Virtual Private Networks

VIRTUAL PRIVATE NETWORKS

Arun T. Ravindran

S1 MBA IB

Roll No.: 04

School of Management Studies

CUSAT, Kochi – 22

Email:

Abstract: Virtual Private Network or VPN is a term that you may not have heard of, but is becoming very common over the years.Instead of simply dealing with local or regional branch, many companies today have facilities or businesses spread out across the country or around the world. In order for them to maintain a fast, secure and reliable communications, these companies are creating their own virtual privatenetwork to accommodate the needs of remote employees and distant offices.

Key Words:VPN, VPN Advantages, VPN Solutions, VPN Applications.

1.0INTRODUCTION

1.1.Introduction to Virtual Private Network

VPN is an acronym for Virtual Private Network, is a private data network (usually used within a company, or by several different companies or organizations) which has a secure connection created over a public network by using tunneling-mode encryption and other security procedures. The tunneling-mode encryption and security procedures ensure that only authorized users can access the network and data cannot be intercepted.

VPN message traffic is carried on public networking infrastructure e.g. the Internet using standard (often insecure) protocols, or over a service provider's network providing VPN service guarded by well-defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider.

The main purpose of a VPN is to give the company the capabilities of having the same protected sharing of public resources for data as the private leased lines, but at a much lower cost by using the shared public infrastructure.

2.0HOW IT WORKS

To make use of the VPN, the remote user's workstation must have the VPN client software installed. A firewall sits between a remote user's workstation or client and the host network or server. When connection to thecorporate network is attempted, the VPN client software will first connect to the VPN server by means of a tunneling protocol. After the remote computer has been successfully authenticated, a secure connection (secret tunnel) between it and the VPN server will then be formed as all subsequent data being exchanged through this tunnel will be encrypted at the sending end and correspondingly decrypted at the receiving end of the tunnel. As such, the network tunnel between them, even though established through the un-trusted Internet, is still considered secure enough that the remote computer can be trusted by local computers on the corporate LAN.

In short, you connect to the Internet through your ISP. The VPN client software on your computer initiates a connection with the VPN server. The VPN server encrypts the data on the connection so it cannot be read by others while it is in transit. The VPN server decrypts the data and passes it on to other servers and resources.

For better security, many VPN client programs can be configured to require that all IP traffic must pass through the tunnel while the VPN is active. From the user's standpoint, this means that while the VPN client is active, all access outside their employer's secure network must pass through the same firewall as would be the case while physically connected to the office ethernet. This reduces the risk that an attacker might gain access to the secured network.Such security is important because other computers local to the network on which the client computer is operating may not be fully trusted. Even with a home network that is protected from the outside internet by a firewall, people who share a home may be simultaneously working for different employers over their respective VPN connections from the shared home network. Each employer would therefore want to ensure their proprietary data is kept secure, even if another computer in the local network gets infected with malware. And if a travelling employee uses a VPN client from a Wi-Fi access point in a public place, such security is even more important. However, the use of IPX/SPX is one way users might still be able to access local resources.

3.0DIFFERENT TYPES OF VPN

A VPN supports at least three different modes of use:

3.1Remote Access (RAS) VPN

Under this application only a single VPN gateway is involved. The other party involved in negotiating thesecure communication channel with the VPN Gateway is a PC or laptops that is connected to the Internet and running VPN Client software. The VPN Client allows telecommuters and traveling users to communicate on the central network and access servers from many different locations.

Benefit: Significant cost savings by reducing the burden of long distance charges associated with dial-up access. Also helps increase productivity and peace of mind by ensuring securenetworkaccessregardless of where an employee physically is.

3.2Sites-to-Site IntranetVPN

With Intranet VPN, gateways at various physical locations within the samebusiness negotiate a securecommunication channel across the Internet known as a VPN tunnel. An example would be a network that exists in several buildings connected to adatacenteror mainframe that hassecureaccessthrough private lines. Users from the networks on either side of the tunnel can communicate with one another as if it were a single network. These may need strong encryption and strict performance and bandwidth requirements.

Benefit: Substantial cost savings over traditional leased-line or frame relay technologies through the use of Internet to bridge potentiallylong distances between sites.

3.3Site-to-Site Extranet VPN

Almost identical to Intranets, except they are meant for external business partners. As such, firewall access restrictions are used in conjunction with VPN tunnels, so that business partners are only able to gain secure access to specific data / resources, while not gaining access to private corporate information.

Benefit: Businesses enjoy the same policies as a private network, including security, QoS, manageability, and reliability.

4.0ADVANTAGES OF VPN

4.1.Cost Saving

VPN eliminate the needs for expensive long-distance leased lines. What a corporate require was only a relatively shortdedicated connection to the service provider. The connection can be either a local broadband connection such as DSL service or a local leased line. Both of the stated connections are much cheaper than long-distance leased lines. Service providers can in theory charge much less for their support than it costs a company internally because the public provider's cost is shared amongst potentially thousands of customers.

