VPN Technology: Virtual Private Networks
What is VPN (Virtual Private Network)?
A virtual private network (VPN) is a private computer network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet.
Types of VPN connections
1. Remote access VPN
2. Site-to-site VPN
2. Site-to-site VPN
1. Remote Access VPN
Remote access VPN connections enable users working at home or on the road to access a server on a private network using the infrastructure provided by a public network, such as the Internet. From the user’s perspective, the VPN is a point-to-point connection between the computer (the VPN client) and an organization’s server. The exact infrastructure of the shared or public network is irrelevant because it appears logically as if the data is sent over a dedicated private link.
2. Site-to-Site VPN
Site-to-site VPN connections (also known as router-to-router VPN connections) enable organizations to have routed connections between separate offices or with other organizations over a public network while helping to maintain secure communications.
VPN Protocols
There are a number of VPN protocols in use that secure the transport of data traffic over a public network infrastructure. Each protocol varies slightly in the way that data is kept secure.
1. IP security (IPSec)
IP security (IPSec) is used to secure communications over the Internet. IPSec traffic can use either transport mode or tunneling to encrypt data traffic in a VPN. The difference between the two modes is that transport mode encrypts only the message within the data packet (also known as the payload) while tunneling encrypts the entire data packet. IPSec is often referred to as a "security overlay" because of its use as a security layer for other protocols.
2. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use cryptography to secure communications over the Internet. Both protocols use a "handshake" method of authentication that involves a negotiation of network parameters between the client and server machines. To successfully initiate a connection, an authentication process involving certificates is used. Certificates are cryptographic keys that are stored on both the server and client.
3. Point-To-Point Tunneling Protocol (PPTP)
Point-To-Point Tunneling Protocol (PPTP) is another tunneling protocol used to connect a remote client to a private server over the Internet. PPTP is one of the most widely used VPN protocols because of it's straightforward configuration and maintenance and also because it is included with the Windows operating system.
4. Layer 2 Tunneling Protocol (L2TP)
Layer 2 Tunneling Protocol (L2TP) is a protocol used to tunnel data communications traffic between two sites over the Internet. L2TP is often used in tandem with IPSec (which acts as a security layer) to secure the transfer of L2TP data packets over the Internet. Unlike PPTP, a VPN implementation using L2TP/IPSec requires a shared key or the use of certificates.
Where is VPN technology used?
VPN technology is used in large corporations, educational institutions, and government agencies to enable remote users to securely connect to a private network.
VPN vs Leased Lines / Dial-up connections
Leased lines, such as ISDN (integrated services digital network, 128 Kbps), are private network connections that a telecommunications company could lease to its customers. Leased lines provide a company with a way to expand its private network beyond its immediate geographic area. These connections form a single wide-area network (WAN) for the business. Though leased lines are reliable and secure, the leases are expensive, with costs rising as the distance between offices increases.
Today, the Internet is more accessible than ever before, and Internet service providers (ISPs) continue to develop faster and more reliable services at lower costs than leased lines. To take advantage of this, most businesses have replaced leased lines with new technologies that use Internet connections without sacrificing performance and security. Businesses started by establishing intranets, which are private internal networks designed for use only by company employees. Intranets enabled distant colleagues to work together through technologies such as desktop sharing. By adding a VPN, a business can extend all its intranet's resources to employees working from remote offices or their homes.
Advantages of VPN Technology
1. Use of internet as communication channel
A VPN is a inexpensive effective way of building a private network. The use of the Internet as the main communications channel between sites is a cost effective alternative to expensive leased private lines. The costs to a corporation include the network authentication hardware and software used to authenticate users and any additional mechanisms such as authentication tokens or other secure devices. The relative ease, speed, and flexibility of VPN provisioning in comparison to leased lines makes VPNs an ideal choice for corporations who require flexibility. For example, a company can adjust the number of sites in the VPN according to changing requirements.
2. VPNs enable file sharing, screen sharing, video conferencing and similar network services.
3. Allows you to be at home and access your company's computers in the same way as if you were sitting at work.
4. Almost impossible for someone to tap or interfer with data in the VPN tunnel.
5. If you have VPN client software on a laptop, you can connect to your company from anywhere in the world.
Disadvantages of VPN Technology
1. Lack of Quality of Service (QoS) management
There are several potential disadvantages with VPN use. The lack of Quality of Service (QoS) management over the Internet can cause packet loss and other performance issues. Adverse network conditions that occur outside of the private network is beyond the control of the VPN administrator. For this reason, many large corporations pay for the use of trusted VPNs that use a private network to guarantee QoS.
2. Vendor interoperability
Vendor interoperability is another potential disadvantage as VPN technologies from one vendor may not be compatible with VPN technologies from another vendor. Neither of these disadvantages have prevented the widespread acceptance and deployment of VPN technology.
3. Setup is more complicated than less secure methods. VPN works across different manufacturers' equipment, but connecting to a non-NETGEAR product will add to difficulty, since there may not documentation specific to your situation.
4. The company whose network you connect to may require you to follow the company's own policies on your home computers.