This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Virtual Private Network also known as VPN is a private network that connected by user using a public network such as internet . VPN are most common use by company or organization for telecommuting and sharing data in secure and private.
When two or more network is connected via VPN , a secured tunnel is formed with capability to encrypt the data , preserve the data while transmission and ensure the communication only happen between the network .
VPN basically is a secondary connection by using the internet to connect to a network more secure.
At late 20th century , network has become very important for people to share data and information . In that time , computer network cost is expensive . Wide area network ( WAN )
will cost thousands or more for a company to create a network to link network to their branch office .
The rise of internet created a low cost network but insecure and low bandwidth.
The VPN concept was introducted to produce a virtual "dedicated circuit" using the internet as the network and use cryptography to make it secure.
Type of VPN Connection :
There is two type of VPN connection :
ƒ Remote Access VPN
ƒ Site-to-site VPN
Remote Access VPN
Remote Access VPN is a common VPN service to use in office or home network.
The VPN is a point-to-point connection between the user(computer using vpn client) and an organization's network / server.
This type of VPN connection is supported by IPsec , PPTP , L2F , and L2TP tunneling protocol.
If the user use web browser to connect to a VPN gateway , we call this type of VPN as
Remote access VPN can be use anywhere , the user just need to connect to the VPN gateway by launching VPN connection using VPN client. When the user send data , the VPN client software will encrpts the data before send out over a public network to a VPN gateway to a destination network. When the VPN gateway receive the data , it will decrypt it and send the packets to the destination network.
Site-to-site VPN connections or also known as router-to-router VPN connection is a VPN connection between 2 gateway that reside in 2 different networks over the internet for both network to exchange data securely.
Both gateway will encrpyt and decrypt data.
This type of VPN connection is supported by IPsec , PPTP , L2F , and L2TP tunnel protocol.
VPN Security Mechanism
Some may wonder what make a VPN secure and private when you using a public line to connect to a network. VPN use cryptographic tunneling protocols which will block intercepts and packet sniffing .
This allow sender authentication to block identity spoofing .
VPN is designed to provide a secure , encrypted tunnel in which to transmit the data only between the remote user and the network . The information transmitted through the encrypted tunnel is invisible to other and cannot be read by anyone else.
VPN security contain few elements to secure the organization or company private network and the outside network ( public network such as internet ) .
Encryption is a important component for VPN to be secure .Encryption is a technique for scrambling and unscrambling information. Unscrambled information is known as clear-text , meanwhile scrambled information is known as cipher-text. Encryption works by sending the information into cipher text before sending encrypted information through the tunnel over internet. Information is decrypted back to clear text at the VPN gateway that receive the information.
Companies kept their encryption algorithms secret in early day of VPN tunneling.
But if the algorithms is cracked , all the information that encrypted using that algorithms become vulnerable. Encryption commonly used include key encryption to keep the data secure.
Key is a encryption algorithm secret code to create a unique version of cipher text.
To put it in simple , VPN encryption is like a lock .
For example , a hardware store sell same type of lock , but each lock key is different.
Transmission security strength is depend on the length of the key user use.
Here's the formula :
8-bit keys = 256 combinations ( 2 to the 8 power )
16-bit keys = 65,536 combinations ( 2 to the 16 power)
and so on . . .
Example if you use 16-bit key , an intruder need to have to make up to 65,536 attempts to crack the encryption , but with a computer it will be a simple task .
That why a lot VPN products nowadays are using 168-bit keys which create
Symmetrical Key :
Symmetrical key use same key at each end of tunnel to encrypt and decrypt information.
This make the task more simple and faster . Symmetrical key need to keep as secret because same key is used to encrypt and decrypt the information , so if the key is leaked then is not safe anymore.
Asymmetrical Key :
Asymmetrical key is slightly more complicated but much more easier to manage.
This type of key allow information to be encrypted with one key but decrypted with different key. Decryption key is called as "private key" or "secret key" because is typically kept secretly to ensure privacy . Meanwhile encryption key is called as "public key" because you can distribute to yours remote user .
Let say Company A use asymmetrical key system , Company A will have 2 key which is "secret key" to decrypt and a "public key" to encrypt . Company A can hand the "public key" to it worker or customer to encrypt information and send to him without worry that other public user that know the "public key" to decrypt the information because the "public key" can't decrypt the information .
