A Virtual Private Network (VPN) will allow a remote user to produce a VPN to the corporate network on the Internet. Users can dial-up to a local Internet service provider (ISP) rather than having to make long distance calls to connect to a corporate network. The user can call the local ISP. Through this connection a virtual private network is established between the remote user and the corporate VPN server across the Internet.
A dedicated line or dial-up can be used to connect to an ISP when establishing a VPN connection. VPNs provide secure remote connections when communicating across a public network (the Internet) to protect confidentiality and prevent corruption of data preserving its authentication. Therefore, VPN connections are remote access connections that provide the same scale of security available on a LAN. This is accomplished through the tunneling method which transmits data from one computer to another by placing a sheathe over the data packets in an additional header. The additional header contains routing information so that the encapsulated payload can be transmitted across the public network. Both the client and tunnel server must use the same tunneling protocol for a tunnel to be set in place.
Tunneling technology can be based on either a Layer 2 or a Layer 3 tunneling protocol. It’s important to remember that tunneling coupled with a VPN connection isn’t a true substitute for encryption/decryption. When the highest level of security is required, the best possible encryption should be used within the VPN itself. The two types of configurations for a VPN:
- A client-to-gateway VPN: method used when a remote user connects to a private network using a VPN. The user can link to the network with any dial-up provider or a separate LAN with Internet access rather than over the phone system.
- A gateway-to-gateway VPN: used to establish a permanent link between two VPN servers on different networks, each with its own Internet connectivity. There are various VPN applications based on the basic VPN configuration and the network infrastructure. These are:
- Remote Access — based on a client-to-gateway VPN
- Intranet Access — based on a gateway-to-gateway VPN
- Extranet Access — based on a gateway-to-gateway VPN
Remote Access VPN: Organizations will often create their own VPN connections via the Internet to assure remote users private access to a shared network through the ISP(s). Email messaging and software applications can also be accessed from a remote VPN. Through the use of analog, ISDN, DSL, cable technology, dial and mobile IP, VPNs are put in place over large network infrastructures.
Intranet Access VPN: Gateway-to-gateway VPNs will let an organization expand its internal network to remote branch offices. These VPNs establish a secure point of contact between two end devices, which are usually two routers. A user on a remote LAN connected to the local router can communicate with the other LAN via this connection. Access to certain data through an Intranet VPN would yield to an organization’s security policy. Data is protected by using dedicated circuits. Frame Relay, Asynchronous Transfer Mode (ATM), or point-to-point circuits are examples of VPN infrastructures.
Extranet Access VPN: Extranet Access VPNs are similar to Intranet Access VPNs but allow remote access for agents, business partners or any other pertinent associates. Extranet VPNs activate these connections to the organization’s secured network. A composite of remote access and intranet access infrastructures are implemented. The distinction would be the defined authorizations assigned to these users. Some degree of security would be needed to administer access to the network, protect network resources, and prohibit unauthorized users from accessing the information.
Integrating VPN in a Routed Intranet: Organizations work with a range of data that needs to be treated differently according to confidentiality. Since highly-sensitive data requires the greatest degree of protection it needs to be extracted and contained from the rest of the organization’s network. This can create accessibility problems for those users not physically connected to the isolated LAN. VPNs allow a remote LAN to be physically connected to the rest of the organization’s network but separated by a VPN server. Here, the LAN functions as an access control mechanism as opposed to being routed to the rest of the network. Users therefore require authorization to form a VPN connection with the separated server to access protected data. Encryption can be utilized when users engage in communication across the VPN to ensure security.
VPN and Remote Access Protocols: Tunneling protocols are used to encrypt packets of data and transmit them through a public network. The two widely used VPN protocols are: Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). IP Security (IPSec) is also used for encryption. The other remote access protocols include: Point-to-Point protocol (PPP), RADIUS and TACACS.