You are on page 1of 16

Virtual Private Network

IS 311 Dr. Gray Tuesday 7pm November 19 !""!

#y$ Germai%e #a&o% 'i((i #eduya )u% *itsuoka #etty +ua%, )uliet Poli%ta%

Table of Contents
I. II. III. IV. V. VI. I%trodu&tio% ------------------.. 1 . ! VPN Topolo,y-----------------... ! . 3 Types o/ VPNs-----------------... 3 . 0 1ompo%e%ts o/ VPNs---------------. 0 . 7 Produ&tivity a%d 1ost #e%e/it-----------.... 7 . 9 2uality o/ Servi&e----------------.. 9

VII. T3e 4uture o/ VPN---------------.... 9 . 11 VIII. 1o%&lusio%-------------------. 11 I5. 5. #iblio,rap3y------------------...1! . 13 2uestio%s--------------------16

Introduction Virtual. Virtual mea%s %ot real or i% a di//ere%t state o/ bei%,. I% a VPN private &ommu%i&atio% betwee% two or more devi&es is a&3ieved t3rou,3 a publi& %etwork t3e I%ter%et. T3ere/ore t3e &ommu%i&atio% is virtually but %ot p3ysi&ally t3ere. Private. Private mea%s to keep somet3i%, a se&ret /rom t3e ,e%eral publi&. 7lt3ou,3 t3ose two devi&es are &ommu%i&ati%, wit3 ea&3 ot3er i% a publi& e%viro%me%t t3ere is %o t3ird party w3o &a% i%terrupt t3is &ommu%i&atio% or re&eive a%y data t3at is e8&3a%,ed betwee% t3em. Network. 7 %etwork &o%sists o/ two or more devi&es t3at &a% /reely a%d ele&tro%i&ally &ommu%i&ate wit3 ea&3 ot3er via &ables a%d wire. 7 VPN is a %etwork. It &a% tra%smit i%/ormatio% over lo%, dista%&es e//e&tively a%d e//i&ie%tly. T3e term VPN 3as bee% asso&iated i% t3e past wit3 su&3 remote &o%%e&tivity servi&es as t3e 9PSTN: Publi& Swit&3ed Telep3o%e Network but VPN %etworks 3ave /i%ally started to be li%ked wit3 IP.based data %etworki%,. #e/ore IP based %etworki%, &orporatio%s 3ad e8pe%ded &o%siderable amou%ts o/ time a%d resour&es to set up &omple8 private %etworks %ow &ommo%ly &alled I%tra%ets. T3ese %etworks were i%stalled usi%, &ostly leased li%e servi&es 4rame ;elay a%d 7T* to i%&orporate remote users. 4or t3e smaller sites a%d mobile workers o% t3e remote e%d &ompa%ies suppleme%ted t3eir %etworks wit3 remote a&&ess servers or ISDN. Small to &ompa%ies w3o &ould %ot a//ord dedi&ated leased li%es used low.speed swit&3ed servi&es. 7s t3e I%ter%et be&ame more a%d more a&&essible a%d ba%dwidt3 &apa&ities ,rew &ompa%ies be,a% to put t3eir I%tra%ets o%to t3e web a%d &reate w3at are %ow k%ow% as <8tra%ets to li%k i%ter%al a%d e8ter%al users. +owever as &ost.e//e&tive a%d =ui& as t3e I%ter%et is t3ere is o%e /u%dame%tal problem > se&urity. Today?s VPN solutio%s over&ome t3e se&urity /a&tor usi%, spe&ial tu%%eli%, proto&ols a%d &omple8 e%&ryptio% pro&edures data i%te,rity a%d priva&y is a&3ieved a%d t3e %ew &o%%e&tio% produ&es w3at seems to be a dedi&ated poi%t &o%%e&tio%. 7%d be&ause t3ese operatio%s o&&ur over a publi& %etwork VPNs &a% &ost si,%i/i&a%tly less to impleme%t t3a% privately ow%ed or leased servi&es. 7lt3ou,3 early VPNs re=uired e8te%sive e8pertise to impleme%t te&3%olo,y 3as matured to a level w3ere deployme%t &a% be a simple a%d a//ordable solutio% /or busi%esses o/ all si(es. Virtual Simply put a VPN Virtual Private Network is de/i%ed as a %etwork t3at uses publi& %etwork pat3s but mai%tai%s t3e se&urity a%d prote&tio% o/ private %etworks. 4or e8ample Delta 1ompa%y 3as two lo&atio%s o%e i% 'os 7%,eles 17 97: a%d 'as Ve,as Nevada 9#:. I% order /or bot3 lo&atio%s to &ommu%i&ate e//i&ie%tly Delta 1ompa%y 3as t3e &3oi&e to set up private li%es betwee% t3e two lo&atio%s. 7lt3ou,3 private li%es would restri&t publi& a&&ess a%d e8te%d t3e use o/ t3eir ba%dwidt3 it will &ost Delta 1ompa%y a ,reat deal o/ mo%ey si%&e t3ey would 3ave to pur&3ase t3e &ommu%i&atio% li%es per mile. T3e more viable optio% is to impleme%t a VPN. Delta 1ompa%y &a% 3ook t3eir &ommu%i&atio% li%es wit3 a lo&al ISP i% bot3 &ities. T3e ISP would a&t as a middlema% &o%%e&ti%, t3e two lo&atio%s. T3is would &reate a% a//ordable small area %etwork /or Delta 1ompa%y.

