VPN Technology(Benefits, Types and VPN Components)


VPNs and their Benefits:
The Internet is a worldwide, publicly accessible IP network. Because of its vast global proliferation, it has become an attractive way to interconnect remote sites. However, the fact that it is a public infrastructure poses security risks to enterprises and their internal networks. Fortunately, VPN technology enables organizations to create private networks over the public Internet infrastructure that maintain confidentiality and security.
Organizations use VPNs to provide a virtual WAN infrastructure that connects branch offices, home offices, business partner sites, and remote telecommuters to all or portions of their corporate network. To remain private, the traffic is encrypted. Instead of using a dedicated Layer 2 connection, such as a leased line, a VPN uses virtual connections that are routed through the Internet.
Earlier in this course, an analogy involving getting priority tickets for a stadium show was introduced. An extension to that analogy will help explain how a VPN works. Picture the stadium as a public place in the same way as the Internet is a public place. When the show is over, the public leaves through public aisles and doorways, jostling and bumping into each other along the way. Petty thefts are threats to be endured.
Consider how the performers leave. Their entourage all link arms and form cordons through the mobs and protect the celebrities from all the jostling and pushing. In effect, these cordons form tunnels. The celebrities are whisked through tunnels into limousines that carry them cocooned to their destinations. This section describes how VPNs work in much the same way, bundling data and safely moving it across the Internet through protective tunnels. An understanding of VPN technology is essential to be able to implement secure teleworker services on enterprise networks.

Analogy: Each LAN Is an IsLANd
We will use another analogy to illustrate the VPN concept from a different point of view. Imagine that you live on an island in a huge ocean. There are thousands of other islands all around you, some very close and others farther away. The normal way to travel is to take a ferry from your island to whichever island you wish to visit. Traveling on a ferry means that you have almost no privacy. Anything you do can be seen by someone else.
Assume that each island represents a private LAN, and the ocean is the Internet. When you travel by ferry, it is similar to when you connect to a web server or to another device through the Internet. You have no control over the wires and routers that make up the Internet, just like you have no control over the other people on the ferry. This leaves you susceptible to security issues if you try to connect between two private networks using a public resource.
Your island decides to build a bridge to another island so that there is an easier, more secure and direct way for people to travel between the two. It is expensive to build and maintain the bridge, even though the island you are connecting with is very close. But the need for a reliable, secure path is so great that you do it anyway. Your island would like to connect to a second island that is much farther away, but you decide that it is too expensive.
This situation is very much like having a leased line. The bridges (leased lines) are separate from the ocean (Internet), yet they are able to connect the islands (LANs). Many companies have chosen this route because of the need for security and reliability in connecting their remote offices. However, if the offices are very far apart, the cost can be prohibitively high-just like trying to build a bridge that spans a great distance.
So how does VPN fit into this analogy? We could give each inhabitant of the islands their own small submarine with these properties:
Fast
Easy to take with you wherever you go
Able to hide you completely from any other boats or submarines
Dependable
Costs little to add additional submarines to your fleet once the first is purchased
Although they are traveling in the ocean along with other traffic, the inhabitants of our two islands could travel back and forth whenever they wanted to with privacy and security. That is essentially how a VPN works. Each remote member of your network can communicate in a secure and reliable manner using the Internet as the medium to connect to the private LAN. A VPN can grow to accommodate more users and different locations much easier than a leased line. In fact, scalability is a major advantage that VPNs have over typical leased lines. Unlike leased lines, where the cost increases in proportion to the distances involved, the geographic locations of each office matter little in the creation of a VPN.
Organizations using VPNs benefit from increased flexibility and productivity. Remote sites and teleworkers can connect securely to the corporate network from almost any place. Data on a VPN is encrypted and undecipherable to anyone not entitled to have it. VPNs bring remote hosts inside the firewall, giving them close to the same levels of access to network devices as if they were in a corporate office.
Cost savings - Organizations can use cost-effective, third-party Internet transport to connect remote offices and users to the main corporate site. This eliminates expensive dedicated WAN links and modem banks. By using broadband, VPNs reduce connectivity costs while increasing remote connection bandwidth.
Security - Advanced encryption and authentication protocols protect data from unauthorized access.
Scalability - VPNs use the Internet infrastructure within ISPs and carriers, making it easy for organizations to add new users. Organizations, big and small, are able to add large amounts of capacity without adding significant infrastructure.

Types of VPNs:
Organizations use site-to-site VPNs to connect dispersed locations in the same way as a leased line or Frame Relay connection is used. Because most organizations now have Internet access, it makes sense to take advantage of the benefits of site-to-site VPNs. As illustrated in the figure, site-to-site VPNs also support company intranets and business partner extranets.
In effect, a site-to-site VPN is an extension of classic WAN networking. Site-to-site VPNs connect entire networks to each other. For example, they can connect a branch office network to a company headquarters network.
In a site-to-site VPN, hosts send and receive TCP/IP traffic through a VPN gateway, which could be a router, PIX firewall appliance, or an Adaptive Security Appliance (ASA). The VPN gateway is responsible for encapsulating and encrypting outbound traffic for all of the traffic from a particular site and sending it through a VPN tunnel over the Internet to a peer VPN gateway at the target site. On receipt, the peer VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network.
Mobile users and telecommuters use remote access VPNs extensively. In the past, corporations supported remote users using dialup networks. This usually involved a toll call and incurring long distance charges to access the corporation.
Most teleworkers now have access to the Internet from their homes and can establish remote VPNs using broadband connections. Similarly, a mobile worker can make a local call to a local ISP to access the corporation through the Internet. In effect, this marks an evolutionary advance in dialup networks. Remote access VPNs can support the needs of telecommuters, mobile users, as well as extranet consumer-to-business.
In a remote-access VPN, each host typically has VPN client software. Whenever the host tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the Internet to the VPN gateway at the edge of the target network. On receipt, the VPN gateway handles the data in the same way as it would handle data from a site-to-site VPN.

VPN Components:

A VPN creates a private network over a public network infrastructure while maintaining confidentiality and security. VPNs use cryptographic tunneling protocols to provide protection against packet sniffing, sender authentication, and message integrity.
The VPN components are
An existing network with servers and workstations
A connection to the Internet
VPN gateways, such as routers, firewalls, VPN concentrators, and ASAs, that act as endpoints to establish, manage, and control VPN connections
Appropriate software to create and manage VPN tunnels
The key to VPN effectiveness is security. VPNs secure data by encapsulating or encrypting the data. Most VPNs can do both.
Encapsulation is also referred to as tunneling, because encapsulation transmits data transparently from network to network through a shared network infrastructure.
Encryption codes data into a different format using a secret key. Decryption decodes encrypted data into the original unencrypted format.

0 comments:

Post a Comment

 

NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog