Wide Area Networks and VPN

Virtual Private Network, (VPN), is a private communications network, of two or more computers, which uses encryption, to provide a secure connection through the internet; although sometimes VPN services can be created via third-party vendors who own physical lines and clients pay to use them. Using third-party vendors is not, the majority of the time, very cost effective.

Types of VPN

There are three types of VPNs

Intranet VPN-

Allows connectivity between remote locations of a single company and allows organisations to create LAN to LAN connections

Extranet VPN-

When two close organisations or a business and its customers want to share data and information, which allows all of the connected LANs to work in a shared environment

Remote access VPN-

Is when a user can enter the VPN remotely without using a VPN device but instead goes via his/her own Internet service provider (ISP) and authenticates him/her self as seen in the diagram below.

(Dennis, 2003, pg 207)

How it works:

A VPN connection will be setup containing these qualities;

Connection:

Each user must have some type of connection to the internet whether it is a simple dialup connection or a faster T-Carrier Service such as T4 giving effective speeds of 218mbps (Dennis, 2002)

Authentication:

Since VPNs are placing private data on a public network, the internet, and users are accessing it remotely, authentication measures must be used in-order to combat potential threats to the data, these authentication techniques can be summarised into three categories:

Something you know, eg. a login name

Something you have, eg. a physical card key or

Something you are eg. a fingerprint pattern

Encryption:

VPNs are very similar to private packet switched networks as both try to keep data private. Encrypting data is the only way in ensuring the privacy of the information being sent modern encryption algorithms such as symmetric DES, AES, RC5 Blowfish or asymmetric algorithms such RSA or a more secure combination of both. (Module 4: Crypto 1, 2005)

Tunnels and Encapsulation:

VPNs enable its users to create permanent virtual circuits (PVC) that are called tunnels, these virtual circuits are defined for frequent and consistent use by the network, and do not change unless changed by the network administrator/manager. The VPN devices send and receive packets through internet tunnel. The VPN encapsulates the data with different protocols and frames which provides the information to the receiving VPN on how to process the new packet. These protocols go over the existing protocols that a piece of data would normally need to be transferred over the internet these are as follows Peer-to-Peer (PPP), Internet protocol (IP), Transmission Control Protocol (TCP), and Simple Mail transfer Protocol (SMTP). These protocols act like wrapping paper with written addresses and instructions of how to handle that data. The VPN furthers this encapsulation for sending over a tunnelled network by placing the VPN protocol Layer-2 tunnelling protocol (L2TP). This is then wrapped in another IP address since it is sent to the address of the VPN device. The final protocol is synchronous optical network (SONET) this is because each circuit on the internet, T1 SONET OC-48 etc has its own data link protocol so the VPN device surrounds the OP packet with the appropriate frame for the appropriate circuit that the final packet will be travelling on. On the receivable end the receiving VPN device simply strips off or decrypts the protocols and receives the packet. (Dennis, 2002)

Advantages

Improve productivity for a business or organisation.

Reduce transit time and transportation costs for remote users, such as airplane tickets and petrol costs. Simplify network topology and security in some scenarios.

Low costs comparative to other choices.

Disadvantages

Even though VPNs have dedicated tunnels it doesn’t mean that it is dedicated to an individual user, it simply means that it has a specific address that each packet must follow. This essentially means that if there is a lot users online the network will be become bottlenecked because unlike other networks it can not choose another address or path to follow since it is inside the ‘tunnel’.

(What is a virtual private network, no date)

References

Dennis, A. (2002). Networking In The Internet Age. United States of America: John Wiley and Sons, Inc

Tyson, J. (N.D.) How Virtual Private Networks work. Retrieved October 2, 2006 from http://computer.howstuffworks.com/vpn.htm

Howe, D. (1999) The Free On-line Dictionary of Computing, Retrieved October 3, 2006 from http://dictionary.reference.com/search?q=virtual%20private%20network

Wikipedia (September, 2006) Virtual Private Network, Retrieved October 3, 2006 from http://en.wikipedia.org/wiki/VPN

No author, (No Date) What is a virtual private network?, Retrieved October 3, 2006 from http://www.ciscopress.com/content/images/1587051796/samplechapter/1587051796content.pdf

No author, (2005) Module 4: Crypto 1, Retrieved October 3, 2006, Computer security lecture slides. Edith Cowan University from http://myecu.ecu.edu.au/webapps/portal/frameset.jsp?tab=courses&url=/bin/common/course.pl?course_id=_35490_1