Scribd
Upload
67 views16 pages

Virtual Private Network

A Virtual Private Network (VPN) allows private network communication over a public network like the Internet. There are three main types of VPNs: remote access VPNs which allow mobile users to connect to an organization's network, intranet VPNs which connect organization offices over the Internet, and extranet VPNs which connect organizations and external users like customers or suppliers. Key components of an effective VPN include VPN devices, tunneling protocols, and security protocols to encrypt traffic and maintain privacy across the public network.

Uploaded by

Arthur Fisher
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
67 views16 pages

Virtual Private Network

A Virtual Private Network (VPN) allows private network communication over a public network like the Internet. There are three main types of VPNs: remote access VPNs which allow mobile users to connect to an organization's network, intranet VPNs which connect organization offices over the Internet, and extranet VPNs which connect organizations and external users like customers or suppliers. Key components of an effective VPN include VPN devices, tunneling protocols, and security protocols to encrypt traffic and maintain privacy across the public network.

Uploaded by

Arthur Fisher
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd

Virtual Private Network

IS 311 Dr. Gray Tuesday 7pm November 19 !""!

#y$ Germai%e #a&o% 'i((i #eduya )u% *itsuoka #etty +ua%, )uliet Poli%ta%

Table of Contents
I. II. III. IV. V. VI. I%trodu&tio% ------------------.. 1 . ! VPN Topolo,y-----------------... ! . 3 Types o/ VPNs-----------------... 3 . 0 1ompo%e%ts o/ VPNs---------------. 0 . 7 Produ&tivity a%d 1ost #e%e/it-----------.... 7 . 9 2uality o/ Servi&e----------------.. 9

VII. T3e 4uture o/ VPN---------------.... 9 . 11 VIII. 1o%&lusio%-------------------. 11 I5. 5. #iblio,rap3y------------------...1! . 13 2uestio%s--------------------16

Introduction Virtual. Virtual mea%s %ot real or i% a di//ere%t state o/ bei%,. I% a VPN private &ommu%i&atio% betwee% two or more devi&es is a&3ieved t3rou,3 a publi& %etwork t3e I%ter%et. T3ere/ore t3e &ommu%i&atio% is virtually but %ot p3ysi&ally t3ere. Private. Private mea%s to keep somet3i%, a se&ret /rom t3e ,e%eral publi&. 7lt3ou,3 t3ose two devi&es are &ommu%i&ati%, wit3 ea&3 ot3er i% a publi& e%viro%me%t t3ere is %o t3ird party w3o &a% i%terrupt t3is &ommu%i&atio% or re&eive a%y data t3at is e8&3a%,ed betwee% t3em. Network. 7 %etwork &o%sists o/ two or more devi&es t3at &a% /reely a%d ele&tro%i&ally &ommu%i&ate wit3 ea&3 ot3er via &ables a%d wire. 7 VPN is a %etwork. It &a% tra%smit i%/ormatio% over lo%, dista%&es e//e&tively a%d e//i&ie%tly. T3e term VPN 3as bee% asso&iated i% t3e past wit3 su&3 remote &o%%e&tivity servi&es as t3e 9PSTN: Publi& Swit&3ed Telep3o%e Network but VPN %etworks 3ave /i%ally started to be li%ked wit3 IP.based data %etworki%,. #e/ore IP based %etworki%, &orporatio%s 3ad e8pe%ded &o%siderable amou%ts o/ time a%d resour&es to set up &omple8 private %etworks %ow &ommo%ly &alled I%tra%ets. T3ese %etworks were i%stalled usi%, &ostly leased li%e servi&es 4rame ;elay a%d 7T* to i%&orporate remote users. 4or t3e smaller sites a%d mobile workers o% t3e remote e%d &ompa%ies suppleme%ted t3eir %etworks wit3 remote a&&ess servers or ISDN. Small to medium.si(ed &ompa%ies w3o &ould %ot a//ord dedi&ated leased li%es used low.speed swit&3ed servi&es. 7s t3e I%ter%et be&ame more a%d more a&&essible a%d ba%dwidt3 &apa&ities ,rew &ompa%ies be,a% to put t3eir I%tra%ets o%to t3e web a%d &reate w3at are %ow k%ow% as <8tra%ets to li%k i%ter%al a%d e8ter%al users. +owever as &ost.e//e&tive a%d =ui&k.to.deploy as t3e I%ter%et is t3ere is o%e /u%dame%tal problem > se&urity. Today?s VPN solutio%s over&ome t3e se&urity /a&tor usi%, spe&ial tu%%eli%, proto&ols a%d &omple8 e%&ryptio% pro&edures data i%te,rity a%d priva&y is a&3ieved a%d t3e %ew &o%%e&tio% produ&es w3at seems to be a dedi&ated poi%t.to poi%t &o%%e&tio%. 7%d be&ause t3ese operatio%s o&&ur over a publi& %etwork VPNs &a% &ost si,%i/i&a%tly less to impleme%t t3a% privately ow%ed or leased servi&es. 7lt3ou,3 early VPNs re=uired e8te%sive e8pertise to impleme%t te&3%olo,y 3as matured to a level w3ere deployme%t &a% be a simple a%d a//ordable solutio% /or busi%esses o/ all si(es. Virtual Simply put a VPN Virtual Private Network is de/i%ed as a %etwork t3at uses publi& %etwork pat3s but mai%tai%s t3e se&urity a%d prote&tio% o/ private %etworks. 4or e8ample Delta 1ompa%y 3as two lo&atio%s o%e i% 'os 7%,eles 17 97: a%d 'as Ve,as Nevada 9#:. I% order /or bot3 lo&atio%s to &ommu%i&ate e//i&ie%tly Delta 1ompa%y 3as t3e &3oi&e to set up private li%es betwee% t3e two lo&atio%s. 7lt3ou,3 private li%es would restri&t publi& a&&ess a%d e8te%d t3e use o/ t3eir ba%dwidt3 it will &ost Delta 1ompa%y a ,reat deal o/ mo%ey si%&e t3ey would 3ave to pur&3ase t3e &ommu%i&atio% li%es per mile. T3e more viable optio% is to impleme%t a VPN. Delta 1ompa%y &a% 3ook t3eir &ommu%i&atio% li%es wit3 a lo&al ISP i% bot3 &ities. T3e ISP would a&t as a middlema% &o%%e&ti%, t3e two lo&atio%s. T3is would &reate a% a//ordable small area %etwork /or Delta 1ompa%y.