Key Management :
Small VPN network does not necessarily need a software automation. However , larger network might need deploying a Public Key Infrastructure ( PKI ) to create , distribute , and track digital certificates on a per-user basic. If the equipment support these authentication alternatives then you can use pre-shared key or raw digital signatures . But if user wanted to use certificates then user can use some third party Certificate Authority service or make own Certificate Authority by using software like Entrust , Xcert or Baltimore Technologies .
Either option will help user to establish a PKI which are useful to extend secure , limited network access beyond their own internal users to partner or public.
Picture above show an example of Certificate Authority.
This step is to determine the sender is who he says he is ( a user / system authentication ) , and to check if the data is redirected or corrupted.
VPN Tunneling :
Tunnel is the thing that make VPN "virtually private". You not really "on" the internet but you actually "on" yours private network even thought you access yours network via the internet.
(is like walking under the road where by other won't notice you are crossing the road ).
VPN tunnel packets may take a different paths between the two endpoints as with any internet traffic. VPN transmission only visible by the recipients at the other end of user transmission . User network protocols within Internet protocol (IP) is encrypts and encapsulates by tunnelling technology . VPN transmission not only invisible to other user but also invisible to user network management operations as well.
There are few types of main network protocol that VPN use in tunneling .
Those protocol are incompatible with each other.
A set of protocol to secure exchange packets at the IP layer .
IPsec has 2 mode of operation :
ƒ Transport Mode
In this mode , only the data user transfer (payload) is encrypted .
ƒ Tunnel Mode
This mode encrypted the entire IP packet and this mode support NAT traversal.
IPsec work by sending a receiving devices by sharing a public key .
This is done by a protocol known as Internet Security Association and Key Management Protocol , that allow user to obtain public key and authenticate the sender using digital certificates.
Point to point Tuneling Protocol (PPTP) allow multiple protocol traffic to be encrypted and encapsulate in an IP header to be sent to an private network or a public network(eg: internet).
Point-to-point Protocol (PPP) frames in IP datagrams is encapsulated by PPTP for transmission over the network .
PPTP can be used by remote access and site-to-site VPN connections.
To encapsulate PPP frames for tunnelled data, PPTP use a TCP connection for tunnel and modified version of Generic Routing Encapsulation (GRE).The data information (payload) of the encapsulate PPP frame can be encrypted , compressed or both .
Figure above shows a Structure of a PPTP Packet Containing an IP Datagram.
When using internet as public network , PPTP server is a PPTP-enabled VPN Server which with one interface on the Internet and another(second) interface on the intranet.
Layer Two Tunneling Protocol is an extension PPP protocol that enables ISPs.
L2TP is a combination of PPTP and Layer 2 Forwarding (L2F) . L2TP encapsulates PPP frames and send over a network .
L2TP over IP network will use User Datagram Protocol (UDP) for tunnel management.
L2TP send encapsulated PPP frames as tunnel data using UDP. Same as PPTP , L2TP also can encrypt , compress data of encapsulated PPP frame.
Structure of an L2TP Packet Containing an IP Datagram
L2TP with IPsec (L2TP/IPsec)
L2TP/IPsec is a combination of L2TP and IPsec .
This combination use L2TP tunneling method and IPsec encryption method.
Picture above show Encryption of L2TP Traffic with IPSec ESP
Since most router support software defined tunnel interface , customer - provisioned VPNs often define tunnels running conventional routing protocols.
Provider-provided VPNs (PPVPNs) need to support coexisting multiple VPNs , hidden from one another and operate using same service provider.
Virtual Private Network or VPN in short often use by companies or organization to create a private network to transfer data in more secure and private.
There are two type of VPN connection :
ƒ Remote Access VPN Connection
ƒ Site-to-site VPN Connection
VPN use cryptographic tunneling protocols which will block intercepts and packet sniffing .
This allow sender authentication to block identity spoofing and the data transmitted is invisible to other user.
VPN client will encrypt and data and send , the receiver will decrypt the data back to original, this method called as encryption . Each encryption usually will have key , to put it simple , is like password to decrypt the data.
VPN use tunneling method to transfer data from one private network to another. This method use public network , which usually is internet as connection to transfer data through a tunnel which is invisible to other public network user .
In modern day , VPN not only use by some company or organization but some home user also use it well . Many user use it to prevent being track or to bypass some blocked website in their country. Some user also use to transfer data from one to another within private .
Image above show before and after use VPN.
Image on the left side show the user IP and location , but after use VPN , it show the VPN server IP and location.
Image above show example of VPN client.
As a overview , VPN is a private network to share data more secure and private because it was invisible to other .
Example of restricted site only available to U.S .
Web bypassed by using VPN U.S server.