Virtual Private Networks
Historically, only very big organizations could afford extremely secure networks which were created from expensive leased lines. Nowadays, owing to the fact that even large companies have employees who would like to telecommute or log into the networks remotely, their information and data have to get outside the organizational private networks. A cost effective way that enables this, while maintaining the same levels of security as those of organizational private networks is therefore through use of networks that avoid the need for many leased lines that individually connect to the internet.
Such networks are called Virtual Private Networks (VPNs) and support remote access and private data communications over public networks as a cheaper alternative to leased lines. A VPN implements private networks over public infrastructure thus providing a more cost-effective Local Area Network (LAN) or Wide Area Network (WAN) communication. Clients in these networks can communicate with the VPN servers through utilization of a number of specialized protocols such as Post Office Protocol (POP) (Scott, Wolfe, & Erwin, 1999).
A Virtual Private Network is therefore contrasted with a system of owned or leased communication that can only be used by the owner organization. An implementation of a Virtual Private Network over the internet for an organization connecting its regional office, head offices and its remote employees would be as shown in the figure 1. Fig 1: VPN Connectivity Overview Source: http://en. wikipedia. org/wiki/Virtual_private_network 2. 0 Technologies Used in Virtual Private Networks Virtual Private Network technologies are categorized into trusted VPNs, Secure VPNs and Hybrid VPNs (VPN Consortium, 2008).
Earlier virtual private networks consisted of a circuit or set of circuits that was leased to an organization by the circuit provider. Each leased circuit acted like a single wire whose controller was the customer, though the provider could be contacted to help manage the customer network. The customer could therefore use the leased circuit in the same way they used cables in their local networks. Such circuit offered security only in that the customer was assured to be the only user of the circuit. This therefore allowed customers to have their own Internet Protocol (IP) addressing as well as their own Information Technology policies.
The circuits ran through several communication switches and therefore were at risk of network data interception. The VPN customer trusted the provider to use the best available business practices in maintaining the integrity of the network and the traffic flowing therein. Such were called trusted Virtual Private Networks. As internet became more accessible to more and more people, and seeing that trusted VPNs offered no real security, it became a major concern for both the customers and the providers.
Providers therefore in a bid to retain their customers came up with protocols that would enhance security of data during transmission. Traffic was therefore encrypted at the edge of one network right from the originating computer and decrypted on reaching the corporate network at the receiving computer. Encrypted traffic during transmission acts like it is in a tunnel. In case of interception, the interceptor can not interpret the contents while any adjustments will be detected at the receiving end and the data therefore rejected.
Such Virtual networks that are built with encryption as the underlying security measure are called Secure VPNs. With advancement in technology and more security treats becoming more inherent, service providers have started offering a new type of trusted VPNs called Hybrid VPNs. This uses the internet as opposed to the telephone lines as the substrate for any communication. They may not offer ultimate security but enable customers to easily create network segments for wide area networks. In addition, such networks are often accompanied by Quality –of-service (QoS) guarantee from the provider.
The secure parts can be controlled either by the customer through the use of secure VPN equipment from the clients site or by the provider. Although sometimes the hybrid VPN is secured with secure VPN in entirety, only part of a hybrid is commonly secure (VPN-Consortium, 2008). Organizations use secure VPNs in order to transmit private and sensitive information over the internet with surety that even if such information was intercepted, the interceptor would not read the data therein. Any data passing through secure VPN is usually encrypted to very high levels.
It assures the company that an interceptor can not change any values especially if connected remotely from a location that is not under the control of the organizational network administrator such as from home or a hotel room. Secure VPNs have different properties from those of trusted VPNs. An organization will use trusted VPNs when they want to be sure that their data passes over a certain set of paths which have specific properties that are of interest to the organization. No guarantee on security is provided though.
Such paths are usually controlled by a certain Internet service provider (ISP). This gives the company a chance to use their own IP addressing as well as handle their own routing. On the other hand, secure VPNs provide security though no guarantee of paths to be followed (VPN-Consortium, 2008). Due to these strengths and weakness, hybrid VPNs are therefore becoming popular typically when a company has an already existing trusted VPN in part while other parts of the same organization require security in a trusted VPN. 2. 1 Secure VPNs
The secure VPNs being the main technology that is applied in VPNs can further be categorized into Internet Protocol Security Virtual Private Networks (IPSec VPNs) and the Secure Socket Layer Virtual Private Networks (SSL VPNs). IPSec can run either in transport or in tunnel mode. In tunnel mode, both the data as well as the headers of the packet being transmitted are encrypted during transmission, while in transport mode, only the data is encrypted. Decryption keys must therefore be available to both the sender and the recipient for correct decryption of transmission.
Operating at the layer 3(Network layer) of the Open System interconnection (OSI) Model, it creates a tunnel between to given endpoints through which any number of connections can occur irrespective of their application. To deploy an IPSec PVN, one or more VPN gateways are used to connect to the secured networks. A special VPN client software must however be installed on each remote users’ site , each VPN client configured, packets to be encrypted and the gateway to be used for the VPN tunnel defined. Once connected, the client joins the secured network, and can therefore access everything as though physically connected to the network.
Secure Socket Layer (SSL) VPNs, also called transparent or clientless due to the lack of client side VPN software, on the other hand operate on layer 7(Application Layer) of the OSI model. The only component needed here is the designated SSL VPN server, which acts as the gateway between the remote terminals and the secured network. Authentication of the clients and servers is done through use of digital certificates during the initial handshakes that also generate session key which is used in encryption and decryption of any transmission during a remote session.Sample Essay of Edusson.com