Introduction to Virtual Private Network

Document Sample
Introduction to Virtual Private Network Powered By Docstoc
					                  Introduction to Virtual Private Network (VPN)

      Some days I am busy with work piling up and have resolved all. Alhamdulillah started today I took
time to post some articles and one of them about the Virtual Private Network (VPN) or so-called
computer network layers.

Virtual Private Network means that the VPN data traffic is generally not visible, or in the encapsulation,
the underlying network traffic. Similarly, traffic in the VPN appears to the underlying network traffic flow
just as others to use. In more technical terms, the link layer protocol virtual network is said to tunnel
through the underlying transport network.

The term Virtual Private Network (VPN) can be used to describe a variety of network configurations and
protocols. Thus, it can become complicated when trying to generalize about the characteristics of a VPN.
Some of the more common use of VPNs is described below, along with more details on the various
classification schemes and VPN model.

Common used VPN

       Virtual Private Network (VPN) can be used to secure communications over the public Internet.
VPNs are often installed by the organization to provide remote access to the network of organizations
that are safe, or to connect two locations together with a network using a network that is not safe to
carry traffic.

     VPN can be used to hide the IP addresses of computers on the Internet, for example, to explore
the World Wide Web anonymously or to access a restricted location of services, such as Internet TV or a
kind of IP VPN Proxy.Sebuah not have explicit security features such as authentication or encryption ago
traffic. For example, a VPN service provider network can be used to separate traffic from several
customers through the underlying network.

Classification VPN

VPN technology is not easily compared, because of various protocols, terminology and marketing
influence which has been assigned to them. For example, VPN technology can be different:

       In the protocol they use to tunnel traffic through the underlying network;
       With the location of the tunnel termination, such as customers or providers edge network edge;
       Do they offer to the sites or sites that remote access connectivity;
       The level of security provided;
       The OSI layer that they present to the connective tissue, such as a series of Layer 2 or Layer 3
        network connectivity.

Some classification schemes are discussed in the following sections :

Trusted VPN Vs Secure VPN vs

     Industry groups 'Virtual Private Networking Consortium' has set two types of classification Secure
VPN (Secure VPN) and Trusted VPN (Trusted VPN). Including members of the consortium such as
Microsoft, Cisco, Juniper and many others.

      Secure VPN explicitly provide the tunnel the tunnel endpoint authentication mechanism during
setup, and encryption of traffic in transit. Secure VPNs are often used to protect traffic when using the
Internet as the backbone of the basics, but also can be used in environments when the security level of
the underlying network is different from the traffic in the VPN.

       Secure VPN can be implemented by organizations that want to provide remote access facilities to
the employees or by organizations that want to connect multiple networks together securely using the
Internet to carry traffic. Commonly used to secure the remote access VPN scenario, where the VPN
client software on an end-user system is used to connect to a remote office network securely. Secure
VPN protocols include IPSec, SSL or PPTP (with MPPE / Microsoft Point to Point Encryption).

       Trusted VPNs are usually made by operators and large organizations and are used for traffic
segmentation on a large core network. They often provide the service quality and other carrier-grade
security features. VPN believed to be implemented by network operators who want to multiplex
multiple customer connections transparently through existing core network, or with large organizations
that want to separate the traffic flows from one another in the network. Trusted VPN protocols,
including MPLS, ATM or Frame Relay.

      Trusted VPN Secure VPN and different from in that they do not provide such security features
data confidentiality through encryption. VPN secure but does not offer the level of reliable data flow
control VPN can provide collateral such as bandwidth or routing. From the customer perspective, a
trusted VPN can act as a logical wire connecting the two networks.
      Underlying carrier network can not be seen by customers, and no customers aware of the
presence of other customers across the same backbone. Disturbance among customers, or interference
with the backbone itself, can not be done from within a trusted VPN.

      Some Internet service providers offering managed VPN services to business customers who want
security and convenience of a VPN but prefer not to make provision VPN server itself. Managed VPN
secure again is a mixture of the two major VPN models, and is a contracted security solution that can
reach into hosts. In addition to providing employees with secure remote access to internal corporate
network, other security and management services are sometimes included as part of the package.
Examples include creating anti-virus and anti-spyware program updated on each connecting a computer
or specific software to make sure the patch is installed before the connection

Categorization based on user administrative relationships

       The Internet Engineering Task Force (IETF) has categorized the various VPN, some of them, such
as Virtual LAN (VLAN) are the standardization responsibility of other organizations, such as the Institute
of Electrical and Electronics Engineers (IEEE) Project 802, PI 802.1 (architecture).