VPNs were are broke% i%to 6 &ate,ories. 1: Trusted VPN$ 7 &ustomer @trustedA t3e leased &ir&uits o/ a servi&e provider a%d used it to &ommu%i&ate wit3out i%terruptio%. 7lt3ou,3 it is @trustedA it is %ot se&ured. !: Se&ure VPN$ Bit3 se&urity be&omi%, more o/ a% issue /or users e%&ryptio% a%d de&ryptio% was used o% bot3 e%ds to sa/e,uard t3e i%/ormatio% passed to a%d /ro. T3is e%sured t3e se&urity %eeded to satis/y &orporatio%s &ustomers a%d providers. 3: +ybrid VPN$ 7 mi8 o/ a se&ure a%d trusted VPN. 7 &ustomer &o%trols t3e se&ure parts o/ t3e VPN w3ile t3e provider su&3 as a% ISP ,uara%tees t3e trusted aspe&t. 6: Provider.provisio%ed VPN$ 7 VPN t3at is admi%istered by a servi&e provider. VPN Topology Ne8t we will look at 3ow a VPN works i%ter%ally$ To be,i% usi%, a VPN a% I%ter%et &o%%e&tio% is %eededC t3e I%ter%et &o%%e&tio% &a% be leased /rom a% ISP a%d ra%,e /rom a dial up &o%%e&tio% /or 3ome users to /aster &o%%e&tio%s /or busi%esses. 7 spe&ially desi,%ed router or swit&3 is t3e% &o%%e&ted to ea&3 I%ter%et a&&ess &ir&uit to provide a&&ess /rom t3e ori,i% %etworks to t3e VPN. T3e VPN devi&es &reate PV1s 9Permanent Virtual Circuit. a virtual &ir&uit t3at resembles a leased li%e be&ause it &a% be dedi&ated to a si%,le user: t3rou,3 tu%%els allowi%, se%ders to e%&apsulate t3eir data i% IP pa&kets t3at 3ide t3e u%derlyi%, routi%, a%d swit&3i%, i%/rastru&ture o/ t3e I%ter%et /rom bot3 t3e se%ders a%d re&eivers. T3e VPN devi&e at t3e se%di%, /a&ility takes t3e out,oi%, pa&ket or /rame a%d e%&apsulates it to move t3rou,3 t3e VPN tu%%el a&ross t3e I%ter%et to t3e re&eivi%, e%d. T3e pro&ess o/ movi%, t3e pa&ket usi%, VPN is tra%spare%t to bot3 t3e users I%ter%et Servi&e Providers a%d t3e I%ter%et as a w3ole. B3e% t3e pa&ket arrives o% t3e re&eivi%, e%d a%ot3er devi&e will strip o// t3e VPN /rame a%d deliver t3e ori,i%al pa&ket to t3e desti%atio% %etwork. VPNs operate at eit3er layer ! or layer 3 o/ t3e DSI model 9Dpe% Systems I%ter&o%%e&tio%:. 'ayer.! VPN uses t3e layer ! /rame su&3 as t3e <t3er%et w3ile layer.3 uses layer 3 pa&kets su&3 as IP. 'ayer.3 VPN starts at layer 3 w3ere it dis&ards t3e i%&omi%, layer.! /rame a%d ,e%erates a %ew layer.! /rame at t3e desti%atio%. Two o/ t3e most widely used proto&ols /or &reati%, layer.! VPNs over t3e I%ter%et are$ layer.! tu%%eli%, proto&ol 9'!TP: a%d tu%%eli%, proto&ol 9PPTP:. T3e %ewly emer,ed proto&ol &alled *ultiproto&ol 'abel Swit&3i%, 9*P'S: is used e8&lusively i% layer.3 VPNs. See 4i,ure 1

4i,ure 1. De/i%ed VPN Note$ 4rom 7 Primer /or impleme%ti%, a 1is&o Virtual Private Network E 1999 1is&o systems I%& 7ll ri,3ts ;eserved

Types of VPNs T3ere are &urre%tly t3ree types o/ VPN i% use$ remote a&&ess VPN i%tra%et VPN e8tra%et VPN. Remote access VPNs 9see /i,ure !:, e%ables mobile users to establis3 a &o%%e&tio% to a% or,a%i(atio% server by usi%, t3e i%/rastru&ture provided by a% ISP 9I%ter%et Servi&es Provider:. ;emote a&&ess VPN allows users to &o%%e&t to t3eir &orporate i%tra%ets or e8tra%ets w3erever or w3e%ever is %eeded. Fsers 3ave a&&ess to all t3e resour&es o% t3e or,a%i(atio%?s %etwork as i/ t3ey are p3ysi&ally lo&ated i% or,a%i(atio%. T3e user &o%%e&ts to a lo&al ISP t3at supports VPN usi%, plai% old telep3o%e servi&es 9PDTS: i%te,rated servi&es di,ital %etwork 9ISDN: di,ital subs&riber li%e 9DS': et&. T3e VPN devi&e at t3e ISP a&&epts t3e user?s lo,i% t3e% establis3es t3e tu%%el to t3e VPN devi&e at t3e or,a%i(atio%?s o//i&e a%d /i%ally be,i%s /orwardi%, pa&kets over t3e I%ter%et. ;emote a&&ess VPN o//ers adva%ta,es su&3 as$ ;edu&ed &apital &osts asso&iated wit3 modem a%d termi%al server e=uipme%t Greater s&alability a%d easy to add %ew users ;edu&ed lo%,.dista%&e tele&ommu%i&atio%s &osts %atio%wide toll./ree G"" %umber is %o lo%,er %eeded to &o%%e&t to t3e or,a%i(atio%?s modems

