My is IP Address  •
Detail of TCP/IP  •
Internet IP Addressing  •
IP Subnetting  •
IPv6 Technologies  •
OSI Model  •
Network Security  •
Hacking Explained  •
Types of Hacking  •
Firewall & IDS  •
VPN (Virtual Private Network)  •
IPSec (IP Security)  •
Data Encryption  •
DES & Key Exchange  •
Ethernet Technologies  •
History of Ethernet  •
LAN Switching History  •
LAN Switching  •
Virtual LAN  •
Bridge & Switch  •
Router Technologies  •
Routing Technologies  •
WAN Technologies  •
Fiber-optic Networking  •
Frame Relay Technologies  •
ATM (Asynchronous Transfer Mode)  •
MPLS (Multiprotocol Label Switching)  •
Detail of MPLS  •
Wireless Networks  •
WLAN (Wireless LAN)  •
Wireless Roaming and Bridges  •
Broadband Technologies  •
DSL Technologies  •
Cable Broadband  •
ISDN Technologies  •
IP Telephony  •
VoIP (Voice over IP)  •
IP Convergence  •
IP Multicast  •
Videoconference  •
Network Maintenance  •
Disaster Recovery  •
QoS (Quality of Service)  •
Routing Protocols  •
High Availability  •
STP (Spanning Tree Protocol)  •
Data Center  •
SAN (Storage Area Networks)  •
SAN Technologies  •
SNA (Systems Network Architecture)  •
Desktop Protocols  •
E-Learning  •
E-Commerce  •
Windows & Linux Comparison  •
SQL Server  •

VPN (Virtual Private Network)

VPN (Virtual Private Network)

A virtual private network (VPN) refers to a set of solutions and technologies designed to make secure (encrypted) site-to-site and remote-access connections over public networks. These connections provide low-cost alternatives to dedicated private WANs and allow telecommuters to connect to the corporate network via cable, digital subscriber line (DSL), or dialup.

You can set up VPN connections quickly over existing infrastructures and provide an excellent alternative to dedicated private networks such as Frame Relay and Asynchronous Transfer Mode (ATM).

The benefits of using a VPN include the following:

  • Cost savings - VPNs use cost-effective public IP networks to connect remote-office users to the main corporate site, eliminating expensive dedicated WAN links.
  • Security - VPNs provide a high level of security using advanced encryption and authentication protocols.
  • Scalability - You can set up VPNs easily over the existing Internet infrastructure, allowing corporations to add capacity without adding significant infrastructure.
  • Compatibility with broadband technology - VPNs allow mobile workers, telecommuters, and day extenders to take advantage of high-speed broadband connectivity such as DSL and cable for corporate connectivity.
  • Ease of access - You can provide network access from anywhere in the world with local Internet access points of presence (POPs).

VPNs offer almost the same level of information security as traditional private networks and can be simpler to set up, less expensive to operate, and easier to administer.

The two primary technical issues in setting up VPNs are

  • Tunneling - Tunneling is encapsulating the protocol header and trailer of one network protocol into the protocol header and trailer of another. Prior to the packet traversing the network, it is encapsulated with new header information that allows an intermediary network to recognize and deliver it. When the transmission ends, the tunneling header is stripped off, and the original packet is delivered to the destination.
  • Encryption - Although tunneling lets a third-party network carry data, it does not protect data against unauthorized inspection or viewing. To ensure tunneled transmissions are not intercepted, you encrypt traffic over a VPN. It is important to realize, however that hackers can still intercept encrypted data and attempt to decrypt what they capture.

VPNs Deployment Modes

  • Site-to-site - VPNs link company headquarters, remote locations, branch offices, and e-business partners to an internal network over one shared infrastructure. Site-to-site VPNs can be intranets or extranets. It is not uncommon for extranets to traverse multiple service providers.
  • Remote-access - VPNs allow corporate users and mobile workers to access a corporate intranet securely by using their cable, DSL, or Internet service provider (ISP) to dial in and connect to the network. Leveraging local ISP dial-up infrastructures enables companies to reduce communications expenses and increase productivity due to the robust technology that supports the Internet and other public networks.

Making Secure IPSec Connections Secure
Because they traverse public IP networks, VPNs introduce security considerations that were not necessary with private dial-in or WAN topologies. In general, providing security means encrypting corporate-bound traffic using secure authentication. For site-to-site VPNs, providing security means adding firewalls, intrusion detection, and NAT/PAT.

IPSec provides a way to manage encryption between multiple hosts using secure communications. Encrypting devices (such as routers or end-station PCs) inspect traffic ready to be transmitted. A set of rules on the device determines whether a particular packet must be encrypted. For example, a packet destined for the Internet can be left unencrypted, but a packet destined for the corporate network must be encrypted.

If a packet is to be encrypted, the device scrambles the contents, rendering them unreadable. Different encryption algorithms determine how difficult an encrypted packet is to crack: an encryption scheme that is more difficult to decode by an intruder requires more computing cycles than one that is less difficult.

VPNs are point-to-point, meaning every connection has only two endpoints. A single device (such as an WAN aggregation router) can have multiple remote sites, and users terminate their connections on the one box, but there is still one connection (or tunnel) per pair.

For each encrypted tunnel, the two endpoints must first authenticate each other and ensure that the other end is whom it claims. In encryption terms, this means that each endpoint must establish a security association (SA) with the other. Essentially, this involves the trusted exchange of information between the two hosts that allow each to verify the identity of the other. This process is called Internet Key Exchange (IKE).

After both sides determine that the other side is whom it claims and that they can trust each other, they can then send encrypted data across the VPN.




Copyright © 2006 myipaddressinfo.com. All rights reserved.
vinyl flooring  |   rubber flooring  |   cork flooring  |   bamboo flooring  |   hardwood flooring  |   laminate flooring  |   ceramic flooring  |   ceramic tile  |   flooring
health | home  |   recipes  |   web design  |   seo  |   schools  |   golf courses  |   html  |   flash design

This website and the materials and information you find on this website are provided "as is", without warranty of any kind, either express or implied, including without limitation any warranty for information, services, or products provided through or in connection with the service and any implied warranties of merchantability, fitness for a particular purpose, expectation of privacy or non-infringement.