VPNs were are broke% i%to 6 &ate,ories. 1: Trusted VPN$ 7 &ustomer @trustedA t3e leased &ir&uits o/ a servi&e provider a%d used it to &ommu%i&ate wit3out i%terruptio%. 7lt3ou,3 it is @trustedA it is %ot se&ured. !: Se&ure VPN$ Bit3 se&urity be&omi%, more o/ a% issue /or users e%&ryptio% a%d de&ryptio% was used o% bot3 e%ds to sa/e,uard t3e i%/ormatio% passed to a%d /ro. T3is e%sured t3e se&urity %eeded to satis/y &orporatio%s &ustomers a%d providers. 3: +ybrid VPN$ 7 mi8 o/ a se&ure a%d trusted VPN. 7 &ustomer &o%trols t3e se&ure parts o/ t3e VPN w3ile t3e provider su&3 as a% ISP ,uara%tees t3e trusted aspe&t. 6: Provider.provisio%ed VPN$ 7 VPN t3at is admi%istered by a servi&e provider. VPN Topology Ne8t we will look at 3ow a VPN works i%ter%ally$ To be,i% usi%, a VPN a% I%ter%et &o%%e&tio% is %eededC t3e I%ter%et &o%%e&tio% &a% be leased /rom a% ISP a%d ra%,e /rom a dial up &o%%e&tio% /or 3ome users to /aster &o%%e&tio%s /or busi%esses. 7 spe&ially desi,%ed router or swit&3 is t3e% &o%%e&ted to ea&3 I%ter%et a&&ess &ir&uit to provide a&&ess /rom t3e ori,i% %etworks to t3e VPN. T3e VPN devi&es &reate PV1s 9Permanent Virtual Circuit. a virtual &ir&uit t3at resembles a leased li%e be&ause it &a% be dedi&ated to a si%,le user: t3rou,3 tu%%els allowi%, se%ders to e%&apsulate t3eir data i% IP pa&kets t3at 3ide t3e u%derlyi%, routi%, a%d swit&3i%, i%/rastru&ture o/ t3e I%ter%et /rom bot3 t3e se%ders a%d re&eivers. T3e VPN devi&e at t3e se%di%, /a&ility takes t3e out,oi%, pa&ket or /rame a%d e%&apsulates it to move t3rou,3 t3e VPN tu%%el a&ross t3e I%ter%et to t3e re&eivi%, e%d. T3e pro&ess o/ movi%, t3e pa&ket usi%, VPN is tra%spare%t to bot3 t3e users I%ter%et Servi&e Providers a%d t3e I%ter%et as a w3ole. B3e% t3e pa&ket arrives o% t3e re&eivi%, e%d a%ot3er devi&e will strip o// t3e VPN /rame a%d deliver t3e ori,i%al pa&ket to t3e desti%atio% %etwork. VPNs operate at eit3er layer ! or layer 3 o/ t3e DSI model 9Dpe% Systems I%ter&o%%e&tio%:. 'ayer.! VPN uses t3e layer ! /rame su&3 as t3e <t3er%et w3ile layer.3 uses layer 3 pa&kets su&3 as IP. 'ayer.3 VPN starts at layer 3 w3ere it dis&ards t3e i%&omi%, layer.! /rame a%d ,e%erates a %ew layer.! /rame at t3e desti%atio%. Two o/ t3e most widely used proto&ols /or &reati%, layer.! VPNs over t3e I%ter%et are$ layer.! tu%%eli%, proto&ol 9'!TP: a%d poi%t.to.poi%t tu%%eli%, proto&ol 9PPTP:. T3e %ewly emer,ed proto&ol &alled *ultiproto&ol 'abel Swit&3i%, 9*P'S: is used e8&lusively i% layer.3 VPNs. See 4i,ure 1

4i,ure 1. De/i%ed VPN Note$ 4rom 7 Primer /or impleme%ti%, a 1is&o Virtual Private Network E 1999 1is&o systems I%& 7ll ri,3ts ;eserved

Types of VPNs T3ere are &urre%tly t3ree types o/ VPN i% use$ remote a&&ess VPN i%tra%et VPN e8tra%et VPN. Remote access VPNs 9see /i,ure !:, e%ables mobile users to establis3 a &o%%e&tio% to a% or,a%i(atio% server by usi%, t3e i%/rastru&ture provided by a% ISP 9I%ter%et Servi&es Provider:. ;emote a&&ess VPN allows users to &o%%e&t to t3eir &orporate i%tra%ets or e8tra%ets w3erever or w3e%ever is %eeded. Fsers 3ave a&&ess to all t3e resour&es o% t3e or,a%i(atio%?s %etwork as i/ t3ey are p3ysi&ally lo&ated i% or,a%i(atio%. T3e user &o%%e&ts to a lo&al ISP t3at supports VPN usi%, plai% old telep3o%e servi&es 9PDTS: i%te,rated servi&es di,ital %etwork 9ISDN: di,ital subs&riber li%e 9DS': et&. T3e VPN devi&e at t3e ISP a&&epts t3e user?s lo,i% t3e% establis3es t3e tu%%el to t3e VPN devi&e at t3e or,a%i(atio%?s o//i&e a%d /i%ally be,i%s /orwardi%, pa&kets over t3e I%ter%et. ;emote a&&ess VPN o//ers adva%ta,es su&3 as$ ;edu&ed &apital &osts asso&iated wit3 modem a%d termi%al server e=uipme%t Greater s&alability a%d easy to add %ew users ;edu&ed lo%,.dista%&e tele&ommu%i&atio%s &osts %atio%wide toll./ree G"" %umber is %o lo%,er %eeded to &o%%e&t to t3e or,a%i(atio%?s modems

