Virtual Private Networks claim to solve majority of the security problems faced by the enterprises. Most of the issues were related to secure data transfer over the public internet. The internet’s greatest asset is ubiquity and openness but this is its greatest weakness as well. VPN seems to have been a solution to the weakness.
Many technologies have come up and claim to be VPN technologies: SSL VPN, MPLS VPN to name some. Some basic questions are how do we define VPN ? Why do we need a VPN and what are the technologies used in deploying VPN?
Organizations in the past deployed private networks like LAN or WAN for their mission critical applications. A performance predictable and secure infrastructure was the end result. A growing number of businesses cannot afford setting up a private network and existing networks had to reach out to customers to gain a market edge. This is the area where the internet scores its points. Networking basics still present a few bottlenecks. Bandwidth constraints, security problems due to increased exposure, threats like spoofing, session hijacking, sniffing and man-in-the-middle attacks have exposed data in transit.
Considering business factors and the risk factors and it may frighten you. A new technology has brought the risks down for data transit on the internet. Virtual Private Networks as it is called follows encryption and tunneling for the secure transfer of data between two ends. It extends trust relationships across the cheaper public network. Security and predictable performances are a part of this technology.
Its uses are
o Remote users and tele-workers connecting to their corporate server securely.
o Linking the offices in an enterprise network
o Organizations making their e-commerce solutions better by extending infrastructure to include partners, suppliers and customers.
Variety of Technologies
VPN technology has been around for quite sometime. Present and future of VPN depend on emerging standards that have made it secure and reliable. VPN is deployed and marketed more every passing day. Some products are emerging standards while the old are for specific requirements. Each product and technology has it respective strengths and weakness. Choosing the technology depends on how the problems are addressed and what will be the future trends of the present technology. Security is the present focus of most VPN technologies.
Confidentiality, Integrity and Authentication are three aspects most discussed with respect to a VPN technology. Protecting the Privacy of information requires some sort of encryption. Private Key encryption and Public Key encryption methods are the most common methods available presently. Private key encryption is a bit problematic as the key has to be sent over the internet. Public key systems provide communication between unsecured systems and even provide means to exchange of private keys. The disadvantage of a public key encryption system is that it requires more computation. A balance between the two is the best solution. The DES secret key algorithm and Diffie-Hellman public key algorithm can be used in conjunction. The DES can be used to encrypt the traffic and the Diffie-Hellman to produce the secret key.
Information should not be altered during the transit over the internet. Integrity is ensured using one-way hash function or Message authentication codes (MAC) or even digital signatures.
Authentication is ensuring the identity of the opposite party in a communication process. Password protection or digital signatures (X.509 standard) are an ideal method. The process is a complex system of key generation, certification, revocation and management. All this is a part of a PKI: public key infrastructure.
Separate technologies can be used to provide confidentiality integrity and authentication. Three widely used VPN security protocols are.
o IPSec Protocol
o Tunneling protocols (PPTP:Point to Point tunneling protocol, L2TP: Layer2 Tunneling protocol )
Many managed VPN services offer Quality of Service guarantees, which can be an excellent choice for site-to-site connectivity. VPN is an end to end communication solution and it cannot effect the performance of the middle network and components. This is the reason for the QoS guarantees which are basically a marketing gimmick by the ISP. Each ISP has control over its network only and not the entire internet which makes the QoS flawed. Mission critical performances are still to be realized but security has to an extent been mitigated.
Source by Thoas Powel