4i,ure !. ;emote 7&&ess VPNs 7 Primer /or impleme%ti%, a 1is&o Virtual Private Network E 1999 1is&o systems I%& 7ll ri,3ts ;eserved

Intranet VPNs, provides virtual &ir&uits betwee% or,a%i(atio% o//i&es over t3e I%ter%et 9see /i,ure 3:. T3ey are built usi%, t3e I%ter%et servi&e provider IP 4rame ;elay or 7T* %etworks. 7% IP B7N i%/rastru&ture uses IPSe& or G;< to &reate se&ure tra//i& tu%%els a&ross t3e %etwork. #e%e/its o/ a% i%tra%et VPN i%&lude t3e /ollowi%,$ ;edu&ed B7N ba%dwidt3 &osts e//i&ie%t use o/ B7N ba%dwidt3 4le8ible topolo,ies 1o%,estio% avoida%&e wit3 t3e use o/ ba%dwidt3 ma%a,eme%t tra//i& s3api%,

4i,ure 3. I%tra%et VPNs 7 Primer /or impleme%ti%, a 1is&o Virtual Private Network E 1999 1is&o systems I%& 7ll ri,3ts ;eserved

T3e &o%&ept o/ setti%, up extranet VPNs are t3e same as i%tra%et VPN. T3e o%ly di//ere%&e is t3e users. <8tra%et VPN are built /or users su&3 as &ustomers suppliers or di//ere%t or,a%i(atio%s over t3e I%ter%et. See 4i,ure 6

4i,ure 6. <8tra%et VPNs 7 Primer /or impleme%ti%, a 1is&o Virtual Private Network E 1999 1is&o systems I%& 7ll ri,3ts ;eserved

Components of the VPN I% order /or a VPN to be be%e/i&ial a VPN plat/orm %eeds to be reliable ma%a,eable a&ross t3e e%terprise a%d se&ure /rom i%trusio%. T3e VPN solutio% also %eeds to 3ave Plat/orm S&alability > t3e ability to adapt t3e VPN to meet i%&reasi%, re=uireme%ts ra%,i%, /rom small o//i&e &o%/i,uratio% to lar,e e%terprise impleme%tatio%s. 7 key de&isio% t3e e%terprise s3ould make be/ore starti%, t3eir impleme%tatio% is to &o%sider 3ow t3e VPN will ,row to meet t3e re=uireme%t o/ t3e e%terprise %etwork a%d i/ VPN will be &ompatible wit3 t3e le,a&y %etworks already i% pla&e. 1. Se&urity > 1ompa%ies %eed to keep t3eir VPNs se&ure /rom tamperi%, a%d u%aut3ori(ed users. Some e8amples o/ te&3%olo,ies t3at VPN?s use areC IP Se&urity 9IPSe&: Tu%%eli%, Proto&ol 9PPTP: 'ayer ! Tu%%eli%, Proto&ol a%d *ultiproto&ol 'abel Swit&3i%, 9*P'S: alo%, wit3 Data <%&ryptio% Sta%dard 9D<S: a%d ot3ers to ma%a,e se&urity. 7 /urt3er des&riptio% o/ t3ese te&3%olo,ies is detailed %e8t. PPTP uses Proto&ol 9PPP: to provide remote a&&ess t3at &a% be tu%%eled t3rou,3 t3e I%ter%et to a desired site. Tu%%eli%, allows se%ders to e%&apsulate t3eir data i% IP pa&kets t3at 3ide t3e routi%, a%d swit&3i%, i%/rastru&ture o/ t3e I%ter%et /rom bot3 se%ders a%d re&eivers to e%sure data se&urity a,ai%st u%wa%ted viewers or 3a&kers. PPTP &a% also 3a%dle I%ter%et pa&ket e8&3a%,e 9IP5: a%d %etwork basi& i%putHoutput system e8te%ded user i%ter/a&e 9Net#<FI:. PPTP is desi,%ed to ru% o% t3e Network layer o/ t3e Dpe% systems i%ter&o%%e&tio% 9DSI:. It uses a volu%tary tu%%eli%, met3od w3ere &o%%e&tio% is

