Sunday, April 8, 2007

Create an Online Private Network That’s Secure and Reliable.

Create an Online Private Network That’s Secure and Reliable.
Virtual Reality? Not Quite. It’s a Virtual Private Network! YAY!

Not too long ago, companies with users and offices geographically separated had to use intranets (password-protected sites designed for use only by company employees) or leased lines, like ISDN or OC3 fiber, to maintain a Wide Area Network (WAN) for fast and secure digital communication. The growing popularity of the Internet convinced some businesses to turn towards it as way of extending its own networks; in comes VPN. A Virtual Private Network (VPN) is a private communications network used mainly by companies, or other organizations, to securely connect remote sites or users together over a public network (usually the Internet). VPN traffic is carried through an existing networking infrastructure on top of standard protocols, or over a service provider's private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider.

One common type of VPN, typically used by a large business with hundreds of sales people in the field, is “remote-access” also called a virtual private dial-up network (VPDN). This is a user-to-LAN connection used by a company with employees who need to connect to the private network from various remote locations. If a company needs to set up a large remote-access VPN, they will typically subcontract an enterprise service provider (ESP). The ESP sets up a network access server (NAS), which remote users would reach by dialing a toll-free number. The ESP provides telecommuters with desktop client software for their computer, which is used to access the corporate network. Through the use of a third-party service provider, remote-access VPNs permit secure, encrypted connections between a company’s LAN and remote users.

Another type of VPN is “site-to-site.” A company can connect multiple fixed sites over a public network, such as the Internet, through the use of dedicated equipment and large-scale encryption. There are two kinds of site-to-site VPNs: Intranet-based and Extranet-based. Intranet-based VPN connects remote user(s) to a single private network. Extranet-based VPN is a network that connects business partners LAN to LAN and allows all of the various companies to work in a separate, shared environment.

A well-designed VPN consists of security, reliability, scalability, and integrated network and policy management. These features can improve security, reduce operation costs versus WAN, provide a convenient remote workstations for employees, provide global network opportunities, provide telecommuter support, and provide broadband networking compatibility.

VPN keeps your connection and data secure over the information superhighway, known as the Internet, through the use of firewalls, encryptions, IPSecs, and AAA Servers.
A firewall is the first line of defense between your private network and the Internet. You can restrict the number of open ports, what types of packets are passed through, and which protocols are allowed.
Encryption is the process of taking the data sent from one computer and encoding the data so that when sent, only the receiving computer can decode the information.
Internet Protocol Security Protocol (IPSec) provides enhanced security features like better encryption algorithms, and more comprehensive authentication. IPSec can encrypt data between various devices, such as: router to router, firewall to router, PC to router, and PC to server.
AAA (authentication, authorization, and accounting) servers are used to secure access in a remote-access VPN environment. During the dial-up request by a user to establish a network connection, the AAA server checks who you are (authentication), what you’re allowed to do (authorization), and what you actually do while logged on (accounting). Accounting information is useful for tracking client use for securing auditing, billing, or reporting purposes.

The beauty of VPN over the Internet is its scalability. This is a major advantage over having typical leased lines. Leased lines are direct, and its cost increases proportionately to distances involved between offices. A VPN uses an existing infrastructure, the Internet, to connect members of a network securely and quickly without the cost issues.

Most VPNs rely on tunneling to create a a private network that reaches across the Internet. Tunneling is the transmission of data through a public network in such a way that routing nodes in the public network are unaware that the transmission is part of a private network. Essentially, tunneling places an entire packet within another packet and sends it over a network. The network and both points, called tunnel interfaces, where the packet enters and exits the network, understand the protocol of the outer packet. Tunneling allows the use of public networks (i.e. the Internet), to carry data on behalf of users as though they had access to a 'private network', hence the name “VPN.”

Tunneling requires three different protocols: Carrier protocol, encapsulating protocol, and passenger protocol. To clearly explain what these protocols do, I think it’s best to use an analogy: It’s like mailing a care package sent to a friend through the post office. The post office loads the package (passenger protocol) into a box (encapsulating protocol), which is then put into a postal truck (carrier protocol) at the Post Office (entry tunnel interface). The truck travels the highways (Internet) to your friend’s home (exit tunnel interface), and delivers the package. Your friend opens the box (encapsulating protocol) and removes the package.

Hopefully this article helps you understand VPN a bit. It’s a great way for companies to provide its employees a secure and reliable way to connect from any location. For more information, please visit Nationwide VPN.