Virtual Private Network for Windows.pdf - 123seminarsonly.com

							            VIRTUAL PRIVATE NETWORKS

                            Arun T. Ravindran

                                  S1 MBA IB
                                 Roll No.: 04
                       School of Management Studies
                             CUSAT, Kochi – 22
                       Email: ravitarun31@yahoo.co.in


Abstract: Virtual Private Network or VPN is a term that you may not have
heard of, but is becoming very common over the years. Instead of simply
dealing with local or regional branch, many companies today have facilities
or businesses spread out across the country or around the world. In order for
them to maintain a fast, secure and reliable communications, these
companies are creating their own virtual private network to accommodate the
needs of remote employees and distant offices.

Key Words: VPN, VPN Advantages, VPN Solutions, VPN Applications.




                                      1
1.0 INTRODUCTION

1.1. Introduction to Virtual Private Network

VPN is an acronym for Virtual Private Network, is a private data network (usually used within a
company, or by several different companies or organizations) which has a secure connection
created over a public network by using tunneling-mode encryption and other security
procedures. The tunneling-mode encryption and security procedures ensure that only
authorized users can access the network and data cannot be intercepted.

VPN message traffic is carried on public networking infrastructure e.g. the Internet using
standard (often insecure) protocols, or over a service provider's network providing VPN service
guarded by well-defined Service Level Agreement (SLA) between the VPN customer and the
VPN service provider.

The main purpose of a VPN is to give the company the capabilities of having the same
protected sharing of public resources for data as the private leased lines, but at a much lower
cost by using the shared public infrastructure.

2.0 HOW IT WORKS

To make use of the VPN, the remote user's workstation must have the VPN client software
installed. A firewall sits between a remote user's workstation or client and the host network or
server. When connection to the corporate network is attempted, the VPN client software will
first connect to the VPN server by means of a tunneling protocol. After the remote computer
has been successfully authenticated, a secure connection (secret tunnel) between it and the
VPN server will then be formed as all subsequent data being exchanged through this tunnel will
be encrypted at the sending end and correspondingly decrypted at the receiving end of the
tunnel. As such, the network tunnel between them, even though established through the un-
trusted Internet, is still considered secure enough that the remote computer can be trusted by
local computers on the corporate LAN.

In short, you connect to the Internet through your ISP. The VPN client software on your
computer initiates a connection with the VPN server. The VPN server encrypts the data on the
connection so it cannot be read by others while it is in transit. The VPN server decrypts the
data and passes it on to other servers and resources.

For better security, many VPN client programs can be configured to require that all IP traffic
must pass through the tunnel while the VPN is active. From the user's standpoint, this means
that while the VPN client is active, all access outside their employer's secure network must
pass through the same firewall as would be the case while physically connected to the office
ethernet. This reduces the risk that an attacker might gain access to the secured network. Such
security is important because other computers local to the network on which the client
computer is operating may not be fully trusted. Even with a home network that is protected
from the outside internet by a firewall, people who share a home may be simultaneously
working for different employers over their respective VPN connections from the shared home
network. Each employer would therefore want to ensure their proprietary data is kept secure,
even if another computer in the local network gets infected with malware. And if a travelling
employee uses a VPN client from a Wi-Fi access point in a public place, such security is even
more important. However, the use of IPX/SPX is one way users might still be able to access
local resources.




                                               2
3.0 DIFFERENT TYPES OF VPN

A VPN supports at least three different modes of use:

3.1 Remote Access (RAS) VPN

Under this application only a single VPN gateway is involved. The other party involved in
negotiating the secure communication channel with the VPN Gateway is a PC or laptops that
is connected to the Internet and running VPN Client software. The VPN Client allows
telecommuters and traveling users to communicate on the central network and access servers
from many different locations.

Benefit: Significant cost savings by reducing the burden of long distance charges
associated with dial-up access. Also helps increase productivity and peace of mind by
ensuring secure network access regardless of where an employee physically is.

3.2 Sites-to-Site Intranet VPN

With Intranet VPN, gateways at various physical locations within the same business negotiate
a secure communication channel across the Internet known as a VPN tunnel. An example
would be a network that exists in several buildings connected to a data center or mainframe
that has secure access through private lines. Users from the networks on either side of the
tunnel can communicate with one another as if it were a single network. These may need
strong encryption and strict performance and bandwidth requirements.

Benefit: Substantial cost savings over traditional leased-line or frame relay technologies
through the use of Internet to bridge potentially long distances between sites.

3.3 Site-to-Site Extranet VPN

Almost identical to Intranets, except they are meant for external business partners. As such,
firewall access restrictions are used in conjunction with VPN tunnels, so that business partners
are only able to gain secure access to specific data / resources, while not gaining access to
private corporate information.

Benefit: Businesses enjoy the same policies as a private network, including security, QoS,
manageability, and reliability.




                                               3
4.0 ADVANTAGES OF VPN

4.1. Cost Saving

VPN eliminate the needs for expensive long-distance leased lines. What a corporate require
was only a relatively short dedicated connection to the service provider. The connection can be
either a local broadband connection such as DSL service or a local leased line. Both of the
stated connections are much cheaper than long-distance leased lines. Service providers can in
theory charge much less for their support than it costs a company internally because the public
provider's cost is shared amongst potentially thousands of customers.

