Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
virtual private network VPN full report
Post: #1

Virtual Private Networks is a concept introduced to implement global Wide Area Network(WAN) on the Internet. This way enormous costs involved in the traditional implementation of these networks i.e. through dedicated lines or satellite links is reduced considerably. A way to maintain fast, secure and reliable communications is attained wherever the offices are.

In the VPN, Internet is used as the data pipelined replacing the traditional datalines. This approach is just right for small and medium sized business firms. Now, many companies are creating their own VPN (virtual private network) to accommodate the needs of remote employees and distant offices. Each remote member of your network can communicate in a secure and reliable manner using the Internet as the medium to connect to the private LAN, by simply making a contract with the ISP. A VPN can grow to accommodate more users and different locations much easier than a leased line. In fact, scalability is a major advantage that VPNs have over typical leased lines. Unlike with leased lines, where the cost increases in proportion to the distances involved, the geographic locations of each office matter little in the creation of a VPN.

The world has changed a lot in the last couple of decades. Instead of simply dealing with local or regional concerns, many businesses now have to think about global markets and logistics. Many companies have facilities spread out across the country or around the world, and there is one thing that all of them need: A way to maintain fast, secure and reliable communications wherever their offices are. Until fairly recently, this has meant the use of leased lines to maintain a wide area network (WAN). Leased lines, ranging from ISDN (integrated services digital network, 128 Kbps) to OC3 (Optical Carrier-3, 155 Mbps) fiber, provided a company with a way to expand its private network beyond its immediate geographic area. A WAN had obvious advantages over a public network like the Internet when it came to reliability, performance and security. But maintaining a WAN, particularly when using leased lines, can become quite expensive and often rises in cost as the distance between the offices increases.
As the popularity of the Internet grew, businesses turned to it as a means of extending their own networks. First came intranets, which are password-protected sites designed for use only by company employees.

A simple VPN model is shown below.

A company has its Main office, Remote office, Home office at various sites and these can interact with each other via the virtual network.

We all know WAN is simply the collection of local area networks,each located in geographically diverse locations connected to each other to form a single network. Leased lines which were initially used though forms a private network,it ought to be expensive. But VPN,using the power of the public medium,it helped to create a private connection called tunnel to switch data from one geographical location to the other.

A VPN provides network to network or remote user to network connectivity via the encrypted tunnel.Datas must be encapsulated in a IP packet before it can be sent across a VPN.Network users use various encryption and authentication schemes to provide security.Some VPN require specialisedv hardware,while some may require specialised software or some both that adds VPN capabilities to firewall,server or router.
Since VPN depends critically on the Internet,ISP becomes drivers of VPN technology. Therefore organisation using VPN becomes dependent on the ISP.If ISP faces bandwidth limitation or technical difficulties, the VPN will also face the same.
VPN can be of following types:

Also called a virtual private dial-up network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network.
A good example of a company that needs a remote-access VPN would be a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider.
Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs can be either:
Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN.
Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.
The following is the examples of the three types of VPN.

Virtual Private Network protect tunelled dat through a combination of encryption, mutual host authentcation and protocol tunelling. One of the most basic method of protecting transmitted data is encryption.This involves scrambling the transmitted data using mathematical formula,so that even though the data transmission may be intercepted, it cannot be recovered without the correct key.
Encryption can be either be hardware enabled through network devices like routers or through software.While in the case of software,encryption takes place when you correct through the tunneling protocol like PTTP,in the case of router encryption it is performed on the fly.
One of the biggest difficulty encountered over the Internet is identifying the person or a computer at the other end of the wire.This is addressed by the authentication,a process where the two hosts verify eachother.This can be done through the X.2509 standard digital certificate which exchages electronic signatures between the two parties.This electronic signature is then verified by a trust third party,usually a public-certifying authority or the company`s own certificate server.
Alternatively,the host can also verify each other using protocols like Secure Shell(SSH).In this case the hosts exchange two keys, a host key and a server key. The receiving computer compares the host key with the keys inthe database. If the keys chacks out, the computer at the other end is validated as a genuine case.The PC then generates a session key using the host an the server key which is used to encrypt data transmission between the two computers.To ensure a high level of protection,the server key is changed on an hourly basis.
Finally there is a protocol tunneling. When data is transmitted on a network in the form of packets, the header-which gives information on the packet source, destination and number of packets transmitted- is in text format. The information can be used by hackers to gain access to either the system or the data being transmitted. Protocol tunneling takes data packets, encrypts them and then encapsulates them again in another clear text packet. This ensures that even if data transmission is intercepted the original header information is not available.Once these packets reach their destination,a router equipped with encryption and decryption capabilities decrypts the packet restoring the original data packets.
The too old trend or large companies to have own ˜fully private™ dial “in networks(completely with modem banks, access servers and technical service personnel deployed at each company sites is being reversed as the ubiquitious presence of Internet access site makes it attractive to use the resources offered by the Internet service providers(ISP).Such outsourcing allows employees to dial-in to an access server at a nearby ISP site and send packets over the Internet router for delivery to their Co. home networks. The very router vendor who provide VPN tunnels between permanent Co. sites are also competing for the oppurtuinity to provide VPN tunnels for dial-in users as well.But they are handicapped in the solution they can offer because they model tunnels as router-to-router constructs though there`s no router at the user end.If these vendors are to have a share in the outsourcing of a company`s dial-in service,this has to be achieved using one of the following models:
Outsource a private site
Share an outsourced site
Outsource a private access server
Share an access server
A company desiring to outsource its access responsibility can ask an ISP to manage a site for it.ISPs themselves generally put their own dial-up equipment in the locations are termed as points of presence(POP).Under this model,a company may enter into a contract with the ISP to establish private POPs for its employees.This really moves the company`s private dial-up equipment to the site which is managed by the ISP.
If the resources of a POP are dedicated to a single company, then the POP is not different from a remote company site, and therefore the same routing equipment used at the company`s headquarters can be used at the POP. Since the site is private, all packets at the site can be in the clear. Tunnels only run between the router at the POP and the router at the company`s headquarters.
This approach offloads the access responsibility to the ISP, but it is likely to be more expensive than any other option because equipment cost are not shared. It has the further disadvantage that it require private facilities at as many POP as needed to provide local access to employees. Such an arrangement also locks employees.
Finally, an ISP has to manage a list of authorized user name and password on behalf of the company to help control access to the private site.All this necessitates that a very close relationship exists between the outsourcing company and the ISP for this model to succeed.In this model,if the company employees want to simultaneously access company and Internet resources,they tunnel to the company ,and then venture out to the Internet as though they were initiating contact from their place of work.
This model is an extension of the previous one in that a number of companies enter into a contract with an ISP to avail of the latterâ„¢s access service not privately, but in a shared manner. The major benefit, of course. is the resulting cost saving for the outsourcing company. In this model, we presume that each company using the shared site provides a router to tunnel its private traffic back to its headquarters.
If the equipment at the POP is not dedicated to a single company, the shared access server and LAN element need to be trusted, since company packets will be vulnerable on their way to and from the companyâ„¢s dedicated router. Such packets are exposed to ISP personnel at the site, and are subject to routing misadventures that expose them more generally to the entire Internet, and in particular to other companies who have their own encrypting routers on the POPâ„¢s shared LAN. If access servers are shared then user and password databases will be co-mingled at the site, and the access server software will have to be careful enough to direct all packets from a given dial-in port to the one and only one tunneling router. If packets go through the wrong tunnel, They will end up at the wrong headquarters.

