Need for VPN As a business grows, it might expand to multiple shops or offices across the country and around the world. the people working in those locations need a fast, secure and reliable way to share information across computer networks. traveling employees like salespeople need an equally secure and reliable way to connect to their business's computer network from remote locations.
A VPN is a private network that uses a public network (usually the Internet) to connect resources in remote areas. VPN uses "virtual" connections routed through the Internet from the business's private network to the remote site or employee.
to make remote connections The most common way to connect computers between multiple offices was by using a leased line Intranets VPN
VPN provides a business with the following benefits: Extended connections across multiple geographic locations without using a leased line Improved security for exchanging data Flexibility for remote offices and employees to use the business intranet over an existing Internet connection as if they're directly connected to the network Savings in time and expense for employees to commute if they work from virtual workplaces Improved productivity for remote employees
Essential VPN features: Security -- The VPN should protect data while it's traveling on the public network. If intruders attempt to capture the data, they should be unable to read or use it. Reliability -- Employees and remote offices should be able to connect to the VPN with no trouble at any time (unless hours are restricted), and the VPN should provide the same quality of connection for each user even when it is handling its maximum number of simultaneous connections. Scalability -- As a business grows, it should be able to extend its VPN services to handle that growth without replacing the VPN technology altogether.
Traditional Connectivity [From Gartner Consulting]
What is VPN? Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate. Became popular as more employees worked in remote locations. Terminologies to understand how VPNs work.
Private Networks vs. Virtual Private Networks Employees can access the network (Intranet) from remote locations. Secured networks. The Internet is used as the backbone for VPNs Saves cost tremendously from reduction of equipment and maintenance costs. Scalability
Four Critical Functions Authentication – validates that the data was sent from the sender. Access control – limiting unauthorized users from accessing the network. Confidentiality – preventing the data to be read or copied as the data is being transported. Data Integrity – ensuring that the data has not been altered
Encryption Encryption -- is a method of “scrambling” data before transmitting it onto the Internet. Public Key Encryption Technique Digital signature – for authentication
Encrypted Inner Datagram Tunneling A virtual point-to-point connection made through a public network. It transports encapsulated datagrams. Original Datagram Encrypted Inner Datagram Datagram Header Outer Datagram Data Area Data Encapsulation [From Comer] Two types of end points: Remote Access Site-to-Site
Virtual Private Networks (VPN) Basic Architecture
Four Protocols used in VPN PPTP -- Point-to-Point Tunneling Protocol(Supports connectivity b/w a single user and a LAN) L2TP -- Layer 2 Tunneling Protocol(supports user-to –LAN and LAN-to-LAN) IPsec -- Internet Protocol Security SOCKS – is not used as much as the ones above
Types of Implementations What does “implementation” mean in VPNs? 3 types Intranet – Within an organization Extranet – Outside an organization Remote Access – Employee to Business
Remote Access Virtual Private Network
A remote-access VPN allows individual users to establish secure connections with a remote computer network. There are two components required in a remote-access VPN. The first is a network access server A NAS might be a dedicated server, or it might be one of multiple software applications running on a shared server. It's a NAS that a user connects to from the Internet in order to use a VPN. The NAS requires that user to provide valid credentials to sign in to the VPN
The other required component of remote-access VPNs is client software. The client software sets up the tunneled connection to a NAS, which the user indicates by its Internet address. The software also manages the encryption required to keep the connection secure.
Remote Access Virtual Private Network (From Gartner Consulting)
Advantages: Cost Savings Eliminating the need for expensive long-distance leased lines Reducing the long-distance telephone charges for remote access. Transferring the support burden to the service providers Operational costs Cisco VPN Savings Calculator
Advantages: Scalability Flexibility of growth Efficiency with broadband technology
Disadvantages VPNs require an in-depth understanding of public network security issues and proper deployment of precautions Availability and performance depends on factors largely outside of their control Immature standards VPNs need to accommodate protocols other than IP and existing internal network technology
A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. There are two types of site-to-site VPNs: Intranet-based -- If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect each separate LAN to a single WAN. Extranet-based -- When a company has a close relationship with another company (such as a partner, supplier or customer), it can build an extranet VPN that connects those companies' LANs. This extranet VPN allows the companies to work together in a secure, shared network environment while preventing access to their separate intranets.
Industries That May Use a VPN Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely Retail: able to securely transfer sales data or customer info between stores & the headquarters Banking/Financial: enables account information to be transferred safely within departments & branches General Business: communication between remote employees can be securely exchanged