4i,ure !. ;emote 7&&ess VPNs 7 Primer /or impleme%ti%, a 1is&o Virtual Private Network E 1999 1is&o systems I%& 7ll ri,3ts ;eserved

Intranet VPNs, provides virtual &ir&uits betwee% or,a%i(atio% o//i&es over t3e I%ter%et 9see /i,ure 3:. T3ey are built usi%, t3e I%ter%et servi&e provider IP 4rame ;elay or 7T* %etworks. 7% IP B7N i%/rastru&ture uses IPSe& or G;< to &reate se&ure tra//i& tu%%els a&ross t3e %etwork. #e%e/its o/ a% i%tra%et VPN i%&lude t3e /ollowi%,$ ;edu&ed B7N ba%dwidt3 &osts e//i&ie%t use o/ B7N ba%dwidt3 4le8ible topolo,ies 1o%,estio% avoida%&e wit3 t3e use o/ ba%dwidt3 ma%a,eme%t tra//i& s3api%,

4i,ure 3. I%tra%et VPNs 7 Primer /or impleme%ti%, a 1is&o Virtual Private Network E 1999 1is&o systems I%& 7ll ri,3ts ;eserved

T3e &o%&ept o/ setti%, up extranet VPNs are t3e same as i%tra%et VPN. T3e o%ly di//ere%&e is t3e users. <8tra%et VPN are built /or users su&3 as &ustomers suppliers or di//ere%t or,a%i(atio%s over t3e I%ter%et. See 4i,ure 6

4i,ure 6. <8tra%et VPNs 7 Primer /or impleme%ti%, a 1is&o Virtual Private Network E 1999 1is&o systems I%& 7ll ri,3ts ;eserved

Components of the VPN I% order /or a VPN to be be%e/i&ial a VPN plat/orm %eeds to be reliable ma%a,eable a&ross t3e e%terprise a%d se&ure /rom i%trusio%. T3e VPN solutio% also %eeds to 3ave Plat/orm S&alability > t3e ability to adapt t3e VPN to meet i%&reasi%, re=uireme%ts ra%,i%, /rom small o//i&e &o%/i,uratio% to lar,e e%terprise impleme%tatio%s. 7 key de&isio% t3e e%terprise s3ould make be/ore starti%, t3eir impleme%tatio% is to &o%sider 3ow t3e VPN will ,row to meet t3e re=uireme%t o/ t3e e%terprise %etwork a%d i/ VPN will be &ompatible wit3 t3e le,a&y %etworks already i% pla&e. 1. Se&urity > 1ompa%ies %eed to keep t3eir VPNs se&ure /rom tamperi%, a%d u%aut3ori(ed users. Some e8amples o/ te&3%olo,ies t3at VPN?s use areC IP Se&urity 9IPSe&: Poi%t.to.Poi%t Tu%%eli%, Proto&ol 9PPTP: 'ayer ! Tu%%eli%, Proto&ol a%d *ultiproto&ol 'abel Swit&3i%, 9*P'S: alo%, wit3 Data <%&ryptio% Sta%dard 9D<S: a%d ot3ers to ma%a,e se&urity. 7 /urt3er des&riptio% o/ t3ese te&3%olo,ies is detailed %e8t. PPTP uses Poi%t.to.Poi%t Proto&ol 9PPP: to provide remote a&&ess t3at &a% be tu%%eled t3rou,3 t3e I%ter%et to a desired site. Tu%%eli%, allows se%ders to e%&apsulate t3eir data i% IP pa&kets t3at 3ide t3e routi%, a%d swit&3i%, i%/rastru&ture o/ t3e I%ter%et /rom bot3 se%ders a%d re&eivers to e%sure data se&urity a,ai%st u%wa%ted viewers or 3a&kers. PPTP &a% also 3a%dle I%ter%et pa&ket e8&3a%,e 9IP5: a%d %etwork basi& i%putHoutput system e8te%ded user i%ter/a&e 9Net#<FI:. PPTP is desi,%ed to ru% o% t3e Network layer o/ t3e Dpe% systems i%ter&o%%e&tio% 9DSI:. It uses a volu%tary tu%%eli%, met3od w3ere &o%%e&tio% is