In this model, users cannot go through their tunnel to work, and then on to the Internet without running the risk that their return packets will be routed back through a wrong tunnel. This means that an Internet access all tunneling routers at the site are exposed to an arbitrary Internet packet traffic. This makes security considerations a major issue for outsourcing companies, and hence this model is not workable in many scenarios.
The previous models are not very attractive in that they are expensive, restrictive, and in some cases not very secure. They treat the ISP as a trusted extension of the outsourcing company. Though site outsourcing may make sense in certain situations, it is not likely to become a common practice. Site outsourcing may not be favoured by router vendors, except when they can sell a bunch of new routers to ISPs. All this brings us to another approach.
Instead of beginning the tunnel at the site router on behalf of all access servers with the ISP, it should be possible to begin a tunnel at each access server. This way, packets received at a dial-in port can be encrypted and encapsulated, and thus enter the tunnel before leaving the server so that they are never in the clear on the ISP LAN. Placing the tunnel function in the access server is such a compelling improvement over the earlier two models that it has received a focal attention of all vendors. It has also provided the impetus for many new or proposed standards that may offer a multivendor interoperability for server-router tunnels.
This model assumes that an outsourcing company asks an ISP to deploy some access servers at each POP, and dedicate them for the companyâ„¢s employees. The phone numbers of these dedicated resources are made available only to company personnel. Of course, the ISP must know employee names and passwords so as to guard access to these servers, but if the servers are effectively protected, the company does not have to worry about uses on other servers getting into one of their tunnels. Under this scheme, new codes are required for both access servers and the HQ (headquarters) router.
This is because, among other things, there is more than one tunnel from all ISP sites. The router itself becomes just another dial-in server, having logical ports in place of physical ports. Each tunnel terminates at one of the routerâ„¢s logical ports, and from there the de-encapsulated, decrypted packets are gated on to the company LAN. To distinguish such a logical access server from routers, an increasingly popular term Ëœhome gatewayâ„¢ is being used. Almost all of these server-to-home gatewayâ„¢ tunneling schemes are direct outgrowths of ubiquitous PPP (point-to point protocol) schemes used for exchanging packets between desktops and access servers over telephone lines.
In tunneling schemes, the access server and the home gateway assume the roles played in PPP by the dialing desktop and the dialed access server respectively. Tunnel protocols allow for the user name and password originally collected by the ISP to be forwarded to the home gateway so that the company can perform user authentication if it wants to. However, the access server must not only perform the new tunnel functions, but also IPX and Appletalk encapsulation functions (these Ëœfunnyâ„¢ packets must be handled on the PPP link with the user. but are encapsulated in IP packets so that they never hit the ISP LAK). Also the company itself must worry about providing full service desktop software to all its employees as before. It is possible for employees to have two different accounts with the ISP so that they can alternately receive tunnel, or clear Internet service. Current approaches do not offer a way to support both tunnelled and clear traffic services simultaneously.
Because the new access servers are able to establish tunnels on behalf of each dial-in port, there is no reason why each tunnel cannot go to a different home gateway. Home gateways can be selected on the basis of user identity as authenticated by the ISP, and so tunnels from a single access server can go to different companies at the same time. Economy apart, this functionality is not necessarily any better than the prior scheme, and may be inferior in many ways. For example. in this model, company authentication data does need to be held by the ISP, and access servers need to be trusted more than ever before. In addition until tunneling protocols are truly interoperable, it may not be possible for access serves from vendor A to talk to home gateways from vendor B. This implies many constraints for ISPs in the deployment of servers and allocation of phone numbers, modem types, etc.

The term VPN has taken on many different meanings in recent years. VPNC has a white paper about VPN technologies (PDF format) that describes many of the terms used in the VPN market today. In specific, it differentiates between secure VPNs and trusted VPNs, which are two very different technologies.
For secure VPNs, the technologies that VPNC supports are
IPsec with encryption
L2TP inside of IPsec
For trusted VPNs, the technologies that VPNC supports are:
MPLS with constrained distribution of routing information.
IPsec is by far the most dominant protocol for secure VPNs. L2TP running under IPsec has a much smaller but significant deployment. For trusted VPNs, the market is split on the two MPLS-based protocols.
The various VPN protocols are defined by a large number of standards and recommendations that are codified by the Internet Engineering Task Force (IETF). There are many flavors of IETF standards, recommendations, statements of common practice, and so on. Some of the protocols used in IPsec are full IETF standards; however, the others are often useful and stable enough to be treated as standard by people writing IPsec software. Neither of the trusted VPN technologes are IETF standards yet, although there is a great deal of work being done on them to get them to become standards.
The IETF codifies the decisions it comes to in documents called "Requests For Comments". These are almost universally called by their acronym "RFCs". Many RFCs are the standards on which the Internet is formed.
The level of standardization that an RFC reaches is determined not only by how good the RFC is, but by how widely it is implemented and tested. Some RFCs are not solid standards, but they nonetheless document technologies that are of great value to the Internet and thus should be used as guidelines for implementing VPNs. For the purpose of defining VPNs, any protocol that has become an IETF Request For Comments (RFC) document can be treated as some what of a standard. Certainly, any IPsec-related RFC that has been deemed to be on the IETF "standards track" should certainly be considered a standard.
Before a document becomes an RFC, it starts out as an Internet Draft (often called "IDs" or "I-Ds"). IDs are rough drafts, and are sometimes created for no other benefit than to tell the Internet world what the author is thinking. On the other hand, there is often very good information in some IDs, particularly those that cover revisions to current standards.
Some Internet Drafts go along for years, but are then dropped or abandoned; others get on a fast track to becoming RFCs, although this is rare. Internet Drafts are given names when they first appear; if they become RFCs, the I-D name disappears and an RFC number is assigned.
It should be emphasized here that it is unwise to make any programming decisions based on information in Internet Drafts. Most IDs go through many rounds of revisions, and some rounds make wholesale changes in the protocols described in a draft. Further, many IDs are simply abandoned after discussion reveals major flaws in the reasoning that lead to the draft.
That being said, it is worthwhile to know which IDs pertain to areas of interest. The following is a list of the IDs that are related to Internet mail. Some of these drafts will likely become RFCs in the months or years to come, possibly with heavy revision; some will be merged with other drafts; others will be abandoned.

A VPN uses several methods for keeping your connection and data secure:
A firewall provides a strong barrier between your private network and the Internet. You can set firewalls to restrict the number of open ports, what type of packets are passed through and which protocols are allowed through. Some VPN products, such as Cisco's 1700 routers, can be upgraded to include firewall capabilities by running the appropriate Cisco IOS on them. You should already have a good firewall in place before you implement a VPN, but a firewall can also be used to terminate the VPN sessions.
If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably use firewall. For example, you often hear people in companies say things like, I can't use that site because they won't let it through the firewall.If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.

Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.
This is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most computer encryption systems belong in one of two categories:
Symmetric-key encryption
Public-key encryption
In symmetric-key encryption, each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer. Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one. Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message. For example: You create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet. So "A" becomes "C," and "B" becomes "D". You have already told a trusted friend that the code is "Shift by 2". Your friend gets the message and decodes it. Anyone else who sees the message will see only nonsense. The sending computer encrypts the document with a symmetric key, then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key. It then uses the symmetric key to decode the document.
Public-key encryption uses a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. A very popular public-key encryption utility is called Pretty Good Privacy (PGP), which allows you to encrypt almost anything. You can find out more about PGP at the PGP site.

Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication. IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this protocol. Also, all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices, such as:
Router to router
Firewall to router
PC to router
PC to server
AAA (authentication, authorization and accounting) servers are used for more secure access in a remote-access VPN environment. When a request to establish a session comes in from a dial-up client, the request is proxied to the AAA server. AAA then checks the following:
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)
The accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes.

Because VPN uses the Internet, they can incure reliability and performance problems due to congestion,dropped packets and other factors.This could cause problems for real time applications,such as telephony and video conferencing.
Some large ISPs are trying to alleviate reliability concerns by keeping all customer VPN traffic on their own backbone.

The primary advantage of a VPN is that it cut cost. Compared to the traditional WAN,VPN are a cheap way to build global networks,It partially eliminates the modem banks, access server, phone lines and other types of hardware organisations must install to provide remote access to traditional private networks. To connect two far flung networks, all that is the dedicated link or backbone between these two networks. Since the Internet is a public network, cost are shared by all Internet users, resulting in low access cost.
Another advantage is that network expansion becomes a function of how quickly one can get a leased data connection to the nearest ISP. For the sharing of networked resources by business partners is facilitated since the question of incompatible system is already addressed in the Internet. Remote entry by authorised users with Internet access is possible.

A well-designed VPN can benefit a company by the following factors.Extend geographic connectivity; Improve security; Reduce operational costs versus traditional WAN; Reduce transit time and transportation costs for remote users; Improve productivity; Simplify network topology; Provide global networking opportunities; Provide telecommuter support; Provide broadband networking compatibility and Security.
And farall practical purposes a VPN is a transperent as a traditional WAN.Whatever can be done on a WAN can be done n a VPN

If the level of security provided is insufficient, then it can be hazardeous. Since VPN is connected to the public network-Intrnet, it is prone to be hacked. Though all the network have some basic security-user authentication thru password verification that prevents such access, they are often insufficient.
Therefore two key security issues are protecting the network from breaking and also protecting the integrity of data being transmitted and validate the identity of the user over the Internet. This can be achieved by using a combination of encryption, host authentication and protocol tunneling.

As the cost of setting up the global network is prohibitively costly for small and medium sized business, Virtual private network offers cheap way to build WAN. The problems accomplished by VPN concerns security and performance. The standardisation of VPN technology will lead to its wide spread use among network users.

1. The book titled Security VPNs by Carton R Davis
2. The book titled computer Networks by Halsaal
3. The book titled computer Networks by Andrews Tanenbaum

4.1.1. RFC

I would like to express my gratitude to our principal, Prof. K. Achuthan for providing the adequate facilities required for the completion of the seminars.
Next, I would like to thank the Head of the Computer Department
Mr. Agni Sarman Namboodiri, I would also like to thank my seminars conductor Mr. Zaheer and also Ms. Deepa for their excellence guidance in preparation and presentation of the topic.

And finally, to the most important person, the God Almighty, for without his blessings, all this wouldnâ„¢t have been possible.
Saleena Banu
Post: #2

