Tremendous strides in computer networking have increased the productivity of today's workers in today's workspace. The security risk in networking today has also grown. VPN routing uses virtual connections (instead of the traditional dialled line or a leased line) to connect users in remote offices to a private network over a public network. VPN networking offers many benefits. It allows for extended geographic connectivity, improves security, and is much more cost effective, than traditional wide area network (WAN) connectivity. Never before have so many people been able to connect almost seamlessly to their corporate network from home and on the road, which instantly allows real-time communication with their corporate LAN. VPNs are private networks, used by a company over an existing WAN infrastructure. A secure VPN uses tunnelling protocols to provide security, authentication, and integrity to VPN users. Business needs are constantly evolving and, with that evolution, the need to access information from a central location is even more prevalent. The VPN is highly sought after by companies interested in expanding the capabilities of their network. VPNs are prevalent in most business and homes where users are able to securely log in to the corporate LANs. VPN technology is very beneficial to people who travel often. They find that VPN allows them the flexibility of checking corporate applications virtually anywhere in the world. Because the access of data is instantaneous, information is shared in real time. A VPN is very cost-effective as well. unlike traditional private leased lines. VPN technology utilizes existing cabling and routers to connect one site to another in a virtual manner, over a public network (most often the Internet).
Application & Requirements Of VPN
VPN PROTOCOLS & STANDARDS
A few protocols have been introduced to accommodate VPN technology, including the following:
Secure Sockets Layer (SSL)
Public Key Infrastructure (PKI)
Secure ID
Internet Protocol Security (IPsec)
Layer 2 Forwarding (L2F)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Generic Routing Encapsulation (GRE)
In this and the next section, we will discuss the protocols and get an understanding of what each does. Secure Sockets Layer Secure Sockets Layer (SSL) is a networking standard that is used to improve safety and security of network communications, through the use of encryption. SSL session starts with the handshake that first establishes a TCP/IP session. Once the TCP/IP session has been established, then a client is authenticated with a public key. After the authentication is complete, the server determines the level of security that is required for the client by choosing the strongest algorithm that is supported by the client and the server. The Last step that is taken is the establishment of a shared secret that is used to encrypt data being passed between the server and the client. Finally, the SSL session is established. Encryption services are very CPU-intensive and, therefore, an SSL session is established only when the transfer of sensitive data occurs. You can often determine if SSL has been employed by looking at a URL address field in a Web Browser and seeing a -- --s|| following the --http|| (that is, "https"). SSL uses several components are used for the purposes of performing checks and verification made between the end nodes. These components are as follows:
Certificates
Certificate Authority
Keys
Shared Secret
Certificates
SSL uses certificates, which are digital records that identify a person, group, or organization. Certificates are personal digital identification used for a variety of security reasons. Certificates are used in conjunction with public keys to identify the owner of the key and provide a way to pass sensitive data. Certificate Authority Certificates are assigned by a Certificate Authority (CA). Once the certificate is issued, it is then made available to the public. The certificate basically is confirmation that the CA verifies the information to be true and secure and that the public key attached to the certificate is Valid.
Keys
A key is a series of bits used by the algorithm will take a message and a key. Based on the same key bits, a new, encrypted message is generated and sent to the destination. Sometimes the same key is used to decrypt the data, but most often the destination has a key (which will be the only key that can decrypt the data and restore it back to the original message). Keys are used to providing the necessary encryption and decryption methods used to protect and secure data transitions. When a sending station wants to send encrypted data, a pair of keys is assigned: One of the keys is given to the sender and one of the destination. Data is then encrypted by one key and encrypted by another. No other key can decrypt this information.
Shared Secret
A Shared Secret is widely used because it is one password that is shared between users. The problem with a shared secret is pre-shared keys that are allocated to source and destination devices prior to the transfer of data. Public Key Infrastructure Public Key Infrastructure (PKI) is a way of verifying identities. It allows users to be united with a public key. PKI allows users to be known to each other through authentication. It allows the sharing of data by establishing the relationship and then sharing certificates to decrypt and encrypt information. PKI encompasses the hardware, software, and procedures that are needed to provide these services. IT ensures that all users use a private key to provide a digital signal to one another, which allows users to establish secrecy and integrity in the data they are sharing. Secure ID Developed by RSA Security, Secure ID is a technology that provides user authentication to network resources. The Secure ID mechanism contains hardware (known as a token) that is assigned to an individual user. The token generates authentication codes that regenerate periodically, using a built-in clocking device. The authentication codes are also set and are generated by the token's corresponding Secure ID server.
VPN TYPES
Virtual Private Network technology is based on the idea of tunnelling. VPN tunnelling involves establishing and maintaining a logical network connection (that may contain intermediate hops). On this connection, packets constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on the receiving side. For Internet-based VPNs, packets in one of several VPN protocols are encapsulated within Internet Protocol (IP) packets. VPN protocols also support authentication and encryption to keep the tunnels secure.
TYPES OF VPN TUNNELING
VPN supports two types of tunnelling - voluntary and compulsory. Both types of tunnelling are commonly used. Involuntary tunnelling, the VPN client manages the connection setup. The client first makes a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live connection. In compulsory tunnelling, the carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step procedure required for voluntary tunnels. Compulsory VPN tunnelling authenticates clients and associates them with specific VPN server using logic built into the broker device. This network device is sometimes called the VPN Front End Processor (FEP), Network Access Server (NAS) or Point of Presence Server (POS). Compulsory tunnelling hides the details of VPN server connectivity from the VPN Clients and effectively transfers management control over the tunnels from clients to the ISP. In return, service providers must take on the additional burden of installing and maintaining FEP devices.
0 Comments