP, a VPN implementation using
L2TP/IPSec requires a shared key or the use of certificates.
VPN technology employs sophisticated encryption to ensure
security and prevent any unintentional interception of data between private
sites. All traffic over a VPN is encrypted using algorithms to secure data integrity
and privacy. VPN architecture is governed by a strict set of rules and
standards to ensure a private communication channel between sites. Corporate
network administrators are responsible for deciding the scope of a VPN,
implementing and deploying a VPN, and ongoing monitoring of network traffic
across the network firewall. A VPN requires administrators to be continually be
aware of the overall architecture and scope of the VPN to ensure communications
are kept private.
Advantages & Disadvantages
A VPN is a inexpensive effective way of building a private
network. The use of the Internet as the main communications channel between
sites is a cost effective alternative to expensive leased private lines. The
costs to a corporation include the network authentication hardware and software
used to authenticate users and any additional mechanisms such as authentication
tokens or other secure devices. The relative ease, speed, and flexibility of
VPN provisioning in comparison to leased lines makes VPNs an ideal choice for
corporations who require flexibility. For example, a company can adjust the
number of sites in the VPN according to changing requirements.
There are several potential disadvantages with VPN use. The lack
of Quality of Service (QoS) management over the Internet can cause packet loss
and other performance issues. Adverse network conditions that occur outside of
the private network is beyond the control of the VPN administrator. For this
reason, many large corporations pay for the use of trusted VPNs that use a
private network to guarantee QoS. Vendor interoperability is another potential
disadvantage as VPN technologies from one vendor may not be compatible with VPN
technologies from another vendor. Neither of these disadvantages have prevented
the widespread acceptance and deployment of VPN technology.
No comments:
Post a Comment