Elements of cost reduction also include transport media, bandwidth, backbone equipment, and operations. According to industry research, site-to-site connectivity costs are typically reduced by average 30% over domestic leased line networks. Cost reduction for client to site dial access is even greater, in the 60%-80% range.

Instead of owning and operating a private network infrastructure, company may outsource some or all of their wide area networking functions to a service provider. By doing so, the cost of management and upkeep of the network setup can be reduced substantially. Not only that, it also enables company to focus on core business objectives, instead of managing a WAN or dial access network.

4.2.Scalability

The cost of using traditional leased lines may be reasonable at the beginning stage, but as the organization grows the number of leased lines required increases exponentially as more branches must be added to the network. With VPN, company can just tap into the geographically-distributed access already available, which is limited in the case of traditional leased lines.

5.0DISADVANTAGES OF VPN

5.1Lack of Security

VPN message traffic is carried on public networking infrastructure e.g. the Internet, or over a service provider's network, which mean - circulating corporate data —one of your most valuable assets—on the line (literally). Even though there are many methods and technologies available to ensure data protection (like encryption implementation), the level of concern about Internet security is quite high and data on transmission is vulnerable to hackers. The uses of VPNs at this moment still require an in-depth understanding of public network security issues.

5.2Less Bandwidth than Dedicated Line

The other major downside of VPNs relates to guaranteeing adequate bandwidth for the work being done. Every use of internet system consumes bandwidth; the more users there are, the less bandwidth there is for any single user. Some VPN service providers offer guaranteed bandwidth, and private networks can be built with guaranteed bandwidth allocations, however, these options will increase the cost of the system.

5.3The needs to accommodate protocols other than IP and existing ("legacy") internal network technology.

IP applications were designed for low-latency, high-reliability networks. An increasing number of real-time, interactive applications are being used on the network. Although some applications can be tuned to allow for increased latency, many of the applications tested cannot be easily adjusted or cannot be adjusted at all, making the use of the application problematic.

6.0VPN SOLUTIONS

A key feature of a VPN is its ability to work over both private networks as well as public networks like the Internet. Using a method called tunneling, a VPN use the same hardware infrastructure as existing Internet or intranet links. VPN technologies include various security mechanisms to protect the virtual, private connections.

VPN supports at least three different modes of use:

• Internet remote access client connections
• LAN-to-LAN internetworking
• Controlled access within an intranet

6.1Internet VPNs for Remote Access

In recent years, many organizations have increased the mobility of their workers by allowing more employees to telecommute. Employees also continue to travel and face a growing need to stay connected to their company networks.

A VPN can be set up to support remote, protected access to the corporate home offices over the Internet. An Internet VPN solution uses a client/server design works as follows:

• A remote host (client) wanting to log into the company network first connects to any public Internet Service Provider (ISP).

• Next, the host initiates a VPN connection to the company VPN server. This connection is made via a VPN client installed on the remote host.

• Once the connection has been established, the remote client can communicate with the internal company systems over the Internet just as if it were a local host.
• Before VPNs, remote workers accessed company networks over private leased lines or through dialup remote access servers. While VPN clients and servers careful require installation of hardware and software, an Internet VPN is a superior solution in many situations.

6.2VPNs for Internetworking

Besides using virtual private networks for remote access, a VPN can also bridge two networks together. In this mode of operation, an entire remote network (rather than just a single remote client) can join to a different company network to form an extended intranet. This solution uses a VPN server to VPN server connection.

6.3Intranet / Local Network VPNs

Internal networks may also utilize VPN technology to implement controlled access to individual subnets within a private network. In this mode of operation, VPN clients connect to a VPN server that acts as the network gateway.

This type of VPN use does not involve an Internet Service Provider (ISP) or public network cabling. However, it allows the security benefits of VPN to be deployed inside an organization. This approach has become especially popular as a way for businesses to protect their Wi-Fi local networks.

7.0CONCLUSION

A virtual private network (VPN) allows the provisioning of private network services for an organization or organizations over a public or shared infrastructure such as the Internet or service provider backbone network. The shared service provider backbone network is known as the VPN backbone and is used to transport traffic for multiple VPNs, as well as possibly non-VPN traffic. VPN provides you a secure channel between your local computer and a computer at the remote location. The network user can access this from any part of the world provided internet connection and accessibility to the resources is available.

8.0REFERENCES

1. “Virtual Private Network”, accessed on 13.10.2009
2. “VPN Definition”, accessed on 13.10.2009
3. “VPN client”, accessed on 13.10.2009
4. “VPN Applications”, accessed on 13.10.2009
5. “VPN Applications”, accessed on 13.1.2009
6. “VPN Solutions” accessed on 13.10.2009
7. “VPN advantages”, accessed on 13.10.2009