o%ly establis3ed w3e% t3e i%dividual user re=uest to lo,o% to t3e server. PPTP tu%%els are tra%spare%t to t3e servi&e provider a%d t3ere is %o adva%&e &o%/i,uratio% re=uired by t3e Network 7&&ess Server t3is allows PPTP to use multiple servi&e providers wit3out a%y e8pli&it &o%/i,uratio%. 4or e8ample t3e &lie%t dials up to t3e ISP a%d makes a PPP sessio%. T3e% t3e &lie%t dials a,ai% to t3e same PPP sessio% to &o%ta&t wit3 t3e desti%atio% remote a&&ess server 9;7S:. 7/ter &o%ta&t is made wit3 t3e ;7S pa&kets are t3e% tu%%eled t3rou,3 t3e %ew &o%%e&tio% a%d t3e &lie%t is %ow &o%%e&ted to t3e &orporate server virtually. 'ayer Two Tu%%eli%, Proto&ol 9'!TP: e8ists at t3e data li%k layer o/ t3e DSI model. '!TP is a &ombi%atio% o/ t3e PPTP a%d 'ayer two 4orwardi%, 9'!4:. 9'ayer two /orwardi%, was also desi,%ed /or tra//i& tu%%eli%, /rom mobile users to t3eir &orporate server. '!4 is able to work wit3 media su&3 as /rame relay or asy%&3ro%ous tra%s/er mode 97T*: be&ause it does %ot depe%de%t o% IP. '!4 also uses PPP aut3e%ti&atio% met3ods /or dial up users a%d it also allows a tu%%el to support more t3a% o%e &o%%e&tio%.: '!TP uses a &ompulsory tu%%eli%, met3od w3ere a tu%%el is &reated wit3out a%y a&tio% /rom t3e user a%d wit3out allowi%, t3e user to &3oose a tu%%el. 7 '!TP tu%%el is dy%ami&ally establis3ed to a predetermi%ed e%d.poi%t based o% t3e Network 7&&ess Server 9N7S: %e,otiatio% wit3 a poli&y server a%d t3e &o%/i,ured pro/ile. '!TP also uses IPSe& /or &omputer.level e%&ryptio% a%d data aut3e%ti&atio%. IPSe& uses data e%&ryptio% sta%dard 9D<S: a%d ot3er al,orit3ms /or e%&rypti%, data publi&.key &rypto,rap3y to ,uara%tee t3e ide%tities o/ t3e two parties to avoid ma%.i%.t3e.middle atta&k a%d di,ital &erti/i&ates /or validati%, publi& keys. IPSe& is /o&used o% Beb appli&atio%s but it &a% be used wit3 a variety o/ appli&atio%. layer proto&ols. It sits betwee% IP at t3e %etwork layer a%d T1PHFDP at t3e tra%sport layer. #ot3 parties %e,otiated t3e e%&ryptio% te&3%i=ue a%d t3e key be/ore data is tra%s/erred. IPSe& &a% operate i% eit3er tra%sport mode or tu%%el mode. I% tu%%el model i%truders &a% o%ly see w3ere t3e e%d poi%ts o/ t3e tu%%el are but %ot t3e desti%atio%s o/ t3e pa&ket a%d t3e sour&es. IPSe& e%&rypts t3e w3ole pa&ket a%d adds a %ew IP pa&ket t3at &o%tai%s t3e e%&rypted pa&ket. T3e %ew IP pa&ket o%ly ide%ti/ies t3e desti%atio%?s e%&ryptio% a,e%t. B3e% t3e IPSe& pa&ket arrives at t3e e%&ryptio% a,e%t t3e %ew e%&rypted pa&ket is stripped a%d t3e ori,i%al pa&ket &o%ti%ues to its desti%atio%. I% Tra%sport mode IPSe& leaves t3e IP pa&ket 3eader u%&3a%,ed a%d o%ly e%&rypts t3e IP payload to ease t3e tra%smissio% t3rou,3 t3e I%ter%et. IPSe& 3ere adds a% e%&apsulati%, se&urity payload at t3e start o/ t3e IP pa&ket /or se&urity t3rou,3 t3e I%ter%et. T3e payload 3eader provides t3e sour&e a%d desti%atio% addresses a%d &o%trol i%/ormatio%. *ultiproto&ol 'abel Swit&3i%, 9*P'S: uses a label swappi%, /orwardi%, stru&ture. It is a 3ybrid ar&3ite&ture w3i&3 attempts to &ombi%e t3e use o/ %etwork layer routi%, stru&tures a%d per.pa&ket swit&3i%, a%d li%k.layer &ir&uits a%d per./low swit&3i%,. *P'S operates by maki%, t3e i%ter.swit&3 tra%sport i%/rastru&ture visible to routi%, a%d it &a% also be operated as a peer VPN model /or swit&3i%, a variety o/ li%k.layer a%d layer ! swit&3i%, e%viro%me%ts. B3e% t3e pa&kets e%ter t3e *P'S it is assi,%ed a lo&al label a%d a% outbou%d i%ter/a&e based o% t3e lo&al /orwardi%, de&isio%. T3e /orwardi%, de&isio% is based o% t3e i%&omi%, label w3ere it