       Initially, the Wide Area Network (WAN) link from the telecommunications service provider
network nodes that are interconnected in a single company. With the advent of LAN, the company could
interconnect their nodes with links that they have. While the original used WAN special track and layer 2
multiplexed services such as Frame Relay, IP-based layer 3 networks, such as the ARPANET, the Internet,
military IP networks (NIPRNET, SIPRNET, JWICS, etc.), became common interconnection media. VPNs
began to be defined over IP networks. The military itself may be implemented as a VPN network in
transmission equipment common, but with separate encryption and maybe a router.

       It became useful first to distinguish between different types of IP VPN based on administrative
relations (not technology) interconnect the nodes. Once the relationship is defined, different
technologies can be used, depending on requirements such as security and quality service.

      When an enterprise interconnected a set of nodes, all under the administrative control, through a
LAN, referred to as intranets. When multiple nodes are interconnected under the administrative
authority but hidden from the public Internet, the set of nodes is called an extranet. A good user
organizations to manage intranet and extranet itself, or negotiate a service as a contraction (and usually
adjustable) supply of IP service providers. In the latter case, the user organization layer 3 contracts for
services - as many layers of a contract for services such as special line, or layer 2 multiplexed services
such as frame relay.

      IETF documents distinguish between established and regulated provider of customer-VPN. Just as
interconnected and managed service provider can provide conventional WAN services, so a service
provider to supply set-provider VPN (PPVPNs), presenting a common point - of-contact to the user
Internet Protocol Tunnels

Tunneling protocol

      Some customers are managed virtual networks may not use encryption to protect data content.
Types of overlay networks do not neatly fit in a safe or reliable categorization. One layer of tissue
samples may be GRE tunnels, set between two hosts. Tunnelling will still be a form of virtual private
network but not a safe or a trusted VPN.

Examples of native cleartext including GRE tunneling protocol, L2TP and PPTP (MPPE when not in use).

Security Mechanisms / Security Mechanism

Secure VPNs use cryptographic tunneling protocols are intended to provide confidentiality (blocking
intercept and thus packet sniffing), sender authentication (blocking identity spoofing), and message
integrity (blocking message of change) to achieve privacy. Secure VPN protocols are as follows :

       IPsec (Internet Protocol Security) - A standards-based security protocol originally developed for
       IPv6, where support is mandatory, but is also widely used with IPv4.

   •   Transport Layer Security (SSL / TLS) is used either for tunneling the entire network traffic (SSL
       VPN), as in the OpenVPN project, or to secure the connection of the individual. SSL has become
       the foundation by a number of vendors to provide remote access VPN capabilities. Practical
       advantage of an SSL VPN is that it can be accessed from locations that restrict external access to
       SSL-based e-commerce website without IPsec implementation. SSL-based VPN may be
       vulnerable to Denial of Service attacks (DOS) of TCP connections because they are inherently
       unauthenticated last.

   •   DTLS, used by Cisco for the next generation of VPN product called Cisco AnyConnect VPN. DTLS
       solve the problems discovered during tunneling TCP over TCP as well as SSL / TLS.

   •   Secure Socket Tunneling Protocol (SSTP) by Microsoft that was introduced in Windows Server
       2008 and Windows Vista Service Pack 1. SSTP tunnels Point-to-Point Protocol (PPP) or L2TP
       traffic through an SSL 3.0 channels. SSTP tunnel Point-to-Point Protocol (PPP) or L2TP traffic
       through the SSL channel 3.0.

   •   MPVPN (Multi Path Virtual Private Network). Ragula System Development Company has
       registered the trademark "MPVPN". [5]

   •   VPN SSH - OpenSSH offer VPN tunneling for secure remote connection to the network (or inter-
       network links). This feature (option-w) should not be confused with port forwarding (-L option).
       OpenSSH server provides the same limited number of VPN tunnels and feature itself does not
       support personal authentication.
Authentication / Authentication

Tunnel endpoints are required to authenticate themselves before the secure VPN tunnel can be built.
The tunnel was created end user, such as remote access VPNs can use passwords, biometrics,
authentication or cryptographic methods duafaktor. Network-to-network tunnels, passwords or digital
certificates are often used, as a key must be stored permanently and does not require intervention for
the tunnel to be established automatically.

Author   : Belajar Komputer
Site     :

Shared By: