This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This document clearly examines virtual private network operation and its explanation. A virtual private network is an expansion of an organization private network to link site to site users on a shared or public network mostly internet. VPN supplies connectivity to the network on long physical distance and allow file sharing and video conferencing and other network services which are similar to it.
In virtual private network all data paths are masked to a particular extent but can be viewed by limited group of users. VPNs expand geographic connection to telecommuters, mobile users, remote office, and suppliers need to connect the office. VPN creates secure private connection, mainly in a private tunnel in a network or computer and affordable. This technology has been used for years but become popular in recent years. The following figure is the clear example of VPN.
The installation of VPN client software in the user's workstation is the first step to use VPN. A firewall sits between a remote user's workstation or client and the host network or server. This software helps to connect to the VPN server by the tunneling protocol, when once it is successfully connected to the corporate network. Once the remote computer been authenticated the secure connection and VPN server will be formed and the data is been exchanged through the tunnel which encrypts at the sending end and decrypts at the receiving end. This process makes the remote computer trustworthy and secures enough to even use it in an un-trusted internet of local computers on the corporate LAN.
TYPES OF VPN
Basically there are three types of VPN and they are as follows.
This type of VPN is normally implemented for general structured networks that may extent different physical locations. Network existing in a number of buildings is an example which is interconnected to a mainframe or data center that contains protected access through private lines. These may need strong encryption and firm performance and bandwidth requirement.E:\CCNA 1\vpn2.png Figure 2: Architecture of a site to site intranet VPN
This is initiated by the remote users to connect their commercial LAN which are employees and telecommuters connected with laptops and personal computers that will connect occasionally from various locations.
Figure 3: Architecture of remote access VPN
It is used to exchange data or information with their companies as well as other origanization.Durning the exchange of data the network acess must be tightly controlled and it must be secured.virtual private network must offer stiffness or security in extranel communications.virtual private network tunnel are created between the two gateways.in this tunnel rules and filters can be applied to flow the data in a secure manner.virtual private network gateway can be used to establish secure secure tunnels from multiple computer.
Figure 4 Architecture of Extranet VPN
Data travelling on the public network is protected by the VPN by using various technologies. They are as follows.
Firewalls are programmed to protect a network or a system from hackers. The job of firewall is usually filtering the packets after examining IP addresses or ports requested on entrance or way out traffic. It allows only the registered users and blocks the unregistered users out from accessing the systems. Some of the essences of firewalls used for a certain needs are bastion host, proxy servers and packet filtering routers.
Since the above lines states the use of VPN basic firewalls as insecure, it should be viewed firewalls techniques just as the first line of protection in the structure of VPN. Before the advantages of the VPN can be totally produced it should be developed and tested. Typically firewalls protect unnecessary access at the endpoints in a network but not the interrupt in the middle.
Encryption in VPN plays the important role in securing data from the start to end and it protects data. The cryptographic algorithm encrypts the text value and gives cipher text as outcome to make it difficult to understand and not possible to retrieve it. This happens before the data gets out of the network.
Providing an illusion of a tunnel in VPN the cipher text passes through the path to the other destination. On the other side the registered user decrypts the received cipher text to retrieve the plain text with the key at the opposite end. This is the method of VPN maintains the security of data by being private in a public space. Some of the most used cryptographic algorithms for VPN encryption are public key cryptosystems, hash algorithm and secret key systems.
Authentication plays similar role to encryption when exchanging information on a VPN. it is critical to finalize while conforming the connection of VPN network on the public internetwork when the user performing to obtain access to a private network is real. Identity of an entity is checked by the authentication in VPN and conforms to a service and assured their claim. The real user is authenticated by passwords and secret keys or some other identification.
Virtual private network tunneling does establishing and maintaining a logical network connection. On the given diagram, packets constructed in a specific virtual private network protocols format are encapsulated in to other carrier protocol, than it is used to transmit the packet between the virtual private network client and server. So encapsulation is done in transmission side and de-capsulation is done in receiving side. Authentication and encryption is supported by virtual private network to keep the tunnels secure.
VPN tunneling types
There are two types of tunneling is supported by virtual private network. They are voluntary tunneling and compulsory tunneling and they are commonly used tunneling.
The virtual private network client manages connection setup. The client initially makes a connection from network access server to the carrier network provider. Then the virtual private network client application creates the tunnel to a Virtual private network server over this live connection.
The carrier network provider manages virtual private network connection setup. When the client initially makes a normal connection to the carrier, the carrier in sequence immediately brokers a Virtual private network connection between that client and a virtual private network server. From the client point of view, Virtual private network connections are setup in just one step process when compared to the two step process essential for voluntary tunnels.
IPSec Tunnel Mode
IPSec belong to layer 3 protocol that maintain a safe transfer of data over an IP network. As a definition "IPSec defines the packet format for an IP over IP tunnel mode, generally referred to as an IPSec Tunnel mode". It consists of tunnel server and tunnel client both configured in order to use IPSec tunneling and negotiated encryption mechanism. The encrypted load is encapsulated again with a plain text IP header and sent across the network for delivery to the tunnel server. Later it rejects the plain text IP header after receiving packets in the tunnel server and then decrypts the content in order to retrieve the original load IP packet. To the target network the packet is sent after processing normally. The other technology used in tunneling protocols are point to point tunneling protocol (PPTP) and layer 2 tunneling protocol (L2TP)
SECURITY RISK IN VPN
VPN is a technology used in public network infrastructure such as the internet. It uses the public network to transmit data to the owed user in secured manner. During the transmission of data in the internet is not safe because it uses public network infrastructure. We can here frequently that someone stealing someone else's credit card number and getting access to some other documents these are the some examples that data transmit over the public networks. They are some unknown loopholes in this technology and that we may not even aware of that.
VPN must face many challenges in order to provide with high level security. It can be protected against basic firewalls, network attacks and cryptographic assaults. They are as follows.
Basic fire walls
To maintain good security firewalls plays an important key in VPN. Some of the blocker can try to interrupt to get IP address or port requests but firewalls discard all. When more than two or more networks connected to public network, firewalls should be there for security. They are some methods enter into firewall network and access information easily. So other mechanisms must be implemented for higher level of security because the use of firewalls in VPN does not provide good security in the public area. Firewall can be used to block the attackers who need to access our services and it will not do more than that.
It is the important security risk used against the challengers or opponent to destroy the data or to steal their information. Most of the network attacks are done in the internet. Because the platform based on internet, these attacks can be taken care in VPN security technology. Hackers smartly begin with denial of service, address spoofing, session hijack, replay and detection and clean up
Crypto systems are very difficult to break it and if we have more depth of understanding it can be done. It is similar to the code breakers who are the professional in breaking crypto systems. Some of the common crypto attacks are cipher text attack and plain text attack, and some password attacks but it required more hours and in-depth information of advanced mathematics.