determi%es t3e %e8t i%ter/a&e a%d %e8t 3op label. T3e *P'S uses a look up table to &reate e%d.to.e%d tra%smissio% pat3way t3rou,3 t3e %etwork /or ea&3 pa&ket. Pa&ket aut3e%ti&atio% preve%ts data /rom bei%, viewed i%ter&epted or modi/ied by u%aut3ori(ed users. Pa&ket aut3e%ti&atio% applies 3eader to t3e IP pa&ket to e%sure its i%te,rity. B3e% t3e re&eivi%, e%d ,ets t3e pa&ket it %eeds to &3e&k /or t3e 3eader /or mat&3i%, pa&ket a%d to see i/ t3e pa&ket 3as a%y error. Fser aut3e%ti&atio% is used to determi%e aut3ori(ed users a%d u%aut3ori(ed users. It is %e&essary to veri/y t3e ide%tity o/ users t3at are tryi%, to a&&ess resour&es /rom t3e e%terprise %etwork be/ore t3ey are ,ive% t3e a&&ess. Fser aut3e%ti&atio% also determi%es t3e a&&ess levelsC data retrieved or viewed by t3e users a%d ,ra%t permissio% to &ertai% areas o/ t3e resour&es /rom t3e e%terprise. !. 7pplia%&es > i%trusio% dete&tio% /irewalls 4irewalls mo%itors tra//i& &rossi%, %etwork parameter a%d prote&t e%terprises /rom u%aut3ori(ed a&&ess. T3e or,a%i(atio% s3ould desi,% a %etwork t3at 3as a /irewall i% pla&e o% every %etwork &o%%e&tio% betwee% t3e or,a%i(atio% a%d t3e I%ter%et. Two &ommo%ly used types o/ /irewalls are pa&ket.level /irewalls a%d appli&atio%.level /irewalls. Pa&ket.level /irewall &3e&ks t3e sour&e a%d desti%atio% address o/ every pa&ket t3at is tryi%, to passes t3rou,3 t3e %etwork. Pa&ket.level /irewall o%ly lets t3e user i% a%d out o/ t3e or,a%i(atio%?s %etwork o%ly i/ t3e users 3ave a% a&&eptable pa&ket wit3 t3e &orrespo%de%t sour&e a%d desti%atio% address. T3e pa&ket is &3e&ked i%dividually t3rou,3 t3eir T1P port ID a%d IP address so t3at it k%ows w3ere t3e pa&ket is 3eadi%,. Disadva%ta,e o/ pa&ket.level /irewall is t3at it does %ot &3e&k t3e pa&ket &o%te%ts or w3y t3ey are bei%, tra%smitted a%d resour&es t3at are %ot disabled are available to all users. 7ppli&atio%.level /irewall a&ts as a 3ost &omputer betwee% t3e or,a%i(atio%?s %etwork a%d t3e I%ter%et. Fsers w3o wa%t to a&&ess t3e or,a%i(atio%?s %etwork must /irst lo, i% to t3e appli&atio%.level /irewall a%d o%ly allow t3e i%/ormatio% t3ey are aut3ori(ed /or. 7dva%ta,es /or usi%, appli&atio%.level /irewall are$ users a&&ess level &o%trol a%d resour&es aut3ori(atio% level. D%ly resour&es t3at are aut3ori(ed are a&&essible. I% &o%trast t3e user will 3ave to remember e8tra set o/ passwords w3e% t3ey try to lo,i% t3rou,3 t3e I%ter%et. 3. *a%a,eme%t > ma%a,i%, se&urity poli&ies a&&ess allowa%&es a%d tra//i& ma%a,eme%t VPN?s %eed to be /le8ible to a &ompa%ies ma%a,eme%t some &ompa%ies &3ooses to ma%a,e all deployme%t a%d daily operatio% o/ t3eir VPN w3ile ot3ers mi,3t &3oose to outsour&e it to servi&e providers. I% our %e8t se&tio% we will dis&uss 3ow busi%esses mi,3t be%e/it /rom a produ&tive VPN a%d t3e &ost be%e/its o/ impleme%ti%, a VPN. Productivity and Cost Benefit I% terms o/ produ&tivity VPN?s 3ave &ome a lo%, way. I% t3e past &o%&er%s over se&urity a%d ma%a,eability overs3adowed t3e be%e/its o/ mobility. Smaller or,a%i(atio%s 3ad to &o%sider t3e additio%al time a%d &ost asso&iated wit3 providi%, IT support to employees

o% t3e move. 'ar,er &ompa%ies worried wit3 ,ood &ause about t3e possibility t3at providi%, mobile workers wit3 remote %etwork a&&ess would i%adverte%tly provide 3a&kers wit3 a @ba&k doorA e%try to &orporate i%/ormatio% resour&es. #ut as e%d.user te&3%olo,ies like perso%al di,ital assista%ts 9PD7s: a%d &ell p3o%es 3ave made mobility more &ompelli%, /or employees te&3%olo,y adva%&es o% t3e %etworki%, side 3ave 3elped address IT &o%&er%s as we saw i% t3e previous se&tio%. Bit3 t3ese adva%&eme%ts i% te&3%olo,y &omes better produ&tivity. VPN?s 3ave be&ome i%&reasi%,ly importa%t be&ause t3ey e%able &ompa%ies to &reate e&o%omi&al temporary se&ure &ommu%i&atio%s &3a%%els a&ross t3e publi& I%ter%et so t3at mobile workers &a% &o%%e&t to t3e &orporate '7N. VPN?s #e%e/it a &ompa%y i% t3e /ollowi%, ways <8te%ds Geo,rap3i& 1o%%e&tivity. a VPN &o%%e&ts remote workers to &e%tral resour&es maki%, it easier to set up ,lobal operatio%s. #oosts <mployee Produ&tivity. 7 VPN solutio% e%ables tele&ommuters to boost t3eir produ&tivity by !!I . 60I 9Gallup Dr,a%i(atio% a%d Dpi%io% ;esear&3: by elimi%ati%, time.&o%sumi%, &ommutes a%d by &reati%, u%i%terrupted time /or /o&used work. Improves I%ter%et Se&urity > 7% always.o% broadba%d &o%%e&tio% to t3e I%ter%et makes a %etwork vul%erable to 3a&ker atta&ks. *a%y VPN solutio%s i%&lude additio%al se&urity measures su&3 as /irewalls a%d a%ti.virus &3e&ks to &ou%tera&t t3e di//ere%t types o/ %etwork se&urity t3reats. S&ales <asily > 7 VPN allows &ompa%ies to utili(e t3e remote a&&ess i%/rastru&ture wit3i% ISPs. T3ere/ore &ompa%ies are able to add a virtually u%limited amou%t o/ &apa&ity wit3out addi%, si,%i/i&a%t i%/rastru&ture.

