Docstoc

About Virtual Private Networks

Document Sample
About Virtual Private Networks Powered By Docstoc
					                     About Virtual Private Networks
For years companies that need to connect different offices together have done so using
"leased lines." These lines are typically charged for by the mile. A T1 (1.544 Mbps)
connection between California and New York can cost thousands of dollars a month. Plus,
most companies need to have a redundant circuit in case of link failure. In addition to needing
to link up all offices together into a network, companies also have to provide remote access
services for employees on the move, or those working from home, or those working from
very small offices that simply don't warrant their own leased connection. With an increasing
reliance on outsourcing for many corporate functions, third-parties also need access to
internal networks.

Companies can save significant money, and provide increased access capabilities by
switching over to Virtual Private Networks. Briefly, a Virtual Private Network is created by
connecting offices and single users to the nearest service provider's Point of Presence (POP)
and using that service provider's backbone network or the Internet as the tunnel between
offices. All traffic traversing the backbone is encrypted so that no one can snoop on or
intrude inside your network.

Many companies are taking advantage of Internet Service Providers who offer high-speed
connections to the Internet for each local office using a nearby POP, plus remote users can
dial into any ISP dial-up POP and access their company's network securely.




The red lines on this map show the "traditional" method for providing connectivity between
offices and the potential costs associated with such a network. The blue lines show what you
could pay if you chose an alternative connectivity paradigm, a Virtual Private Network! You
can do the math ($8,600 a month versus $2,100). In the book we are featuring below,
Building and Managing Virtual Private Networks, by Dave Kosiur, one multi-city nationwide
network case study listed the monthly T1 cost of a traditional network at $71,455 with its
VPN equivalent costing only $17,100. Of course, the cost savings would be meaningless if
you couldn't count on high levels of security and good performance!
VPN security is a weighty subject that
can prove somewhat daunting to
neophytes but it is relatively easy to
implement if you choose the right
products! Simply put, data can be
encrypted using public/private key
encryption and users and LANs can be
controlled with AAA servers (Access,
Authentication and Authorization) taking
advantage of simple user ID/password
combinations (not very safe) or digital
certificates, token cards, retinal scans,
and finger prints. Cryptography is a key
element in Virtual Private Networks. The
entire field of VPNs will see increased
growth as wireless networks begin to
grow in popularity.

Check out our new wireless page or
check out some of our other
Cryptography demonstrations in our
security area.

PPTP and L2TP: There are two dominant umbrella architectures available for Virtual
Private Networks. There are products based on IPSec (IP Security) and those that are based
on PPTP (Point to Point Tunneling Protocol) and/or L2TP (Layer 2 Tunneling Protocol).
Although IPSec has become the de-facto standard for LAN to LAN VPNs implemented by
dedicated VPN servers (plus firewalls and routers with VPN capabilities), PPTP and L2TP
are heavily used for single client to LAN connections. Therefore, many VPN products
support IPSec, PPTP and L2TP.

VPN Creation Options: In order to create a LAN to LAN or client to LAN VPN, you need
at least one VPN server. You have a variety of choices of how to get a VPN server running
on a network:

   •   Use Microsoft Windows NT/2000 VPN services on the server you already have
   •   Use VPN services available on Unix / Linux servers
   •   Use a dedicated VPN server hardware/software platform from vendors like VPNet or
       RedCreek (among many)
   •   Use VPN services available on many firewall products like CheckPoint
   •   Use VPN services available on many routers

Naturally, there are tradeoffs you will need to consider when designing a VPN for your
particular network need. These tradeoffs are covered well in the books listed below and
through some of the on-line resources listed below.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:8
posted:2/13/2010
language:English
pages:2