3.1.8 VPN (Virtual Private Network)
(Page 1 of 2)
As mentioned in section 2.1.2, a Virtual Private Network, or VPN, simulates a private network over a public network (or less secure private network), allowing multiple sites to communicate securely. In this way, a VPN can support:
Companies often establish VPNs which run over the Internet as a more cost effective, lower administrative overhead, more scalable alternative to a traditional (non-virtual) private network. VPNs are more cost effective because organizations can connect any physical locations together without requiring long distance data calls via modem or leasing expensive private communications lines between sites, equipping these sites with the appropriate communications hardware to support the private network. This saves the organization the monthly line and long distance costs. For example, if your field support engineers, equipped with laptops, need access to sensitive customer data from both their offices (with local LAN connections) and from out in the field at customer sites (by modem); you might implement a VPN to allow them access to this information in a standard way, whether connected locally or remotely.
VPNs offer lower administrative overhead and improved scalability because having users access the VPN through the Internet enables you to assign responsibility for that connectivity to the users ISPs, rather than taking it on yourself. Additionally, your data center wont need to maintain the equipment that would be involved with the private lines, which could include high-speed CSU/DSUs and a router port for each private line, a modem bank for those network participants who do not connect via leased lines, etc. This frees technicians to concentrate on other issues and eliminates the time and cost involved in upgrading your communications hardware when technology advances or your network expands. Primary security features offered by VPNs include:
A number of popular protocols are used by VPNs, including PPTP, L2TP, IPSec and SSH. Of these, IPSec is generally regarded as the most popular protocol for VPNs, with PPTP and L2TP following close behind, generally in Windows-based environments, and SSH popular in UNIX-based networks. For more information on these protocols, see the section 2 topics discussing Remote Access, which discusses each in depth.
VPNs can be implemented in firewalls, dedicated hardware or software. For example, a popular firewall solution that includes VPN capability is the Pix, by Cisco Systems284. Popular dedicated hardware solutions include Sonicwall285, Netscreen (for both small and enterprise VPNs286), and Nokia287 VPN. There are also software-based solutions that integrate with firewalls, such as Checkpoint. Finally, some are software-based solutions such as SSH and SSL. The interesting thing about some of the software solutions (including SSH and SSL) is that they started out as protocols that provided encryption for specific applications, such as remote terminal access (SSH) and SSL (Web browsing), but were later found to be effective VPN protocols as well.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.