19.Virtual Private Networking

As the name suggests, a Virtual Private Network (VPN) provides a secure means of communication between remote users of an organization, between different locations of an organization, or between distinct organizations. The communication takes place using a public network such as the Internet. VPN provides a cost- effective way to provide connectivity to remote users of the organization. This technology saves costs for those organizations that have a large number of telecommuting employees. These employees can connect to internal resources of the organization from anywhere because of the global availability of the Internet. All employees need to do to connect to the organization’s network is to simply connect to the local ISP. VPN technologies employ secure authentication and data transmission protocols that work by creating a tunnel in the publicly accessible network(Internet). The tunneling protocols encapsulate authentication and other data within other packets before transmitting over the Internet.

VPN is composed of the following components:
VPN Client
The remote user who wants to establish a connection to the organization’s network.
VPN Server
A server running Remote Access Service; authenticates connection requests from the remote client.
Carrier protocols
These protocols are used by the Internet to transfer data from one point to another over the Internet.

Encapsulating protocols
These protocols are used to wrap the original data before it is transmitted over the Internet. PPTP, L2TP, IPSec, and SSH are examples of encapsulating protocols.

Passenger protocol
This is the original data that is transmitted by the user.

VPN can be implemented in one of the following ways:

Remote Access VPN.

A Remote Access VPN is also known as Private Virtual Dial-up Network (PVDN). This type of VPN provides remote access to remote users over the Internet. The remote user is responsible for creating the tunnel for starting the communication. He dials into the local ISP, which provides Internet connectivity to the user. The user then connects to the secure intranet site of the organization, which is permanently connected to the Internet. figure

A Remote Access VPN is a great solution for an organization that has a large number of users spread across different locations. By using VPN technologies, organizations can save on costs involved in having users that directly dial in to the organization’s internal network.

Site-to-Site VPN.

A Site-to-Site VPN is established between different offices of the same organization spread across multiple physical locations. This can be a very cost-effective solution because the organization does not have to maintain dedicated wide area network(WAN) connections between physically separated locations. Organizations may choose from software implementations of VPN, such as Microsoft’s Routing and Remote Access Service (RRAS) in Windows Server 2003 or from hardware solutions such as Check Point or Sonic WALL. Software based VPNs require proper planning and secure implementations, as these are prone to vulnerabilities of the operating system. Hardware implementations are expensive but are generally more secure than their software counterparts. figure

As noted earlier, VPN essentially depends on a tunneling protocol to successfully and securely transmit data from one location to another using the Internet. The choice of tunneling protocol depends on the solution chosen to implement a VPN. The tunneling process is usually transparent to the end user, who only has to provide appropriate credentials to gain access to the internal resources of the organization. The only requirement is that each end of the tunnel must be able to support the selected tunneling protocol. Commonly used protocols associated with VPN implementations include the following:
• PPTP: Point-to-Point Tunneling Protocol
• L2TP: Layer 2 Tunneling Protocol
• IPSec: IP Security
• SSH: Secure Shell