VPN is virtual private network. It is a private network for voice and data built with carrier services. There are three definitions for VPN Voice VPN, Carrier-based voice/data VPN, Internet VPN. VPN offers a cost-effective alternative for data communication between intra-company offices, inter-company communications and remote access for domestic and international remote user and business partners.
Traditionally, a VPN has been defined as a private network for voice and deter built with carrier services. More recently however, VPN has been defined as a private encrypted tunnel through the Internet for transporting both voice and data between an organizations different site. The different definitions of a VPN are as follows:
Voice VPN : In this scheme a single carrier handles all the voice call switching. The "virtual" in VPN implies that the carrier creates a virtual voice switching network within its switching network.
Carrier based voice data VPN: packet- ftame-and cell-switching networks cam-information in discrete bundles (called packets) that routed through a mesh network of switches to a destination. Many users share the network. Carriers program virtual circuits into the network that simulate dedicated connections between a company's sites. A web of these circuits forms a virtual private network over the carrier's packet-switched network.
Internet VPN: Internet VPN is similar to the carrier based voice-'data VPN excet* that the IP-based Internet is the underlying network.
In today's world, to the industry VPN means only one thing and that is the Internet VPN.
Companies whose facilities are split between two or more locations can connect the locations into single logical network through the use of routers and wide area networking (WAN) technologies. When a circuit-switched network, like the telephone network is used, permanent or switched circuit services are employed to emulate the physical attachment of the two sites for router-to -router packet exchange. Despite the fact that the WAN technologies almost always use shared, "public" communication utilities, the network constructed by such an organization is usually considered "private"
And unlocking the secret to the savings is easy. Just lose the leased lines-and look at the public backbone. By setting up secure virtual private networks (VPN's) over the Internet or other public network, corporate networks can save their company's fistfuls of cash.
Many businesses today use high speed leased lines, Frame Relay Services or dial up digital services (ISDN) to satisfy their data connectivity needs. With the growth of the Internet, a new cost effective alternative has been born.
An Intemet-based VPN uses the public Internet to deliver secure data services for intra-and rater-company communication. VPNs are also a means for companies to take their first step towards Internet-based electronic commerce services (E-commerce).
VPNs offer a cost effective alternative for data communications between intra companies offices (both domestic and international), inter company communications (for Electronic Commerce in the form of file transfer, electronic mail, EDI, web and client server applications), and remote access for domestic and international remote users sand business partners, Industry research estimate that operational cost savings of up to sixty7 percent over equivalent private networks can be realized.
A Virtual Private Network or VPN, is a business-critical wide-area Networking solution enabling an organization to securely and reliably communicate with it offices, business partners, vendors, customers and employees (both local and remote), The flexibility and business critical nature of VPNs enable and organization to scale its business quickly, easily and cost effectively.
Virtually: Webster's dictionary defines as "being such practically or in effect, although not in actual fact or name". So for something to be a virtual network, it should act like a network, yet not be one. It's a wonder then that any one could classify only some networks as virtual since all networks are virtual to some extent Perhaps we can make the separation based on physical wiring. If there are real wires among all of the nodes, then network is not virtual. Based on this determination, WANs have been virtual since the Telcos stopped provisioning TI circuit on conditioned copper and started using channelized T3 circuits instead.
Perhaps a better determinant is whether the network connections are on demand or dedicated. An on demand network is made of connections that can be controlled by network administrators, instead of their telecom partners. A network made of connections controlled by a third party like a Teico, ISP or telecom annalist is a dedicated network. At some point in this type of network, administrators lose control of the physical network, sometimes right past the building hubs. Thus, for all practical purposes, on demand networks are built above the network layer because this is the only place accessible to network administrators for their entire network.
Virtual Private Networking technologies provide the medium to use the Public Internet backbone as an appropriate channel for private data communication. With encryption and encapsulation technologies, a VPN essentially carves out of a private passage way through the Internet VPNs will allow remote offices, company road warriors, and even business partners or customers to use the Internet, rather that pricey private lines, to reach company networks.
By replacing expensive private network bandwidth with relatively low cost band width, your company can slash operating costs and simplify communications. You don't need to have 800 lines, run modem pools or pick up long distance charges; employees and business partners simply place local or toll free calls to Internet service providers (ISPs) to make the connection. Setting up VPNs also allows you to reduce in house network management responsibilities. You'll be able to turn much or remote communications burden over to ISPs.
You can also use VPNs to link remote LANs together or giving traveling staffers, work at home employees and business partners a simple way to reach past company firewalls and tap into company resources. Virtual private networks are flexible. They are point to multipoint connections, rather than point to point links. They can be setup or closed down at the network administrators will, making them ideal for shout term projects.
There's realization that the public, packet-based network is far more cost effective than a leased network because you can share the fixed cost among many organization using the circuit The public network provides greater scalability and leverage at a lower cost
A typical TI leased line between a corporation and a local Internet service provider costs $ 400 to $ 5000 per month. But because TI charges amount as distance increases, a TI connection running across the country can cost thousands of dollars each month.
Much cheaper for connecting WANs than 800 NO: s of dedicated TI lines.
Provides a encryption and authentication services for a fairly good measure of privacy.
Maintenance of the WAN - to -WAN correction is left to Internet Service Providers.
Highly flexible; can be set up and taken down very easily.
The working definition that will be the basis for the all discussions in this white paper is that a VPN uses a cxmibination of tunneling, encryption, authentication, and access control technologies and services. VPNs use these technologies to ride traffic over the Internet, a managed IP net work or a provider's backbone. The traffic reaches this back bones using any combination of access technologies including TI, frame relay, ISDN, ATM or dial access.
A VPN utilizes a public telecommunications network as a secure channel for communicating data. A VPN connects remote clients, eg.: laptops used by sales persons out in the field, to companies LAN.
Historically, remote access servers, (RASs), or dial-up networking servers, have provided this type of access. In addition, a VPN can perform in the functions of a wide area network (WAN) by interconnecting two or more LANs through the Internet.
Internet providers (ISPs), equipment vendors, and software developers say they can give you best of both words the security, performance availability and multi protocol support of the private network over the inexpensive and pervasive Internet. It's called virtual private network (VPN), or "extranet" and the technology is currently being considered primarily as means of the extending the reach of private networks for dialing access. But connections with business partners and customers are another important application. And to a lesser extent, VPNs may address location ware traditional private network connections cannot be economically justified. Some vendors and services providers are talking up the idea of replacing existing private network links with VPN links.
Much of the public discussion surrounding VPN thus far has centered around tunneling. Tunneling however is mealy one component of a complete and robust Dial VPN service architecture. In addition to tunneling techniques supported within the service, any disruption of a dial VPN service must contain a service must contain a description of how the service handles security, as well as network management and administration.
Dial VPNS are built up on the notion of efficiently and securely tunneling data from one point to another. With tunneling the remote access server warps the user data (payload) inside IP packets, which are routed through the carrier's network or even across multiple networks in the case of the Internet, to the tunnel end point where the tunneled packet is unwrapped and forwarded in its original form. Tunneling is used by corporations shifting there remote access traffic from switched, long distance and regional carriers to ISPs and the Internet Tunneling uses point - to -point session protocol to replace switched connections, linking data address over a routed network. This replaces the linkage of telephone numbers over a switched telephone network. Tunneling allows authorized mobile workers and perhaps authorized customer, to reach your enterprise network any time and from any where. In tandem with authentication technique, tunneling also prevents unauthorized access to your corporate network.
Most router vendors have added VPN services to their products. Using VPN - enabled routers, IT managers can send traffic between branch offices over the Internet or a service provider's network. Dial - in users can access the corporate network by tunneling in over a provider's network. There are several advantages to a router - based approach that make it attractive to IT managers. First, adding VPN services to a router is usually a software upgrade. Frequently, the IT manager simply has to download some software from the vender's Website or get a disc from the vendor and install it on an existing router. That is usually the case get with older routers.
New routers often come with VPN services built in to the units software set or even in to the routers operating system. Pricing approaches for the VPN services vary greatly among router vendors. Some through it in for free with the operating system; others charee a fee to make use of the VPN features. Typically, the VPN software add -on for routers includes fire wall, encryption and tunneling capabilities. Some venders link the user authentication to existing authentication servers such as the Remote Authentication Dial - In User Service.
Another advantage of the router - based approach is that there is no need to change the existing network. This can save operational cost, in a couple of ways and thus reduce the total cost of ownership for a VPN.