o%ly establis3ed w3e% t3e i%dividual user re=uest to lo,o% to t3e server. PPTP tu%%els are tra%spare%t to t3e servi&e provider a%d t3ere is %o adva%&e &o%/i,uratio% re=uired by t3e Network 7&&ess Server t3is allows PPTP to use multiple servi&e providers wit3out a%y e8pli&it &o%/i,uratio%. 4or e8ample t3e &lie%t dials up to t3e ISP a%d makes a PPP sessio%. T3e% t3e &lie%t dials a,ai% to t3e same PPP sessio% to &o%ta&t wit3 t3e desti%atio% remote a&&ess server 9;7S:. 7/ter &o%ta&t is made wit3 t3e ;7S pa&kets are t3e% tu%%eled t3rou,3 t3e %ew &o%%e&tio% a%d t3e &lie%t is %ow &o%%e&ted to t3e &orporate server virtually. 'ayer Two Tu%%eli%, Proto&ol 9'!TP: e8ists at t3e data li%k layer o/ t3e DSI model. '!TP is a &ombi%atio% o/ t3e PPTP a%d 'ayer two 4orwardi%, 9'!4:. 9'ayer two /orwardi%, was also desi,%ed /or tra//i& tu%%eli%, /rom mobile users to t3eir &orporate server. '!4 is able to work wit3 media su&3 as /rame relay or asy%&3ro%ous tra%s/er mode 97T*: be&ause it does %ot depe%de%t o% IP. '!4 also uses PPP aut3e%ti&atio% met3ods /or dial up users a%d it also allows a tu%%el to support more t3a% o%e &o%%e&tio%.: '!TP uses a &ompulsory tu%%eli%, met3od w3ere a tu%%el is &reated wit3out a%y a&tio% /rom t3e user a%d wit3out allowi%, t3e user to &3oose a tu%%el. 7 '!TP tu%%el is dy%ami&ally establis3ed to a predetermi%ed e%d.poi%t based o% t3e Network 7&&ess Server 9N7S: %e,otiatio% wit3 a poli&y server a%d t3e &o%/i,ured pro/ile. '!TP also uses IPSe& /or &omputer.level e%&ryptio% a%d data aut3e%ti&atio%. IPSe& uses data e%&ryptio% sta%dard 9D<S: a%d ot3er al,orit3ms /or e%&rypti%, data publi&.key &rypto,rap3y to ,uara%tee t3e ide%tities o/ t3e two parties to avoid ma%.i%.t3e.middle atta&k a%d di,ital &erti/i&ates /or validati%, publi& keys. IPSe& is /o&used o% Beb appli&atio%s but it &a% be used wit3 a variety o/ appli&atio%. layer proto&ols. It sits betwee% IP at t3e %etwork layer a%d T1PHFDP at t3e tra%sport layer. #ot3 parties %e,otiated t3e e%&ryptio% te&3%i=ue a%d t3e key be/ore data is tra%s/erred. IPSe& &a% operate i% eit3er tra%sport mode or tu%%el mode. I% tu%%el model i%truders &a% o%ly see w3ere t3e e%d poi%ts o/ t3e tu%%el are but %ot t3e desti%atio%s o/ t3e pa&ket a%d t3e sour&es. IPSe& e%&rypts t3e w3ole pa&ket a%d adds a %ew IP pa&ket t3at &o%tai%s t3e e%&rypted pa&ket. T3e %ew IP pa&ket o%ly ide%ti/ies t3e desti%atio%?s e%&ryptio% a,e%t. B3e% t3e IPSe& pa&ket arrives at t3e e%&ryptio% a,e%t t3e %ew e%&rypted pa&ket is stripped a%d t3e ori,i%al pa&ket &o%ti%ues to its desti%atio%. I% Tra%sport mode IPSe& leaves t3e IP pa&ket 3eader u%&3a%,ed a%d o%ly e%&rypts t3e IP payload to ease t3e tra%smissio% t3rou,3 t3e I%ter%et. IPSe& 3ere adds a% e%&apsulati%, se&urity payload at t3e start o/ t3e IP pa&ket /or se&urity t3rou,3 t3e I%ter%et. T3e payload 3eader provides t3e sour&e a%d desti%atio% addresses a%d &o%trol i%/ormatio%. *ultiproto&ol 'abel Swit&3i%, 9*P'S: uses a label swappi%, /orwardi%, stru&ture. It is a 3ybrid ar&3ite&ture w3i&3 attempts to &ombi%e t3e use o/ %etwork layer routi%, stru&tures a%d swit&3i%, a%d li%k.layer &ir&uits a%d per./low swit&3i%,. *P'S operates by maki%, t3e i%ter.swit&3 tra%sport i%/rastru&ture visible to routi%, a%d it &a% also be operated as a peer VPN model /or swit&3i%, a variety o/ li%k.layer a%d layer ! swit&3i%, e%viro%me%ts. B3e% t3e pa&kets e%ter t3e *P'S it is assi,%ed a lo&al label a%d a% outbou%d i%ter/a&e based o% t3e lo&al /orwardi%, de&isio%. T3e /orwardi%, de&isio% is based o% t3e i%&omi%, label w3ere it

