P. 1
VPN Proposal

VPN Proposal

|Views: 1,073|Likes:
Published by Kamran Khan

More info:

Published by: Kamran Khan on Jun 02, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less






VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection “tunnel” path from a user’s machine to its destination through the public internet. The internet has become a popular, low cost backbone infrastructure. Its universal reach has led many companies to consider constructing a secure Virtual Private Network over the public internet. A private network is composed of computers owned by a single organization that share information specifically with each other. They’re assured that they are going to be the only ones using the network, and that information sent between them will (at worst) only be seen by others in the group. There also was a time, not too long ago, when companies could allow their LANs to operate as separate, isolated islands; each branch office might have its own LAN, with its own naming scheme, email system, and even its own favorite network protocol none of which might he compatible with other offices setups. As more company resources moved to computers, however, there came a need for these offices to interconnect. This was traditionally done using leased phone lines of varying speeds. By using leased lines, a company can be assured that the connection is always available, and private. Leased phone lines, however, can be expensive. They’re typically billed based upon a flat monthly fee, plus mileage expenses. If a company has offices across the country, this cost can be prohibitive.

VIRTUAL PRIVATE NETWORKING OVERVIEW A VPN is a secure. Even though a VPN data travels across a public network like the Internet. and firewalls. If anyone ‘listens’ to the VPN communications. which is an extremely expensive proposition. VPN are more cost effective for large companies. . In this chapter well go over exactly what is meant by each of these and what roles they play in a VPN we’ll touch upon them again and again. authentication. private network over a public network such as the Internet. These VPN devices can be either a computer running VPN software are special device like a VPN enabled router. they will not understand it because all the data is encrypted. packet tunneling. such as traveling salespeople. In addition. it is secure because of very strong encryption.Private networks also have trouble handling moving users. If the salesperson doesn’t happen to be near one of the corporate computers. This is done through encryption. Because they skirt leased line costs by using the internet as a WAN. Encryption and data verification is very CPU intensive. They can he created using software. or a combination of the two that creates a secure link between peers over a public network. It allows your home computer to be connected to your office network or can allow two home computers in different locations to connect to each over the Internet. he or she has to dial into a corporation’s modern long-distance. hardware. VPN monitor their traffic in very sophisticated ways that ensure packets never get altered while traveling across the public network. and well within the reach of smaller ones. VPN allow you to create a secure. private communication tunnel between two or more devices across a public network (like the Internet).

Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else use IPSec Internet Protocol Security BROADBAND ROUTERS WITH VPN SERVERS VPN server hardware was very expensive. Most have a maximum VPN throughput of around 6Mbps or 600Kbps WHAT DOES A VPN DO? A virtual private network is a way to simulate a private network over a public network. Then the client computer and server network can communicate. the home network industry responded by adding VPN servers into some broadband routers. Broadband router with VPN server is often limited in throughput because of their microprocessors. temporary connections that have no real physical presence. It is called “virtual” because it depends on the use of virtual connections that is. Many broadband routers can pass one or more VPN sessions from your LAN to the Internet VPN LANGUAGES There are two major languages’ or protocols that VPNs speak. At the end of 2001. such as the Internet. but consist of packets routed over various machines on the Internet on . As home networks become more sophisticated.CLIENTS AND SERVERS A VPN server is a single computer. the demand for home level VPN increases. It is generally always on and listening for VPN clients to connect to it. These products are often priced at under $900 (us) and some are as inexpensive as $470. A VPN Client is a computer a client initiates a call to the server and logs on.

These include the services that you grant your employees and customers. Since Intranets are typically used to communicate proprietary information. a machine and a network or two networks HOW VPN RELATE TO INTRANET? Virtual private networks can be used to expand the reach of an intranet. or even a security assessment of your network pointing out holes and problematic machinery. however. A VPN will allow them to connect to the Intranet securely. but don’t forget about the other. These files are a good starting point. and even your reputation. databases of your payroll and tax records. the computing resources that are available for use. WHAT ARE WE PROTECTING WITH OUR VPN? The first things that come to mind when you think of protection are the files on your networked computers: documents that contain your company’s future plans. a security failure can cause . Secure virtual connections are created between two machines. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this protocol. where you’ll want far-flung offices to share data or remote users to connect to your Intranet and these users may be using the Internet as their means of connection. less tangible assets that you connect to the internet when you go online. There may be cases. so there are no fears of sensitive information leaving the network unprotected. Also. For instance. IPSec can encrypt data between various devices. all devices must use a common key and the firewalls of each network must have very similar security policies set up. spreadsheets that detail the financial analysis of a new product introduction. You might see this type of connection also referred to as an “Extranet A remote-access VPN utilizing IPSEC IPSec has two encryption modes: tunnel and transport.an ad-hoc basis. you don’t want them accessible from the Internet.

These might include: • • • • • Desktop software client for each remote user Dedicated hardware such as a VPN concentrator or secure PIX firewall Dedicated VPN server for dial-up services NAS (network access server) used by service provider for remote-user VPN access VPN network and policy-management center GOALS ACHIEVED BY VPN? A well-designed VPN can greatly benefit a company. or prevent your users from making connections to other sites. VPN Technologies will examine possible threats to your network and data. For example it can: • • • • Extend geographic connectivity Improve security Reduce operational costs versus traditional WAN Reduce transit time and transportation costs for remote users Improve productivity Provide global networking opportunities Provide broadband networking compatibility What features are needed in a well-designed VPN? It should incorporate: • • • • Security Reliability Scalability Network management . you will need to put in place certain components to build your VPN. VPN TECHNOLOGIES Depending on the type of VPN (remote-access or site-to-site).vendors email to bounce back to them. and explore the technologies that VPN use to avoid them.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->