In some VPN implementations, a dedicated box is needed. This adds to the management task of the IT staff. Installing VPN software on an existing router means no additional Internet working devices are added to the network. Frequently, dedicated VPN devices are not from the same venders that supply routers, switches and hubs. The router based approach where software added means the existing management system can still be used with the VPN. So mere is no need to train IT staffs on new equipment or management system.
While these are all valuable reasons for using a router - based VPN, there are other considerations before selecting this approach.
First, firewall, encryption and tunneling are all done in software, which could cause a problem under heavy traffic loads. A dedicated VPN device or dedicated firewalls would likely delivered higher performance. Of course, it will depend on your specific loads. In many cases, adding software to a router might do the trick.
Software - based VPN services on a router are CPU - intensive - especially when using a high level of encryption such as Triple - DES at high data - transfer rates. If that is what will be doing, hardware add -on dedicated to handling encryption tasks Might be necessary.
The disadvantage to using one of these devices is that it adds to the cost of deploying the VPN, especially if you were looking at a simple software upgrade to start.
Some vendors do not offer add-on encryption hardware devices. In cases where many users or sites are being connection at high - access speeds while using IP Sec tunneling and industrial strength encryption, the VPN tasks may simply use a large portion of the router's processing power.
This can be a major problem. In the extreme, the VPN tasks would consumer so much of the routers processing cycle that there would be a noticeable performance drop. Most IT managers determine in the type of router they need to purchase by specify a certain packet per second performance. If running VPN software on the router cuts the significantly, network response times could suffer as packet quit in queues waiting to be directed to appropriate ports.
This would require the router hardware to be upgraded- So what started out as a relatively economical way to add VPN service to your network-adding software to an existing router-would require the out lay of cash for new equipment
Many IT managers interested in router-based VPNs start with there existing router to prove the concept And as they try pilot project they get a feel for the performance under their user's loads. This will help determine if the existing router is sufficient In some cases it will be. In the others, the IT manager may need to increase the performance of the router.
Another way to deploy a VPN install is to a straight software-based VPN. Operating system suppliers and several third party vendors offer VPNs applications that perform the encryption, tunneling and authentication services required to link users over a VPN.
Although this is a similar approach to using a router - based VPN, one advantage to a software based VPN is that it allows an IT manager to use existing equipment. This software is installed on an existing server. This means the network configuration remains intact and the same management skills and tools can be used to administer the VPN. Thus there is usually no additional training or management software required to keep the VPN connections up and running.
Another advantage to a straight software-based VPN is that the programs frequently tap existing network operating system authentication services. This can greatly simplify VPN administration by, for e.g., linking VPN access right to already defined user - access privileges.
There are, of course, a few points to consider before using a straight software-based VPN approach. As in the case of a router base VPN, performance may be an issue. Performing VPN encryption and tunneling tasks takes processing power. One problem in evaluating such a VPN approach is that there are no standard matrix of determining exactly what the processing load would be on a server.
The factors that determine the load include the number of simultaneous VPN sessions that need to be supported, the level of encryption of each session, the typing of tunneling used that the rate at which data in being passed over the VPN.
Obviously, connecting hundreds of branch offices with TI lines to a central sight would require much more processing power in the central site than supporting a few dozen telecommuters dialing in to their service providers over analog phone lines.
The consequences of too heavy a load can vary greatly. An IT manager may have to limit the number of simultaneous sessions that are supported, thus living some users unable to connect.
If the VPN software is nmning on a server that supports other applications, the performance of these other applications may suffer as the VPN services take more and more CPU cycles.
In either case, an IT manager may find that a higher performance server would be required. So similar to what could happened with router-based VPNs, what may seem like an inexpensive way to establish a VPN might required the purchase of a new, high-end server.
IT managers who opt for the software-based VPN approach typically start :using an existing server to get some experience with the technology. Usually a pilot program is established and it is during the pilot that the IT manager examines the VPN performance under varies conditions. Such experience will help determine if the existing server is capable of supporting a more expensive deployment.
Many corporation center their Internet securities activities on firewalls, which are used to keep hackers out Some companies even check for computer viruses and malicious codes at this point in their networks.
For some IT managers, adding the security services of a VPN only makes sense at their firewall. As a result many fire vendors now support VPN services within their fire walls. Most often the VPN services are supported in software.
This makes its easy for and it manager to get started using a VPN. The IT manager simply has to install some new add-on package for the particular firewall. In some cases, the manager can pay an additional fee to have the VPN services supported in the firewall's operating software turned on. Again, the advantage is that the existing network remains the same, so there is no additional equipment to manage. Training is kept to minimum because a VPN services are often managed by the same user interfaces that is used to manage the firewall.
On the other hand, VPN function such as encryption and tunneling are handled by software. Again performance may be an issue as in the router- and server based VPN approaches. Essentially these tasks may take more processing power than the firewall has to offer.
If performance becomes an issue, the IT manager may find that a higher performance firewall is required. Once more, what irntially looked in the low cost
software upgrade to support the cooperate VPN can tern in to a new equipment purchase.
Similar to the two approaches, IT managers will have to determined for themselves whether performance will be an issue for their particular situation. It may be that the existing can usually number of simultaneous session at ever of encryption is required by the IT manager, and at the data rates offered at the particular site.
For an IT manager, choice of which device to add VPN services to will probably be determined by a couple of basic factors.
The choice of platform might come down to performance. Once an IT manager tries implementing a VPN on one platform, it may be determined that the devise simply cannot handle the loads anticipated for a full VPN development. The IT manager then have to decide if it is more economical to stick with the specific platform type and by a higher-end version, or if it might be better to select a different platform all together.
Unfortunately there is little help in determining before hand what the performance actually be. Some IT manager say the choice of a platform will come down to their corporate network networking philosophy. If a company does not use firewalls, its not likely they will be one just for VPN services. Similarly, if a company has a bridged networking environment big services in most offices, buying a router just for its VPN capability would probably the out of the question.
Conversely, if a company has a huge investment in WAN routes or firewalls and a vendor offers a software upgrade that will add a VPN services, that mightily the deciding factor when selecting a platform.
Managers might also necessary also Desiree to leave their current networking geat unchanged and add on this service by installing a dedicated device that handles
VPNs. And as if those where in enough options for deploying VPNs. Some IT managers and companies may find they have no choice at all when it comes to a VPN platform.
It might be that a service provider simply offers a managed VPN service that includes all of the hardware and VPN software.
Fsecure encrypts TCP/TP packets on the fly for transport over the Internet or an intranet. It works with an any installed base of routers an firewalls. It also furnishers the most powerful encryption available, including triple DES (Data Encryption standard) and Blow - fish...Further, Fsecure compresses data, authenticates other encryption servers, and performs distribute key management.
FSecure VPN is normally placed behind both the corporate firewall and the router (other configuration are also possible). The package includes UNIX and the encryption engine that easy to install in Pentium PC. After some initial key exchange sand authentication between FSecure servers at other sites, the net manager simply removes the keyboard and the machine becomes a security server. Routers must then be configured to forward all TCP/IP packets destined for encryption to the FSecure server while all packets traveling to unsecured sites and routed normally. Net managers must also configure one port on their firewall to let encrypted traffic reach the FSecure server without filtering it.
When it receives packets, FSecure VPN compress and encrypts both the TCP header and the payload. It then encapsulates it in a second packet for tunneling to an FSecure unit at another site. The software at the distention site decrypts the packets and to the retrieves the original header before forwarding it on to the LAN. By compressing and encrypting simultaneously FSecure makes the session even harder to crack and also helps save on valuable Internet band with.
FSecure VPN uses a protocol called Secure Shell (SSH) that has a emerged as a de facto standard for secure Internet communications. The protocol has been used, tested and proved reliable by such security - conscious organization as NASA (Washington, D.C.), as well as several U.S. banks. The standard being developed by IP Security Group (IPSec) of the IETF (Internet Engineer's Task Force) will also be implemented as they become approved.
Several firewall providers include virtual private network as a security feature, a firewall, which can be software for a host system or a router, or combination of software and hardware devices, checks, limits and logs network access. For additional security, firewall can encrypt data at a side before shipping it out over the Internet. The receiving site, which must have a matching encryption scheme, can decrypt the data.
Pilot network Inc is unveiling a virtual; private network service this week that improve security by continually accessing information it collects from potential attack on the network.
Every time someone tries to break in to a network that uses the service, the incident is added to a database, which can analyze the information. The more client and the more attempted break - ins on the network, the better the Pilot service is says Pilot CEO and founder Marketta Silvera.