determi%es t3e %e8t i%ter/a&e a%d %e8t 3op label. T3e *P'S uses a look up table to &reate tra%smissio% pat3way t3rou,3 t3e %etwork /or ea&3 pa&ket. Pa&ket aut3e%ti&atio% preve%ts data /rom bei%, viewed i%ter&epted or modi/ied by u%aut3ori(ed users. Pa&ket aut3e%ti&atio% applies 3eader to t3e IP pa&ket to e%sure its i%te,rity. B3e% t3e re&eivi%, e%d ,ets t3e pa&ket it %eeds to &3e&k /or t3e 3eader /or mat&3i%, pa&ket a%d to see i/ t3e pa&ket 3as a%y error. Fser aut3e%ti&atio% is used to determi%e aut3ori(ed users a%d u%aut3ori(ed users. It is %e&essary to veri/y t3e ide%tity o/ users t3at are tryi%, to a&&ess resour&es /rom t3e e%terprise %etwork be/ore t3ey are ,ive% t3e a&&ess. Fser aut3e%ti&atio% also determi%es t3e a&&ess levelsC data retrieved or viewed by t3e users a%d ,ra%t permissio% to &ertai% areas o/ t3e resour&es /rom t3e e%terprise. !. 7pplia%&es > i%trusio% dete&tio% /irewalls 4irewalls mo%itors tra//i& &rossi%, %etwork parameter a%d prote&t e%terprises /rom u%aut3ori(ed a&&ess. T3e or,a%i(atio% s3ould desi,% a %etwork t3at 3as a /irewall i% pla&e o% every %etwork &o%%e&tio% betwee% t3e or,a%i(atio% a%d t3e I%ter%et. Two &ommo%ly used types o/ /irewalls are pa&ket.level /irewalls a%d appli&atio%.level /irewalls. Pa&ket.level /irewall &3e&ks t3e sour&e a%d desti%atio% address o/ every pa&ket t3at is tryi%, to passes t3rou,3 t3e %etwork. Pa&ket.level /irewall o%ly lets t3e user i% a%d out o/ t3e or,a%i(atio%?s %etwork o%ly i/ t3e users 3ave a% a&&eptable pa&ket wit3 t3e &orrespo%de%t sour&e a%d desti%atio% address. T3e pa&ket is &3e&ked i%dividually t3rou,3 t3eir T1P port ID a%d IP address so t3at it k%ows w3ere t3e pa&ket is 3eadi%,. Disadva%ta,e o/ pa&ket.level /irewall is t3at it does %ot &3e&k t3e pa&ket &o%te%ts or w3y t3ey are bei%, tra%smitted a%d resour&es t3at are %ot disabled are available to all users. 7ppli&atio%.level /irewall a&ts as a 3ost &omputer betwee% t3e or,a%i(atio%?s %etwork a%d t3e I%ter%et. Fsers w3o wa%t to a&&ess t3e or,a%i(atio%?s %etwork must /irst lo, i% to t3e appli&atio%.level /irewall a%d o%ly allow t3e i%/ormatio% t3ey are aut3ori(ed /or. 7dva%ta,es /or usi%, appli&atio%.level /irewall are$ users a&&ess level &o%trol a%d resour&es aut3ori(atio% level. D%ly resour&es t3at are aut3ori(ed are a&&essible. I% &o%trast t3e user will 3ave to remember e8tra set o/ passwords w3e% t3ey try to lo,i% t3rou,3 t3e I%ter%et. 3. *a%a,eme%t > ma%a,i%, se&urity poli&ies a&&ess allowa%&es a%d tra//i& ma%a,eme%t VPN?s %eed to be /le8ible to a &ompa%ies ma%a,eme%t some &ompa%ies &3ooses to ma%a,e all deployme%t a%d daily operatio% o/ t3eir VPN w3ile ot3ers mi,3t &3oose to outsour&e it to servi&e providers. I% our %e8t se&tio% we will dis&uss 3ow busi%esses mi,3t be%e/it /rom a produ&tive VPN a%d t3e &ost be%e/its o/ impleme%ti%, a VPN. Productivity and Cost Benefit I% terms o/ produ&tivity VPN?s 3ave &ome a lo%, way. I% t3e past &o%&er%s over se&urity a%d ma%a,eability overs3adowed t3e be%e/its o/ mobility. Smaller or,a%i(atio%s 3ad to &o%sider t3e additio%al time a%d &ost asso&iated wit3 providi%, IT support to employees

o% t3e move. 'ar,er &ompa%ies worried wit3 ,ood &ause about t3e possibility t3at providi%, mobile workers wit3 remote %etwork a&&ess would i%adverte%tly provide 3a&kers wit3 a @ba&k doorA e%try to &orporate i%/ormatio% resour&es. #ut as e%d.user te&3%olo,ies like perso%al di,ital assista%ts 9PD7s: a%d &ell p3o%es 3ave made mobility more &ompelli%, /or employees te&3%olo,y adva%&es o% t3e %etworki%, side 3ave 3elped address IT &o%&er%s as we saw i% t3e previous se&tio%. Bit3 t3ese adva%&eme%ts i% te&3%olo,y &omes better produ&tivity. VPN?s 3ave be&ome i%&reasi%,ly importa%t be&ause t3ey e%able &ompa%ies to &reate e&o%omi&al temporary se&ure &ommu%i&atio%s &3a%%els a&ross t3e publi& I%ter%et so t3at mobile workers &a% &o%%e&t to t3e &orporate '7N. VPN?s #e%e/it a &ompa%y i% t3e /ollowi%, ways <8te%ds Geo,rap3i& 1o%%e&tivity. a VPN &o%%e&ts remote workers to &e%tral resour&es maki%, it easier to set up ,lobal operatio%s. #oosts <mployee Produ&tivity. 7 VPN solutio% e%ables tele&ommuters to boost t3eir produ&tivity by !!I . 60I 9Gallup Dr,a%i(atio% a%d Dpi%io% ;esear&3: by elimi%ati%, time.&o%sumi%, &ommutes a%d by &reati%, u%i%terrupted time /or /o&used work. Improves I%ter%et Se&urity > 7% always.o% broadba%d &o%%e&tio% to t3e I%ter%et makes a %etwork vul%erable to 3a&ker atta&ks. *a%y VPN solutio%s i%&lude additio%al se&urity measures su&3 as /irewalls a%d a%ti.virus &3e&ks to &ou%tera&t t3e di//ere%t types o/ %etwork se&urity t3reats. S&ales <asily > 7 VPN allows &ompa%ies to utili(e t3e remote a&&ess i%/rastru&ture wit3i% ISPs. T3ere/ore &ompa%ies are able to add a virtually u%limited amou%t o/ &apa&ity wit3out addi%, si,%i/i&a%t i%/rastru&ture.