Elements of cost reduction also include transport media, bandwidth, backbone equipment, and
operations. According to industry research, site-to-site connectivity costs are typically reduced
by average 30% over domestic leased line networks. Cost reduction for client to site dial
access is even greater, in the 60%-80% range.

Instead of owning and operating a private network infrastructure, company may outsource
some or all of their wide area networking functions to a service provider. By doing so, the cost
of management and upkeep of the network setup can be reduced substantially. Not only that, it
also enables company to focus on core business objectives, instead of managing a WAN or
dial access network.

4.2. Scalability

The cost of using traditional leased lines may be reasonable at the beginning stage, but as the
organization grows the number of leased lines required increases exponentially as more
branches must be added to the network. With VPN, company can just tap into the
geographically-distributed access already available, which is limited in the case of traditional
leased lines.

5.0 DISADVANTAGES OF VPN

5.1 Lack of Security

VPN message traffic is carried on public networking infrastructure e.g. the Internet, or over a
service provider's network, which mean - circulating corporate data —one of your most
valuable assets—on the line (literally). Even though there are many methods and technologies
available to ensure data protection (like encryption implementation), the level of concern about
Internet security is quite high and data on transmission is vulnerable to hackers. The uses of
VPNs at this moment still require an in-depth understanding of public network security issues.

5.2 Less Bandwidth than Dedicated Line

The other major downside of VPNs relates to guaranteeing adequate bandwidth for the work
being done. Every use of internet system consumes bandwidth; the more users there are, the
less bandwidth there is for any single user. Some VPN service providers offer guaranteed
bandwidth, and private networks can be built with guaranteed bandwidth allocations, however,
these options will increase the cost of the system.




                                                4
5.3 The needs to accommodate protocols other than IP and existing ("legacy")
    internal network technology.

IP applications were designed for low-latency, high-reliability networks. An increasing number
of real-time, interactive applications are being used on the network. Although some
applications can be tuned to allow for increased latency, many of the applications tested cannot
be easily adjusted or cannot be adjusted at all, making the use of the application problematic.

6.0 VPN SOLUTIONS

A key feature of a VPN is its ability to work over both private networks as well as public
networks like the Internet. Using a method called tunneling, a VPN use the same hardware
infrastructure as existing Internet or intranet links. VPN technologies include various security
mechanisms to protect the virtual, private connections.

VPN supports at least three different modes of use:

   Internet remote access client connections
   LAN-to-LAN internetworking
   Controlled access within an intranet

6.1 Internet VPNs for Remote Access

In recent years, many organizations have increased the mobility of their workers by allowing
more employees to telecommute. Employees also continue to travel and face a growing need
to stay connected to their company networks.
A VPN can be set up to support remote, protected access to the corporate home offices over
the Internet. An Internet VPN solution uses a client/server design works as follows:

   A remote host (client) wanting to log into the company network first connects to any public
    Internet Service Provider (ISP).

   Next, the host initiates a VPN connection to the company VPN server. This connection is
    made via a VPN client installed on the remote host.

   Once the connection has been established, the remote client can communicate with the
    internal company systems over the Internet just as if it were a local host.
   Before VPNs, remote workers accessed company networks over private leased lines or
    through dialup remote access servers. While VPN clients and servers careful require
    installation of hardware and software, an Internet VPN is a superior solution in many
    situations.

6.2 VPNs for Internetworking

Besides using virtual private networks for remote access, a VPN can also bridge two networks
together. In this mode of operation, an entire remote network (rather than just a single remote
client) can join to a different company network to form an extended intranet. This solution uses
a VPN server to VPN server connection.




                                                5
6.3 Intranet / Local Network VPNs

Internal networks may also utilize VPN technology to implement controlled access to individual
subnets within a private network. In this mode of operation, VPN clients connect to a VPN
server that acts as the network gateway.

This type of VPN use does not involve an Internet Service Provider (ISP) or public network
cabling. However, it allows the security benefits of VPN to be deployed inside an organization.
This approach has become especially popular as a way for businesses to protect their Wi-Fi
local networks.

7.0 CONCLUSION

A virtual private network (VPN) allows the provisioning of private network services for an
organization or organizations over a public or shared infrastructure such as the Internet or
service provider backbone network. The shared service provider backbone network is known
as the VPN backbone and is used to transport traffic for multiple VPNs, as well as possibly
non-VPN traffic. VPN provides you a secure channel between your local computer and a
computer at the remote location. The network user can access this from any part of the world
provided internet connection and accessibility to the resources is available.

8.0 REFERENCES

1.   “Virtual Private Network”, http://en.wikipedia.org/wiki/Virtual_private_network accessed on
     13.10.2009
2.   “VPN Definition”, http://compnetworking.about.com/od/vpn/g/bldef_vpn.htm accessed on
     13.10.2009
3.   “VPN client”, http://www.vpntools.com/vpntools_articles/what-is-a-vpn.htm accessed on 13.10.2009
4.   “VPN Applications”, http://compnetworking.about.com/od/vpn/a/what_is_a_vpn.htm accessed on
     13.10.2009
5.   “VPN Applications”, http://networking.champlain.edu/gck/security_sit/sld008.htm accessed on
     13.1.2009
6.   “VPN Solutions” http://www.ncl.ac.uk/iss/netcomms/network/services/vpn/dock.html accessed on
     13.10.2009
7.   “VPN advantages”, www.vpn-info.com accessed on 13.10.2009




                                                  6