VPN stands for Virtual Private Networking. It helps many business organizations or any institution requiring networking within a long range of area to cut off the higher cost value of leasing a single connection. VPN makes possible the secure private networking using the public accessed network i.e internet. The logical tunneling between server and client through internet is created so that no one outside the network accesses it. VPN connection works in either layer 2 or layer 3 of OSI reference model.
2. Types of VPN:-
VPN connection is effective when a secured point-to-point connection is required for networking. It has diverse field. On the basis of working layer, it is divided into two types:-
Internet based VPN ( layer3 VPN)
Intranet based VPN ( layer2 VPN)
If discussed on the basis of field of connection or communication, it is divided into two part. They are
Server to Server VPN.
Client to server VPN.
There are several other types of VPN connection but the underlined concept for all is same, the creation of logical tunnel.
It secures the login process in a VPN connection. So in case of a user trying to establish a connection with a VPN server must pass a proper authentication provided by the VPN server, otherwise the connection will be terminated. For a secure connection strong authentication process should be implemented. Some of the authentication types are listed below:-
PAP - Password Authentication Protocol.
CHAP - Challenge Handshake Authentication Protocol.
PPP - Point-to-Point Protocol.
IKE - Internet Key Exchange.
Encryption is defined as the process of encoding data or information which cannot be viewed by other except the authorized receiver. Both receiver and sender should have common encoding and decoding techniques. Strong encryption technique and regular update of technique keys is always recommended for establishing a strong encryption process. Encryption technique is mainly divided into two parts as listed below:-
In case of data transmission, data travels through different layers as on OSI reference model or TCP /IP protocol. At first traveling through the different layers at sender side each layer adds an extra information to the data ( header, trailer etc. ) , and when the data reaches at the receiver side the data is received in the original form after the extraction of header or trailer by the respective layer of the receiver side. This process of addition of extra information to the data at the sender side is called encapsulation.
3.4 Address & Name server Allocation:-
Domain Name System (DNS) server is used for resolving the IP address to name server and vice verse and Dynamic Host Configuration Protocol (DHCP) server is used for allocating the IP address of the devices connected to the network. If a VPN connection is established a network administrator can define the accessibility of the device in the network using their IP Address To restrict a device the respective IP address should be blocked in the VPN device.
3.5 Network Address Translation (NAT):-
It provides with a technique of converting IP address of a computer in one network to IP address of other network. After enabling a router with NAT it gives accessibility to a computer at private network to access the public networks computer.
In VPN connection, computers can access respective computers through a tunnel created within the public internet or an intranet. There will be safe and secure connection because of tunneling without unauthorized interference.
4. Hybrid Internet VPN Connection:-
Internet VPN is usually called as Layer 3 VPN as it works being on layer 3 of OSI reference model i.e Network Layer and TCP/IP model i.e Internet Layer. In case of business organization having offices at different coast this type of connection is suitable as in this type of connection a public network is used. Connection is possible if both offices are connected to a local Internet Service Provider (ISP).
4.1 Remote Access:-
In case of remote access VPN connection it helps the remote access client to cut of the charge of making a long distance connection to an outsourced Network Access Server (NAS). Rather than connecting through NAS a remote client can directly connect to the respective office's intranet. For this remote access client should be connected to a local ISP first and after a secure VPN connection can be established with the intranet of the office.
4.2 Network's Connection over Internet: - There are two ways for connecting the network listed as below.
Connecting through dedicated WAN links:- If two offices are connected to an internet using dedicated WAN links of a local ISP . Then a connection can be established between two offices using the routers of the office which are connected to the internet already. After the VPN connection is established both routers are able of forwarding or routing data traffic to each other.
Connecting through Dial Up WAN link:- If a head office router performing as a VPN server is first connected to a local ISP using dedicated WAN links then a dial up connection can be established between the client office and head office if the client's office is connected to a local ISP.E:\VPN Project ( RAW )\Internet and Intranet-Based VPN Connections_files\Cc958052.INBE04(en-us,TechNet.10).gif
5. Hybrid Intranet VPN Connection:-
It is generally called as Layer 2 VPN as it works being on Layer 2 of OSI reference model.
5.1 Remote Access:-
In case of some organizations intranetwork, the data of a certain sector may be sensitive and is always separated from the office's intranetwork. And if users who are not physically connected to that sector tries to establish a connection network connectivity problem is shown. In this case the connection between the sensitive sector and organization intranetwork is created by using an extra VPN server. After the VPN connection is established a user with proper authorization can establish a remote connection with the VPN server and are able of accessing the information and data of the sensitive sector. Cc958052.;INBE05(;en-us,commat;;TechNet.;10);.;gif
5.2 Network's Connection Over Intranet:-
A VPN connection can be established by using the routers of two office network which are already connected to head office's intranet. One among two routers with a common intranet connection acts either as a VPN client or a VPN server and a VPN connection is established. After the establishment of the connection both office can share and exchange information using the head office's intranetwork.Cc958052.;INBE06(;en-us,commat;;TechNet.;10);.;gif
6. VPN Security:-
There are various security techniques provided by VPN connection. But the most strong and recommended security techniques should be followed for a secure and reliable VPN connection Some of the security measures are listed below.
VPN connection is established under a basic theme of safe and secure private networking. So in order to stop unauthorized user access to the network it is mandatory to secure the end points of the connection and create a strong authentication process. There are several types of authentication protocol that can be used. Some of them are as follows:
PAP (Password Authentication Protocol): This type of protocol provides with a feature of password authentication. The clients are required to establish connection using their respective password. But this type of authentication process is not recommended as there is a high risk of cracking of password by the outsiders.
Point-to-Point Protocol (PPP): In this type of authentication protocol a client trying to connect to a VPN server should firstly be authorized by the VPN server and then only connection can be established. If the client also wants to authenticate the VPN server mutual authentication process can be used.
Internet Shared Key (IKE): While authenticating using IKE protocol exchanging of digital certificates or a shared keywords takes place between the server and the client. The exchange of certificates is highly recommended as it is more stronger than exchanging of shared keywords.
Encryption is the process of encoding the data to be send in such a form that the receiver can only decode it. To prevent the data from being lost, damaged or crack encryption is the best measure. There are several techniques for data encryption but mainly it is divided into two board group.
Symmetric-Key Encryption: In symmetric key encryption system both sending and receiving computer have a common encryption key. Both users use common technique for encoding and decoding of data. For e.g. if I want to send a message HELLO to my friend and while encoding I kept letter A in front of all alphabet which will be like this AHAEALALAO. I will suggest my friend that I've kept letter A in front of all alphabets while encoding and he will decode it removing all the A's and gets HELLO finally.
Public-Key Encryption: In public key encryption system a two keys are used by a user one is private key and another public key. The private key is only known to the user but the public is given by the user to other who wants to communicate.
Firewall is a logical wall created to control or block the offensive websites and potential hackers. As we know that, there are all total 65,536 port to access a computer which is connected to a network. Protocols used in a network uses different port such as HTTP uses port no. 80, SMTP uses port no. 25 and many ports are left unused which are the way for offensive websites and potential hackers. And the basic function of firewall is to block such unused ports.
It was defined by Internet Engineering Task Force (IETF) and was basically defined for encryption of network layer traffic. It also provides with the function of authentication. Any specialized applications do not need to be installed for using IPSec.
6.5 SSL Server:
In case of IPSec VPN may require different configuration as illustrated by the vendors but the only requirement for SSL server is a modern web browser. However SSL server fails in case of web application that are included with Java or ActiveX.
Finally we can conclude that in present context VPN connection is most suitable form of private networking. As it is economic and easy to establish.