|
Why the need for
VPN?
Today's connectivity requirements are changing. Worldwide
availability of the Internet has made it the network of choice for linking businesses
around the globe. Having web presence has empowered companies with the ability to
provide essential and frequent access to their network. Email, telecommuting, and file
sharing through business partnering are just a few applications now espoused by
decentralized networks.
The powerful communications medium of the Internet brings a substantial
cost benefit, but its open transport system renders business communications vulnerable to
the ever-present risk of data exposure. Without a strong security platform, data flow
through the Internet is subject to many threats including eavesdropping, tampering, theft, corruption or loss. With VPN technology, access to network resources are less
expensive, more efficient, and highly secure.
Top
How do VPNs save money?
The explosive growth of web-centric
businesses is forcing companies to change the way they connect users and sites.
Traditional access methods for connecting users and sites only augmented the complexity of
networks, forcing the installation of dedicated leased lines and access gear. More
importantly, recurring communications and operational costs begin skyrocketing as more
users and sites need to be connected. Internet-based VPNs are superceding the costly
methods of traditional access.
Top
What is a
VPN?
A Virtual Private Network or VPN is a
security technology that makes the public shared network (Internet) essentially private.
It does this by creating "private" tunnels that allow data to travel across the
untrusted net just as securely as if it were being transmitted across dedicated private
lines. These secure private connections allow a company to broaden its private intranet
into an extended corporate network to link remote users, branch offices, and business
partners world-wide.
Top
Can VPNs secure internal communications on the company
LAN?
Yes, VPNs are ideal for
protecting various departments from inside threats, both intentional and unintentional
(accidental damage to data). The security services provided by VPNs can be applied to
segment traffic within departmental networks.
Top
How are VPNs
cost-saving?
Internet-based VPNs can reduce or eliminate expensive leased line and
traditional access gear like servers, concentrators and modem banks. Overall, the ubiquity
of the Internet allows VPNs to provide faster, more efficient links between sites and even
secure connectivity to sites that could not otherwise be economically connected.
Top
Technically, what is
going on inside the VPN?
Before being sent through the
public network, data packets are cryptographically protected by encryption and
authentication; this is called encapsulation. Because data packets are encapsulated, they
are protected, and can be thought of as traveling inside a secure VPN "tunnel."
In technical terms, the "tunnel" is actually the set of "rules"
for applying cryptographic protection.
Top
What are the technical
standards for VPN?
The Internet Engineering Task
Force (IETF) has developed the IP security protocol or IPSec, the industry-standard that
spells out how the encryption, authentication and key management services are negotiated
and performed between parties. All vendors in compliance with the IPSec protocol can
guarantee interoperability of their products.
What is IPSec?
IPSec
tunneling is the
powerful security vehicle that delivers encrypted traffic
between devices. A single tunnel can
accommodate simultaneous traffic for an unlimited number of
users between two IP addresses -- unlike private links that
connect phone numbers. Concealing source and destination
addresses is an added benefit, for every 'tunnel' is
really the encapsulation of the original IP packet that
has been protected by encryption.
See IETF Standards
Top
How are the
"tunnels" created?
Before VPN tunnels can be created, the administrator defines the
security policies. A policy dictates the degree of protection required between entities
that will exchange sensitive information. The policy specifies encryption and
authentication algorithms, how to generate encryption keys, the time between key changes,
and related parameters. The negotiation of security policies between entities is
governed by the Internet Key Exchange or IKE, the IETF industry-standard key management
protocol. The end result of negotiation is the creation of a VPN "tunnel" with
the strongest protection policy applied to the tunnel.
Top
Do VPNs support universal
applications?
Yes, the advantage of IPsec is that
it embeds security services at the OSI network layer so data from any application can
travel safely and securely through the network -- without any changes to user
applications. Top
|
