What Makes A Good Vpn
Essay by 24 • October 21, 2010 • 1,537 Words (7 Pages) • 1,984 Views
Virtual private networks (VPN) provide an encrypted connection between distributed sites over a public network (e.g., the Internet). By contrast, a private network uses dedicated circuits and possibly encryption. The basic idea is to provide an encrypted IP tunnel through the Internet that permits distributed sites to communicate securely. VPN's permit secure, encrypted connections between a company's private network and remote users through a third-party service provider. A VPN can grow to accommodate more users and different locations much easier than a leased line. In fact, scalability is a major advantage that VPN's have over typical leased lines (dedicated circuits). Unlike with leased lines, where the cost increases in proportion to the distances involved, the geographic locations of each office matter little in the creation of a VPN.
Descriptions / Types
Virtual Private Networks allow enterprises to utilize cost effective, secure, and scalable hardware to extend their wide area network. These networks are cost effective in that they are able to connect remote users to the corporate network without the need for expensive dedicate WAN links or modem banks. They also allow remote users to utilize their own internet connections from their remote site which also saves the corporation money. In essence, the longer the distance is between the connections, the more savings the company can realize. Increased security is also a factor in that it provides encryption between the two sites and that helps protect against unauthorized access to the system. The system is also scalable in that additional hardware is easily added to the network to allow for more users. This allows the corporation to add significant amounts of new users without significantly changing the network infrastructure.
VPN's are typically platform independent with the majority of the VPN's occurring on UNIX, Windows, or Macintosh. They all operate seamlessly; offer strengthened security, mobile user support, and ease of use.
Site to Site
Site to site VPN's extend the wide area network in the sense that they provide large scale encryption between multiple sites such as remote offices and central offices, and also over the internet. There are two main types of site to site virtual private networks, internet and extranet (HowStuffWorks.com). Intranet based VPN's are used for connecting one or more remote locations to the existing LAN, while an extranet based systems connect one or more different companies to the existing LAN to create a shared environment or partnership.
Site to site VPN's typically use a tunnel in which the communication between the two sites is handled from router to router, where the communication between the two is seamless to the end user.
Remote Access
Remote access provides for secure connection between remote users and their corporate networks. This connection works through either a dialup connection or through the public internet. It is also secure, scalable, and available through public networks utilizing client software. (HowStuffWorks.com)
Remote access VPN's typically employee a point to point protocol (PPP), of which the basic structure is used in Layer 2 Forwarding (L2F), Point to Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). (HowStuffWorks.com) A tunnel is a structure that encapsulates the data (payload) and provides the transport from one secure system to another.
Virtual Private Network (VPN) Security
The main concern for most companies when trying to obtain some sort of remote access to their network for employees is security. Most people believe that it is impossible for a network to be accessed remotely while still remaining as secure as accessing it from your office. This is not necessarily the case. Virtual Private Networks (VPN's) can be utilized for this purpose. The need for security is greater when using VPN's vice the old Remote Access Service (RAS) connections. RAS used the telephone line which was more difficult for hackers and eavesdroppers to access, whereas VPN's utilize the internet. With RAS you would need access to the actual wire or the telephone switch being utilized and VPN's utilize a lot of different devices when crossing the internet making it more susceptible to hacking.
When purchasing a VPN for your company one of the first things that you need to decide is what type of protocol you would like to use. One of the more common protocols used is the Point-to-Point Tunneling Protocol (PPTP). PPTP is a protocol that is used to allow users to connect to their corporate network via the internet. This is a relatively inexpensive way to provide remote access to your network considering that most Microsoft operating systems come with some sort of PPTP client. Other things to keep in mind when coming up with a VPN solution are the implementation and design and the cost of the solution. The cost is especially important considering that the uses of VPN's are used to help save your company money.
There are four types of attacks used against VPN's. Those four types are impersonation, integrity, disclosure, and denial of service. Impersonation attacks are used just as the word says; it is when someone tries to get into your network while posing as someone else. This type of attack can be greatly reduced by using the strong authentication methods supported by PPTP. Integrity attacks are the changing of information during a transfer of data. The most common integrity attacks take place on email messages where a hacker will intercept a message and change the contents. The best way to prevent this type of attack is by utilizing digital signatures. Disclosure attacks are when information is sent to an unintended recipient. Again the best way to prevent this type of attack is by utilizing strong encryption methods which come with PPTP. The last type of attack is the denial of service attack. These are used to deny authorized users access to the network
...
...