Virtual Private Network Guide
Understanding VPN
A truly private network is a network where a single entity (e.g., a company) owns all the wires from point A to point B. In a Virtual Private Network (VPN), some part of the path from A to B is a public network (e.g., the Internet or the public telephone system). VPN software technology creates a private “tunnel” through the public network system for your sensitive traffic. Using encryption and authentication methods, a VPN provides security over unsecured media.
VPN Benefits
VPNs provide a very cost-effective means of private communication by using inexpensive local call ISDN or telephone connections (with the Internet as the backbone).
VPN Limitations
Obviously, when a technology incorporates portions of the network that are physically not in its control, there are Quality of Service (QoS) limitations. With a true private network, users can demand a guaranteed QoS from the telephone company or provider. However, this is not as clear-cut with VPNs.
IPSec Encryption and Authentication
Sensitive information should not be sent over the Internet without some means of ensuring security. Internet Protocol (IP) was not originally designed to be secure. Due to its method of routing packets, IP-based networks are extremely vulnerable to spoofing, session hijacking, and many other network attacks. IPSec was developed by the Internet Engineering Task Force (IETF) to solve security issues over IP. IPSec encrypts and authenticates the data passing through the VPN tunnel, providing confidentiality and data integrity over the public network.
- Encryption
VPN-provided encryption algorithms (3DES, DES, etc.) are key to data confidentiality, allowing data to pass through the network protected from unauthorized access. - Authentication
VPN-provided authentication may be used to ensure both data integrity and trusted-source data origination. The use of hash algorithms (such as MD5 or SHA) ensures that data has not changed during transfer. The use of preshared keys or digital certificates ensures that the data is from a
trusted/accepted source.
Download file here