CryptoCom VPNS is said to provide some of the strongest encryption algorithms available-dual-key, triple DES, 128-bit IDEA, and 56 bit DES integrated with two factor user authentication, packet authentication, automatic short-term key expiration and renewal, and renewal network compartmentalization.
CryptoCom helps insure that users are properly authenticated and packet integrity is maintained. CryptoCom VPN is designed to be easy to use and administer by providing transparent operation to all end users the CryptoCom VPN Gateway hardware and CryptoCom VPN Client software are compatible with existing firewalls routers, network architectures and protocol and do not require network device reconfiguration.
Centralized administration provide network managers with tool for configuration as well as ability to disable and account if an end user device has been compromised. CryptoCom's two-factor user authentication process eliminates the need for authentication product such as key = generating cards and public certificate authorities, which most VPN require to be secure.
According to the companies, CryptoCom VPN does not degrade network performance. As a dedicated VPN hardware server, the CryptoCom VPN Gateway assure high traffic flows while eliminating the need to burden the processing power and throughput of existing firewalls or routers. The client software supports Windows NT, and 95 with major protocols, including IP, IPX, Net BIOS, NetBEUi, or even SNA over major type of network connection (dial -up frame relay, ISDN, X.25 Ethernet, and token ring). The gateway hardware supports most LAN and WAN. Interface.
Ensuring the privacy of message encryption can be offered in two different forms, private keys and Public keys. Private or symmetric key encryption is based on a key (or algorithm) being shared between two parties. The same key both encrypts and decrypts messages. Kerbores and Data encryption standard (DES) are traditional private-key technologies. A private key mechanism is proven relatively simple method of encryption. The main problem is in sharing the keys: How can key that is used to security be transmitted over an unsecured network the difficulties involved with generating, storing and generating, storing keys (called key management) can limit private key systems, especially over the Internet.
In 1976, two computer scientists, Whitfield Diffie and Martin Hellman, developed a theory of public-key encryption which offered a solution to the problem of how to transfer the private key. Latter, RSA Data Security, Inc. created an algorithm to make public-key Cryptography commercially viable. As illustrated a public-key solution such as Entrust TM from Entrust Technologies, there are two keys - a private key and Public key which is made publicly available. In addition, a one-time symmetric key is generated for each transaction. To send a message, the sender, Alicia, first encrypts it by using the one-time symmetric key. This key is then encrypted, using the Public key of the recipient, Alex. Keep in mind that anything encrypted with a Public key can only be decrypted with the recipient's private key. This means that the symmetric key (and therefore the message that it has encrypted) is now secure for transmission over the Internet or an intranet. When the message arrives, Alex decrypts one time symmetric key using his own private key. Then, using the symmetric key, he decrypts the message.
The main advantage offered by public-key technology is increased security. Although slower than some private - key systems, public - key encryption generally is more suitable for intranets for three reasons: 1) it is more scalable to very large systems with tens of millions of users, 2) it has more flexible means authentication, and 3) it can support digital signatures. Public - key technology also enables non-repudiation enforcement to verify the transmission or receipt of a given transaction.
A VPN is a network tunnel created for encrypted data transmission between two or more authenticated parries. This ensures the data privacy, integrity, authenticity. At its foundation, a secure VPN solution is complete only if the design architecture integrates.
Confidentially authentication automated key management Firewalling tunneling routing remote access remote management and EP Sec Standards.
Encryption is used to provide confidentiality and data integrity within a networked environment Confidentiality ensures that no one can view the data while it is being transmitted, and data integrity ensures that no one can modify the data undetected. Encryption plays an integral roll in a secure VPN solution, and as such, a solution should include multi encryption algorithms, This will allow the manager to apply the appropriate algorithm depending up on the length of key required (ie : the level of security required).
Over the past several years, a number of studies have been initiated to determine the minimum key length that is required to secure critical information. Resent studies performed by independent scientist conclude that minimum key lengths should be no less than 90-bits. When choosing a secure VPN solution, ensure that it uses a proven encryption method, and that the algorithm supports key lengths longer than the recommended minimum bit length. Processing power is rapidly increasing and the longevity of a secure VPN solution can be shortened if its encryption algorithms are week or the key lengths are too short
There are two major types of Cryptosystems in use today: Public key and Secret key and Cryptosystems. Secret key Cryptosystems, such as DES or Triple Pass DES, use the same key to encrypt and decrypt data and tend to be fast and efficient However, because they use is same key to encrypt and decrypt data, they suffer from a key distribution problem; how to get the Secret key to the other side without any one else intercepting the key. Public key Cryptosystems, such as RSA, use two keys, one to encrypt data and a different key to decrepit data. As such, the problems surrounding key distribution are solved since the encryption (Public key) can be freely distributed knowing that the receiver of the message is the only person who will be able to decrypt message as long as the description keys (private key) is kept secret. However, public key Cryptosystems tend to be solver than Secret key Cryptosystems of comparable strength. Therefore, a good VBN solution will use Public key technology for key distribution and Secret key technology to allow fast and efficient encrypted transfers.
The ability to authenticate encryption device and users is a vital aspect of a secure VPN solution, password protection is easily broken and inherently insecure. X. 509 Digital Certificates are the defecate standard for authentication, because they provide stronger authentication over password based solution. In addition, since X. 509 Certification is independent of a central database, then-schema is more reliable and provides enhanced performance. By verifying the digital signature of the Certification authority, any user or network device can easily authenticate the other end of a communication channel before initiating communication with that specific use or device. A secure VPN solution that fully integrates X, 509 Certificates is beneficial because it follows industry standards and will provide an enhanced security over password - only solution.
Automated Key Management is an important component of a secure VPN. Automated Key Management defines Crypto periods for session keys as well as digital certificate. Many VPN solutions require administrators to manually enter keys on each device situated on the WAN. This solution is an extremely shortsighted approach and will become unmanageable as the business grows and the number of network devises increase imaging trying to manually changed key on 100 or 1000 devices everyday! It is also relatively insecure because humans tend to generate more predictable keys than what is produced through automation. It is vital for a secure VPN solution to include server - based key generation management, the random number generated that does not reveal keys and a secure operating platform that cannot be modified. The ability to Cryptoperiods is also important to ensure that keys are automatically recycled at set time intervals. This
will greatly inhibit any adversary's ability to break keys, and gain access to proprietary information.
Fire walls are designed to product Internal network from outside attack and to provide access control to the Internet for all users within your internal architecture. It is critical for a VPN solution to include a firewall that is fully integrated and interoperable with the other components of the solution.
The main security features of a VPN are:
¢ DES and Triple PASS DES algorithm.
¢ Network layer encryption
¢ Tunneling support
¢ Firewall functionality and interoperability with installed firewall technology
¢ Multi-protocol support
¢ Automated Key Management's set Cryptoperiods - adds security against key breaking X. 509 Certificate superior security over passwords.
¢ Secure desktop - to -desktop communication.
Where is a VPN useful
Vans offer a cost effective alternative for data communications between intra company offices (both domestic and international), inter company communications (for electronic commerce in the form of the file transfer, electronic mail, EDI, web and client server applications) and remote access for domestic and international remote users and business partners. Industry research estimate that operational cost savings of up to 60% over equivalent private networks can be realized.
Ease of use:
> Completely transparent to the end user.
> Automatic key management
> Centralized logging Firewalling, bridging and routing functionality.
> Full interoperability with existing network infrastructure and applications remote access.
> Full compatibility with Microsoft Dial-Up networking ensures Desktop Applications compatibility.
> No day-to-day management required.
Significant Cost Savings:
Studies have shown that migrating from private to virtual private networks can generate cost savings of between 20 to 45%, even for relatively small networks.
Strategic Power:
Even more important than the substantial cost savings are the strategic avenues that VPNS open for an organization, a flexible, ubiquitous communications infrastructure enables company to pursue powerful new strategic initiatives and relationships, improve communication with offices and customers, lock in vendors and partners while creating to competition, and develop and deploy new products with improved time- to time- market.
Reinvent the Business:
A flexible, ubiquitous commimications infrastructure provides the companies the opportunity to literally reinvent themselves and their relationship with customers and partners. VPNs provides the freedom and flexibility to scale a business -quickly, easily and cost-effectively.
General Capabilities:
Provide "industrial-strength" security
Accommodates dynamically changing communities of users.
Able to exchange information in various forms (web pages, files,....etc)
Accommodates different users with different browsers, applications, Operating system, etc.
Allows users to join groups or administrator to assign identities in a controlled but simple fashions.
Maintains integrity over time, regardless of administrative turn over, changes in technology or the increasing complexity of the corporate information system.
VPNs: The best of both worlds
True VPNS combines the best aspects of both private and public networks: the flexibility, scalability and cost structure of a public network with the security and performance characteristic of a private network. It is this powerful combinations that makes VPNs reliable infrastructure for even the most critical corporate data.
Post: #3


