About Virtual Private Networks For years companies that need to connect different offices together have done so using "leased lines." These lines are typically charged for by the mile. A T1 (1.544 Mbps) connection between California and New York can cost thousands of dollars a month. Plus, most companies need to have a redundant circuit in case of link failure. In addition to needing to link up all offices together into a network, companies also have to provide remote access services for employees on the move, or those working from home, or those working from very small offices that simply don't warrant their own leased connection. With an increasing reliance on outsourcing for many corporate functions, third-parties also need access to internal networks. Companies can save significant money, and provide increased access capabilities by switching over to Virtual Private Networks. Briefly, a Virtual Private Network is created by connecting offices and single users to the nearest service provider's Point of Presence (POP) and using that service provider's backbone network or the Internet as the tunnel between offices. All traffic traversing the backbone is encrypted so that no one can snoop on or intrude inside your network. Many companies are taking advantage of Internet Service Providers who offer high-speed connections to the Internet for each local office using a nearby POP, plus remote users can dial into any ISP dial-up POP and access their company's network securely. The red lines on this map show the "traditional" method for providing connectivity between offices and the potential costs associated with such a network. The blue lines show what you could pay if you chose an alternative connectivity paradigm, a Virtual Private Network! You can do the math ($8,600 a month versus $2,100). In the book we are featuring below, Building and Managing Virtual Private Networks, by Dave Kosiur, one multi-city nationwide network case study listed the monthly T1 cost of a traditional network at $71,455 with its VPN equivalent costing only $17,100. Of course, the cost savings would be meaningless if you couldn't count on high levels of security and good performance! VPN security is a weighty subject that can prove somewhat daunting to neophytes but it is relatively easy to implement if you choose the right products! Simply put, data can be encrypted using public/private key encryption and users and LANs can be controlled with AAA servers (Access, Authentication and Authorization) taking advantage of simple user ID/password combinations (not very safe) or digital certificates, token cards, retinal scans, and finger prints. Cryptography is a key element in Virtual Private Networks. The entire field of VPNs will see increased growth as wireless networks begin to grow in popularity. Check out our new wireless page or check out some of our other Cryptography demonstrations in our security area. PPTP and L2TP: There are two dominant umbrella architectures available for Virtual Private Networks. There are products based on IPSec (IP Security) and those that are based on PPTP (Point to Point Tunneling Protocol) and/or L2TP (Layer 2 Tunneling Protocol). Although IPSec has become the de-facto standard for LAN to LAN VPNs implemented by dedicated VPN servers (plus firewalls and routers with VPN capabilities), PPTP and L2TP are heavily used for single client to LAN connections. Therefore, many VPN products support IPSec, PPTP and L2TP. VPN Creation Options: In order to create a LAN to LAN or client to LAN VPN, you need at least one VPN server. You have a variety of choices of how to get a VPN server running on a network: • Use Microsoft Windows NT/2000 VPN services on the server you already have • Use VPN services available on Unix / Linux servers • Use a dedicated VPN server hardware/software platform from vendors like VPNet or RedCreek (among many) • Use VPN services available on many firewall products like CheckPoint • Use VPN services available on many routers Naturally, there are tradeoffs you will need to consider when designing a VPN for your particular network need. These tradeoffs are covered well in the books listed below and through some of the on-line resources listed below.