<ve% t3ou,3 VPN?s are a &3eaper way o/ 3avi%, remote users &o%%e&t to a &ompa%y?s %etwork over t3e I%ter%et t3ere are still &osts asso&iated wit3 impleme%ti%, t3e VPN. Some o/ t3e typi&al &osts i%&lude 3ardware ISP subs&riptio% /ees %etwork up,radi%, &osts a%d e%d user support &osts. T3ese &osts are%?t sta%dard t3ey vary depe%di%, o% ma%y /a&tors some o/ w3i&3 i%&lude si(e or &orporatio% %umber o/ remote users type o/ %etwork systems already i% pla&e a%d I%ter%et Servi&e Provider sour&e. B3e% it &omes to de&isio% maki%, time IT ma%a,ers or <8e&utive o//i&ers s3ould take t3ese &osts i%to &o%sideratio%. 7lso t3ese de&isio% makers must de&ide w3et3er to develop t3eir VPN solutio% i% 3ouse or to outsour&e to a total servi&e provider. T3ere are a /ew ways to approa&3 t3is topi&C 1. In ouse Implementation! &ompa%ies de&ide t3at /or t3eir %eeds a% i%.3ouse solutio% is all t3ey %eed. T3ese &ompa%ies would rat3er set up i%dividual tu%%els a%d devi&es o%e at a time a%d o%&e t3is is establis3ed t3e &ompa%y &a% 3ave t3eir ow% IT sta// take &are o/ t3e mo%itori%, a%d upkeep. !. "utsourced Implementation! &ompa%ies &a% &3oose to outsour&e i/ t3ey are lar,e s&aled or la&k t3e IT sta// to /ully impleme%t a% i% 3ouse VPN. B3e% a &ompa%y outsour&es t3e servi&e provider usually desi,%s t3e VPN a%d ma%a,es it o% t3e &ompa%y?s be3al/. 3. #iddle $round Implementation! Some &ompa%ies would rat3er 3ave a servi&e provider i%stall t3e VPN but 3ave t3eir IT sta// mo%itor t3e spe&i/i&s su&3 as

tu%%el tra//i&. T3is type o/ impleme%tatio% is a &ompromise betwee% a &ompa%y a%d t3e servi&e provider. 7/ter Impleme%tatio% t3e &ompa%y must make sure t3at it 3as ade=uate support /or its e%d users. T3at?s w3ere =uality o/ servi&e &omes i%. %uality of &ervice '%"&( Fsers o/ a widely s&attered VPN do %ot usually &are about t3e %etwork topolo,y or t3e 3i,3 level o/ se&urityHe%&ryptio% or /irewalls t3at 3a%dle t3eir tra//i&. T3ey do%?t &are i/ t3e %etwork impleme%ters 3ave i%&orporated IPSe& tu%%els or G;< tu%%els. B3at t3ey &are about is somet3i%, more /u%dame%tal su&3 as$ Do I get acceptable response times when I access my mission critical applications from a remote office? 7&&epta%&e levels /or delays vary. B3ile a user would be willi%, to put up wit3 a /ew additio%al se&o%ds /or a /ile tra%s/er to &omplete t3e same user would 3ave less tolera%&e /or similar delays w3e% a&&essi%, a database or w3e% ru%%i%, voi&e over a% IP data %etwork. 2oS 92uality o/ Servi&e: aims to e%sure t3at your missio% &riti&al tra//i& 3as a&&eptable per/orma%&e. I% t3e real world w3ere ba%dwidt3 is limited a%d diverse appli&atio%s /rom video&o%/ere%&i%, to <;P database lookups must all strive /or s&ar&e resour&es 2oS be&omes a vital tool to e%sure t3at all appli&atio%s &a% &oe8ist a%d /u%&tio% at a&&eptable levels o/ per/orma%&e. 2uality o/ Servi&e 92DS: is a key &ompo%e%t o/ a%y VPN servi&e. I% *P'SH#GP VPNs e8isti%, '3 2oS &apabilities &a% be applied to labeled pa&kets t3rou,3 t3e use o/ t3e @e8perime%talA bits i% t3e 3eader or w3ere 7T* is used as t3e ba&kbo%e t3rou,3 t3e use o/ 7T* 2oS &apabilities. T3e tra//i& e%,i%eeri%, work dis&ussed i% is also dire&tly appli&able to *P'SH#GP VPNs. Tra//i& e%,i%eeri%, &ould eve% be used to establis3 'SPs wit3 parti&ular 2oS &3ara&teristi&s betwee% parti&ular pairs o/ sites i/ t3at is desirable. B3ere a% *P'SH#GP VPN spa%s multiple SPs t3e ar&3ite&ture des&ribed may be use/ul. 7% SP may apply eit3er i%tserv or di//serv &apabilities to a parti&ular VPN as appropriate. The )uture of VPN 7s more a%d more busi%esses dema%d a 3i,3er level o/ %etwork a&&ess t3e busi%ess is mi,rati%, /rom a private %etwork e%viro%me%t to a %ew model i% w3i&3 i%/ormatio% is distributed t3rou,3out t3e e%terprise %etwork. T3us e8pa%di%, t3eir %etwork i% t3e %ear /uture a%d a&tually seei%, t3e be%e/its o/ usi%, t3e I%ter%et as t3e ba&kbo%e to &reate Virtual Private Networks 9VPN:. VPN is desi,%ed to meet t3e dema%ds /or i%/ormatio% a&&ess i% a se&ure &ost.e//e&tive e%viro%me%t. * i%teroperability /or VPN is &ru&ial i% today?s %etworki%, e%viro%me%t due to t3e %ature o/ busi%ess su&&esses t3e %eed to e8te%d &orporate %etworks to &o%tra&tors a%d part%ers a%d t3e diverse e=uipme%t wit3i% &ompa%y %etworks. T3e *i&roso/t Bi%dows operati%, system 3as i%te,rated VPN te&3%olo,y t3at

