Virtual Private Network (VPN) Software, Firewalls, And Applications.
[What is a VPN?][VPN firewalls][VPN architecture]
[VPN & the Internet][Tunneling]
What is a
virtual private network (VPN)?
A Virtual Private Network (VPN) is used to securely connect
two or more subnets over the Internet. Each subnet has a security gateway which is then
linked via a secured tunnel to the security gateway of the other subnet.
An Internet-based Virtual Private Network
(VPN) is the ideal way to connect branch offices, telecommuting workers, field
representatives, business partners, and other users to a corporate network. A VPN can be
used to carry information at a small fraction of the cost of long distance calls or
private leased-lines. It provides the means to make a corporate network available all over
the globe. However, the public nature of the Internet demands addressing a number of
security concerns.
[return to top]
VPN firewalls -
an element of an overall security plan.
An important complement to Virtual Private Network (VPN)
security is an appropriate firewall strategy. Firewalls allow authorized personnel inside
the corporate network to access outside resources on the Internet, while preventing
outside parties from accessing corporate internal resources. VPNs securely extend the
corporate network infrastructure past the firewall, allowing trusted parties and networks
controlled access back into the network. For the vast majority of organizations, a VPN and
a firewall can provide effective protection from the information security risks introduced
by using the Internet.
The security issues that exist in using the Internet as a
communications medium exist to some extent on any WAN, no matter how it is implemented.
The risks associated with the user authentication and unauthorized
"eavesdropping" on sensitive data have been recognized for a number of years.
However, Internet use does magnify the relative likelihood of some of these risks.
Additionally, the use of the Internet to carry private corporate data can and does create
a heightened level of concern among non-technical management.
VPN technology uses new security mechanisms that build
security into the network itself to answer concerns regarding Internet use in general. An
Internet-based VPN using these technologies is clearly more secure; VPN transmissions
remain secure by their very nature.
[return to top]
VPN
architecture - part of an overall
plan.
Designing a Virtual Private Network (VPN) into corporate
network architecture should be done as an integral part of a company's overall information
security plan. This plan should recognize that the company's information security is only
as good as the weakest link in its protections. The weakest link will typically involve
people, not technology used by people. Most security industry research shows that the
majority of security breaches result from inadequate training of the people who are
expected to use security technologies. The security features found in VPNs are designed to
protect against the risks introduced by using the Internet as a transport method for
private corporate data. A properly implemented VPN can be the strongest point in the
network's overall security profile.
[return to top]
VPN &
the Internet - simple and insecure.
The Internet is an incredible tool for information sharing.
On the plus side, it's inexpensive, flexible and powerful and provides easy access via a
well-defined, universal standard. The single biggest drawback when using the Internet is
its openness and therefore a lack of privacy, a huge challenge when using the Internet for
sensitive data. Three attributes of a properly implemented Virtual Private Network (VPN)
will ensure user authentication, data integrity, and data confidentiality.
By manipulating the basic Internet Protocol (IP), the
transmission protocol that everyone uses to communicate across the Internet it is possible
to build protections for specific information traveling over it. An international group of
Internet experts from the Internet Engineering Task Force developed the IP Security
Protocol Suite (IPSEC), a set of extensions for IP that deliver secure communications
capabilities.
These extensions enable the creation of secure
Internet-based VPNs. IPSEC differs from other attempts to protect information-on-the-move
by securing the network itself, not simply the individual applications being used. The
fundamental assumption of the IPSEC design is that the network segments outside the
communicating parties' own networks are insecure. Leading security experts now consider
VPNs using IPSEC to be more secure than traditional private WAN or dial-in remote access
service.
[return to top]
Tunneling - the key to secure communications.
Virtual Private Networks (VPNs) uses the tunneling
capability of IPSEC to transparently move private data across the public Internet.
Tunneling treats entire packets from a private internetwork as payload data that must be
transported across a public transport network.
A Virtual Private Network (VPN) gateway acts as one end of
a "tunnel," encapsulating entire packets from the private inter-network in new
IP packets before they travel across the public Internet. The new packets, carrying the
private source and destination addresses, are simple directed to a second VPN gateway that
protects the other end of the transmission. The receiving gateway then recognizes and
disassembles the encapsulated packet before passing its contents on to the correct address
on the private internetwork.
A variety of different network devices and software
products can act as VPN gateways, including VPN access servers, VPN routers, and computers
with VPN client software installed.
The private network resources on each internal network,
whether single machines or entire internetworks, remain unaware of the fact that the
Internet is being used as a transmission medium. A VPN gateway forms the foundation of a
secure Internet-based portal to those resources, since it is designed to unconditionally
reject all Internet traffic that is not tunneled IPSEC.
[return to top]
|