A Virtual Private Network (VPN) is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee.
As its name implies, Virtual Private Network (VPN) technologies allow a secure/private communication channel to take place between two separate parties across an untrusted network (e.g. the Internet). The term “virtual” used in VPN technologies signifies that the communication channel for ensuring privacy of traffic data is not constructed by a real physical cable, linking the communicating parties.

There are two common VPN types:
• Remote-access - Also called a Virtual Private Dial-up Network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. With just a local phone call to an Internet service provider, a user can have access to the company’s private network.
• Site-to-site - Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs can be either:
 Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN.
 Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.

Big GrinBig Grin[attachment=4528]

Post: #4
presented by:
Vandana Santoki

 Definition and introductory notes
VPN is the network which uses open distributed infrastructure of the internet to transmit data between corporate sites.
 Remote employees interested to access database of corporations.
 Corporate sites developing new relations.
 Increasing growth of the corporation.
 It provides flexibility and scalability
 Cost advantage.
 Makes free from maintenance and training.
 The remote user dials into their local ISP and logs into the ISP’s network as usual.
 When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server
 The user then sends data through the tunnel which encrypted by the VPN software before being sent over the ISP connection
 The destination Security server receives the encrypted data and decrypts.
 VLL-Virtual leased lines.
 VPRN-virtual private routed network.
 VPDN-virtual private dial-up network.
 VPLS-virtual private LAN segments.
 Intranet VPN.
 Extranet VPN.
 Remote access VPN.
 Point to point link between two CPE
 IP tunnel between 2 ISP edge routers.
 Frames are relayed between IP tunnels
 Emulation of multisite WAN using internet.
 Packet forwarding at network layer.
 VPRN specific forwarding table at ISP routers that forwards the traffic.
 On demand tunnel between remote user and corporate sites.
 There are possible 2 tunnels.
1… compulsory tunnel.
2… voluntary tunnel.
 In this scenario L2TP Access Contractor (LAC) acting as a dial or network access server extends a PPP session across a backbone using L2TP to a remote L2TP Network Server (LNS). The operation of initiating the PPP session to the LAC is transparent to the user.
Voluntary tunnel refers to the case where an individual host connects to a remote site using a tunnel originating on the host, with no involvement from intermediate network nodes. Tunnel mechanism chosen can be IPSec or L2TP
 A Virtual Private LAN Segment (VPLS) is the emulation of a LAN segment using internet facilities.
 The branch office scenario securely connects two trusted intranets within the organization.
Routers or firewalls acting as gateways for the office with vpn capabilities can be used to protect the corporate traffic
Post: #5
The Virtual Private Network - VPN - has attracted the attention of many organizations looking to both expand their networking capabilities and reduce their costs.
The VPN can be found in workplaces and homes, where they allow employees to safely log into company networks. Telecommuters and those who travel often find a VPN a more convenient way to stay "plugged in" to the corporate intranet.
No matter your current involvement with VPNs, this is a good technology to know something about. A study of VPN involves many interesting aspects of network protocol design, Internet security, network service outsourcing, and technology standards.
What Exactly Is A VPN?
A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN).
The key feature of a VPN, however, is its ability to use public networks like the Internet rather than rely on private leased lines. VPN technologies implement restricted-access networks that utilize the same cabling and routers as a public network, and they do so without sacrificing features or basic security.
A VPN supports at least three different modes of use:
• Remote access client connections
• LAN-to-LAN internetworking
• Controlled access within an intranet
VPN Pros and Cons
Like many commercialized network technologies, a significant amount of sales and marketing "hype" surrounds VPN. In reality, VPNs provide just a simple few clear potential advantages over more traditional forms of wide-area networking. These advantages can be quite significant, but they do not come for free.
The potential problems with the VPN outnumber the advantages and are generally more difficult to understand. The disadvantages do not necessarily outweigh the advantages, however. From security and performance concerns, to coping with a wide range of sometimes incompatible vendor products, the decision of whether or not to use a VPN cannot be made without significant planning and preparation.
Technology Behind VPNs
Several network protocols have become popular as a result of VPN developments:
• L2TP
• IPsec
These protocols emphasize authentication and encryption in VPNs. Authentication allows VPN clients and servers to correctly establish the identity of people on the network. Encryption allows potentially sensitive data to be hidden from the general public.
Many vendors have developed VPN hardware and/or software products. Unfortunately, immature VPN standards mean that some of these products remain incompatible with each other.
The Future of VPN
The success of VPNs in the future depends mainly on industry dynamics. Most of the value in VPNs lies in the potential for businesses to save money. Should the cost of long-distance telephone calls and leased lines continue to drop, fewer companies may feel the need to switch to VPNs for remote access. Conversely, if VPN standards solidify and vendor products interoperate fully with other, the appeal of VPNs should increase.
The success of VPNs also depends on the ability of intranets and extranets to deliver on their promises. Companies have had difficulty measuring the cost savings of their private networks, but if it can be demonstrated that these provide significant value, the use of VPN technology internally may also increase.

An Internet-based virtual private network (VPN) uses the open, distributed infrastructure of the Internet to transmit data between corporate sites.
 Why to develop vpn ?