3elps provide se&ure low.&ost remote a&&ess a%d bra%&3 o//i&e &o%%e&tivity over t3e i%ter%et. T3e /uture is i% i%te,rated VPNs w3i&3 depe%d o% 3ow VPNs i%dustry will improve t3eir u%i=ue =ualities t3at will e%able &o%sumers to &ommu%i&ate e//e&tively wit3 ot3er &o%sumers. T3ere/ore a VPN &reates a lar,e &ompa%y.wide data %etwork w3i&3 allows /or every devi&e to be u%i=uely addressed /rom a%yw3ere o% t3e %etwork. T3is mea%s t3at &e%tral resour&es &a% be a&&essed /rom a%y site i% t3e or,a%i(atio% or /rom a%y I%ter%et.&o%%e&ted lo&atio% arou%d t3e world. T3e te&3%i&al problems i%volved i% &o%%e&ti%, 3u%dreds o/ remote sites to a &e%tral %etwork are e8te%sive. It o/te% i%volves t3e pur&3ase o/ very e8pe%sive 3i, ba&kbo%e routers or t3e use o/ &ostly /rame.relay servi&es. T3ese systems are seldom easy to support a%d o/te% re=uire spe&ialist skills. 7lso it depe%ds o% t3e ability o/ i%tra%ets a%d e8tra%ets to deliver o% t3eir promises. 4irst o/ all VPN &ompa%ies must &o%sider to &ost savi%, /or servi&i%, o/ VPNs. Ge%erally speaki%, t3e more t3e &ompa%ies supply &3eaper &ost o/ servi&es t3e more produ&ts or dema%ds i%&rease /or t3em o% t3e markets. T3ere/ore t3ey will ear% 3i,3 pro/it t3e% spe%d a lot o/ mo%ey /or developi%, mu&3 3i,3er =uality VPN. +ere is a dia,ram /or F.S. &ompa%ies wit3 IP VPN. Table 1. 1ompa%ies wit3 VPN
Sour&e$ ID1?s !""1 F.S. B7N *a%a,er Survey ID1 J!K6K! 4ebruary !""!

7&&ordi%, to ID1?s !""1 F.S. B7N ma%a,er survey as table 1 appro8imately /i/ty per&e%ts o/ &ompa%ies i% F.S. 3ave bee% adopted IP VPN i% t3eir &ompa%ies. Dema%d /or VPN 3as bee% i%&reasi%, eve% t3ou,3 e&o%omy is ,oi%, dow% a%d espe&ially IT busi%ess &ompa%ies 3ave %ot su&&eeded at prese%t. *ore t3e% !" per&e%ts o/ &ompa%ies will pla% to 3ave IP VPN servi&es i% t3e /uture so t3ose i% %ear /uture more t3a% 7" per&e%ts o/ &ompa%ies are ,oi%, to use IP VPN servi&es. *ore &ompa%ies will adopt IP VPN servi&es a%d i%&reasi%, more dema%d i% t3e F.S. 7lso ma%y &ompa%ies 3ave bee% usi%, IP VPN /or remote a&&ess as '7N. T3e &ompa%ies /or servi&i%, VPN will &o%sider meeti%, &o%sumer?s dema%ds t3at is voi&e over IP a%d ot3er VPN as VDIP VPN. 1urre%tly very a /ew &ompa%ies 3ave bee% usi%, t3is VPN a%d a /ew &ompa%ies will pla% to use it i% t3e /uture. +owever

&o%trary to t3eir dema%ds most produ&es are sta%di%, o% di//i&ult situatio% /or improvi%, VDIP VPN be&ause t3e voi&e is a ki%d o/ spe&ial re=uireme%t o/ low late%&y a%d Litter. *ost o/ people will &o%ti%ue to use voi&e &ommu%i&atio% by telep3o%e t3at is su&&ess/ully improvi%, wit3 low &osts. T3e !1st &e%tury i%vites %ew ways o/ viewi%, t3e &ommu%i&atio% %etworks. 1ompa%ies t3at previously ma%a,ed t3eir ow% &ommu%i&atio%s re=uireme%ts are u%iti%, wit3 servi&e providers t3at &a% 3elp build up improve a%d ma%a,e t3eir %etworks o% a ,lobal s&ale. T3is ope%s up opportu%ities /or &o%ti%ued ,rowt3 i%&reased pro/itability a%d t3e ,reatest a&3ieveme%t /or bot3 servi&e providers a%d subs&ribers. I% t3e past servi&e providers drew atte%tio% to lower.level tra%sport su&3 as leased li%es a%d /rame relay. Nowadays servi&e providers team wit3 busi%ess &ustomers to meet t3eir %etworki%, re=uireme%ts t3rou,3 virtual private %etworks 9VPNs:. VPNs are t3e sour&e o/ /uture servi&es. B3e% properly impleme%ted t3ey &a% simpli/y %etwork operatio%s w3ile redu&i%, &apital e8pe%ses. 4or most &ompa%ies t3e starti%, poi%t is to &o%%e&t widely separated work,roups i% a% e//i&ie%t mo%eymaki%, ma%%er. 4rom t3ere servi&e providers &a% i%/lue%&e t3e mai% te&3%olo,y as a /ou%datio% /or o//eri%, additio%al servi&es su&3 as appli&atio% 3osti%, video&o%/ere%&i%, a%d pa&ket telep3o%y. VPN 3elp servi&e providers build &ustomer loyalties w3ile deliveri%, %etwork servi&es t3at are valuable to t3eir &ustomersM busi%ess operatio%s. T3is i%di&ates a% opportu%ity to &apture %ew &ustomers as &ompa%ies swit&3 /rom yesterdayMs data &ommu%i&atio%s strate,ies to todayMs more &ompre3e%sive at 3a%d solutio%s. Conclusion VPN is a% emer,i%, te&3%olo,y t3at 3as &ome a lo%, way. 4rom a% i%se&ure break o// o/ Publi& Telep3o%e %etworks to a power/ul busi%ess aid t3at uses t3e I%ter%et as its ,ateway. VPN?s te&3%olo,y is still developi%, a%d t3is is a ,reat adva%ta,e to busi%esses w3i&3 %eed to 3ave te&3%olo,y t3at is able to s&ale a%d ,row alo%, wit3 t3em. Bit3 VPN busi%esses %ow 3ave alter%ative be%e/its to o//er to t3eir employees employees &a% work /rom 3ome take &are o/ &3ildre% w3ile still doi%, produ&tive a%d 3ave a&&ess work related i%/ormatio% at a%ytime. VPN will also 3elp to make t3e possibility o/ a busi%ess e8pa%di%, its servi&es over lo%, dista%&es a%d ,lobally more o/ a reality.

