Introduction to the Virtual Private Network (VPN) service

Document Sample
Introduction to the Virtual Private Network (VPN) service Powered By Docstoc
					IS1501 Introduction to VPN                                                          Page 1 of 4

Introduction to the Virtual                                                         User Guide

Private Network (VPN) service
This document provides a non-technical introduction to
the VPN Service

1. Introduction

VPN (Virtual Private Networking) is a service which allows users who are connected to the
Internet to access University of Nottingham (UoN) restricted services and applications.

Access to the VPN service is restricted to registered users. Members of staff and
postgraduate students of the University may use the service. Postgraduates require
approval from an appropriate person in their department. Other users in academic or
business-partner organisations may be registered if there is a legitimate reason for access.

2. How does the VPN service work?

When you use the Internet through an Internet Service Provider (ISP) or at another site,
your computer is given an address on that provider's network. While you can reach UoN
from the Internet, you will normally be denied access to services that are restricted to UoN
network addresses because your computer is using an address from an external network.

Once you’re on the Internet, you can connect to the UoN VPN service, either through a
web browser or with a software VPN client. Either technique creates a secure, encrypted
tunnel between your PC and the UoN network. From this point on, any traffic from your PC
to a UoN IP address is encrypted and directed to the UoN VPN service over the Internet
through the tunnel. The UoN VPN receives the traffic and passes it on to the appropriate
destination on the UoN network.

Note that you are not making a separate call to UoN. All traffic flows through the single
physical connection to your ISP.

You may open or close the UoN VPN connection at any time while you are connected to
your ISP, and you only need to open it if you intend to access UoN.

                                                                        Last review: 29 Jan 09
   Printed on recycled paper                                            Next review: 29 Jan 10
IS1501 Introduction to VPN                                                              Page 2 of 4

3. Do you need a VPN connection?

You only need to use the VPN if you have one or more of the following requirements:
       You must have a UoN IP address (128.243.***.***).
       Access to a UoN resource that is not otherwise accessible from the Internet.
        Examples of this might be an internal-only website, or access to a server that is not
        exposed to the Internet.
       Access to a UoN resource from an insecure network (e.g. a hotel or an airport
        wireless hotspot) using an intrinsically insecure protocol (e.g. HTTP or telnet),
        where you have a need for additional security.

The VPN should be seen as an additional remote access service that should be used as an
adjunct to other supported access methods.
A VPN Connection is not required for Novell NetWare filestore access or access to email.

3.1 VPN client options

There are three client offerings –which have differing levels of functionality. The tables
below list the options in order of increasing functionality (and complexity)

  Client                                           Properties
WebVPN         This uses a standard web browser. It is suitable for applications that have a
               web-driven interface. It uses HTTPS which offers the same level of
               encryption as Internet banking. This is the only solution that you would be
               able to use in an Internet café.

                Widely available.
                Browser-based.
                No software installation required.

                Limited functionality. Only really works with web-based applications.

WebVPN         The WebVPN SSL Client allows greater levels of access to common software
SSL Client     applications. Once loaded and operating, the client enables “LAN-like”
               connectivity, similar to an IPSec Client user experience. This client is initially
               loaded using the web browser but requires Administrator access on the PC –
               which makes it unsuitable for an Internet café. This client is aimed at the
               user who requires more access that the pure WebVPN but does not need the
               additional complexity of the IPSec client.

                More functionality than WebVPN. Improved support for TCP-based

                Depends on ActiveX / Java for non-browser based applications.

                                                                            Last review: 29 Jan 09
   Printed on recycled paper                                                Next review: 29 Jan 10
IS1501 Introduction to VPN                                                            Page 3 of 4

                  Browser-specific support.
                  Security risks depend on the environment.
                  Requires administrative access to the PC to install the ActiveX control.
                  Only verified to work with Windows 2000 and Windows XP. Does not work
                   with Windows Vista.

IPSec          The IP Security (IPSec) VPN client is the time-proven remote-access
               technology. It has the potential to extend almost any data, voice, or video
               application available in the office environment to remote users.
               An IPSec VPN client gives a remote user an experience and workflow
               consistent with the office environment, because of its ability to transparently
               support almost any IP-based application. This client is aimed at the serious
               user of the VPN service.

                Highest level of functionality.
                High security using proven techniques.

                Requires installation and configuration of the client software.
                Intermediate routers and firewalls may need to be configured to allow IPSec
                More complicated – requires a higher level of technical expertise.

Further details of each option can be found in the client-specific documentation.

4. Disclaimer

Information Services maintains the equipment at the University site which provides
support for the VPN service. If there is a problem with this equipment we will fix it as soon
as possible. We cannot provide round the clock coverage. Furthermore, the University's
responsibility does not extend to equipment owned by users. General advice on how to
configure home routers and firewalls may be given, along with some assistance on the
diagnosis and resolution of problems but the ultimate responsibility rests with the owner of
the equipment.

5. Relevant Information Security policies

Your attention is drawn to the University’s Information Security Remote Access Policy and
the supplementary Information Security VPN Policy. In particular, please note that VPN
access is provided to allow users to perform legitimate academic or administrative
activities in conjunction with their work. Use of the connection is limited to authorised
users only; and the facility must not be used by family members, housemates or other
persons at the off-campus location who are not themselves authorised users of the

                                                                          Last review: 29 Jan 09
   Printed on recycled paper                                              Next review: 29 Jan 10
IS1501 Introduction to VPN                                                           Page 4 of 4

The full set of Information Security Policies can be found on the IS Intranet.

Note: You must not use the UoN IP address obtained through a VPN connection in a
manner which causes the University to break agreements with third parties. For example,
access to the electronic version of Nature is only licensed for users physically located on
UoN premises.

If you have any doubt about the legitimacy of remote access to a resource you must check
with the library helpline.

                                                                         Last review: 29 Jan 09
   Printed on recycled paper                                             Next review: 29 Jan 10

Shared By:
Description: Introduction to the Virtual Private Network (VPN) service