Businesses today are faced with supporting a broader variety of communications among a wider range of sites even as they seek to reduce the cost of their communications infrastructure.
Employees are looking to access the resources of their corporate intranets as they take to the road, telecommute, or dial in from customer sites.
Plus business partners are joining together in extranets to share business information, either for a joint project of a few months' duration or for long-term strategic advantage.
At the same time, businesses are finding that past solutions to wide-area networking between the main corporate network and branch offices, such as dedicated leased lines or frame-relay circuits, do not provide the flexibility required for quickly creating new partner links or supporting project teams in the field.
Meanwhile, the growth of the number of telecommuters and an increasingly mobile sales force is eating up resources as more money is spent on modem banks, remote-access servers, and phone charges.
The trend toward mobile connectivity shows no sign of abating; Forrester Research estimated that more than 80 percent of the corporate workforce would have at least one mobile computing device by 1999.
Comparison of vpn with exiting network:
First and foremost are the cost savings of Internet VPNs when compared to traditional VPNs. A traditional corporate network built using leased T1 (1.5 Mbps) links and T3 (45 Mbps) links must deal with tariffs that are structured to include an installation fee, a monthly fixed cost, and a mileage charge, adding up to monthly fees that are greater than typical fees for leased Internet connections of the same speed.
Leased Internet lines offer another cost advantage because many providers offer prices that are tiered according to usage. For businesses that require the use of a full T1 or T3 only during busy times of the day but do not need the full bandwidth most of the time, ISP services, such as burstable T1, are an excellent option. Burstable T1 provides on-demand bandwidth with flexible pricing. For example, a customer who signs up for a full T1 but whose traffic averages 512 kbps of usage on the T1 circuit will pay less than a T1 customer whose average monthly traffic is 768 kbps.
Because point-to-point links are not a part of the Internet VPN, companies do not have to support one of each kind of connection, further reducing equipment and support costs. With traditional corporate networks, the media that serve smaller branch offices, telecommuters, and mobile works—digital subscriber line (xDSL), integrated services digital network (ISDN), and high-speed modems, for instance—must be supported by additional equipment at corporate headquarters. In a VPN, not only can T1 or T3 lines be used between the main office and the ISP, but many other media can be used to connect smaller offices and mobile workers to the ISP and, therefore, to the VPN without installing any added equipment at headquarters.
VPN resolves the limitations of ordinary networks:
VPNs using the Internet have the potential to solve many of these business networking problems.
VPNs allow network managers to connect remote branch offices and project teams to the main corporate network economically and provide remote access to employees while reducing the in-house requirements for equipment.
Rather than depend on dedicated leased lines or frame relay's permanent virtual circuits (PVCs), an Internet-based VPN uses the open, distributed infrastructure of the Internet to transmit data between corporate sites.
Companies using an Internet VPN set up connections to the local connection points (called points-of-presence [POPs]) of their Internet service provider (ISP) and let the ISP ensure that the data is transmitted to the appropriate destinations via the Internet, leaving the rest of the connectivity details to the ISP's network and the Internet infrastructure.
Because the Internet is a public network with open transmission of most data, Internet-based VPNs include measures for encrypting data passed between VPN sites, which protects the data against eavesdropping and tampering by unauthorized parties.
In addition, VPNs are not limited to corporate sites and branch offices. As an added advantage, a VPN can provide secure connectivity for mobile workers. These workers can connect to their company's VPN by dialing into the POP of a local ISP, which reduces the need for long-distance charges and outlays for installing and maintaining large banks of modems at corporate sites.
While VPNs offer direct cost savings over other communications methods (such as leased lines and long-distance calls), they can also offer other advantages, including indirect cost savings as a result of reduced training requirements and equipment, increased flexibility, and scalability.
Post: #6
How Virtual Private Networks Work
The world has changed a lot in the last couple of decades. Instead of simply dealing with local or regional concerns, many businesses now have to think about global markets and logistics. Many companies have facilities spread out across the country or around the world, and there is one thing that all of them need: A way to maintain fast, secure and reliable communications wherever their offices are.
Until fairly recently, this has meant the use of leased lines to maintain a wide area network (WAN). Leased lines, ranging from ISDN (integrated services digital network, 128 Kbps) to OC3 (Optical Carrier-3, 155 Mbps) fiber, provided a company with a way to expand its private network beyond its immediate geographic area. A WAN had obvious advantages over a public network like the Internet when it came to reliability, performance and security. But maintaining a WAN, particularly when using leased lines, can become quite expensive and often rises in cost as the distance between the offices increases.
As the popularity of the Internet grew, businesses turned to it as a means of extending their own networks. First came intranets, which are password-protected sites designed for use only by company employees. Now, many companies are creating their own VPN (virtual private network) to accommodate the needs of remote employees and distant offices.
Image courtesy Cisco Systems, Inc.
A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs at remote offices or facilities and individual users connecting from out in the field.
Basically, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee. In this edition of HowStuffWorks, you will gain a fundamental understanding of VPNs, and learn about basic VPN components, technologies, tunneling and security.
What Makes A VPN?
There are two common VPN types:
• Remote-access - Also called a virtual private dial-up network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network.
• A good example of a company that needs a remote-access VPN would be a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider.
• Site-to-site - Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs can be either:
 Intranet-based - If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN.
 Extranet-based - When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.
Image courtesy Cisco Systems, Inc.
Examples of the three types of VPN
A well-designed VPN can greatly benefit a company. For example, it can:
• Extend geographic connectivity
• Improve security
• Reduce operational costs versus traditional WAN
• Reduce transit time and transportation costs for remote users
• Improve productivity
• Simplify network topology
• Provide global networking opportunities
• Provide telecommuter support
• Provide broadband networking compatibility
• Provide faster ROI (return on investment) than traditional WAN
What features are needed in a well-designed VPN? It should incorporate:
• Security
• Reliability
• Scalability
• Network management
• Policy management
Analogy: Each LAN is an Island
Imagine that you live on an island in a huge ocean. There are thousands of other islands all around you, some very close and others farther away. The normal way to travel is to take a ferry from your island to whichever island you wish to visit. Of course, traveling on a ferry means that you have almost no privacy. Anything you do can be seen by someone else.
Let's say that each island represents a private LAN and the ocean is the Internet. Traveling by ferry is like connecting to a Web server or other device through the Internet. You have no control over the wires and routers that make up the Internet, just like you have no control over the other people on the ferry. This leaves you susceptible to security issues if you are trying to connect between two private networks using a public resource.
Continuing with our analogy, your island decides to build a bridge to another island so that there is easier, more secure and direct way for people to travel between the two. It is expensive to build and maintain the bridge, even though the island you are connecting with is very close. But the need for a reliable, secure path is so great that you do it anyway. Your island would like to connect to a second island that is much farther away but decides that the cost are simply too much to bear.
This is very much like having a leased line. The bridges (leased lines) are separate from the ocean (Internet), yet are able to connect the islands (LANs). Many companies have chosen this route because of the need for security and reliability in connecting their remote offices. However, if the offices are very far apart, the cost can be prohibitively high -- just like trying to build a bridge that spans a great distance.
Post: #7
to get information about the topic virtual private network full report ,ppt and related topic refer the link bellow
Post: #8
virtual private network VPN


What is a VPN?

A virtual network overlaid on top of the ubiquitous interconnection of the Internet

and a private network for confidential communications and exclusive usage.


In a virtual private network (VPN), "virtual" implies that there is no physical network infrastructure dedicated to the private network.
Instead, a single physical network infrastructure is shared among various logical networks
In VPNs, various networking technologies are applied toward the goal of providing private communications within the public Internet infrastructure

Virtual Private Networking: the collection of technologies applied to a public network—the Internet—to provide solutions for private networking needs.

Ubiquitous Coverage - wider coverage compared with the private data network infrastructures offered by telecommunication providers

Cost Reduction - based on the system's economy of scale
Security – using cryptographic technology

E-Commerce - VPNs provide both interconnectivity and security.

Important Note..!

If you are not satisfied with above reply ,..Please


So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: who is cik siti wan, edaccess private student, openwrt pptp vpn client, private school jobs manhattan, virtual private network seminar report full download pdf**#40139## **study of consumer buying behaviour toward smartphones, english private high**ation centre up, best 50 private,

Quick Reply
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  cryptography and network security full report computer science technology 20 25,412 31-05-2016 12:17 PM
Last Post: dhanyavp
  Application of Software Testing in E-Learning full report project topics 3 4,537 27-06-2013 07:52 PM
Last Post: Ashley Brownile
  CROSS LAYER TECHNIQUE FULL REPORT seminar class 1 1,784 27-01-2013 10:46 PM
Last Post: Guest
  optical fiber communication full report project report tiger 15 20,841 31-12-2012 02:13 PM
Last Post: seminar details
  Mobile Virtual Reality Service (VRS) computer science crazy 13 12,264 29-12-2012 11:24 AM
Last Post: seminar details
  Firewall Configuration and Testing full report computer science topics 1 3,168 10-12-2012 01:23 PM
Last Post: seminar details
  Blue print ----- full report seminar class 1 1,549 01-11-2012 12:43 PM
Last Post: seminar details
  Seminar on Cisco Self-Defending Network computer girl 0 765 11-06-2012 12:54 PM
Last Post: computer girl
  tripwire full report computer science technology 4 14,163 11-02-2012 01:44 PM
Last Post: seminar addict
  Emerging Trends In Contactless RFID Technologies full report project topics 1 2,313 11-02-2012 12:06 PM
Last Post: seminar addict