Bibliography 7 primer /or Impleme%ti%, a 1is&o Virtual Private Network. 91999:. 1is&o Systems. ;etrieved D&tober 0 !""! /rom 3ttp$HHwww.&is&o.&omHwarpHpubli&H&&HsoH%esoHvp%Hvp%eHvp%!1Nr,.3tm 7 Te&3%olo,y Guide /rom 7DT;7N. 9!""1 September:. F%dersta%di%, Virtual Private Networki%,. 7DT;7N. ;etrieved D&tober !0 !""! /rom 3ttp$HHwww.adtra%.&omHallHDo&H"HDT1G73+<)3#139;O"3G#<G1IDGH<N!GK.pd/ 1o%%olly P.). 9!""! )a%uary !1:. Tami%, t3e VPN. Computerworld. ;etrieved September 1G !""! /rom 3ttp$HHwww.&omputerworld.&omH%etworki%,topi&sH%etworki%,HstoryH" 1"G"1 K739 K "".3tml Di8 )o3%. (2001, April 9). Is an integrated VPN in your future? Network
World. Retrie ed !"to#er 1, 2002, fro$

3ttp$HHwww.itworld.&omHNetH!003HNBB"1"6"9editH 4er,uso% P +usto%. 9199G 7pril:. B3at is a VPNQ ;etrieved September 19 !""! /rom 3ttp$HHwww.employees.or,HR/er,uso%Hvp%.pd/ I%ter%etworki%, Te&3%olo,ies +a%dbook Virtual Private Networks. 1is&o Systems. ;etrieved September !! !""! /rom 3ttp$HHwww.&is&o.&omHu%iver&dH&&HtdHdo&H&isi%twkHitoNdo&H I%trodu&tio% to VPN$ VPNs utili(e spe&ial.purpose %etwork proto&ols. Computer Networking. ;etrieved September 16 !""! /rom 3ttp$HHwww.&omp%etworki%,.about.&omHlibraryHweeklyHaa"1"7"1d.3tm Ne8t.Ge%eratio% Networki%,$ T3e 4uture o/ Greater Per/orma%&e a%d 4le8ibility. 9!""! )uly:. ID1 7%aly(e t3e 4uture. ;etrieved September !G !""! /rom 3ttp$HHwww.busi%ess.att.&omH&o%te%tHw3itepaperH%e8tN,e%eratio%.pd/ ;emote 7&&ess VPN Solutio%s. 9!""1 )u%e:. 13e&k Poi%t So/tware Te&3%olo,ies 'td. ;etrieved September !" !""! /rom 3ttp$HHwww.&3e&kpoi%t.&omHprodu&tsHdow%loadsHvp%.1NremoteNa&&ess.pd/ Salamo%e Salvatore. 9199G De&ember:. VPN Impleme%tatio% 1alls 4or 7 Tu%%el Trip. Internet Week. ;etrieved D&tober 3" !""! /rom 3ttp$HHwww.i%ter%etwk.&omHVPNHpaper.0.3tm Sa%di&k +. Nair ;. ;aLa,opala% #. 1rawley <. 9199G 7u,ust:. 7 4ramework /or 2oS.based ;outi%, i% t3e I%ter%et. ;etrieved D&tober 1 !""! /rom /tp$HH/tp.isi.eduHi%.%otesHr/&!3GK.t8t

Swee%ey T. 9!""" 7pril 3:. #usi%esses 'o&k I% D% VPN Dutsour&i%, Dptio%s Providers o/ virtual private %etwork servi&es put a %ew spi% o% t3e outsour&i%, spiel. InformationWeek. ;etrieved September !" !""! /rom 3ttp$HHwww.i%/ormatio%week.&omH7G"Hvp%.3tm Fsi%, Poi%t Tu%%eli%, Proto&ol. 9!""1 )uly:. *i&roso/t. ;etrieved September !" !""! /rom 3ttp$HHwww.mi&roso/t.&omH%tserverHte&3resour&esH&omm%etHPPTPHpptpwp.asp Virtual Private Networks 9VPNs:. I%ter%atio%al <%,i%eeri%, 1o%sortium. ;etrieved D&tober 19 !""! /rom 3ttp$,Ho%li%eHtutorialsHvp%Hi%de8.3tml VPN Te&3%olo,ies$ De/i%itio%s a%d ;e=uireme%ts. I%ter%atio%al <%,i%eeri%, 1o%sortium. ;etrieved D&tober 19 !""! /rom 3ttp$,Ho%li%eHtutorialsHvp%Htopi&"!.3tml

1. B3at is VPNQ !. B3at is tu%%eli%,Q 3. B3at is t3e di//ere%&e betwee% outsour&i%, a%d i%.3ouse developme%t a%d middle.,rou%d impleme%tatio%Q 6. B3at are t3e di//ere%&e betwee% remote a&&ess VPNs I%tra%et VPNs a%d <8tra%et VPNsQ 0. B3at are t3e be%e/its o/ remote a&&ess VPNsQ