This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
A Virtual Private Network (VPN) can be defined as a network using non private infrastructures and technologies to make a communication between the organizations branch or remote computers. By non private infrastructures it means an internet for example. One and only main reason for creating a Virtual Private Network is to provide secure telecommunication facilities at comparatively much lower price. VPN provides much fast, conforming and protected communication. The basic principle of VPN is the Tunneling method. This tunneling includes creating a logical network connection and supplying it with basic necessities and support. In this type of connection, fragments of message (packets) in a certain protocol are encapsulated with some other protocols which is then transferred to the remote computer . The remote computer must de-encapsulate the data to retrieve it.
There are basically three VPN tunneling Protocols:
Layer two Tunneling protocol (L2TP)
Internet protocol security (IPSec)
Point- to-point Tunneling protocol (PPTP)
Types of VPN
Basically there are two types of VPN.
The first one is Intranet VPN
The second one is Internet VPN
But we can further divide VPN as:
Leased Line VPN
ISP Managed VPN
Remote Access VPN
Site to Site Intranet VPN
Site to Site Extranet VPN
VPN Connection- There are two types of VPN connection:
Remote access VPN connection- A single computer if connects to a network that is private can create a Remote access VPN connection. The authentication process is done by remote computer as well as a VPN server.
Router to Router VPN connection- If a router is used to join two private networks the connection is Router to router connection.
Properties of VPN
There are many properties of a VPN connection. Some of the major properties of VPN are:
Address/Name server- allocation
Authentication- Authentication process in the VPN network is an important security solicitude.. Authentication methods use an authentication protocol that is discussed during the connection creation process. The authentication process can be divided into two major levels:
Computer level Authentication- This Authentication is performed on Layer 2 Tunneling Protocol during transfer or exchange of a computer certificate and pre shared key. This process works when a computer uses Internet protocol security over Layer 2 tunneling protocol.
User level Authentication- This Authentication is used while using Point to Point tunneling protocol (PPTP). Unless a data is authenticated it cannot be sent to the remote computer. User level Authentication is required by all technologies using site to site connection. Router is the term given to the user which is to be authenticated.
Encapsulation- Data encapsulation is the process of protecting data. VPN uses an encapsulation technique to protect a private data using a header that helps the data to travel across the internetwork. There are many tunneling technologies developed for data encapsulation in VPN network, some of them are Layer 2 tunneling protocol, Point to Point tunneling protocol (PPTP), layer 2 forward protocol. A PPTP gives user an encrypted access to a network on the internet. Only one major problem of a PPTP is that it can only support a tunnel at a time for an individual user. To overcome this defect Layer 2 tunneling protocol is used. L2TP can at once support many tunnels for individual user.
Data Encryption- Data Encryption is used to provide data discretion in keeping secret information. To insure the safety of a data, the data must be encrypted by the one who sends (sender) and must be de-encrypted by the receiver. An encryption key must be common to both sender and receiver so that they can encrypt and decrypt data. The encrypted data is not understood by anyone else having the right encryption key. Larger the size of Encryption key higher the security. Moreover if many data are encrypted with same encryption key it is not so secure.
Address/Name server- allocation- Address allocation is basically a policy defined while creating a VPN network. After configuring VPN server a virtual interface is created that represents the surface containing all the VPN connections. Immediately after a client or a remote computer makes a connection to VPN network a virtual interface is created on the VPN remote computer client representing the surface to which VPN server is connected. This connection is generally created by making a point to point connection on the VPN network. After being connected to the network the remote computers and server must be provided with IP address. VPN server itself assigns the IP address for all these computers. The main server gains IP manually by entering and provides IP address to other remote computer using a DHCP Dynamic Host Configuration Protocol. Including the address allocation name is also allocated by this property using a DNS server.
Comparison of Hybrid Internet and Intranet in VPN Connection
Hybrid Intranet VPN - Intranet VPN is simply a VPN over a private network. It connects two or more branches, sectors, and headquarters of an office or organization using a common infrastructure. The intranet VPN gives user a feeling of a private network with high security, reliability and the capability of being well controlled. There are many benefits of a VPN Intranet, some of them are:
Minimizes the cost of Wide Area Network Bandwidth.
Newer sites are easily connected.
It establishes Wide Area Network link redundancy to increase the Network uptime.
To create an Intranet VPN using the Internet is one on the most inexpensive ways of implementing VPN network. The basic principle of Intranet VPN is to use IP connectivity of the intranet. It is not so difficult to connect two networks using a VPN connection though a router.
Hybrid Internet VPN- A router is used to throw the data in Internet VPN connection. A network can either be connected using a dedicated WAN link or a dial up WAN links. This can be very use to connect a network instead of using long and expensive WAN connections between offices the routers are directly connected to the internet and WAN connection is established. Internet VPN is simply a Virtual Private Network over the internet. The internet may not be safe to transmit our data and information but VPN tunneling over the internet makes it secure and much reliable. The system popularly used is called Point to point system which may be a bit expensive but gives higher security to the data. The encryption process is followed to secure data which has to be agreed by both the computer (sender and receiver) and a key is defined which is common to both the users which is used to encrypt and decrypt data.
VPN Security- VPN network secures the data and information between the application and within the server itself. If a VPN is much enhanced it uses a tunneling technology called cryptographic tunneling protocol. It provides data security by providing authentication, packet sniffing and by providing message integrity. One of the major reasons using a secure VPN connection is to be sure that the data travels without being captured and the data is encrypted so that the captured data is useless to the capturer. Not only this but also the data content cannot be altered by anyone. Secure VPN is different from trusted VPN as secure VPN gives only security but it does not give assurance of the way on which data travels.
Secure VPN needs to maintain some of the requirements which are discussed below:
All the data and information on the VPN (generally called Traffic) must be authenticated and encrypted- Most of the secure VPN protocols uses only authentication but they lack encryption.
All the members in the VPN must agree the properties proposed for the security of the VPN- The endpoints in the tunnel is connected to the either users using VPN, both the user must agree the security proposal of the VPN.
The security properties of the VPN mustn't be given to any outsiders and they shouldn't be able to change it- To do this sort of security property an encryption key should be strong and mustn't be provided to any outsiders.
Including these requirements there are some technologies for secure VPN which are discussed below:
Encrypting the IPSec in both ends of the tunnel
Implementing security in Transport Layer- This protection tunnels all the data and information or even an individual data.
IPSec inside the L2TP
Secure Shell (SSH) - This helps a user or a remote computer connection to an interconnected network.
Point to point encryption- It is developed by Microsoft and works only with their point to point tunneling protocol.
Some of the privacy and security strategies of VPN are discussed below:
Cryptography-This is the process of hiding data i.e. securing them. There are two types of cryptography systems:
Private Key Cryptography (Symmetric)- It uses a pair of discrete mathematically similar keys. One is the key that is kept as a secret within the office or organization, and the next key is made open for the public.
Public Key Cryptography (asymmetric) - This cryptography converts the information into string of bits for both decryption and encryption process. All the data being sent are encrypted for security reason.
Encryption- This encryption is same as the encryption mentioned above. This is one of the processes to secure data by encrypting them.
Digital Signature- Digital signature interconnects a data or information to the private key of the sender. The receiver can decrypt the data by using the public key of the sender.
This research shows that the VPN connection is a useful application in the busy world of today's computer era. Providing us with secure communication and much lower cost to access the network in comparison to other remote access networks VPN is being more and more popular say by day. The user can use the network without knowing the tunnel system, VPN hardware or software. One of the most benefits of VPN is that all the people can use it and is very secure networking technology.