This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Virtual Private Network is a network which requires use of public technology like the internet in order to enable various organizations and users a secure access to their personal networks. It provides the same security options that a wired network provides by using a "tunneling" mechanism and encrypting data so that it is secured.
In general terms, VPN is a connection established between multiple networking devices by sharing infrastructure and providing a safer and more secure platform for users' to gain access to their personal networks.
FIG: Virtual Private Network
the following features must be must taken into account while creating a VPN:
It must provide security at the highest level
the network must be Reliable
Scalability is an important feature as well
A well managed network
Management of policy
PROPERTIES OF A VPN CONNECTION
Encapsulation is the process of adding extra information to the original data, like a header and routing information. This technology also follows encapsulation process which allows data and information to pass through a public network.
Authentication are of three different types:
i) User level authentication
A VPN client that is attempting a user-level authentication method by connecting with the VPN server via a (PPP) is authenticated by the VPN server and it also checks whether the VPN client is properly authorized or not.
For providing protection against fake VPN servers, the client can authenticate the server in the presence of a mutual authentication.
ii) Computer-level authentication using the Internet Key Exchange
The authentication of VPN client and server is done by each other at the computer level by means of the Internet Key Exchange (IKE) protocol to swap computer certificates or a pre-shared key.
iii) Data originality and integrity authentication
Data is encrypted with a cryptographic checksum which is known to the sender and the receiver of the data in order to confirm that the data sent on through the connection was not modified in transit and was created by the sender himself at his end of the connection.
3) Encryption of data
To better protect and secure the data during its transmission over the public network, the data is encrypted by the sender and is decrypted when received by the receiver. This process depends upon the sender and the receiver of the data who are using a common encryption key while transmitting it.
Encrypted data sent along the VPN connection are meaningless to people who do not have the encryption key. The encryption key's length is an important security consideration and users can employ a variety of computational techniques to determine the encryption key. It is essential to employ the biggest key size possible to make sure data is protected.
4) Address Allocation
A virtual interface that represents all connections made is created during the configuration of a VPN. An interface is created on the client when a connection is established. The virtual interfaces of the client and the sever must be assigned IP address and these IPs are assigned by the server. The server gets IP for it and clients use the Dynamic Host Configuration Protocol (DHCP) to get IP addresses. The virtual interface of the client and the server is connected using a Point to Point VPN connection.
During the establishment process of the VPN connection, the assignment of DNS (Domain Name System) and WINS (Windows Internet Name Service) occurs and the client gets IP of the DNS and WINS from the server.
Network Address Translation
NAT facilitates users to hide unregistered IP's among many registered IP's which then helps in protecting the internal network. Since many private addresses can be represented by a small set of registered addresses, NAT helps solve the IP address depletion problem. also helps to alleviate the IP address depletion problem.
HYBRID INTERNET AND INTRANET VPN CONNECTION
1) HYBRID INTERNET VPN
A few companies have been able to combine features of SSL and IPSec and other numerous kinds of VPN connections. Hybrid VPN servers accept connections from multiple kinds of VPN clients. It is expensive but it offers higher flexibility at both clients and server levels
Under Hybrid Internet VPN, the network devices are connected via internet. It is used in situations where ISPs of two or more networks are different. VPN Client users are able to access servers from various places as per there needs.
It reduces cost load of long distance related with dial-up connection and ensures a secure network access to the users where the may physically be.
FIG: HYBRID INTERNET VPN
2) Intranet VPN
Intranet VPN consists of multiple networking devices being connected within the same network and negotiating to a secure communication medium via the Internet which is known as a tunnel.
An example of Intranet VPN is an existing network in different buildings that are connected to a mainframe which has secured access via private lines which enables clients from networks on both sides of the tunnel to communicate with each other like communicating in the same network. This requires strong encryption of data.
It significantly lowers the cost over the old fashioned leased-line technology by the use of Internet to link long distance networks.
FIG: INTRANET VPN
COMPARISON BETWEEN HYBRID INTERNET AND INTRANET VPN
Hybrid internet VPN connection is the combination of the features of SSL, IPSec and various other types of VPN networks.
Intranet VPN connection is the virtual network created between same types of networks via the medium of internet or local connection.
It is proficient to accept connections from numerous types of VPN clients.
It can accept connections from only its kind of VPN clients.
It provides higher flexibility at both client and server level
It comparatively provides less flexibility than a hybrid internet VPN connection.
It is expensive to establish and operate
It is comparatively cheaper to establish and operate than hybrid internet.
Users that have been authorized are only accepted to maintain a VPN connection.
VPN connections do not require the creation of additional user accounts. The server only uses accounts specified in the available user accounts database.
How security works at connection
* A PPTP tunnel is created with the VPN server.
* A challenge is sent by the server.
* An encrypted reply is sent to the server .
* The reply is checked against the user database.
* The connection is authorized when the account is valid.
A vital security concern is the VPN authentication of clients by the server. Authentication process has two levels:
i) Computer-level authentication
Computer-level authentication is conducted by the exchanging computer certificates or a preshared key while esablishing the IPSec association..
ii) User-level authentication
The remote access client is authenticated who requests the VPN connection before data is sent over public network.
3) Data encryption
There is a high risk of malicious intervention during sending of data between client and the server over a shared internet network. In order to maintain data confidentiality the data must be encrypted.
Data encryption is the process of transforming or converting the plain text into cypher text by applying mathematical calculations and algorithms. The cypher texts are such which are non-readable to other people. The server can be configured to apply data encryption where users connecting to that particular server must encrypt the data they send or they wont be allowed a connection.
Data encryption are of two types and they are : symmetric and asymmetric. Symmetric system brings in use a common key which is shared and known by both the sender and receiver of the data while asymmetric system uses two keys,public and private key. The public is used to encrypt data to send to the owner and to decrypt that data ,the private key is required.
4) Packet filtering
While configuring a remote access server with a remote access setup wizard,the calling router is configured as well.
The computer forwards IP packets between the Internet and intranet because IP routing is enabled on intranet interfaces which provides a direct and routed connection. The intranet can be protected so that only the traffic sent and received over secured connections are forwarded to the intranet.
In the existence of a firewall, the packet filters on the firewall must be configured in order to pass traffic between the VPN router and the routers available on the internet.
With the establishment of a Virtual Private Network, the client computer is connected with server and different computers as if they are connected in the same network via the means of internet. Various networking functions like Mapping of network drives, allowing remote access, etc., can be performed as if the computers are in the same network. VPN also provides the same level of security that a wired medium provides in order to maintain a high data confidentiality, thus, making the users' able to access their network anytime from anywhere they prefer without any outside threat or any other technical difficulties.