What is a Virtual Private Network?

 

There are two characteristics that make Internet useful and popular as the primary platform for business communication.  Openness and ubiquity are its greatest advantages and at the same time its greatest weaknesses.  Organisations quite happily conduct business over their LANs and WANs because these infrastructures are very well known entities of the corporate and they are very tightly controlled.  In essence privacy is generally ensured and so are security and performance.

 

Today we talk about organisations using public Internet infrastructure for mission critical applications.  Lack of performance would adversely affect the conduct of business and availability, scalability and bandwidth remain the major concerns of Internet-based infrastructures.

 

Another major concern to businesses is the security of their infrastructure.  Connectivity brings with it the inherent risk of  compromising the IT infrastructure.  In the age of doing business electronically, information is treated as commodity and sensitive information such as credit card detail, username and password, and strategic management information provides the hackers and the intruders with the motive for attempting to compromise the system.  Furthermore, there is security threat to information when it is travelling over the Internet.  The truth is that Internet and in particular Web was never designed for all the intuitive business applications that we have in mind.  Security was never a major issue with the Web and it is due to this that in order to secure the communication and the system we need to implement the security.  Virtual Private Network (VPN) is a technological attempt to use encryption and tunnelling technology to implement the security requirements for:

 

• Users to access their Intranet remotely
• To provide companies with greater connectivity of their branches over the Internet
• To provide the corporate business partners with connectivity to its internal networks

 

There are three principles that one needs to ensure for secure communication.

 

• Authentication: This is to identify the client to the server.  How does the server know that the client is actually who he says he is?
• Confidentiality:  This is to ensure that content of the message is kept private and that none other than the sender and the receiver knows of that content.
• Integrity:  This is to ensure that content of the message is what the sender intended to send and that it has not been altered either accidentally or through malicious attack.

 

VPNs are used for the communication in order to ensure all the above.  The two major protocols of VPN are IPSec tunnelling and point-to-point tunnelling.

 

IPSec or Internet Protocol security is a set of security protocols that are designed to ensure authentication through encryption protocols.  This suite of protocols is designed by the Internet Engineering Task Force (IETF) to address security problems of IP-based networks.  IPSec is one of the protocols within the Internet Protocol layer of the OSI stack and is configured to ensure all three security requirements (authentication, privacy, and integrity).  In simple terms, IPSec adds its own header to the packet that has arrived from the transport layer and encrypts the packet to form a virtual and secure tunnel across the network from one IP-based LAN to another IP-based LAN.

 

Remote users that may wish to dial into the corporate network through an ISP may use Point-to-Point Tunnelling Protocol (PPTP).  PPTP enables the remote user to access the corporate networks by dialling into ISP's Point-Of-Presence (POP). A virtual private network or a secure tunnel is created to the corporate server for each of the remote users.  This eliminates many problems such as the previous need for implementing expensive Wide Area Networks through proprietary connections.  Also there is no need for additional software at the client if the ISP supports PPTP.

 

Now test yourself and find out more.

How would you define a VPN?

 

Security mechanisms that are available in VPN are Authorisation, Authentication, and Encryption.  How would you describe these?