<ve% t3ou,3 VPN?s are a &3eaper way o/ 3avi%, remote users &o%%e&t to a &ompa%y?s %etwork over t3e I%ter%et t3ere are still &osts asso&iated wit3 impleme%ti%, t3e VPN. Some o/ t3e typi&al &osts i%&lude 3ardware ISP subs&riptio% /ees %etwork up,radi%, &osts a%d e%d user support &osts. T3ese &osts are%?t sta%dard t3ey vary depe%di%, o% ma%y /a&tors some o/ w3i&3 i%&lude si(e or &orporatio% %umber o/ remote users type o/ %etwork systems already i% pla&e a%d I%ter%et Servi&e Provider sour&e. B3e% it &omes to de&isio% maki%, time IT ma%a,ers or <8e&utive o//i&ers s3ould take t3ese &osts i%to &o%sideratio%. 7lso t3ese de&isio% makers must de&ide w3et3er to develop t3eir VPN solutio% i% 3ouse or to outsour&e to a total servi&e provider. T3ere are a /ew ways to approa&3 t3is topi&C 1. In ouse Implementation! &ompa%ies de&ide t3at /or t3eir %eeds a% i%.3ouse solutio% is all t3ey %eed. T3ese &ompa%ies would rat3er set up i%dividual tu%%els a%d devi&es o%e at a time a%d o%&e t3is is establis3ed t3e &ompa%y &a% 3ave t3eir ow% IT sta// take &are o/ t3e mo%itori%, a%d upkeep. !. "utsourced Implementation! &ompa%ies &a% &3oose to outsour&e i/ t3ey are lar,e s&aled or la&k t3e IT sta// to /ully impleme%t a% i% 3ouse VPN. B3e% a &ompa%y outsour&es t3e servi&e provider usually desi,%s t3e VPN a%d ma%a,es it o% t3e &ompa%y?s be3al/. 3. #iddle $round Implementation! Some &ompa%ies would rat3er 3ave a servi&e provider i%stall t3e VPN but 3ave t3eir IT sta// mo%itor t3e spe&i/i&s su&3 as

tu%%el tra//i&. T3is type o/ impleme%tatio% is a &ompromise betwee% a &ompa%y a%d t3e servi&e provider. 7/ter Impleme%tatio% t3e &ompa%y must make sure t3at it 3as ade=uate support /or its e%d users. T3at?s w3ere =uality o/ servi&e &omes i%. %uality of &ervice '%"&( Fsers o/ a widely s&attered VPN do %ot usually &are about t3e %etwork topolo,y or t3e 3i,3 level o/ se&urityHe%&ryptio% or /irewalls t3at 3a%dle t3eir tra//i&. T3ey do%?t &are i/ t3e %etwork impleme%ters 3ave i%&orporated IPSe& tu%%els or G;< tu%%els. B3at t3ey &are about is somet3i%, more /u%dame%tal su&3 as$ Do I get acceptable response times when I access my mission critical applications from a remote office? 7&&epta%&e levels /or delays vary. B3ile a user would be willi%, to put up wit3 a /ew additio%al se&o%ds /or a /ile tra%s/er to &omplete t3e same user would 3ave less tolera%&e /or similar delays w3e% a&&essi%, a database or w3e% ru%%i%, voi&e over a% IP data %etwork. 2oS 92uality o/ Servi&e: aims to e%sure t3at your missio% &riti&al tra//i& 3as a&&eptable per/orma%&e. I% t3e real world w3ere ba%dwidt3 is limited a%d diverse appli&atio%s /rom video&o%/ere%&i%, to <;P database lookups must all strive /or s&ar&e resour&es 2oS be&omes a vital tool to e%sure t3at all appli&atio%s &a% &oe8ist a%d /u%&tio% at a&&eptable levels o/ per/orma%&e. 2uality o/ Servi&e 92DS: is a key &ompo%e%t o/ a%y VPN servi&e. I% *P'SH#GP VPNs e8isti%, '3 2oS &apabilities &a% be applied to labeled pa&kets t3rou,3 t3e use o/ t3e @e8perime%talA bits i% t3e 3eader or w3ere 7T* is used as t3e ba&kbo%e t3rou,3 t3e use o/ 7T* 2oS &apabilities. T3e tra//i& e%,i%eeri%, work dis&ussed i% is also dire&tly appli&able to *P'SH#GP VPNs. Tra//i& e%,i%eeri%, &ould eve% be used to establis3 'SPs wit3 parti&ular 2oS &3ara&teristi&s betwee% parti&ular pairs o/ sites i/ t3at is desirable. B3ere a% *P'SH#GP VPN spa%s multiple SPs t3e ar&3ite&ture des&ribed may be use/ul. 7% SP may apply eit3er i%tserv or di//serv &apabilities to a parti&ular VPN as appropriate. The )uture of VPN 7s more a%d more busi%esses dema%d a 3i,3er level o/ %etwork a&&ess t3e busi%ess is mi,rati%, /rom a private %etwork e%viro%me%t to a %ew model i% w3i&3 i%/ormatio% is distributed t3rou,3out t3e e%terprise %etwork. T3us e8pa%di%, t3eir %etwork i% t3e %ear /uture a%d a&tually seei%, t3e be%e/its o/ usi%, t3e I%ter%et as t3e ba&kbo%e to &reate Virtual Private Networks 9VPN:. VPN is desi,%ed to meet t3e dema%ds /or i%/ormatio% a&&ess i% a se&ure &ost.e//e&tive e%viro%me%t. *ulti.ve%dor i%teroperability /or VPN is &ru&ial i% today?s %etworki%, e%viro%me%t due to t3e %ature o/ busi%ess su&&esses t3e %eed to e8te%d &orporate %etworks to &o%tra&tors a%d part%ers a%d t3e diverse e=uipme%t wit3i% &ompa%y %etworks. T3e *i&roso/t Bi%dows operati%, system 3as i%te,rated VPN te&3%olo,y t3at

3elps provide se&ure low.&ost remote a&&ess a%d bra%&3 o//i&e &o%%e&tivity over t3e i%ter%et. T3e /uture is i% i%te,rated VPNs w3i&3 depe%d o% 3ow VPNs i%dustry will improve t3eir u%i=ue =ualities t3at will e%able &o%sumers to &ommu%i&ate e//e&tively wit3 ot3er &o%sumers. T3ere/ore a VPN &reates a lar,e multi.site &ompa%y.wide data %etwork w3i&3 allows /or every devi&e to be u%i=uely addressed /rom a%yw3ere o% t3e %etwork. T3is mea%s t3at &e%tral resour&es &a% be a&&essed /rom a%y site i% t3e or,a%i(atio% or /rom a%y I%ter%et.&o%%e&ted lo&atio% arou%d t3e world. T3e te&3%i&al problems i%volved i% &o%%e&ti%, 3u%dreds o/ remote sites to a &e%tral %etwork are e8te%sive. It o/te% i%volves t3e pur&3ase o/ very e8pe%sive 3i,3.de%sity ba&kbo%e routers or t3e use o/ &ostly /rame.relay servi&es. T3ese systems are seldom easy to support a%d o/te% re=uire spe&ialist skills. 7lso it depe%ds o% t3e ability o/ i%tra%ets a%d e8tra%ets to deliver o% t3eir promises. 4irst o/ all VPN &ompa%ies must &o%sider to &ost savi%, /or servi&i%, o/ VPNs. Ge%erally speaki%, t3e more t3e &ompa%ies supply &3eaper &ost o/ servi&es t3e more produ&ts or dema%ds i%&rease /or t3em o% t3e markets. T3ere/ore t3ey will ear% 3i,3 pro/it t3e% spe%d a lot o/ mo%ey /or developi%, mu&3 3i,3er =uality VPN. +ere is a dia,ram /or F.S. &ompa%ies wit3 IP VPN. Table 1. 1ompa%ies wit3 VPN
Sour&e$ ID1?s !""1 F.S. B7N *a%a,er Survey ID1 J!K6K! 4ebruary !""!

7&&ordi%, to ID1?s !""1 F.S. B7N ma%a,er survey as table 1 appro8imately /i/ty per&e%ts o/ &ompa%ies i% F.S. 3ave bee% adopted IP VPN i% t3eir &ompa%ies. Dema%d /or VPN 3as bee% i%&reasi%, eve% t3ou,3 e&o%omy is ,oi%, dow% a%d espe&ially IT busi%ess &ompa%ies 3ave %ot su&&eeded at prese%t. *ore t3e% !" per&e%ts o/ &ompa%ies will pla% to 3ave IP VPN servi&es i% t3e /uture so t3ose i% %ear /uture more t3a% 7" per&e%ts o/ &ompa%ies are ,oi%, to use IP VPN servi&es. *ore &ompa%ies will adopt IP VPN servi&es a%d i%&reasi%, more dema%d i% t3e F.S. 7lso ma%y &ompa%ies 3ave bee% usi%, IP VPN /or remote a&&ess as '7N. T3e &ompa%ies /or servi&i%, VPN will &o%sider meeti%, &o%sumer?s dema%ds t3at is voi&e over IP a%d ot3er VPN as VDIP VPN. 1urre%tly very a /ew &ompa%ies 3ave bee% usi%, t3is VPN a%d a /ew &ompa%ies will pla% to use it i% t3e /uture. +owever

&o%trary to t3eir dema%ds most produ&es are sta%di%, o% di//i&ult situatio% /or improvi%, VDIP VPN be&ause t3e voi&e is a ki%d o/ spe&ial re=uireme%t o/ low late%&y a%d Litter. *ost o/ people will &o%ti%ue to use voi&e &ommu%i&atio% by telep3o%e t3at is su&&ess/ully improvi%, wit3 low &osts. T3e !1st &e%tury i%vites %ew ways o/ viewi%, t3e &ommu%i&atio% %etworks. 1ompa%ies t3at previously ma%a,ed t3eir ow% &ommu%i&atio%s re=uireme%ts are u%iti%, wit3 servi&e providers t3at &a% 3elp build up improve a%d ma%a,e t3eir %etworks o% a ,lobal s&ale. T3is ope%s up opportu%ities /or &o%ti%ued ,rowt3 i%&reased pro/itability a%d t3e ,reatest a&3ieveme%t /or bot3 servi&e providers a%d subs&ribers. I% t3e past servi&e providers drew atte%tio% to lower.level tra%sport su&3 as leased li%es a%d /rame relay. Nowadays servi&e providers team wit3 busi%ess &ustomers to meet t3eir %etworki%, re=uireme%ts t3rou,3 virtual private %etworks 9VPNs:. VPNs are t3e sour&e o/ /uture servi&es. B3e% properly impleme%ted t3ey &a% simpli/y %etwork operatio%s w3ile redu&i%, &apital e8pe%ses. 4or most &ompa%ies t3e starti%, poi%t is to &o%%e&t widely separated work,roups i% a% e//i&ie%t mo%eymaki%, ma%%er. 4rom t3ere servi&e providers &a% i%/lue%&e t3e mai% te&3%olo,y as a /ou%datio% /or o//eri%, additio%al servi&es su&3 as appli&atio% 3osti%, video&o%/ere%&i%, a%d pa&ket telep3o%y. VPN 3elp servi&e providers build &ustomer loyalties w3ile deliveri%, %etwork servi&es t3at are valuable to t3eir &ustomersM busi%ess operatio%s. T3is i%di&ates a% opportu%ity to &apture %ew &ustomers as &ompa%ies swit&3 /rom yesterdayMs data &ommu%i&atio%s strate,ies to todayMs more &ompre3e%sive at 3a%d solutio%s. Conclusion VPN is a% emer,i%, te&3%olo,y t3at 3as &ome a lo%, way. 4rom a% i%se&ure break o// o/ Publi& Telep3o%e %etworks to a power/ul busi%ess aid t3at uses t3e I%ter%et as its ,ateway. VPN?s te&3%olo,y is still developi%, a%d t3is is a ,reat adva%ta,e to busi%esses w3i&3 %eed to 3ave te&3%olo,y t3at is able to s&ale a%d ,row alo%, wit3 t3em. Bit3 VPN busi%esses %ow 3ave alter%ative be%e/its to o//er to t3eir employees employees &a% work /rom 3ome take &are o/ &3ildre% w3ile still doi%, produ&tive a%d 3ave a&&ess work related i%/ormatio% at a%ytime. VPN will also 3elp to make t3e possibility o/ a busi%ess e8pa%di%, its servi&es over lo%, dista%&es a%d ,lobally more o/ a reality.

Bibliography 7 primer /or Impleme%ti%, a 1is&o Virtual Private Network. 91999:. 1is&o Systems. ;etrieved D&tober 0 !""! /rom 3ttp$HHwww.&is&o.&omHwarpHpubli&H&&HsoH%esoHvp%Hvp%eHvp%!1Nr,.3tm 7 Te&3%olo,y Guide /rom 7DT;7N. 9!""1 September:. F%dersta%di%, Virtual Private Networki%,. 7DT;7N. ;etrieved D&tober !0 !""! /rom 3ttp$HHwww.adtra%.&omHallHDo&H"HDT1G73+<)3#139;O"3G#<G1IDGH<N!GK.pd/ 1o%%olly P.). 9!""! )a%uary !1:. Tami%, t3e VPN. Computerworld. ;etrieved September 1G !""! /rom 3ttp$HHwww.&omputerworld.&omH%etworki%,topi&sH%etworki%,HstoryH" 1"G"1 K739 K "".3tml Di8 )o3%. (2001, April 9). Is an integrated VPN in your future? Network
World. Retrie ed !"to#er 1, 2002, fro$

3ttp$HHwww.itworld.&omHNetH!003HNBB"1"6"9editH 4er,uso% P +usto%. 9199G 7pril:. B3at is a VPNQ ;etrieved September 19 !""! /rom 3ttp$HHwww.employees.or,HR/er,uso%Hvp%.pd/ I%ter%etworki%, Te&3%olo,ies +a%dbook Virtual Private Networks. 1is&o Systems. ;etrieved September !! !""! /rom 3ttp$HHwww.&is&o.&omHu%iver&dH&&HtdHdo&H&isi%twkHitoNdo&H I%trodu&tio% to VPN$ VPNs utili(e spe&ial.purpose %etwork proto&ols. Computer Networking. ;etrieved September 16 !""! /rom 3ttp$HHwww.&omp%etworki%,.about.&omHlibraryHweeklyHaa"1"7"1d.3tm Ne8t.Ge%eratio% Networki%,$ T3e 4uture o/ Greater Per/orma%&e a%d 4le8ibility. 9!""! )uly:. ID1 7%aly(e t3e 4uture. ;etrieved September !G !""! /rom 3ttp$HHwww.busi%ess.att.&omH&o%te%tHw3itepaperH%e8tN,e%eratio%.pd/ ;emote 7&&ess VPN Solutio%s. 9!""1 )u%e:. 13e&k Poi%t So/tware Te&3%olo,ies 'td. ;etrieved September !" !""! /rom 3ttp$HHwww.&3e&kpoi%t.&omHprodu&tsHdow%loadsHvp%.1NremoteNa&&ess.pd/ Salamo%e Salvatore. 9199G De&ember:. VPN Impleme%tatio% 1alls 4or 7 Tu%%el Trip. Internet Week. ;etrieved D&tober 3" !""! /rom 3ttp$HHwww.i%ter%etwk.&omHVPNHpaper.0.3tm Sa%di&k +. Nair ;. ;aLa,opala% #. 1rawley <. 9199G 7u,ust:. 7 4ramework /or 2oS.based ;outi%, i% t3e I%ter%et. ;etrieved D&tober 1 !""! /rom /tp$HH/tp.isi.eduHi%.%otesHr/&!3GK.t8t

Swee%ey T. 9!""" 7pril 3:. #usi%esses 'o&k I% D% VPN Dutsour&i%, Dptio%s Providers o/ virtual private %etwork servi&es put a %ew spi% o% t3e outsour&i%, spiel. InformationWeek. ;etrieved September !" !""! /rom 3ttp$HHwww.i%/ormatio%week.&omH7G"Hvp%.3tm Fsi%, Poi%t.to Poi%t Tu%%eli%, Proto&ol. 9!""1 )uly:. *i&roso/t. ;etrieved September !" !""! /rom 3ttp$HHwww.mi&roso/t.&omH%tserverHte&3resour&esH&omm%etHPPTPHpptpwp.asp Virtual Private Networks 9VPNs:. I%ter%atio%al <%,i%eeri%, 1o%sortium. ;etrieved D&tober 19 !""! /rom 3ttp$HHwww.ie&.or,Ho%li%eHtutorialsHvp%Hi%de8.3tml VPN Te&3%olo,ies$ De/i%itio%s a%d ;e=uireme%ts. I%ter%atio%al <%,i%eeri%, 1o%sortium. ;etrieved D&tober 19 !""! /rom 3ttp$HHwww.ie&.or,Ho%li%eHtutorialsHvp%Htopi&"!.3tml

%uestions
1. B3at is VPNQ !. B3at is tu%%eli%,Q 3. B3at is t3e di//ere%&e betwee% outsour&i%, a%d i%.3ouse developme%t a%d middle.,rou%d impleme%tatio%Q 6. B3at are t3e di//ere%&e betwee% remote a&&ess VPNs I%tra%et VPNs a%d <8tra%et VPNsQ 0. B3at are t3e be%e/its o/ remote a&&ess VPNsQ

You might also like