Vpn Types of VPN Secure VPN (SVPN) use cryptographic tunneling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes on the market. Secure VPN technologies may also be used to enhance security as a "security overlay" within dedicated networking infrastructures. Secure VPN protocols include the following: • •
• • •
IPsec (IP security) - commonly used over IPv4, and an obligatory part of IPv6. SSL used either for tunneling the entire network stack, such as in OpenVPN, or for securing what is essentially a web proxy. Although the latter is often called a "SSL VPN" by VPN vendors, it is not really a fully-fledged VPN. (See also TUN/TAP.) PPTP (point-to-point tunneling protocol), developed jointly by a number of companies, including Microsoft. L2TP (Layer 2 Tunnelling Protocol), including work by both Microsoft and Cisco. L2TPv3 (Layer 2 Tunnelling Protocol version 3).
Some large ISPs now offer "managed" VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. In addition to providing remote workers with secure access to their employer's internal network, sometimes other security and management services are included as part of the package, such as keeping anti-virus and anti-spyware programs updated on each client's computer. Trusted VPN do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. Multi-protocol label switching (MPLS) is commonly used to build trusted VPN. Other protocols for trusted VPN include: •
[edit]
L2F (Layer 2 Forwarding), developed by Cisco.
Characteristics in application A well-designed VPN can provide great benefits for an organization. It can: • • • • • • • • • • •
Extend geographic connectivity. Improve security where data lines have not been ciphered. Reduce operational costs versus traditional WAN. Reduce transit time and transportation costs for remote users. Simplify network topology in certain scenarios. Provide global networking opportunities. Provide telecommuter support. Provide broadband networking compatibility. Provide faster ROI (return on investment) than traditional carrier leased/owned WAN lines. Show a good economy of scale. Scale well, when used with a public key infrastructure.
However, since VPNs extend the "mother network" by such an extent (almost every employee) and with such ease (no dedicated lines to hire), there are certain security implications that have to receive special attention: •
• •
Security on the client side has to be tightened and enforced. Keywords: Central Client Administration, Security Policy Enforcement. It is common for a company to require that each employee wishing to use their VPN from home first install an approved hardware firewall. Some organizations, such as healthcare companies, with especially sensitive data even arrange for an employee's home to have two separate WAN connections: one for working on that employer's sensitive data and one for all other uses. The scale of access to the target network may have to be limited. Logging must be evaluated and in most cases revised.
Any single breach or failure may result in the privacy and security of the network being compromised
Remote-Access VPN There are two common types of VPN. Remote-access, also called a virtual private dial-up network (VPDN), is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network. A good example of a company that needs a remote-access VPN would be a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted
connections between a company's private network and remote users through a third-party service provider.
Image courtesy Cisco Systems, Inc.
Examples of the three types of VPN